2022 JUN 27
Science and Technology > IT & Computers > IT & Computers
Why in news?
- Some of the leading virtual private network (VPN) service providers have announced that they will remove servers from India after India’s cyber agency Computer Emergency Response Team (CERT-In) has announced new rules for VPN providers.
About Virtual Server:
- A virtual server is a simulated server environment built on an actual physical server.
- It basically recreates the functionality of a dedicated physical server.
Advantages of a Virtual Server:
- More Efficient:
- Converting one physical server into multiple virtual servers allows organizations to use processing power and resources more efficiently by running multiple operating systems and applications on one partitioned server.
- Reduces the cost:
- Running multiple operating systems and applications on a single physical machine reduces the cost as it consumes less space and hardware.
- Higher security:
- It offers higher security than a physical server infrastructure as the operating system and applications are enclosed in a virtual machine. This helps contain security attacks and malicious behaviours inside the virtual machine.
- Useful in Debugging:
- Virtual servers are also useful in testing and debugging applications in different operating systems and versions without having to manually install and run them on several physical machines.
What is a VPN?
- Devices connecting to the Internet are all assigned an Internet Protocol (IP) address.
- This allows law enforcement agencies, service providers, etc., to identify the device and its location, thereby identifying the user.
- A virtual private network (VPN) is an internet tool that masks a person’s actual Internet Protocol (IP) address, so the online actions are virtually untraceable.
- It provides online privacy and anonymity by creating a private network from a public internet connection.
What are the new rules released by CERT?
- The new rules mandate VPN providers to record and keep their customers’ logs for 180 days. Corporate VPN providers have been exempted from this.
- It also asked these firms to collect and store customer data for up to five years.
- It further mandated that any cybercrime recorded must be reported to the CERT within 6 hours of the crime.
Who all do these new rules apply to?
- The rules are applicable to “any entity whatsoever” in the matter of cyber incidents and cyber security incidents, regardless of whether they have a physical presence in India or not, as long as they deliver services to Indian users.
- The service providers who do not have a physical presence in India but offer services to the users in the country have to designate a point of contact to liaise with CERT-In.
What is the implication of these new rules?
- In regards to the VPN service providers, they have few options but to switch to storage servers that will increase the existing costs of operations.
- In addition to that, the core aspect of using a VPN to protect the users’ privacy would also be affected.
Is India the first country to regulate VPNs?
- India is not the first country to ban or regulate VPNs. In the past, various other countries such as China, Belarus, Iraq, North Korea, Oman, Russia, and the UAE have also taken similar steps.
- For instance, in China, only government-approved VPNs are officially permitted to function.
Consider the following statements regarding ‘Virtual Private Network’:
1. Virtual Private Network (VPN) is an internet tool that masks a person’s actual Internet Protocol (IP) address
2. In India, VPN providers are mandated to collect and store customer data for up to five years
Which of the statements given above is/are correct?
(a) 1 only
(b) 2 only
(c) Both 1 and 2
(d) Neither 1 nor 2