Comply With Rules Or Leave India: Government To VPN Service Providers
Some of the VPN companies have claimed that the new rule may lead to cyber security loopholes - an argument rejected by the minister. US-based tech industry body ITI, having firms such as Google, Facebook, IBM and Cisco as members, has sought a revision in the Indian government's directive.
"There is no opportunity for somebody to say we will not follow the rules and laws of India. If you don't have the logs, start maintaining the logs. If you are a VPN that wants to hide and be anonymous about those who use its VPN and you don't want to go by these rules, if you want to pull out, then frankly you have no other opportunity but to pull out," Minister of state for electronics and IT Rajeev Chandrasekhar said.
Mr Chandrasekhar also said that the government is not going to make any change in the rules on mandating entities to report cyber breach in their system within six hours of learning about it.
What is the new rule?
- The new circular issued by the CERT-In mandates all service providers, intermediaries, data centres, corporates and government organisations to mandatorily enable logs of all their ICT (Information and Communication Technology) systems and maintain them securely for a rolling period of 180 days, and the same shall be maintained within the Indian jurisdiction.
- VPN service providers to maintain for five years or longer details such as the validated names of their customers, the period for which they hired the service, the IP addresses allotted to these users, the email addresses, the IP addresses and the time stamps used at the time of registration of the customers.
What is a VPN?
- Any and all devices connected to the internet are a part of a large network of computers, servers and other devices spread across the world. To identify each device connected to the internet, service providers globally assign a unique address to each such device called the internet protocol address or IP address. It is this IP address that helps websites, law enforcement agencies and even companies track down individual users and their accurate location.A virtual private network, when switched on, essentially creates a safe network within the larger global network of the internet and masks the IP address of the user by rerouting the data.