India’s Government Tells VPNs, Cloud Services They Can Get Screwed Or Get Out

from the get-busy-retaining-or-get-busy-dying dept

You can remember it for us wholesale.” – the government of India, probably.

The Indian government has been working for years to ensure it has complete control of constituents’ use of the internet. It has been steadily increasing its stake in internet use for years, ensuring its interests (especially those of Narendra Modi, who has served as its Prime Minister since 2014) are shielded from the criticism of the governed.

Things have escalated in recent months. The Indian government has declared the state of the country to be Blackwatch Plaid, which means getting all up in everyone’s internet business for the alleged interests of the nation’s security.

India’s government is already home to one of the most comprehensive biometric databases in the world. It has managed to collect at least some physical data points from nearly every one of of its 1.2 billion citizens. Now, it wants to be able to tie these immutable physical characteristics to internet users, starting with entities that might be able to distance users from their online activities.

Earlier this month, the Indian government made it clear (via its cybersecurity force) that no entity was exempted from data collection and retention demands. India’s cybersecurity agency, the Computer Emergency Response Team (CERT-In), was given the power to demand information (on a historical and ongoing basis) from these entities providing services to India residents.

India’s nodal cybersecurity agency, Computer Emergency Response Team (CERT-In), has directed all service providers, intermediaries, data center providers, corporates, and government organizations to report cyber incidents within six hours of their detection.


Companies providing cloud, virtual private network (VPN) will also have to register validated names, emails, and IP addresses of subscribers.

With this data, India’s government can de-anonymize users and do whatever they think is in the easily offended Prime Minister’s best interests.

The six hour time limit is not essential to the Indian government’s national security pretense. This time limit exists solely to allow the government to punish companies moderating content generated by a country of 1.2 billion people, converting the impossibility of the job into fines, fees, self-serving public statements, and criminal actions in local courts.

The tech companies being subjected to these demands recognize the impossibility of the ask. The Indian government doesn’t care. Do or do not. There is no try. Otherwise, GTFO.

The government had its say, as The Indian Express reports:

The Indian Computer Emergency Response Team issued a directive in April asking tech companies to report data breaches within six hours of “noticing such incidents” and to maintain IT and communications logs for six months.

They also mandated cloud service providers such as Amazon and virtual private network (VPN) companies to retain names of their customers and IP addresses for at least five years, even after they stop using the company’s services.

The measures have raised concerns within the industry about a growing compliance burden and higher costs.

Those complaining about the impossibility of the task are being handed the same answer many Indian immigrants received when complaining about bigotry/bullshit in the United States after arriving in the “Land of Opportunity:” if you don’t like it, go back to where you came from.

“If you don’t want to go by these rules, and if you want to pull out, then frankly … you have to pull out,” [India junior IT minister Rajeev] Chandrasekhar told reporters.

Fuck everyone but the government, I guess. Millions of users may rely on these services, but if they can’t perform six-hour takedowns of stuff hosted at cloud services or served up via VPNs, screw the services and the users. Whatever it takes to ensure the government remains free of criticism and everyone else — whether its someone sitting at the lower end of the caste system or a billion-dollar multinational company — subservient to an ever-changing list of acceptable conditions.

India has some serious national security issues it needs to forcefully address. But those problems would be best handled by military force and diplomatic efforts. The security of the country does not flow through various internet services and certainly does not require punishing people for criticizing their government. If that’s what India wants to do, it really shouldn’t expend any more effort (physically) fighting off Chinese incursions. It should just accept who it wants to be and allow the world’s largest dictatorship to show it how oppression is really done.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “India’s Government Tells VPNs, Cloud Services They Can Get Screwed Or Get Out”

Subscribe: RSS Leave a comment
N0083rp00f says:

All this but nothing happens to the criminal organizations that produce fake documents and especially all those telephone scam boilerooms.
Activities that have cyber footprints the size of a Brontasaurus.
Funny that.

One could assume that this regime is all for the criminal activities and the dollars brought into the country at the expense of mostly the elderly.

Maybe we should hold them responsible for facilitating and profiting from such activities.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...