Explained: How VPNs work and why India passed a law forcing VPNs to collect user data- Technology News, Firstpost

Mehul DasMay 04, 2022 14:56:36 IST

The Indian government has passed a law that now demands all VPN service providers to keep a record of their users for five years. This new rule, although necessary from a security point of view, violates the basic tenets of a VPN, and has rendered them pointless for a number of users.

VPNs are used by individuals and businesses to encrypt their online presence and online activities. The new national directive applies not only to VPN companies, but to cloud service providers, data centres, and crypto exchanges, as well to collect specific, extensive customer data and hold onto it for at least five years. Companies will also have to report “unauthorized access to social media accounts” as part of the directive.

The way a VPN functions, is that it masks the IP address of a user, and assigns them a temporary or a shadow IP address. Most commonly, this is used to transcend geopolitical boundaries and access content on the internet that is restricted in certain areas. For long, VPNs have been essential for users who wanted to maintain their online privacy.

VPNs are also used by corporate agencies to allow their employees to remotely log in to their work systems, without having to risk any sort of compromises that would put them in jeopardy. 

The core feature of a VPN is that the websites you visit are delinked from your IP address. India has never had any legislation that outright banned VPNs. However, if VPN service providers do not comply with the directive, they will be rendered illegal as a byproduct.

While there are several benefits of using a VPN, especially for businesses and several corporate entities, there are a few bad elements that give VPNs a bad reputation. We take a look at a few of the reasons that made the Indian Government introduce this mandate.

Strengthening National Security

Be it digital security or the security of our borders, a few bad elements have been actively using VPNs to avoid being detected. Hackers all around the world use VPNs to operate and launch cyberattacks on government institutions. From infiltration of borders by smuggling cartels or sharing national secrets that would compromise a border, there have been several recorded incidents in our history, where people have used VPNs to collaborate with external forces. This by itself is the biggest reason why the Government of India has made it necessary for service providers to keep a record of their user’s activities.

Social Turmoil

Several antisocial elements have used VPNs to disguise themselves and their locations so that they could post inflammatory statements and comments that would stoke communal fires in a society. For example, there have been a number of incidents where certain people have posed as residents of a different country or a community and made some pretty disturbing statements on social media. 

Cracking Down On Money Laundering

With the advent of digital banking and cryptocurrency, money laundering has become very sophisticated and extremely difficult to crack down on. VPNs further complicate the issue. A person sitting in India can easily get millions of dollars from illegal sources in the form of crypto, without any identifiable trace. 

Cracking Down On Online Piracy

There are legitimate ways of sharing and consuming goods that are protected by intellectual property rights, and then there’s piracy. Over the last couple of years, governments have cracked down on piracy in a very strict manner. However, VPNs still allow bad actors to get away with online piracy. 

Implementing Content Censorship

Censorship in India is a very tricky subject. On the one hand, there is the entire concept of freedom of speech and thought. On the other hand, we have several communities and sentiments to protect. Certain pieces of content often get prohibited from the public domain for their potential to incite communal tension. VPNs, however, allowed users to not only consume such content but also for it to be shared.

What will be interesting to see, is whether certain VPN companies launch India-specific VPNs that abide by the new directions set forth by the Indian Government, or if they plan to stop servicing the Indian market completely. Indian corporate businesses are a major source of income for a number of VPN and cloud service providers, thanks to the prolific IT businesses that we have. Surely, for a number of these service providers who are based out of Asia, letting go of their Indian customer base, isn’t a viable option.