The IT Ministry of India has declared for all the VPN service providing companies to store the data of users for at least five years as per last week’s new report. The Computer Emergency Response Team (CERT) has also asked the crypto exchanges and data centres to collect and store user data for five years. The reason is to coordinate with databases to help in emergency measures that are related to cyber security of the country.
Companies are instructed to record and track the data of the consumer even if the subscription has been cancelled by him or her. If a company fails to do so, then according to the new governing law they are liable for imprisonment up to a year.
Affect On Internet Users Now
Many internet users in India utilize the Virtual Proxy Networks or VPN services to add as a layer of security. VPN used by the users can prevent their sensitive information like location from being tracked by the online website trackers. Some premium VPN services and some free ones also allow no logging policy for convenience of the users. With this users enjoy complete privacy as their service providers themselves use Ram-only servers that prevent user’s data from being stored longer than the temporary standards.
As now the new law is being implemented the companies will need storage servers to meet the Government demands. Which will let them store every user’s login data for the term of at least five years. But this process is not so cost effective, the VPN service charges may rise higher with the need of storage servers.
According to the new law you can witness this change in VPN services in the coming 60 days.
Type of Data That VPN Companies Will Be Storing And Sending To Government:
- “Targeted scanning/probing of critical networks/systems.”
- “Compromise of critical systems/information.”
- “Unauthorised access of IT systems/data.”
- “Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc.”
- “Malicious code attacks such as spreading of virus/worm/Trojan/Bots/Spyware/Ransomware/Cryptominers.”
- “Attack on servers such as Database, Mail and DNS and network devices such as Routers.”
- “Identity Theft, spoofing and phishing attacks,”
- “Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.”
- “Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks.”
- “Attacks on applications such as E-Governance, E-Commerce etc.”
- “Data Breach”.
- “Data Leak”.
- “Attacks on Internet of Things (IoT) devices and associated systems, networks, software, servers.”
- “Attacks or incidents affecting Digital Payment systems.”
- “Attacks through Malicious Mobile Apps.”
- “Fake mobile Apps.”
- “Unauthorised access to social media accounts.”
- “Attacks or malicious/ suspicious activities affecting Cloud computing systems/servers/software/applications.”
- “Attacks or malicious/suspicious activities affecting systems/ servers/ networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones.”
- “Attacks or malicious/ suspicious activities affecting systems/ servers/software/ applications related to Artificial Intelligence and Machine Learning.”