India urges world to act on use of VPN

India is seeking global action to counter the use of a slew of technologies — including virtual private networks (VPN), end-to-end encrypted messaging services and blockchain-based technologies such as cryptocurrency — by terrorists. This mirrors New Delhi’s domestic stance on the issue.

Indian officials said “the anonymity, scale, speed and scope offered to (terrorists), and increasing possibility of their remaining untraceable to law enforcement agencies” by using these technologies, is one of the major challenges before the world.

This was part of India’s suggestions to members of an ad hoc committee of the United Nations debating a comprehensive international convention on countering the use of information and communications technologies for criminal purposes.

In order to rein in cybercrime globally, member states must agree on a cooperation framework for “freezing and return” of proceeds obtained from cybercrime, Indian officials stated while addressing the UN ad hoc committee, which met in Vienna during May 30 and June 10.

‘Innovative online means misused’
Noting that most cybercrimes are committed for economic gains, officials told the gathering that “money is laundered using innovative online means, such as cryptocurrency. Often, this money movement happens in numerous countries before it is siphoned off by the perpetrators of crimes, including cyber terrorists using emerging technologies to finance terrorist activities.”

The multilateral grouping was established by a resolution during the 74th session of the UN General Assembly in January 2020, as “an open-ended ad hoc intergovernmental committee of experts, representative of all regions,” which would discuss and decide on developing an international convention to counter global cybercrime. The committee has since met four times — thrice in New York and once in Vienna.

VPN cos exit India
India’s suggestions to the intersessional gathering are in line with its regulatory approach.

On April 28, the Indian Computer Emergency Response Team (CERT-In) issued a set of guidelines that require companies providing VPN services to keep a log of their users for five years. They are also to store information such as username, email ID used while signing up, contact numbers and internet protocol addresses.

Three VPN companies — ExpressVPN, Surfshark and NordVPN — have since quit India, citing their inability to continue services owing to the new CERT-In rules.

Despite the concerted pushback from VPN companies, privacy activists, tech policy groups and cybersecurity experts who argue that such provisions would breach the privacy and security of users, the Centre has remained firm on its stance.

Rajeev Chandrasekhar, minister of state for IT, had also said companies that did not want to adhere to the norms were “free to leave India.”

Separately, the Information Technology (IT) Rules of 2021 mandate that internet platforms that provide instant messaging services must allow for tracking the first originator of the message even when it is end-to-end encrypted. The rule is under judicial challenge at the Delhi High Court.

Tough stance
On several occasions, senior ministers as well as officials from the ministry of electronics and information technology have reiterated their stand that technology giants must not hide behind the “excuse” of anonymity when such requests for traceability are made by law enforcement agencies.

At a recent press conference on CERT-In guidelines, Chandrasekhar told reporters that the government would adopt a “zero-tolerance” policy on anonymity being a cover for online crimes.

The production of evidence, the minister said, was an “unambiguous obligation” that VPN service providers, social media intermediaries and instant messaging platforms had, and they could not then claim to not have the details that the law enforcement agency wanted because the platform was “end-to-end” encrypted.

Similarly, at a discussion organised by the International Monetary Fund in April, finance minister Nirmala Sitharaman stated that regulating cryptocurrencies at a global level was crucial to mitigate the risk of terror funding and money laundering. Ground.news