In India's latest blow against online privacy, the government has reportedly banned its employees from using virtual private networks (VPNs) – tools designed to protect the online anonymity of their users.
Besides implementing a ban on VPNs, Government employees have also been blocked from using non-governmental cloud platforms like Google Drive and DropBox.
This directive comes just days after popular VPN providers ExpressVPN, Surf Shark, and NordVPN threatened to pull their servers from India in response to the new set of restrictions laid out by the Indian Computer Emergency Response Team, Cert-In.
While these new rules aim to improve the “security posture” of the government, this news comes as a worrying forecast for the 20% of the Indians that use the tools to browse safely and securely.
Government Employees Have Been Banned From Using VPNs
The Indian government has expressed its concerns surrounding the use of VPNs for some time. But, according to the recent Cyber Security Guidelines for Government Employees, India's harsh stance on the tools has now been extended to its government employees.
The directive, which has been issued by the National Informatics Center (NIC) – a body that falls under the Ministry of Electrics and Information Technology – instructs all permanent government employees and temporary, outsourced, and contractual workers against using third-party VPNs during working hours.
The mandate also asks workers not to save any “internal, restricted or confidential government data files on any non-government cloud service”. This includes public cloud platforms like Google Drive or Dropbox.
All employees are required to adhere to these new rules strictly. If they are noncompliant, they risk landing in hot water with their heads of department.
“All government employees, including temporary, contractual/outsourced resources are required to strictly adhere to the guidelines mentioned in this document. Any non-compliance may be acted upon by the respective CISOs/Department heads” – Cyber Security Guidelines for Government Employees
But NIC's new report didn't take place in a vacuum. This guidance was introduced just days after the leading VPN provider, NordVPN, shut down its servers in India.
The provider followed in the footsteps of VPN giants Surfshark, ExpressVPN, and Tor, which have been taking a stance against India's recently passed data laws requiring providers to maintain a log of personal customer information for at least five years.
Unfortunately, despite the efforts of these providers, these protests have appeared to fall on deaf ears. Just last month, Minister of State for Electronics and IT Rajeev Chandrasekha told VPN providers that India “is not a good place to do business” if they aren't willing to follow the new rules.
But with VPNs providing users with a way to browse safely and securely, why is India coming down on the tools with an iron fist?
Why Is India Challenging VPN Use?
Ultimately, India's main gripe with VPN technology comes down to criminality. In a recent meeting of the UN Ad Hoc Committee, which discussed the criminal use of information and communications technology, the Indian delegation argued against the use of VPNs, end-to-end encryption (E2EE), and blockchain-based technologies.
According to their case, these tools allow terrorists to act anonymously and increase the speed, scale, and scope of their operations.
This sentiment is echoed by a number of officials from India's Ministry of Electronics and Information Technology, that claim these technologies let criminals hide behind the excuse of anonymity when faced with requests for traceability.
Why India's Crackdown on VPNs Matter
The government's new “zero-tolerance” policy on digital anonymity aims to tackle the escalating threat of cybercrime and terrorist activity. Yet, for the 270 million individuals that rely on VPNs in India, the suppression of these privacy technologies might make it harder to stay safe online.
With instances of cybercrime growing year on year, virtual private networks let users browse in private while keeping their data secure. This is especially useful for those carrying out financial transactions online. In addition to protecting users through encryption, the tools also let individuals access region-specific websites that aren't available in their country.
Unfortunately, under India's increasingly invasive data collection laws, the primary aim of these technologies is defeated. What's more, with the country's leading providers being forced to comply or else, it's likely that the Indian VPN exodus will continue.
While it's still legal to use VPNs across India, if this does take place, it will become increasingly hard for businesses and public users to use the tools to browse safely.