India Delays VPN Rules To Log Customers Data by 3 Months (techcrunch.com) 4
India will give VPN providers and cloud service operators an additional three months to comply with new rules that require they maintain names and addresses of their customers and their IP addresses, delivering some relief to firms as many scramble to follow the new guidelines and others explore exiting the South Asian market. From a report: The Indian Computer Emergency Response Team, the body appointed by the government to protect India's information infrastructure, said Monday evening it is extending the enforcement of the new rules to September 25. The rules, unveiled in late April, was set to go into effect Monday. Its announcement follows sharp criticism from VPN providers, many of which including Nord and ExpressVPN have announced their intentions to remove local servers in the country in recent weeks. [...] CERT's new directions require "virtual private server (VPS) providers, cloud service providers, VPN service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and government organisations" to store customers' names, email addresses, IP addresses, know-your-customer records and financial transactions for a period of five years.
Excellent! (Score:3)
That's three months for providers to move resources out of the country, and three months for customers to find new VPN providers which don't store data in India.
Re: (Score:3)
I don't understand why they're doing this. As you said, it's a net negative for them to begin with.
Most VPN providers have already told them to get fucked, and this isn't going to change any of that.
Also moving resources out of country isn't affected by this decision at all, since the only predicate would be 'stop providing service'.
The law in question doesn't say anything about a presence in their country, and also doesn't appear to contain language that they can retroactively impound infrastructure..
So th
Re: (Score:2)
The only thing I can think of is they're trying to lure them into complacency while they work on a newer, more powerful law, that lets them do those things.
I suppose there's an outside chance they realized it was a dumb move, and counterproductive, since chasing the VPN providers out of the country means not being able to monitor the incoming and outgoing connections to try to tie them together.
Re:Excellent! (Score:5, Interesting)
I think they intend to concede but not admit conceding, in order to avoid losing face. The logging rules are a bad idea, not because of some "noisy" freedom fighters and people like us, but because of businesses that will not put up with competitors and govt clients "accidentally" obtain "leaks" of their data.
So this particular attempt at being authoritarian assholes will largely peter out, the rules will be delayed again then mostly defused, leaving something half-baked that will be an annoyance but not make businesses scream that loudly.