How will the new rules for VPN providers threaten user privacy?
The
Indian government has recently asked VPN service providers to register and
record certain information about its users for a period of at least 5 years.
This
was one among the several new directives issued by CERT-In, or Central
Emergency Response Team, which is India’s national agency that looks into
matters of cybersecurity.
The new directives are
slated to come into effect from June 27 this year. However, experts say that
these rules raise serious privacy concerns, especially the ones about VPN
service providers
But before moving ahead, let’s understand what a VPN really is. VPN or a
Virtual Private Network establishes a secure and encrypted connection between a
user and the internet.
VPN
helps users hide their browsing history, IP address and geographical location,
as well as their web activities and the devices being used.
In
a connected world, it’s of immense use to journalists, whistleblowers and
activists.
Now let’s understand how the new rules pose challenges to a VPN user’s privacy?
CERT-In’s new rules require VPN service
providers to collect and store certain ‘accurate’ information for a period of
at least five years, even after a customer has cancelled his/her subscription.
The
‘personal’ information to be collected and stored includes names, IP addresses,
emails, contact numbers and purpose for using the VPN service.
Data
centres and cloud service providers will also have to abide by these directives
Comments
Post a Comment