*****ExpressVPN rejects CERT-In’s rules, decides to remove servers from India – The Hindu BusinessLine

Clipped from: https://www.thehindubusinessline.com/todays-paper/expressvpn-rejects-cert-ins-rules-decides-to-remove-servers-from-india/article65489140.ece

Says new norm incompatible with the purpose of VPNs, which are designedto keep users’ online activity private

VPN service provider ExpressVPN on Thursday announced it will remove its servers from India, rejecting the Computer Emergency Response Team’s (CERT-In) new directions requiring all VPN providers to store user-data for at least five years.

Per the directions — to come into effect on June 27 — companies will need to store users’ real names, IP addresses assigned to them, usage patterns, and other identifying data, ExpressVPN wrote in a blog post.

This makes British Virgin Islands-registered ExpressVPN the first major VPN service provider to withdraw services from India following the new VPN rules.

Other service providers including PureVPN and NordVPN have also raised concerns about the data storage rules but are yet to take a decision on shutting down servers in India.

Still accessible

Indian users will still be able access ExpressVPN’s virtual servers, which will be physically located in Singapore and the UK. The users will continue to get Indian IP addresses through this network. “As countries’ data retention laws shift, we frequently find ourselves adjusting our infrastructure to best protect our users’ privacy and security. In this case, that has meant ending operations in India,” the company said in its blog post.

“The new data law initiated by India’s Computer Emergency Response Team (CERT-In), intended to help fight cybercrime, is incompatible with the purpose of VPNs, which are designed to keep users’ online activity private.

“The law is also overreaching and so broad as to open up the window for potential abuse. We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it,” the company added.

CERT-in directions — to come into effect on June 27 — require companies to store users’ real names, IP addresses assigned to them, usage patterns and other identifying data

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s