A new law on VPN services will be implemented in India
According to a report by The Wall Street Journal, India’s Computer Emergency Response Team (CERT-In) has asked VPN operators in India to collect information like — customers’ names, email addresses and the IP addresses used to connect to the web. The national agency that oversees computer security has also asked the companies to maintain the data for at least five years and furnish the information to authorities when asked, the report mentions.
CERT-In has explained that this new law is important to tackle cybercrime and defend the “sovereignty or integrity of India” and the security of the state. The report adds that the agency has also said that the new rules will be implemented from September 25.
Why VPN providers have decided to take down their servers in India
As per the report, the withdrawing VPN companies and internet-rights groups have stated that by collecting such data, the companies will “imperil their users’ privacy and curtail online speech.” Some digital groups have also implied that the new rules are “more typical of those imposed in China or Russia,” and can’t be found in democratic countries.
A spokeswoman for NordVPN, which has also decided to shut down its servers in India, has said that these rules are typically used by authoritarian governments to gain more control over their citizens. “If democracies follow the same path, it has the potential to affect people’s privacy as well as their freedom of speech” she added.
A few other VPN services have also recently stopped operating servers in India. These providers include — U.S.-based Private Internet Access and IPVanish, Canada-based TunnelBear, British Virgin Islands-based ExpressVPN, and Lithuania-based Surfshark, the report adds.
Apart from this, ExpressVPN has also refused to participate in the “Indian government’s attempts to limit internet freedom.” Private Internet Access has complained that the government’s move “severely undermines the online privacy of Indian residents.”
However, Indian users will be able to connect to VPN servers in other countries. Users in Russia and China have to take the same approach as the operating servers within these countries also need VPN companies to comply with similar legislation.
What is Apple’s iCloud Private Relay
The report mentions that the new law even applies to Apple’s iCloud Private Relay, which is also a VPN service used only for the Safari browser. The iCloud Private Relay system is designed in such a way that allows no single party handling user data is allowed access to complete information on both who the user is and what they are trying to access the report notes.
As per the report, Apple’s Private Relay uses modern encryption and transport mechanisms to relay traffic from user devices via Apple and partner infrastructure before sending it to the destination website.
However, the company has not yet commented on its plans to offer VPN services in India and is expected to announce its decision soon. Furthermore, the new rule even applies to cloud storage services, however, in this case, it won’t have much practical impact on Apple, the report confirms. The company holds a copy of your decryption key as iCloud does not use end-to-end encryption. So, it can easily comply with government demands for information.