The proposal of the Parliamentary Standing Committee on Home Affairs to block virtual private networks (VPNs) in India has left many multinational and Indian companies in a tizzy. Many companies have been using VPN for enabling secure work-from-home during the pandemic.
While the Committee has sought to ban VPNs to control cybercrime, Internet policy experts and security researchers called it a “strange and ill-judged” idea as this would have a serious impact on the data security of MNCs and financial firms operating remotely. If the ban gets implemented, every company, from IT firms running operations remotely to banks doing transactions online, will be left high and dry, they said.
Amitabh Singhal, Director, Telxess Consulting Services and former President of Internet Service Providers Association of India, told BusinessLine: “It’s a very strange and hare-brained idea to block VPNs. It is going to be counter-productive especially for businesses. During Covid most organisations, domestic or global, worked from home. All have been using VPNs to secure their network for conducting businesses remotely. To ban VPN will set a bad precedent and destroy the internet as a medium to conduct business safely.”
“Every company is using a VPN-based solution nowadays. Also, the entire cloud industry is shifting to cloud-plus-VPN-based hybrid model,” Sunny Nehra, Admin, Hacks and Security and an ethical hacker, told BusinessLine. Moreover, a ban also contradicts the government’s relaxation on connectivity norms for VPN use for other sectors like BPOs.
Singhal added, “There are better ways for the government to ensure safety. The committee is just using the ploy of security to clamp down on something. I don’t think this is a valid argument just because some anti-social elements use VPNs to hide their identity. How do you expect companies depending on the internet to conduct their global and local businesses securely while working under this ban?”
In the report submitted to the Rajya Sabha on August 10, the Standing Committee suggested that the Ministry of Home Affairs should coordinate with the Ministry of Electronics and Information Technology to identify and permanently block VPNs with the help of internet service providers.
It said, “The Committee notes with anxiety the technological challenge posed by VPN services and Dark Web that can bypass cyber security walls and allow criminals to remain anonymous online. As of date, VPN can easily be downloaded as many websites are providing such facilities and advertising them.”
“The Committee also recommends that a coordination mechanism be developed with international agencies to ensure that these VPNs are blocked permanently,” the report added.
Nehra said, “The government should focus on banning third party ‘No-Log’ VPN apps and software from app stores and other websites. No-Log VPN makes it impossible to track the identity and IP addresses of the hacker if a cybercrime happens as no backend database is being saved. Most big companies use in-house VPNs. So even if they use a VPN which stores data, it will be safe with them, there wouldn’t be any data leak when it’s in transit between two companies.”
“Cybersecurity will always be a challenge and the government will have to continue to find ways and use its resources to enhance technical capabilities for tracking such crimes, banning VPN is not the way,” Singhal added. The Hindu BusinessLine