Call Us Now

+91 9606900005 / 04

For Enquiry

India’s New VPN Rules


Recently, Computer Emergency Response Team (CERT-In) passed a rule mandating VPN (virtual private network) providers to record and keep their customers’ logs for 180 days.


GS III- Science and Technology, Cyber Security

Dimensions of the Article:

  1. What is a VPN?
  2. Why do people use VPN?
  3. Why is anonymity or privacy so important for VPN providers and users?
  4. Cert- In latest Directive
  5. About CERT- In

What is a VPN ?

  • Any and all devices connected to the internet are a part of a large network of computers, servers and other devices spread across the world.
  • To identify each device connected to the internet, service providers globally assign a unique address to each such device called the internet protocol address or IP address.
  • It is this IP address that helps websites, law enforcement agencies and even companies track down individual users and their accurate location.
  • A virtual private network, when switched on, essentially creates a safe network within the larger global network of the internet and masks the IP address of the user by rerouting the data.
  • Acting as a tunnel, a VPN takes data originating from one server and masks it in a different identity before delivering it to the destination server.
  • In essence, a VPN creates several proxy identities for your data and delivers it safely without disturbing the content of the data.

Why do people use VPN?

  • Safe encryption: A VPN connection masks your internet data traffic and guards it against unauthorised access. Anyone with network access and the desire to examine it can access unencrypted data. Hackers and online criminals are unable to decode this data when using a VPN.
  • Hiding your location: VPN servers essentially serve as your online proxies. Your precise location cannot be identified since the demographic location data originates from a server located in another nation.
  • Data privacy is upheld: The majority of VPN providers don’t keep records of your online activity. On the other hand, some providers track your behaviour but do not disclose this information to outside parties. This ensures that any possible records of your user behaviour are kept secret at all times.
  • Secure data transfer: If you work from home, you might need to access crucial files on the network of your business. This type of information needs a secure connection for security reasons. A VPN connection is frequently necessary to access the network.
Why is anonymity or privacy so important for VPN providers and users?
  • The main reason why privacy or anonymity is important for both VPN service providers and users is that it helps to avoid being tracked, mostly by websites and cybercriminals.
  • Since VPN masks the location of a device from everyone, it also prevents government and law enforcement agencies from accurately identifying the location.
  • VPN has also been of vital importance in countries that try to suppress dissent.
  • By using VPNs, dissidents are able to spoof their location and stay safe.

Cert- In latest Directive:

  • As per the latest directive, Cert-In has asked VPN service providers to maintain for five years or longer details such as the validated names of their customers, the period for which they hired the service, the IP addresses allotted to these users, the email addresses, the IP addresses and the time stamps used at the time of registration of the customers.
  • Cert-In also wants VPN service providers to maintain data such as the purpose for which the customers used their services, their validated addresses and contact numbers, and the ownership pattern of the customers.
  • One of the main reasons that Cert-In provided for seeking these details is that it will help to effectively trace anti-social elements and cybercriminals indulging in various nefarious activities online.
  • These details are necessary to prevent incitement or commission of any “cognisable offence using computer resources or for handling of any cyber incident” which may lead to any disturbance in the “sovereignty or integrity of India, defence of India, security of the state, friendly relations with foreign states or public order”.

About CERT- In

  • CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.
  • The constituency of CERT-In is the Indian Cyber Community.
  • CERT-In was established in 2004 as a functional organization of the Ministry of Electronics and Information Technology.
Functions of CERT-In: 

The Information Technology (Amendment) Act 2008 designated CERT-In to serve as the national agency to perform the following functions in the area of cyber security:

  • Collection, analysis and dissemination of information on cyber incidents.
  • Forecast and alerts of cyber security incidents
  • Emergency measures for handling cyber security incidents
  • Coordination of cyber incident response activities.
  • Issue guidelines, advisories, vulnerability notes and whitepapers relating to information
  • security practices, procedures, prevention, response and reporting of cyber incidents.
  • Such other functions relating to cyber security as may be prescribed.

-Source: The Hindu

November 2023