Pavan Duggal on India’s Strategy on VPNs and Cyber Laws Enough?
With cryptocurrency raising the bar for cyber fraud, the government seems to have taken cyber security quite seriously. It rolled out new virtual private network (VPN) rules. VPN is an online service, supposed to provide its users with more security while connected to the internet. In a conversation with FE Digital Currency, Pavan Duggal, Supreme Court Attorney, Founder, Chairman of the International Commission on Cybersecurity Law, talks about the country’s security? (Edited excerpts)
What are the pros and cons of the new VPN rules?
The VPN Act effectively refers to a new set of legal provisions in which India has chosen to regulate service providers. This will make the space more cyber-secure and cyber-resilient. VPN providers have failed to cooperate with governments and law enforcement. Internet users practically provide a gateway to limitless cyber crime activities through VPN service providers. If someone violates the VPN Act, they are committing an offense under Section 70B of the Information Technology (IT) Act. All VPN providers serving consumers in India have been asked to comply with additional regulations by India’s Computer Emergency Response Team (CERT-In).
How can we consider creating a robust mechanism to combat cyber threats?
It is a practical problem that the nation does not have a robust defensive system. India lacks a robust cyber defense mechanism as the center has not prioritized it. Every 11 seconds, a business in the world falls victim to a ransomware attack. The government came up with the “National Cybersecurity Policy 2013”, but the Center was unable to implement it. But, if we compare the development with other nations, we are behind in the race. Countries like China, Singapore, and Australia have not only put in place dedicated cybersecurity laws, but also come up with broad provisions to activate the cybersecurity ecosystem. The center needs a dedicated ecosystem with legal frameworks.
For example, the Information Technology Act was passed in 2000. After 22 years, India managed to weld together said legislation once, in 2008, in a most incomprehensible way. India’s IT law is quite incapable of dealing with large parameters including blockchain, artificial intelligence (AI), quantum computing or even social media.
How will the new VPN guidelines impact user privacy?
India still lacks a cyber legal ecosystem to protect its critical legal infrastructure and has failed to provide adequate security to its users. Any breach in the cybersecurity ecosystem could potentially have a detrimental impact on India’s cybersovereignty. The government must actively involve the private sector. Public-private partnerships will help build a strong cyber defense infrastructure.