Indian government's VPN guidelines will impact over 270 million users

A few days back, the Government of India issued new guidelines directing companies providing virtual private network (VPN) services in the country to record and store the details of their users. These guidelines were issued by the Indian Computer Emergency Response Team (CERT-In).

CERT further informed that the new guidelines will come into effect after 60 days of the issue of the order. However, the directive has been slammed by various sections of society, including VPN companies, consumers, and rights activists. The Internet Freedom Foundation said, “The directions were released by CERT-In without any public consultation with technology and cyber security experts, which has led to the inclusion of multiple unwarranted provisions.”

The directive issued by the Indian government makes it mandatory for the VPN providers to maintain the following data under the know your customer (KYC) policy for a span of five years –

• Validated name of subscribers/customers

• Period of hire

• IPs allotted to the user

• Email address, IP address, and time stamp used at the time of registration.

• Purpose of hiring services

• Validated address and contact numbers

• Ownership pattern of the subscribers