VPN companies in India are now the subject of a new government order. This time, they're required to collect user data and store it for five years or more.
The new order comes from the country's Computer Emergency Response Team, otherwise called CERT-in. According to CNET, this policy is likely to make using VPNs more difficult there. But it's not just VPN companies covered by this new directive: it also includes data centers and cloud service providers.
As for the type of user data that these companies are ordered to store for at least half a decade, it includes customer names, validated IP and home addresses, personal usage patterns, and all other information that could be used to identify people. Anybody who doesn't comply with the law will serve up to a year of prison time.
Here's another kicker: even if the customer cancels their subscription or deletes their account, their information will still be stored in the company's servers as per the directive. This definitely goes against the "no logging" policies of several well-known VPN providers, which is part of what they mostly do as a whole.
The original report comes from Entracker, who also mentioned that the directive was to help "coordinate response activities as well as emergency measures with respect to cyber security incidents." But with people who use VPNs no longer being anonymous online, a handful of critics of the directive are worried about its implications on cryptocurrency - which relies a lot on anonymity.
According to CoinTelegraph, it actually also covers crypto exchanges. While several users received it negatively, some crypto exchange owners were actually fine with it. Among these is Sathvik Vishwanath, CEO of Unocoin, who says that the directive will help prosecute tax evaders quicker.
It is also not made clear whether the directive will only apply to companies in India, or also to external companies who serve the Indian market. Either way, it is scheduled to be enforced starting late June of this year, unless CERT-in extends the compliance window for the companies covered by the law.
India's History Of Heavy-Handed Acts Against Internet Usage
Forcing VPN providers to collect and store critical user data can easily be chalked up by anyone as an attack on user privacy. And they'd be right. However, this isn't even new to India considering its history of heavy-handed sanctions over using the web.
Back in 2019, the Indian government actually proposed some sort of a Chinese-style internet censorship, as reported by The New York Times. If it pushes through, the censorship will give Indian government officials the power to order the likes of Facebook, Twitter, TikTok, or even Google to take down content which they might deem libelous, hateful, or deceptive, to name a few. Aside from that, Indian users could also be blocked from consuming "unlawful content."
Two years later, the critics sounded the alarm over this proposal. In a report by AlJazeera, they reported fearing that putting social media platforms under direct government oversight can lead to outright internet censorship, as well as a direct attack on user privacy and online free speech.
Related Article : This VPN Can Now Protect Against Hackers Who Use Quantum Computers
This article is owned by Tech Times
Written by RJ Pierce