In an effort to combat cybercrime, India is enacting a new policy that will require VPN providers to collect and hand over user data, including IP addresses assigned to customers.
The policy is meant to bolster the powers of the country’s national agency, the Computer Emergency Response Team of India (CERT-In), which deals with cybersecurity incidents.
“During the course of handling cyber incidents and interactions with the electorate, CERT-In has identified certain gaps that hinder incident analysis,” the Indian government said in adopting the new policy last week.
The new regulations require VPN providers to record and store the following customer information for at least five years:
Name, email address and phone number
The customer’s purpose for using the VPN service
The IP addresses assigned to the customer and the IP address the customer used to register for the service
The customer’s “ownership pattern”
Such information could help India unmask cybercriminals using VPNs for malicious activities. But you also risk compromising the privacy of all other users of the VPN service, including the websites they have been visiting. As a result, the new policy threatens to undermine a key selling point for using a VPN, which is often touted as a tool to protect your digital privacy.
India’s policy also requires a wide range of Internet services, including ISPs and data centers, to keep logs of all their systems for a continuous period of 180 days. Additionally, cryptocurrency exchanges must keep all of their transaction and customer records for five years.
Recommended by Our Editors
We’ve reached out to several VPN providers about the new requirements and will update the story if we hear back. But we expect major VPN providers to refuse to follow the regulations, which could push the Indian government to block access to offending VPN providers or impose fines.
“Failure to provide the information or non-compliance… may invite punitive action,” the regulation states. The new policy goes into effect June 27.
Do you like what you are reading?
Enroll in security surveillance newsletter for our top privacy and security stories delivered right to your inbox.