MeitY’s Direction to VPN Companies to Share User Data or Face Jail Invites Concern Over Privacy
Sabah Gurmat (The Leaflet) 07 May 2022
The Ministry of Electronics & Information Technology (MeitY)  on April 28 issued directions to Virtual Private Network (VPN) provider companies to collect and share user data including IP addresses with it,  for a period of five years. Along with VPN providers, the notification posted by the Ministry’s Computer Emergency Response Team (CERT-in), also ordered data centers, crypto-exchanges and other intermediaries to collect and turn over user data in order to “coordinate response activities as well as emergency measures with respect to cyber security incidents” and report cyber-incidents within six hours of their happening.
Further, the CERT-in said that these directions would come into force  60 days after the date this notification was issued. As per the government’s directions, the failure to furnish the information or abide by the directions could lead to imprisonment of upto one year, as per sub-clauses (7) of Section 70B of the IT Act 2000. As per Section 70B of the IT Act’s provisions, CERT-in also said that its directions were relevant to “information security practices, procedure, prevention, response and reporting of cyber incidents”.
Although the order is designed to tackle cyber-incidents, including cyber-crimes, the scope of user-information ordered to be stored poses potential privacy risks. The new regulations called data centers, VPN and cloud service providers to log and turn over customer information that includes the names of subscribers/customers hiring the services, their e-mail addresses, phone numbers, the customer’s “purpose for hiring the VPN service”, IP addresses allotted to the customer and being used by the members, as well as ownership pattern of the subscribers/customers hiring services.
The range of such information demanded thus undermines one of the most attractive features of the VPN service, which is to protect the user’s digital privacy. The VPN service is designed to encrypt its user’s data, while shielding the identity of the user’s IP address and allowing access to the temporary IP address of any other country.
Meanwhile, netizens and rights bodies on Twitter questioned the government’s move. Through a series of tweets, the digital policy and rights organisation, Internet Freedom Foundation, issued a statement questioning the CERT-in’s directions, noting that they were “vague and harmful” and “undermined user privacy and information security”, going against the CERT’s own mandate.
Global human rights watchdog Amnesty International also responded by tweeting that the Indian government’s latest directive was “[A] new major blow to the rights to privacy and freedom of expression in India.” Others, including politicians such as Trinamool Congress’s MP Derek O’Brien reacted to the news saying that, “VPN now stands for Virtual Policing Network.”
(Sabah Gurmat is a staff-reporter at The Leaflet)
Govt Panel Finds Defect in Battery Cells in Almost All EV Fires
IANS 06 May 2022
In what could put EV (electric vehicle) two-wheeler (2W) manufacturers in a tough spot, the preliminary findings from the government-constituted probe committee on EV fires have found issues with battery cells/design in nearly all...
Fraud Alert: Smishing and Rental Fraud Continue To Dupe People
Yogesh Sapkale, 06 May 2022
All over the world, SMS phishing attacks, now called 'smishing' are on the rise. While SMSs claiming to originate with a bank are the most tried and tested ploy of fraudsters in India, they are also using such expressions as 'Fedex...
Indian Consumer Brands Set To Hike Prices by 5%-7% amid Shipments Delays
IANS 06 May 2022
Consumer electronics manufacturers on Thursday said that due to hike in raw materials costs and shipment delays amid lock-downs in China, they have no option but to increase prices of consumer goods by 5-7 per cent soon for the...
Free Helpline
Legal Credit