In today's Finshots we talk about the new VPN rules that may debut in a month's time

Also, a quick sidenote before we begin the story. At Finshots we have strived to keep the newsletter free for everyone. And we’ve managed to do it in large parts thanks to Ditto — our insurance advisory service where we simplify health and term insurance and make it easy for people to purchase the product. So if you want to keep supporting us, please check out the website and maybe tell your friends about it too. It will go a long way in keeping the lights on here :)

The Story

Governments do have a tendency to censor stuff they don’t like. It could be websites hosted in countries deemed unfriendly — think Russia banning access to Ukrainian websites. Or a ban on social media networks — the kind we witnessed during the Arab Spring. Or gatekeeping from the judicial system —when Indian courts banned access to certain adult websites.

But the thing about the internet is that it’s hard to gatekeep. People will find ways to circumvent these invisible walls. And one of the easiest ways to do it is to simply use what is called a VPN.

A VPN or a Virtual Private Network offers you a private connection to the internet that’s invisible to most people. And it hides your IP address. Now IP addresses are usually tied to geographic locations. So in the absence of a VPN, people could track your whereabouts (albeit not very precisely). And for governments simply looking to block access to websites, this is a lifesaver. They could simply prevent users from accessing websites in concert with Internet service providers. But VPNs offer you a workaround. It could make it seem as if you are browsing the internet from Europe when in fact you’re doing it from Bengaluru.

So you can see why VPNs have surged in popularity. In fact, according to some reports, it seems VPN use has risen by a whopping 600% in the first half of 2021 alone. And this has got the Indian government worried. If people continue to bypass their diktats using these private gateways, then it could spell trouble for the state. So last week, the Indian government passed a mandate that requires all VPN service providers operating in the country to keep a record of their users for five years.

Effectively telling them to monitor and record all user activity. They’ll be asked to store user names, IP addresses, usage patterns as well as other kinds of identifiable information. And they’ll also be expected to store this information even if the user were to close the account.

Now before you jump the gun and criticize the government, let’s see why they’re doing it in the first place. Or in other words, what is the stated goal here?

According to the good people at CERT (Central Emergency Response Team) — a  national agency responsible for matters related to cybersecurity, this is aimed at preventing cybercrimes. Their contention is that criminals routinely use VPNs to hide their activity on the web and as such get away with the most dastardly things. So if you have some ways to track them, then you could bring them to justice when they do in fact commit cybercrimes.

And it’s not like India is the only country to have considered placing restrictions on VPN providers. Many countries including the likes of Russia, China, Belarus and the UK have placed some version of restrictions on the use of VPNs in the country — for national security reasons of course.

But with such restrictions, you always have to ask — Will the state push the boundaries too far? Some experts contend that this is a way for the Indian government to further restrict people’s freedoms. They argue that journalists and whistleblowers also try to work in anonymity for fear of retaliation and VPN logs could be used to persecute them.

And VPN providers are definitely unhappy with this move. Anonymity is their whole USP and if the state can simply access VPN logs, this whole value proposition goes for a toss. More importantly, recording all of this information is no walk in the park either. Right now, it seems most providers don’t have access to the infrastructure needed to immediately comply with the government’s diktat. And even if they did, their operating costs would rise substantially.

The government for its part have given them a month to comply. But some VPN providers are threatening to quit India entirely.

So yeah, it’s kind of a sticky situation for everyone involved and we will have to see how the landscape changes come June.

Until then…

Don't forget to share this article on WhatsApp, LinkedIn and Twitter

Note: On Saturday, we wrote about why the stock prices of Asset Management Companies (AMCs) in India have been under pressure during the past few years. We attributed this to the big spurt in investor demand for passive mutual funds where the fees charged are very low. Naturally, the earnings of AMCs will fall in such an environment.

Now, as one of our readers pointed out, there's something else at play too — and that's regulatory pressure. You see, over the past few years, SEBI has been trying to rationalize how much fees mutual fund companies can charge. And one of their regulations is that the more assets you manage, the less you can charge in those funds. That hurts big AMCs like HDFC, Nippon, and UTI — the ones that are also listed on the stock markets. So yeah, there's a regulatory headwind too that investors have to deal with in these stocks.