The latest chapter in India’s ongoing fight against online privacy software has seen government employees banned from using third-party VPN services.
This new directive was issued after some of the most trusted VPNs decided to close down their Indian servers due to privacy concerns regarding new data laws. ExpressVPN and Surfshark have already announced that they will leave the country after CERT-in directives are in force.
Indian officials are also asking employees not to store any confidential or internal information on non-government Cloud Services like Google Drive and Dropbox. CamScanner, an external mobile scanner that is based on mobile apps, was banned in 2020.
In an internal document that was reviewed by The Economic Times, the National Informatics Centre (NIC), stated that “By following uniform cybersecurity guidelines in government offices throughout the country, security postures of the government can be enhanced.”
“All government employees, including temporary, contractual/outsourced resources are required to strictly adhere to the guidelines mentioned in this document. The new directive states that any non-compliance can be taken into consideration by the respective CISOs/Department heads.”
What is the reason VPNs are leaving India?
Since its announcement on April 28 , cybersecurity experts and privacy advocates have raised many concerns about the new India’s data laws.
Indian Computer Emergency Response Team will enforce the new rules on June 27th. They will require VPN providers and VPS service providers, data centers, cloud storage and cryptocurrency exchanges, to store sensitive user data for up to five year and to share it with authorities upon request.
The new law is intended to reduce cybercrime. India was third in data breaches globally in 2021. VPN providers feel that these regulations are contrary to the security software infrastructure.
A VPN, short for virtual private network is software that protects anonymity and privacy online. How? How?
ExpressVPN stated in a post (opens in new tab), that CERT-In directives were “incompatible” with VPNs’ purpose.
A strict no-log policy is also a feature of the most secure VPN services. This ensures that no user’s sensitive data is stored, shared or leaked.
Hide.me stated that India’s new data retention laws “make it impossible to operate a zero-log VPN”, when it announced its decision to shut down its Indian servers.
The Indian authorities appear to be firm in their determination to continue implementing the new directives at month’s end, despite the opposition. Rajeev Chandrasekhar, Minister of State Electronics and Information Technology, stated that providers who do not comply with the rules can leave India (opens in new tab).
Nord Security’s Head of Public Relations Laura Tyrell said that the incident would have a negative effect on privacy and security.
Read more: gizlilikveguvenlik