In the latest chapter of India’s ongoing battle against online privacy software, government officials are now barred from using third-party VPN services.
The new directive comes after some of the best VPNs decided to shut down their Indian servers amid privacy concerns over the new data law. So far, ExpressVPN, Surfshark and NordVPN have announced that they will physically leave the country before the CERT-in directives take effect on June 27.
The Indian government is also urging employees to refrain from storing insider or confidential information on non-governmental cloud services such as Google Drive and Dropbox. Using external scanners based on mobile apps like CamScanner – which was actually banned in 2020 – is also strongly discouraged.
“By following uniform cybersecurity guidelines in government offices across the country, the government’s security posture can be improved,” the National Center for Informatics (NIC) wrote in an internal document. reviewed by The Economic Times.
“All government employees, including temporary, contractual/outsourced resources, must strictly adhere to the guidelines mentioned in this document. Any non-compliance can be addressed by the respective CISOs/Department Heads,” the new directive adds.
ExpressVPN removes VPN servers in India. Users will still be able to connect to VPN server locations that will provide Indian IP addresses. Read more: https://t.co/JpCWXW1DcbJune 2, 2022
Why are VPNs leaving India?
Cybersecurity experts and privacy advocates have been raising many concerns about India’s new data law since it was announced on April 28.
Set to take effect on June 27, the Indian Computer Emergency Response Team (CERT-In) will force VPN and VPS providers, data centers, cloud storage services and cryptocurrency exchanges to keep confidential user data in storage for up to five years and share them with authorities upon request.
While the new law comes as an attempt to curb a growing rate of cybercrime – India was the third most affected country by data breaches worldwide in 2021 – VPN providers believe these regulations go against the actual infrastructure of the VPN. security software.
Short for virtual private network, a VPN is software designed to protect people’s online privacy and anonymity. As? Masking your real IP address and protecting all data in transit within an encrypted tunnel.
That’s why ExpressVPN wrote in a blog post (opens in new tab) that the new CERT-In directives are “incompatible with the purpose of VPNs”.
Additionally, a strict no-logs policy is a standard feature among most private VPN services. This ensures that none of users’ sensitive data can be stored, leaked or shared.
As Hide.me explained when announcing its decision to shut down its Indian servers, India’s new data retention law “makes it impossible to operate a zero-log VPN”.
Despite the backlash, Indian authorities appear to remain steadfast in their decision to continue and implement the new guidelines at the end of the month. On this point, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar stated that providers who do not wish to comply with the rules are “free to leave india (opens in new tab)”.
At the same time, Nord Security’s head of public relations Laura Tyrell told us, “One way or another, this will have a negative impact on people’s privacy and digital security.”