GOVERNMENT PROPOSES STRICTER REGULATIONS FOR VPN PROVIDERS

Why in the News?

New Legal Framework: The Central Government is considering a new legal framework requiring Virtual Private Network (VPN) providers to establish a local presence in India and appoint compliance officials.

Regulatory Objective: The move aims to strengthen enforcement against the misuse of VPNs to bypass government restrictions on online content and applications.

VIRTUAL PRIVATE NETWORK (VPN)

●  Definition: A Virtual Private Network (VPN) is a technology that creates an encrypted connection between a user’s device and a remote server, enhancing online privacy and security.

●  Working Mechanism: VPNs route internet traffic through remote servers, masking the user’s Internet Protocol (IP) address and encrypting transmitted data.

●  Legitimate Uses: VPNs are widely used for secure remote access, protection on public Wi-Fi, safeguarding sensitive communications, and accessing enterprise networks.

●  Government Concerns: Authorities have expressed concerns that VPNs can be used to bypass geo-restrictions, evade lawful content blocking, and conceal digital identities.

●  Proposed Measures: The proposed framework may require VPN providers to establish offices in India, appoint compliance officers, and respond to lawful government directions.

CERT-IN DIRECTIONS, 2022

●  Issuing Authority: The directions were issued by the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MeitY).

●  Data Retention: VPN providers, cloud service providers, and data centres were directed to retain specified customer information for five years, including names, contact details, and IP addresses.

●  Cybersecurity Objective: The rules were introduced to strengthen incident response, cybercrime investigations, and national cybersecurity.

●  Industry Response: Several global VPN providers removed their physical servers from India instead of complying with the data retention requirements.

●  Legal Basis: The directions were issued under the Information Technology Act, 2000, empowering CERT-In to issue cybersecurity-related directives.

 

INDIAN COMPUTER EMERGENCY RESPONSE TEAM (CERT-In)

●  Establishment: CERT-In was established in 2004 as the national agency for responding to cybersecurity incidents.
●  Administrative Ministry: It functions under the Ministry of Electronics and Information Technology (MeitY).
●  Functions: CERT-In collects, analyses, and disseminates information on cyber incidents, issues security advisories, coordinates incident response, and promotes cybersecurity best practices.
●  Legal Status: It derives statutory powers under the Information Technology Act, 2000, particularly after amendments strengthening cyber incident reporting and response.
●  UPSC Relevance: The topic is important under Cyber Security, Internal Security, Information Technology, Digital Governance, and Data Protection.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *