Understanding CERT-In’s new VPN Rules
CERT-In (The Indian Computer Emergency Response Team) announced a set of rules for VPN Providers in India. There are more restrictions to how individuals can use VPNs. Due to its anonymous nature, more and more people have started using VPNs in order to hide their online activity. Hence the government has implemented new rules on how people can use VPNs and what they can do with it.
Let us understand what a VPN is in detail and then understand how it can be used for malicious purposes and the need to implement new rules to restrict its usage.
VPN stands for Virtual Private Network, as the name suggests, a VPN basically is a technology that creates private networks within which data can be transferred. VPNs provide anonymity by masking your private IP address in a way that your online activity is virtually untraceable. But the most important feature of a VPN is that it provides secure and encrypted connections, eventually providing greater privacy and security.
Organisations use VPNs mainly for security and confidentiality purposes. A VPN creates a virtual tunnel that hides your online activity so that cybercriminals, government agencies and other unauthorised parties cannot access your digital activity.
A VPN is a must, especially when you are connecting on a public network, where your online activity is most vulnerable. Any data transmitted during your online sessions while being connected to a public network could be vulnerable to eavesdropping by strangers using the same network.
So, when a VPN has so many advantages, why does the government want to implement strict protocols against its usage? The answer is simple. VPNs can be used by cybercriminals too, to hide their illicit activities. It gives them the advantage to hide their identities and stay anonymous. Any sophisticated technology can be used for good and bad activities.
In order to reduce the malicious usage of VPNs and to have greater visibility of online activities, the government has implemented strict rules and regulations against the usage of VPNs.
The new rules demand all the VPN service providers to store user data for a minimum of five (5) years. VPN providers are asked to store user information such as Usernames, Emails Addresses, IP Addresses, usage patterns, and other forms of Personally Identifiable Information [PII].
They also state that any unauthorised online activity such as access to social media accounts, payments modes etc must be reported to the Computer Emergency Response Team [CERT-In]. These new rules were supposed to come into effect on Mon, 27-Jun-2022 as per the initial announcement. But according to a new update from CERT-In, the new deadline to comply with the rules is Sun, 25-Sept-2022.