VPN Providers Threaten To Quit India Over New Data Law (wired.com) 26
VPN companies are squaring up for a fight with the Indian government over new rules designed to change how they operate in the country. Wired: On April 28, officials announced that virtual private network companies will be required to collect swathes of customer data -- and maintain it for five years or more -- under a new national directive. VPN providers have two months to accede to the rules and start collecting data. The justification from the country's Computer Emergency Response Team (CERT-In) is that it needs to be able to investigate potential cybercrime. But that doesn't wash with VPN providers, some of whom have said they may ignore the demands.
"This latest move by the Indian government to require VPN companies to hand over user personal data represents a worrying attempt to infringe on the digital rights of its citizens," says Harold Li, vice president of ExpressVPN. He adds that the company would never log user information or activity and that it will adjust its "operations and infrastructure to preserve this principle if and when necessary." Other VPN providers are also considering their options. Gytis Malinauskas, head of Surfshark's legal department, says the VPN provider couldn't currently comply with India's logging requirements because it uses RAM-only servers, which automatically overwrite user-related data. [...] ProtonVPN is similarly concerned, calling the move an erosion of civil liberties.
"This latest move by the Indian government to require VPN companies to hand over user personal data represents a worrying attempt to infringe on the digital rights of its citizens," says Harold Li, vice president of ExpressVPN. He adds that the company would never log user information or activity and that it will adjust its "operations and infrastructure to preserve this principle if and when necessary." Other VPN providers are also considering their options. Gytis Malinauskas, head of Surfshark's legal department, says the VPN provider couldn't currently comply with India's logging requirements because it uses RAM-only servers, which automatically overwrite user-related data. [...] ProtonVPN is similarly concerned, calling the move an erosion of civil liberties.
There should be a word again. (Score:2)
There should be a word for inducing someone to react in a way where they hurt themselves and help the very cause they're fighting, because that's what's going on here. I have no doubt the Indian government would be happy if every company that won't let them snoop were to take their ball and go home.
Last time I said there should be a word for forbidding someone to do something they had no intention of doing. This one is the opposite -- induce someone to do something they shouldn't, out of spite, while they t
Re: (Score:3, Insightful)
What (the fuck) do you think they should do instead? Just hand over the information and stop providing the core service they're supposed to be selling?
Anyway, what "leaving India" can easily mean is "moving all servers outside of India"... so that the Indian government has to do the work to identify and block them if they want to cut them off.
Re: (Score:3)
I don't think they should do anything instead, the Indian government has the sovereign right to step on its own dick. But they should be aware that saying "screw you guys, I'm going home" is exactly the desired reaction as far as the leaders of India are concerned. They should try to slow-walk the process as best they can, but making rumblings about pulling out will lead to the reaction of "don't let the door hit you in the ass on the way out".
Re: (Score:1)
"Pulling out" just means moving servers outside of India where this idiotic law can't touch them. Indian users will still be able to use the VPNs, and with this going on absolutely should.
And no, the Indian government DOES NOT have the sovereign right to violate individual rights. Nor will they be able to without going full China, and they do not have the capability or money to go full China.
Re: (Score:2)
Indians will just pay in crypto. Good luck with the Great Firewall of India. It'll really help with competitiveness.
Re: (Score:2)
The Streiand Effect?
https://en.wikipedia.org/wiki/... [wikipedia.org]
And yet many of them play hide and seek in China? (Score:2)
I mean, many people in China use VPNs to bypass "the great firewall" and the authorities then try to find the server addresses and block them. So I guess India will go to similar situation then.
Re: (Score:2)
Or can't maybe.
India... WTF? (Score:5, Interesting)
Re:India... WTF? (Score:5, Insightful)
> I don't understand why the people, who ostensibly live in a democracy, don't fight back.
Most people are apathetic until an issue directly effects them.
"People are dumb, panicky dangerous animals and you know it." - MIB
Re: (Score:2)
> I don't understand why the people, who ostensibly live in a democracy, don't fight back.
Most people are apathetic until an issue directly effects them.
"People are dumb, panicky dangerous animals and you know it." - MIB
I agree with your point (plus there's a lot of people who see this kind of invasion as being "tough on crime", at least until they're the "criminal") but if you're going to quote the great Tommy-Lee... at lest reference the character.
"People are dumb, panicky dangerous animals and you know it." - Tommy-Lee Jones as Agent K, MIB (1997)
As you were.
Re: (Score:2)
Re: (Score:2)
You mean like the people in the Red Corridor [wikipedia.org]?
If you get them mad enough for a cause, they will fight.
Re: (Score:2)
This should be sorted out by a popular vote. (Score:2)
Decisions like these should be a subject to a referendum-like approval from the population. The powers to be conveniently forget that their job is to serve people and their best interest, not the other way around.
Re: (Score:2)
I thought the first rule of VPN technology . . . (Score:2)
Yeah, given the whole point of VPN in the first place . . . sure, this ought to work out just swell for the Indian government.
Sure, but ... (Score:2)
Collect the data and immediately encrypt it using asymmetrical encryption keys held by another company, based outside India...
That's not all... (Score:1)
Oopsie! (Score:2)
That just eliminated all remote workers.
Guess everyone is going to have to bring work back to their respective countries?
Or do you think the "big fish" will be granted an exception.
Re: (Score:2)
I doubt the demand is on companies that provide VPN access to their internal networks for the purposes of business that is not explicitly about the sale of VPN services in their own right. It's also not going to be on companies that sell VPN solutions to those other companies.
Near as I can tell (only having followed the master link and a couple smaller ones), it's a demand for companies that explicitly offer VPN services in the vein of ExpressVPN, NordVPN, etc..
They won't likely tinker with the cash cow tha
Google in Australia (Score:2)
Missing the forest for the trees (Score:2)
Without even looking at the invasion of privacy for Indian citizens if all of that data is recorded, what makes them think they would be able to do anything with the data anyway? They can't even get a handle on the illegal scam call centers running in their country. Those are operating very much in the open, and people, not even in law enforcement, have little trouble tracking them down to the room number of the building they are in from the opposite side of the world, yet they continue to thrive. The India