You are reading it here first: Terming it as a ‘technological challenge’ that allegedly allows ‘criminals to remain anonymous online’, the Parliamentary Standing Committee on Home Affairs urged the Indian government to block virtual private networks (VPN). This comes months after the Indian government liberalised the usage of VPN for Other Service Providers (OSP) in a bid to facilitate work-from-home for the tech industry.
As of date, VPN can easily be downloaded, as many websites are providing such facilities and advertising them. The Committee, therefore, recommends that the Ministry of Home Affairs should coordinate with the Ministry of Electronics and Information Technology to identify and permanently block such VPNs with the help of internet service providers. — The Parliamentary Standing Committee on Home Affairs
These are the other points that the committee made regarding the usage of VPNs —
- VPNs allow criminals to bypass cyber security mechanisms to access the dark web and remain anonymous online.
- Recommend that a coordination mechanism should be developed with international agencies to ensure that VPNs are blocked permanently.
- Ministry (of Home Affairs) must take initiatives to “strengthen tracking and surveillance mechanisms” to put a check on the use of VPN and the dark web.
The committee, chaired by Rajya Sabha MP Anand Sharma, made these recommendations in its “Action Taken By Government on the Recommendations/Observations Contained in the 233rd Report on the Atrocities And Crimes Against Women And Children” which was presented to the Rajya Sabha on August 10. In the report, the committee specifically dealt with issues surrounding cyber crimes in the context of crimes against women.
The usage of VPNs, as opposed to what the committee would want you to believe, is not just limited to cyber criminals. A considerable part of India’s workforce is dependent on VPNs for their daily work. Taking that into cognisance, the Indian government in June liberalised rules for Other Service Providers to manage incoming and outgoing calls by internally using private networks. If the recommendations by the committee are taken into consideration, the effects would be far-reaching with the potential to disrupt the Indian tech industry.
Standing Committee not satisfied with MeitY’s response on VPNs
In response to the Standing Committee’s concerns, the Ministry of Electronics and Information Technology did not provide a direct answer in regards to the blockage of VPNs and instead talked about the various powers under which the Indian government can block information from public access.
The reasons for blocking information (according to MeitY) are —
- Interest of sovereignty and integrity of India
- Defence of India
- Security of the State
- Friendly relations with foreign States
- Public order
- For preventing incitement to the commission of any cognisable offence relating to above
If the request for blocking of such VPNs is received under section 69A of the IT Act, MeitY can initiate the process as specified in the Rules notified under section 69A of the IT Act — MeitY in response to Committee’s queries
This is what the committee said in response to MeitY’s reply
The Committee notes the incomplete reply of the MeitY as no information has been provided on coordination mechanisms with international agencies to block VPNs permanently and initiatives taken/proposed to strengthen the tracking and surveillance mechanisms to put a check on the use of VPN and the dark web. The MHA may put its efforts in getting such information from MeitY and furnish the same to the Committee — The Parliamentary Standing Committee on Home Affairs.
These concerns had also been raised by the committee in a report tabled in the Rajya Sabha in March, according to the Hindustan Times.
Set up more cyber forensic laboratories: Committee
The committee noted that there are instances where the cyber crime is committed in one State and the offender is located in another State. It recommended that the Ministry of Home Affairs should take steps “to empower all State Police and law enforcement agencies (LEAs) to take appropriate action regardless of State boundaries while examining a cyber crime.”
In response, the Indian government said that it has formed seven Joint Cyber Crime Coordination Teams (JCCT) in regions of ‘hotspots of cybercrimes’ or places having more cybercrime victims to overcome jurisdictional issues. These teams share information with each other and provide logistical support for investigating teams.
Apart from that, the Indian government also informed that it has provided grants of Rs 96.13 crore to all states to set up cyber forensic-cum-training laboratories.
Further observations made by the committee regarding cyber forensic labs —
- Recommend the MHA to periodically assess the performance of JCCTs and upgrade them in view of the advancement of technology and various types of new emerging cyber crimes.
- Cyber forensic-cum-training laboratories have been commissioned in 18 States/UT which is only 50% of the total States/UTs. “The Committee, therefore, recommends that the MHA may expedite the commissioning of the labs in remaining States/UTs and allocate necessary funds required for the set up. The Committee would like to be apprised about the progress made in this regard.”
Refresher courses on cybercrimes for Law Enforcement Agencies: Committee
The Standing Committee in its report also observed that the nature of cyber crimes was evolving and changing on a daily basis due to technological advancement. This portion was first reported by news agency IANS a few days ago.
“It is, therefore, important for the Centre to have coordination with the states/Union Territories (UTs) for optimal utilisation of existing resources. The existing national-level training centre at Dwarka, New Delhi, established by the Ministry of Home Affairs (MHA) must be used to provide short and long-term training and refresher courses periodically to all senior officers of the states/UTs involved in monitoring and handling cybercrimes in their respective states/UTs — Parliamentary Standing Committee on Home Affairs
The MHA informed the committee that the National Level Training Centre (NCTC) under the National Crime Record Bureau (NCRB) headquartered at Mahipalpur in New Delhi was conducting short and long-term training and refresher courses periodically for all LEAs.
Till now nearly 13,000 police personnel, judicial officers, and prosecutors have been provided training on cybercrime awareness, investigation, and forensics. The panel observed that several states and UTs are yet to come on board for this purpose.
Government simplified guidelines for OSPs and allowed usage of VPNs
The Department of Telecommunications on June 23 further simplified its November 2020 liberalisation of norms for Other Service Providers like call centres. This is what the rules said regarding usage of VPNs —
- Call traffic over VPN is now allowed: Using Virtual Private Networks, which let users route web traffic from a different location or connect to a remote network, is now permissible for OSPs to integrate international call networks. This lets OSPs integrate their international locations better with India, and potentially save costs on call tariffs. However, bypassing International Long Distance call providers will not be allowed.
- VPN use allowed for internet: Using VPNs that are not provisioned by telcos is now allowed. Previously, only Provider-provisioned VPNs were allowed, which might be inconvenient for an OSP that wants to use a more reliable private circuit.
TRAI and DoT’s disagreement on VPN
In September 2020, the Telecom Regulatory Authority of India (TRAI) and the Department of Telecommunications exchanged disagreements over regulations that govern Other Service Providers like call centers, tele-banking, outsourcing setups, and so on.
In regards to usage of VPN, TRAI had recommended that the previous requirement of using VPNs provided by licensed telecom operators be removed. It had reasoned that telco-provisioned VPNs would hinder flexibility and that any commercially available VPN should be allowed for use. However, the DoT had ruled out the recommendation by saying that that traffic, in no way, should go beyond the country. VPNs create a private network often by routing it through foreign countries.
- Summary: Government further simplifies guidelines for Other Service Providers
- Governments scraps VPN, bank guarantee, work-from-home restrictions on Other Service Providers
Have something to add? Post your comment and gift someone a MediaNama subscription.
Update, September 1, 2021, 11.40 am: Added details about a report tabled by the Parliamentary Standing Committee on Home Affairs in March wherein it also discussed issues regarding virtual private networks (VPN)