The internet introduced a new realm to people; it offered endless possibilities to achieve numerous goals. Ordering groceries, accessories, and even jewellery has become possible with just a touch. And so, life shifted from the physical world to the digital world, and much like in the physical world, crime found its new target, the digital one. Hacking, data theft, cybersquatting, online phishing, and stalking have become rampant. To tackle this, governments introduced laws, and people became more cautious about their data, digital footprint, and privacy. The internet, a public domain, can be accessed by anyone. So, much like the real-world data, resources and digital assets weren’t safe. Thus, the Virtual Private Network (VPN) found a strong foothold in the market.
The Basic Working of a Virtual Private Network
Every device connected to the internet has its own unique 32-bit code known as the IP address that shows the location where the said device got connected to the internet. The data getting transferred gets enclosed between the IP addresses of the source and receiver along with other additional packets to direct it to its destination. Here, the data packet enters the public domain (internet) and becomes susceptible to malicious attacks by hackers and other entities. The data getting transferred can be read with ease, which leads to data theft and identifying the exact location of the sender and receiver.
A VPN protects the data when it floats through the public domain. A VPN encrypts data per se and transfers it through the web. Even if someone can access the data, they won’t be able to make any sense of it since it is encrypted by the VPN using a specific key. On receiving the data, the key of the VPN can decrypt the data it receives and make it available in its original form to the receiver.
Now comes the question of what truly is the problem with VPNs when they’re merely being used to protect the data and identities of various internet users from malicious individuals and entities? Let us take a look at the proposal offered by the government first and understand the perspective behind the banning of VPNs. The Parliamentary Standing Committee on Home Affairs, on March 15th, 2021, presented its 233rd report on Atrocities and Crimes against Women and Children in Parliament and proposed a blanket ban on VPNs, deeming them a threat to national security. As mentioned earlier, a VPN masks the sender’s location and encrypts the data getting transferred. The Parliamentary Committee’s proposal stated that since the location of criminals is hidden, they can access platforms like the Dark Web and commit crimes against the state and other individuals. Criminals can get away with their crimes on the internet because they can hide their identities.
What is the Dark Web?
The deep and dark web is an extensive part of the internet and can find elaborate explanations. But to put it simply, the deep web is the part of the internet that is not indexed by our everyday web search engines, i.e., the search engines don’t deem the domains important enough to hold a spot. Thus, non-indexed parts of the internet are known as the “Deep Web.” The remainder of the internet is known as the ‘Surface Web’, which one can access through regular search engines.
Further down still, we come across the dark web, which sounds more devious than it is in reality. The dark web is that part of the deep web that is further protected by passwords and specific configurations and can only be accessed through particular systems and software. People are suspicious of this part of the internet because it is hard to get to and hard to track down.
The cases related to the dark web are few, but the media coverage they receive is such that it gets deemed as a dark and illegal place where all the shady deals get executed. This perception was highlighted in 2013 when the infamous ‘Silk Road’ marketplace came to light and was shut down by the FBI. The Silk Road was an illegal online marketplace that facilitated unlawful sales of drugs, weapons, and child pornography. The marketplace used Bitcoin for all its financial transactions (also an untraceable financial exchange). These anonymous financial transactions and internet presence kept the marketplace hidden from law enforcement for nearly two years.
The Current Complication
Implementation of any ban or restriction is done based on the information collected from society and the kind of effect the ban has on society. The use of VPNs is on the rise, with a 671% increase in VPN users in India in the first half of 2021 alone. This increase could show a response to the ban of multiple apps in India, but a look at the larger picture indicates that the 4.9 billion cyberattacks in 2020 alone initiated the rising concerns about privacy. Private information is the essence of any individual since it defines who they are, what they do, and with whom they interact. Compromising personal information means leaving the individual susceptible to cyberattacks and breaches of privacy. Also, over 39% of the users of VPNs are aged between 16 and 22. This statistic itself is an indication that data and privacy protection are a rising concern of the next generation. As per the Pew Internet Project of 2007, 85% of adults believed that controlling access to their personal information is extremely important.
A VPN isn’t just used to hide a person’s location and access content; it’s also used to protect them from bad actors who want to steal their information, protest against dictatorial governments, avoid cyberstalking, and act as “whistleblowers” against illegal actions by organizations and people.
The direction, issued by the Ministry of Electronics and Information Technology and the Indian Computer Emergency Response Team (CERT-In) on April 28, asks the VPN service providers to maintain usage logs for five years, thereby destroying the idea of a VPN, i.e., opaque access to the internet for the user.
Points of Contention
The points of contention when it comes to curtailing VPN access and restricting or regulating the flow of data are usually the ones fighting between the right to privacy and against undue surveillance and state security, along with the elimination of public threats.
Personal data of an individual is the most sought-after asset in the digital world, and governments and other entities pursue it rightly so. At large, governments have been at the center of major snooping scandals on their own citizens. So, one can conveniently argue that the ban on VPNs seems like another ploy to get access to private information under the guise of national security.
Privacy of Individuals
From the Indian perspective, one finds that the privacy of individuals is a fundamental right guaranteed to the citizens under Article 21 of the Constitution of India, which got a broader scope and understanding from the 2017 judgment of the Retd. J. K. Puttaswamy v. Union of India, Writ Petition (Civil) No. 494 of 2012, (2017) 10 SCC 1. Like all other fundamental rights, this right can be curtailed under due process of law, keeping in mind the bigger picture that unmonitored internet access would only facilitate the promulgation of threats to public security.
Misuse of Anonymity
The Silk Road case opened the world to the world of the unmonitored dark web, where one can exercise absolute freedom, i.e., usually something illegal. But then we must remember that the average internet user doesn’t indulge in the dark web to the extent that their actions become illegal. The primary infringement that we find on the internet via the misuse of anonymity is copyright infringement. Since geographic locations become redundant due to VPNs (which change the IP address to that of a different location), we find that anyone across the world can access information and content meant only for specific regions.
Legal Intern, LawDiktat
- Parker Higgins, “In the Silk Road Case, Don’t Blame the Technology”, (October 3, 2013) https://www.eff.org/deeplinks/2013/10/silk-road-case-dont-blame-technology accessed May 26, 2022.
- Pratik Kanjilal, “With VPN Order, the Government Shows It’ll Leave Virtually Nothing Private”, (May 26, 2022) https://thewire.in/tech/with-vpn-order-the-government-shows-itll-leave-virtually-nothing-private accessed May 26, 2022.
- Ritika Ganju and Shivangi Gambhir, “New Cyber Security Directions Issued By Cert-In”, (May 26, 2022) https://www.mondaq.com/india/security/1196064/new-cyber-security-directions-issued-by-certin accessed May 26, 2022.
- Kaspersky, “What is VPN? How It Works, Types of VPN”, https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn accessed May 26, 2022.
- Darren Guccione, “What is the dark web? How to access it and what you’ll find” (July 1, 2021) https://www.csoonline.com/article/3249765/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html accessed May 26, 2022.