Home  /  Daily Current Affairs  /  27-06-2022 / Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs)

Posted on June 27, 2022 by admin1  26

In News

  • Recently, India’s cyber security watchdog CERT-In issued new rules regarding virtual private networks (VPNs). 

What is a VPN?

  • A VPN is a service that protects users online by preventing their IP address from being tracked by websites, law enforcement agencies, cybercriminals and others.
  • Corporate employees are the most frequent VPN users, mainly for securely accessing company networks.

Data/ Statistics

  • India has over 270 million VPN users, about 20% of the country’s population.
  • They use it to access company networks securely, remain anonymous, access geo-restricted content, stay safe on public Wi-Fi networks, and get around internet curbs, among other things.  

About the new rules

  • Storing Data: preserving a wide range of data on their customers, including their contact numbers, email IDs and IP addresses, for five years.
    • It also mandates VPN providers to record and keep their customers’ logs for 180 days.
  • Reporting an incident: Companies are also required to report cyber security incidents to CERT-In within six hours of becoming aware of them.
  • Application: they would apply only to individual VPN customers and not to enterprise or corporate VPNs.
    • They will be also applicable to data centres, virtual private server (VPS) providers, cloud service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and Government organisations.
  • Penalty: Failure to follow the rules will attract penalties for VPN providers. If they all refuse to comply, VPN services will effectively become illegal in India.
  • KYC verification process: Users apart from potentially having their privacy data exposed to the government will also face a stringent know-your-customer verification process when signing up for a VPN service, and will have to state their reasons for using it.

Implications of the new rules

  • VPN companies will be forced to switch to storage servers: which will inflate their costs and eliminate their core function of user privacy.
  • Privacy concerns: the rules have triggered privacy concerns, and many top VPN providers have threatened to leave the country if forced to comply.
    • Top VPN providers NordVPN and Netherlands-based Surfshark have refused to comply with the government order so far, with Nord suggesting it might leave the country.
  • Damaging the IT sector’s growth: taking such radical action that highly impacts the privacy of millions of people in India will most likely be counterproductive and strongly damage the IT sector’s growth in the country.
  • Breach of account: It has raised the concern that collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches.

What is a virtual server and what are its uses? 

  • Meaning: A virtual server is a simulated server environment built on an actual physical server.
    • It recreates the functionality of a dedicated physical server.
    • The virtual twin functions like a physical server that runs software.
    • It uses resources of the physical server.
    • Multiple virtual servers can run on a single physical server.
  • Uses
    • It helps reallocate resources for changing workloads.
    • Converting one physical server into multiple virtual servers allows organisations to use processing power and resources more efficiently by running multiple operating systems and applications on one partitioned server.
    • Running multiple operating systems and applications on a single physical machine reduces the cost as it consumes less space, hardware.
    • Virtual servers are also said to offer higher security than a physical server infrastructure as the operating system and applications are enclosed in a virtual machine.
    • Virtual servers are also useful in testing and debugging applications in different operating systems and versions without having to manually install and run them in several physical machines.

Global scenario

  • Currently, a handful of governments either regulate or outright ban VPNs.
  • These include China, Belarus, Iraq, North Korea, Oman, Russia, and the UAE.
    • In China though not all VPNs are officially banned only government-approved VPNs are officially permitted to function.
  • Other countries have internet censorship laws, which make using a VPN risky.

Way forward/ Government’s stand

  • Not a breach of privacy: CERT-In says that the right to informational privacy of individuals is not affected by these rules since the agency does not envisage seeking of information on a continuing basis and expects to do so only in case of cybersecurity incidents.
  • Contractual obligation: the obligation of reporting cyber security incidents to CERT-In overrides any contractual obligation of not disclosing any details with the customer.
  • Corporate VPNs will remain unaffected: The CERT-In mandate could render VPN services illegal in India if providers don’t comply with it, but corporate VPNs will remain unaffected.
  • VPNs are also used by journalists, activists and whistleblowers for their work.
  • Tracking criminals: the move would make it easier for the law enforcement agencies to track criminals who use VPNs to hide their internet footprint.

 

Indian Computer Emergency Response Team (CERT-In)

  • Operational: CERT-In has been operational since January 2004. 
  • The constituency of CERT-In is the Indian Cyber Community. 
  • CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.
  • Power: CERT-In is empowered under Section 70B of the Information Technology Act to collect, analyse and disseminate information on cyber security incidents. 
  • It has been designated to serve as the national agency to perform the following functions in the area of cyber security:
    • Collection, analysis and dissemination of information on cyber incidents.
    • Forecast and alerts of cyber security incidents
    • Emergency measures for handling cyber security incidents
    • Coordination of cyber incident response activities.
    • Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.
    • Such other functions relating to cyber security as may be prescribed. 

Source: TH

 
Previous article National Commission for the Protection of Child Rights Guidelines on OTT Platform
Next article Iskander-M Missile System