Government Employees Banned from Using VPNs: 7 Things to Know
The vpn the controversy continues to rage. In a new directive, the government would have prohibited its employees from using third-party virtual private networks (VPNs) and anonymization services offered by companies such as NordVPN, ExpressVPN, Surfshark and Tor. The directive comes days after these VPN service providers threatened to pull their servers out of India in protest against new rules announced by India’s cybersecurity agency Computer Emergency Response Team (Cert-In). Here’s what the directive says and more:
* The guidelines were issued by National Computing Center (NICs), which falls under the Ministry of Electronics and Information Technology. The document is called Cyber Security Guidelines for Government Employees. The document, seen by Economic Times, aims to educate government employees and contracted/outsourced resources and educate them on do’s and don’ts from a cybersecurity perspective.
* The document requires all government employees, including temporary, contract/outsourced resources, to strictly adhere to the guidelines mentioned. Any non-compliance may be sanctioned by the respective CISOs/Heads of Department.
* The directive instructs government employees not to save “any internal, restricted, or confidential government data file to a non-government cloud service such as Google Drive or Dropbox.”
* It asks government employees not to “jailbreak” or “root” their cell phones.
* Do not use external mobile app-based scanning services such as CamScanner to scan “internal government documents”.
* On April 28, Cert-In published a set of rules requiring VPN companies operating in India to keep a log of their customers’ details, including names, addresses and the purpose for which the VPN service was used. The rules, however, do not apply to corporate VPNs.
* Despite protests from businesses and industry bodies, the government has so far remained firm on its position. The Minister Delegate for Electronics and IT Rajeev Chandrasekhar said in a media interaction earlier this month that companies that do not wish to follow the standards are “free to leave India”. The minister told reporters that the government would adopt a “zero tolerance” policy on anonymity as a cover for online crimes, and that producing evidence was an “unambiguous obligation” for VPN service providers, social media intermediaries and instant messaging platforms.