A few weeks back, the Indian Government ordered VPN companies to collect the user’s data for five years on their servers and hand it to the government. The order was also applicable to the Cloud and Crypto companies as well. In response to the GoI, VPN providers like NordVPN and ExpressVPN announced the removal of their network, so that they can keep the data safe and not to give them to the government.
Now in the next move, the Government has ordered all its employees to stop using third-party, non-government cloud platforms such as Google Drive and Dropbox as well VPN services including NordVPN and ExpressVPN.
Ban on Third-Party Cloud Storage Usage
A new order has been circulated by the National Informatics Centre (NIC) to all ministries and departments (via Gadgets360). According to this document, all government employees are required to comply with the directive. The document passed is said to consist of 10-pages and it is said to be citing an increased number of cyberattacks and threat perception to the government. The document has ordered, “not upload or save any internal, restricted, confidential government data or files on any non-government cloud service (ex: Google Drive, Dropbox, etc.).” The document is titled “Cyber Security Guidelines for Government Employees.”
In addition to ordering not to use third-party cloud storage services and VPS, it has also asked the employers to refrain from using “unauthorised remote administration tools” such as TeamViewer, AnyDesk, Ammyy Admin, etc. The workforce is also directed not to use any “external email services for official communication” and conduct “sensitive internal meetings and discussions” using “unauthorised third-party video conferencing or collaboration tools.”
Further, it has also asked not to use any external websites, apps or cloud-based services for converting/ compressing a government document. The order also asks employees not to root or jailbreak their Android and iOS devices respectively. The document has also ordered the government employees to use complex passwords as well as update passwords once in 45 days and update the operating system and BIOS firmware with the latest updates and security patches.
Lastly, the doc also asks all the government employees, including temporary, contractual/ outsourced resources strictly adhere to the guidelines mentioned in the document. The order is said to be released on June 10 after two revisions in the original draft made by the NIC. The doc includes inputs from India’s Computer Emergency Response Team (CERT-In) and was approved by the Ministry of Electronics and Information Technology (MeitY) secretary.
Why the Ban?
The Government of India requested the VPN companies to store data and had over to them, but since one of the main reasons why people or companies use the VPN is to mask their online identity, VPN companies removed the servers from India to avoid handing over the data. One of the prime reasons was that the government wanted to keep track of illegal online activities. However, that’d breach privacy for a person and takes away their freedom on the internet.
Although could-based services like Google Drive and DropBox are complete legal and many of us use it on a day to day basis, the ban comes as a surprise. While the exact reason behind this ban is unclear at the moment, going by the circulated document’s bits and pieces, it looks like the government wants its employees to start using native services and not to depend on services like Google Drive and Dropbox. Another reason might be the security issues and the government does not want the official documents and confidential docs to be stored on a third-party app or service.
It will be interesting to see how the companies like Google, Dropbox and other VPN companies will respond to this move.
Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page