The government of India still claims to be a democracy, but its decade-long assault on the internet and the rights of its citizens suggests it would rather be an autocracy.
The country is already host to one of the largest biometric databases in the world, housing information collected from nearly every one of its 1.2 billion citizens. And it’s going to be expanded, adding even more biometric markers from people arrested and detained.
The government has passed laws shifting liability for third-party content to service providers, as well as requiring them to provide 24/7 assistance to the Indian government for the purpose of removing “illegal” content. Then there are mandates on compelled access — something that would require broken/backdoored encryption. (The Indian government — like others demanding encryption backdoors — refuses to acknowledge this is what it’s seeking.)
In the name of cybersecurity, the Indian government is now seeking to further undermine the privacy of its citizens.
The new directions issued by CERT-In also require virtual asset, exchange, and custodian wallet providers to maintain records on KYC and financial transactions for a period of five years. Companies providing cloud, virtual private network (VPN) will also have to register validated names, emails, and IP addresses of subscribers.
Taking the “P” out of “VPN:” that’s the way forward for the Indian government, which has apparently decided to emulate China’s strict control of internet use. And it’s yet another way the Indian government is stripping citizens of their privacy and anonymity. The government of India wants to know everything about its constituents while remaining vague and opaque about its own actions and goals.