"Data centers are unlikely to be able to accommodate this policy and our server architecture under this new regulation, and thus there is no path forward other than to no longer have physical VPN servers in India," he says. In any case, he says, the company's VPN servers have been specifically designed to avoid making logs, including by running in memory. We refuse to ever put our users’ data at risk." "As such, we have made the very straightforward decision to remove our Indian-based VPN servers. RECOMMENDED Black Hat Asia: ‘If democracy is to survive, technology will have to be tamed’ "ExpressVPN absolutely will not participate in the Indian government’s attempts to limit internet freedom," says Harold Li, vice president of ExpressVPN. Users based in India will also be able to continue using the company's apps as usual. Physically located in Singapore and the UK, these allow users to connect with Indian IP addresses. However, it says it will continue to operate its two Indian virtual server locations. As of last week, it's closed down its two physical servers in India. In response, ExpressVPN is – physically, at least – doing just that. "If you’re a VPN that wants to hide and be anonymous about those who use VPNs who want to do business in India and you don’t want to apply, you don’t want to go by these rules, then if you want to pull out, frankly, that is the only opportunity you have. "If you don’t have the logs, start maintaining the logs," he said. In a briefing, Rajeev Chandrasekhar, Indian minister of state for electronics and IT, said the rules were non-negotiable. The regulations will come into effect at the end of June, along with potential penalties of imprisonment or a fine of ₹100,000 ($1,300) for infringements to the rules. Service providers will also have to collect and keep the “period of hire” (the timestamp used at registration), the purpose of the contract, and the “ownership pattern” of the customer.Ĭatch up with the latest cybersecurity news from India Under a new directive (PDF) from the country's Computer Emergency Response Team (CERT-In), VPN providers in the country will have to keep records and logs of customer names, physical addresses, and contact numbers – all of which must be verified – along with email and IP addresses. Privacy concerns raised over mandate to retain customer recordsĪNALYSIS Virtual private network (VPN) providers are digging in their heels, following the introduction of a new law in India requiring them to collect user data and keep it for at least five years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |