Why Parliamentary panel's proposal to ban VPN has companies worried

The Parliamentary Standing Committee on Home Affairs has proposed to block virtual private networks (VPNs) in India, leaving several companies worried about security issues. Most companies have been using VPNs to enable secure work-from-home during the pandemic.

Even though the committee said the motivation behind their decision was to primarily control cybercrime, internet policy experts and security researchers have called it a “strange and ill-judged” idea.

Experts believe the ban would adversely impact the data security of MNCs and business firms operating remotely.

According to them, the implementation of this ban would leave every IT firm working remotely and even banks doing online transactions, in troubled waters.

“It’s a very strange and hare-brained idea to block VPNs. It is going to be counter-productive especially for businesses,”Amitabh Singhal, director of Telxess Consulting Services and former president of Internet Service Providers Association of India, told BusinessLine

Also read: House panel wants VPN services banned in India

During the COVID-19 pandemic which had governments across the world imposing strict lockdowns, most organisations, domestic or global, moved to the work-from-home format.

A major chunk of these companies have been using VPNs to secure their network for conducting businesses remotely.

“To ban VPN will set a bad precedent and destroy the internet as a medium to conduct business safely,” Singhal said.

“There are better ways for the government to ensure safety. The committee is just using the ploy of security to clamp down on something. I don’t think this is a valid argument just because some anti-social elements use VPNs to hide their identity. How do you expect companies depending on the internet to conduct their global and local businesses securely while working under this ban?” he added.

Sunny Nehra, admin, Hacks and Security and an ethical hacker, told BusinessLine, “Every company is using a VPN-based solution nowadays. Also, the entire cloud industry is shifting to a cloud-plus-VPN-based hybrid model.”

Also read: Indian websites not accessible in China, Xi Jinping govt blocks VPN

In their report submitted to the Rajya Sabha on August 10, the Parliamentary Committee recommended the government to inevitably block VPNs using internet service providers.

“The Committee notes with anxiety the technological challenge posed by VPN services and Dark Web that can bypass cyber security walls and allow criminals to remain anonymous online. As of date, VPN can easily be downloaded as many websites are providing such facilities and advertising them,” the committee said.

“The Committee also recommends that a coordination mechanism be developed with international agencies to ensure that these VPNs are blocked permanently,” the report added.

Also read: In Kashmir, crackdown on VPN users shows intention to muzzle opinions

Nehra said, “The government should focus on banning third party ‘No-Log’ VPN apps and software from app stores and other websites. No-Log VPN makes it impossible to track the identity and IP addresses of the hacker if a cybercrime happens as no backend database is being saved. Most big companies use in-house VPNs. So even if they use a VPN which stores data, it will be safe with them, there wouldn’t be any data leak when it’s in transit between two companies.”

“Cybersecurity will always be a challenge and the government will have to continue to find ways and use its resources to enhance technical capabilities for tracking such crimes, banning VPN is not the way,” Singhal added.