A few days ago I learnt about a proposed policy in India to ban VPN services altogether from the country. This puts the county in the august company of China, Iran, Russia and Turkey. So far, it’s a recommendation to the government from a parliamentary committee on home affairs. The Home ministry in India is responsible for internal security.
The intent is to deter criminals from communicating privately without interception. But the collateral damage is vast.
One is to businesses: for the most part, companies have been able to recreate the security of an internal network even with people working from home by having them connect via a VPN. The potential danger to this has been widely reported by the Indian press.
But this is also a blow to personal privacy, and of people’s freedom to choose and run the software they want on systems they own. I haven’t seen much coverage of this angle in print and online press – that discussion has happened mostly on Twitter.
I wrote a short Twitter thread about this, which I’m reproducing here:
Citizens use VPNs to protect themselves from
- ~ profiling by ISPs via logging traffic
- ~ profiling by sites via trackers
- ~ attacks on attention & drain on bandwidth with nonstop ads
- ~ attacks by scammers over open access n/ws
This must be addressed along with anticrime measures.
Taking away tools for self-protection online from ordinary citizens because criminals could use them is like disallowing anyone from carrying pepper spray because robbers could also use them to attack victims. Everyone is presumed guilty until proven innocent.
Laying the onus of cyber security on citizens loses much its meaning when you also take away tools they can use to protect themselves. Take this post from the government’s ‘cyber dost’ twitter handle:
Imagine if the government itself encouraged citizens to protect themselves online through VPNs, Signal, HTTPS Everywhere, Privacy Badger, tracking- and ad-blockers, educated people about PGP. But around the world they have taken the opposite approach. India is no exception.
These are questions policymakers and citizens going to face over and over again, around the world. The years-in-the-making ban on cryptocurrencies is a similar issue. As is the repeated threats of banning Whatsapp and other end to end encrypted chat services. If security wins over freedom every time, citizens will remain in the pre-internet nineties while most motivated criminals will continue to manage to access all of these.