UPSC Article

Back
APP Users: If unable to download, please re-install our APP.
Only logged in User can create notes
Only logged in User can create notes

General Studies 3 >> Science & Technology

audio may take few seconds to load

VIRTUAL PRIVATE NETWORK(VPN)

VIRTUAL PRIVATE NETWORK(VPN)


1. Background

  • India’s cybersecurity agency passed a rule mandating Virtual Private Network (VPN) providers to record and keep their customers’ logs for 180 days. 
  • It also asked these firms to collect and store customer data for up to five years. 
  • It further mandated that any cybercrime recorded must be reported to the CERT-In (Computer Emergency Response Team) within six hours of the crime. 
  • In response to the CERT-In rules, Nord VPN, one of the world’s largest VPN providers, has said it is moving its servers out of the country. 
  • Two other firms, Express VPN and Surfshark said they will shut down their physical servers in India and cater to users in India through virtual servers located in Singapore and the U.K.

2. Effect of New Rules

    • CERT-In directions apply to data centres, virtual private server (VPS) providers, cloud service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and government organizations. 
    • Firms that provide Internet proxy-like services through VPN technologies also come under the ambit of the new rule. 
  • Corporate entities are not under the scanner.

3. The aspect of virtual servers and their uses

  • A virtual server is a simulated server environment built on an actual physical server. It recreates the functionality of a dedicated physical server. 
  • The virtual twin functions like a physical server that runs software and uses the resources of the physical server. 
  • Multiple virtual servers can run on a single physical server.
  • Virtualizing servers help reallocate resources for changing workloads. 
  • Converting one physical server into multiple virtual servers allows organizations to use processing power and resources more efficiently by running multiple operating systems and applications on one partitioned server. 
  • Running multiple operating systems and applications on a single physical machine reduces cost as it consumes less space
  • and hardware. 
  • Virtualisation also reduces cost as maintaining a virtual server infrastructure is low compared to a physical server infrastructure.
  • Virtual servers are also said to offer higher security than a physical server infrastructure as the operating system and applications are enclosed in a virtual machine. 
  • This helps contain security attacks and malicious behaviour inside the virtual machine.



4. Can the VPN providers circumvent the new rules and regulations

  • The Ministry of Electronics and Information Technology (MeiTY) regarding the cybersecurity directions offers some clarity on relocation and virtualisation. 
  • It says the rules apply to “any entity whatsoever” in the matter of cyber incidents and cyber security incidents, regardless of whether they have a physical presence in India or not, as long as they deliver services to Indian users. 
  • The service providers who do not have a physical presence in India but offer services to the users in the country, have to designate a point of contact to liaise with CERT-In. 
  • Also, logs may be stored outside India as long as the obligation to produce logs to CERT-In
  • is adhered to by the entities in a reasonable time.

5. Impact of new VPN rules on India

  • In response to The Hindu’s queries on the impact of the removal of physical servers from the country on jobs, SurfsharkVPN said “It would be difficult to estimate the exact number of individuals impacted in terms of employment because we were renting servers from Indian providers.”
  • VPN suppliers leaving India is not good for its burgeoning IT sector. 
  • Taking such radical action that highly impacts the privacy of millions of
  • people in India will most likely be counterproductive and strongly damage the IT sector’s growth in the country, the company said in a release last week.
  • It estimated that 254.9 million Indians have had their accounts breached since 2004 and raised its concern that collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches.
  • The Netherlands-based company further said that they have never received a similar directive on storing customer logs from any other governments in the world.

6. Approach of China towards dealing with VPN usage?

  • Though not all VPNs are officially banned in China, only government-approved VPNs are officially permitted to function.
  • Visitors and Chinese citizens use VPNs to circumvent China’s Great Firewall, which has blocked access to many websites, keywords and
  • even IP addresses.
  • Government-approved VPNs have to register with the Chinese government and have to comply with data requests during investigations.
  • However, cases of tourists being penalized for using non-government-approved VPNs have not been reported.




Share to Social

Related Articles

POVERTY ERADICATION BY CHINA...

11-Oct-2022
Read more

NATIONAL PAYMENTS CORPORATION OF INDIA (NPCI)...

09-Sep-2023
Read more

National Mission For Sustainable Agriculture (NMSA...

07-May-2022
Read more

INVINCIBLE ORIGINALITY OF SRINIVASA RAMANUJAN...

22-Dec-2022
Read more