What is Virtual Private Network? What are its types? What are the new regulations related to VPNs?What are the issues related to it? Read further to know more.
The directives issued to virtual private network (VPN) service providers by the Ministry of Electronics and Information Technology (MeitY) are significant. According to them, VPN services must keep Indian users’ data for up to five years.
This underlines how crucial it is to strike a balance between user privacy protection requirements and the government’s justifiable need for data access for cyber security.
Virtual Private Network(VPN)
The term “VPN” refers to a virtual private network. A virtual private network (VPN) can establish a secure and encrypted connection over a less secure network, such as the internet. A virtual private network (VPN) uses a public network, such as the internet, to extend a private network.
The name solely alludes to the fact that it is a virtual “private network,” meaning that a user can join a local network while seated at a distance. To provide a secure connection, tunneling protocols are used.
Consider a scenario in which a bank’s corporate office is located in India. The local network in this office has, let’s say, 100 computers. Let’s say the bank has locations in Australia and Canada.
A leased line between the branches and the head office was the conventional method of establishing a secure connection between the head office and the unit, but this was a very expensive and challenging task. VPN enables us to resolve this problem successfully.
The VPN server is connected to all machines at the corporate office in India.
When someone using a dial-up connection from an office in Australia connects to the VPN server, the VPN server responds with an IP address that is a part of the collection of IP addresses that make up the local network of the corporate office.
Information can be shared securely over the public internet because the employee from the Australian branch becomes a local to the corporate headquarters.
So, this is the logical method for extending the local network even outside the nation’s boundaries.
Also read: End-to-End Encryption
Various Types Of VPNs
- Remote Access VPNs: They link users to a private network using a safe remote server. To route user data, a remote-access VPN establishes a virtual tunnel between the user’s device and the private network.
- Peer-to-peer (P2P) VPNs: Peer-to-peer networks are compatible with this service. Anyone looking for a file on a P2P network can benefit from this service. It can look for copies of the file and tries to connect to sources that have all or a portion of the requested file.
- Client-to-Server VPNs: While using unsecured public WLANs, this sort of VPN is especially helpful. Clients can connect to the corporate network from their homes and do business as though they were in the office.
- Site-to-Site VPNs: These VPNs are frequently used by big companies when several users need to access the same services in different places.
Advantages
- On the web, it gives safety. Websites that are not using a VPN connection can see our IP address and utilize it to precisely determine our identity and location.VPN services link to private servers and employ encryption techniques to lower the possibility of data leakage, providing data with a safe transit.
- A VPN secures our internet traffic by ensuring that it remains encrypted at all times. A VPN connection cloaks online data transit and guards against unauthorized access. Anyone with network access can examine material that has not been encrypted. The authorities, hackers, and online criminals are unable to decode this data when using a VPN.
- VPNs can get around geo-restrictions by spoofing locations.
- Many nations have prohibited access to a variety of websites, therefore if we are from that region, we will not be able to browse the site. Using a VPN, you can get around these limitations.
- Not all locations always have access to regional web content. Services and websites frequently include content that is only available in specific regions of the world. Typical connections use national and local servers to pinpoint your location.
One can effortlessly change their location by switching a server to a different nation using VPN location spoofing.
Disadvantages
- Internet speed is low. As VPNs force all Internet traffic to go through a VPN server, it could take longer to get to your desired website.
- If you’re connected to a VPN, you won’t be able to see or use specific websites or services, which are frequently intentionally blocked by VPN users.
- Free VPN companies frequently keep track of all Internet activities and sell that information to advertising and other parties.
- VPNs do not perform the same functions as full anti-virus software. A VPN connection does not shield one’s computer from outside intrusion, even while it protects one’s IP and encrypts one’s internet history.
- Regardless of whether a VPN is active or not, once the malware has gained access to a device, it can steal or corrupt the data.
Recently, new guidelines for virtual private networks were published by India’s cyber security body CERT-In (VPNs).
Also Read: SaaS: Software as a Service – ClearIAS
New regulations
- Data storage involves keeping for five years a variety of information on their clients, such as their phone numbers, email addresses, and IP addresses.
- Additionally, it requires VPN companies to log and store consumer data for 180 days.
- Businesses are also required to notify CERT-In of any cyber security incidents within six hours of becoming aware of them.
- Applications would not apply to enterprise or corporate VPNs, only to individual VPN users.
- Data centers, virtual private server (VPS) providers, cloud service providers, producers of virtual assets, virtual asset exchange providers, custodial wallet providers, and government organizations will all need to comply with them.
- VPN providers will be subject to penalties for breaking the rules. If everyone rejects to follow through, VPN services would essentially be outlawed in India.
- Process for KYC verification is made necessary. Along with the risk of having their private information disclosed to the government, users who sign up for a VPN service must go through a rigorous know-your-customer verification process and provide an explanation of why they need it.
Also read: Quantum Cryptography
Issues related to new regulations
- Before registering to use a VPN, customers must go through a rigorous verification process and specify why they are utilizing the services.
- With the new regulations, the use of a VPN is no longer necessary because the government will essentially have access to the customers’ personal information.
- Numerous VPN companies are considering the effects of the new regulations, and some have even threatened to stop offering services in the nation.
- One of the biggest VPN companies in the world, Nord VPN, has announced that it is relocating its servers outside of the nation
- VPN providers will be compelled to migrate to storage servers, which will drive up their costs and do away with their primary goal of protecting user anonymity.
- Taking such dramatic action that has a significant negative impact on the privacy of millions of Indians will likely be ineffective and severely harm the IT sector’s development in the nation.
- It has sparked fear that compulsive data collection inside Indian jurisdiction without strong protective mechanisms may result in even more breaches.
Also read: Challenges to Internal Security Through Communication Networks
Way forward
- According to CERT-In, these regulations do not violate an individual’s right to informational privacy because the organization only plans to request information in response to cybersecurity problems and does not anticipate doing so on a regular basis.
- Any contractual commitment to keep information from the client private is superseded by the obligation to disclose cyber security events to CERT-In.
- If providers don’t follow the CERT-In mandate, VPN services may become illegal in India; however, corporate VPNs won’t be impacted.
- Journalists, activists, and whistleblowers all use VPNs in the course of their work.
- Criminals using VPNs to mask their online presence will now be easier to find for law enforcement organizations, who will also have more time to do so.
Also read: Role of Media and Social Networking Sites in Internal Security Challenges
Conclusion
Since the planned Personal Data Protection Bill has not yet been approved by the Parliament, requesting VPN service providers to store user data may not be a good idea either.
But, the Center can take more steps to prevent hackers from using VPN platforms as a cover. A consultation procedure with VPN providers and international law enforcement organizations can be used to accomplish this. It is possible to create regulations that place the responsibility for platform security on VPN service providers.
Article Written By: Atheena Fathima Riyas
Leave a Reply