Pavan Duggal on is India’s strategy on VPN and cyber laws enough?

All VPN providers serving consumers in India have been asked to comply with additional regulations by the Indian Computer Emergency Response Team (CERT-In).

VPN, an online service, purports to provide its users more security when connected to the internet.
VPN, an online service, purports to provide its users more security when connected to the internet.

With cryptocurrency raising the bar when it comes to cyberfraud, the government offlate seems to have taken cyber security rather seriously. It has rolled out new Virtual Private Network (VPN) rules. VPN is an online service,  purports to provide its users more security when connected to the Internet. In conversation with FE Digital Currency Pavan Duggal,  Supreme Court lawyer, founder, chairman, International Commission on Cyber Security Law, talks about how secure is the country? (Edited Excerpts)

What are the advantages and disadvantages of the new VPN rules?

The VPN law effectively refers to a new set of legal provisions where India has chosen to regulate the service providers. This will make the space more cyber secure and cyber resilient. The VPN providers have not been cooperative with the governments and law-enforcing agencies. Netizens are virtually providing a gateway to unlimited cybercrime activities through VPN service providers. If someone does not comply with the VPN law, they commit an offense under Section 70B of the Information Technology (IT) Act. All VPN providers serving consumers in India have been asked to comply with additional regulations by the Indian Computer Emergency Response Team (CERT-In).

How can we look at creating a robust mechanism to combat cyber threats? 

It is a practical problem that the nation does not have a robust defensive system.  India does not have a robust cyber defense mechanism because the center has not given it the priority. Every 11 seconds, one company in the world becomes the victim of a ransomware attack.  The government did come up with the ‘National Cyber Security Policy 2013’, but the Center has not been able to implement it.   But, if we compare the development with other nations, we are lagging in the race. Countries like China, Singapore, and Australia, have not just come up with dedicated laws in cybersecurity but also came up with vast provisions to enable the cybersecurity ecosystem. The center needs a dedicated ecosystem with legal frameworks.

For instance, the Information Technology Act was passed in the year 2000. After 22 years, India was successful in welding the said legislation once, in 2008, in a most incomprehensible manner. The Indian IT Act is thoroughly incapable of dealing with large parameters including blockchain, Artificial Intelligence (AI), quantum computing, or even social media. 

How will new VPN guidelines impact user’s privacy?

India still lacks a legal cyber ecosystem to protect its critical legal infrastructure and has failed to provide adequate security to its users. Any breach of the cybersecurity ecosystem could potentially have a prejudicial impact on the cyber sovereignty of India. The government needs to actively involve the private sector. The private-public partnerships will help in building a strong cyber defense infrastructure.

Get live Share Market updates and latest India News and business news on Financial Express. Download Financial Express App for latest business news.

Photos