Policing VPNs

:: M.Y.Siddiqui ::

Recent directive of the Indian Computer Emergency Response Team (Cert-In) requiring Virtual Private Network (VPN) service providers to store user data for five years, is  yet another step to make India a full fledged surveillance state following all other internet based free flow of information having already been policed by the current fascist union government. Journalists, activists and others who use VPNs to hide their Internet footprint will now be in quandary to think whether to use such devices. According to official sources in the union government, for law enforcement agencies a move like this will make it easier to track criminals using VPNs to hide their internet identity.

Experts, however, have raised alarms that governments and their agencies can easily misuse such a rule. They also point out that this may drive VPN users towards the dark and deep web that are much tougher to police than VPN services. It will be possible for the government to use this to take action against users accessing contents that pattern are blocked in the country using VPNs, such as the game PUBG Mobile. The government has not yet blocked VPNs. They can still be used to access contents that are blocked in areas of most common usage of this services.
VPNs record user data through logging, which could mean maintaining the logs of users’ browsing activity, like online behavior, connection timestamps and more like customer names, their physical addresses, email IDs, phone numbers, reasons they use the service, dates from which they use it, and their ownership pattern. Additionally, Cert’s directive asks VPN providers to keep a record of the IP and email addresses that the customer uses to register the service along with the timestamp of registration. Importantly, VPN providers will have to store all IP addresses that its customers generally use.

Some VPNs log data required to enforce device caps, measure how much data they have used, and monitor network performance. Many services log browsing data, metadata about a person’s usage, websites they have visited, IP addresses involved and more. Others like Hola VPN also collect information on other apps installed on a person’s phone and when they register or sign in to social media, in keeping with the firm’s privacy policy. The name and email address of a user is available to any VPN service.

India has already become a surveillance state with ten law enforcing security agencies authorized to tap citizens’ mobile phones, their use of all the Internet based platforms including social media presence. Orders to this effect were notified in December 2018. A bill to safeguard privacy of citizens in keeping with the Supreme Court of India having declared privacy as a fundamental right by a nine-judge bench unanimously is pending before the Standing Committee of Parliament on Information Technology.

Ban on VPNs will be incursive to people’s fundamental right to privacy and impact adversely corporates as it obscures ones identity on the Internet. VPN services establish secure connections between users and servers or services by routing the data through a remote server/servers thus disguising the users’ identity. If Internet Protocol (IP) address is assigned, then it helps the law enforcement agencies to identify the server and for that matter user’s identity, whereas VPN server disguises the user’s identity. VPN servers from foreign soil allow users to bypass blocking rules by the government. VPN is known for security, reliability and speed, on every device, anywhere, one goes!


Add new comment