Why is India restricting access to VPNs, Google Drive for govt employees


The central government recently issued an advisory that notes government employees must avoid third-party VPN services like NordVPN and ExpressVPN as well as cloud storage services like Google Drive and Dropbox. In its document titled, ‘Cyber Security Guidelines for Government Employees’ by the National Informatics Centre (NIC) – a department under the Ministry of Electronics and Information Technology – the government says the new guidelines are to be followed strictly, or else they could be penalised by the “respective CISOs/department heads”. However, the orders are solely designed for government employees and not regular internet users in India.

What does the new order say exactly?

The new ‘restricted’ document simply highlights good and bad cybersecurity practices for government employees. Apart from restricting access to cloud storage and CC(virtual private network) services, the government order notes that employees should also avoid third-party toolbars (download manager, weather toolbar, askme toolbar) on the internet browser.

The government workers are also advised to stop downloading pirated software.

Similarly, government workers are asked not to use any “external email services for official communication” and conduct “sensitive internal meetings and discussions” using “unauthorised third-party video conferencing or collaboration tools”.

Why is the government restricting access to VPN and third-party storage?

To understand the so-called ban, it is first crucial to understand why VPN (and cloud storage) services in India are being targeted.

In its old order, CERT-IN, a department with the Ministry of Electronics and Information Technology, mandated that VPNs operating in the country would have to store users’ records for five years. For those unaware, a VPN essentially lets users mask their online identity and access banned websites. Many times, users access legal platforms with a VPN to keep their online identity anonymous.

Since early, VPN services have become increasingly popular as many companies started operating from home. Hence, to keep data stored on private office networks safe, companies require workers to use a VPN network to access platforms safely. Individual users often use VPNs to access banned sites like torrents and more.

Therefore, the government seemingly wants to end anonymity and keep track of online activities, mainly illegal ones. However, many experts read the order on VPNs to curb freedom on the internet. This is why VPN services like NordVPN decided to remove servers from India to continue keeping users’ data safe.

On the other hand, cloud storage services in India are perfectly legal, and neither NIC nor CERT-IN advises regular users to stop using platforms Google Drive and Dropbox. The exact cause of the advisory from the government remains unclear, but we can speculate on a few reasons behind this decision.

A simple answer could be that the government wants its employees to start using native services like DigiLocker, which provides loads of services similar to that of Google Drive and Dropbox. It is also likely that the government does not want workers to store data on third-party apps purely for security reasons. Storing files on third-party platforms could lead to a leak of sensitive data if the account is compromised, which is also possible with in-house services. The NIC guidelines echo the Indian army’s advisory for its jawans on third-party messaging apps.

On several occasions, the Indian army asked young soldiers to avoid joining WhatsApp groups with non-army individuals. It has even advised personnel to not share sensitive information or put photos in uniform on platforms like Facebook and Instagram, despite the services being totally legal in India.

Similarly, the Indian army launched its in-house messaging app called Army Secure IndiGeneous Messaging Application to offer better security to its personnel. The app is also reportedly designed to compete with modern messaging apps, but its access is restricted for security reasons.


Source link