Certain mandates to make VPN service providers retain logs may not work as planned. VPN service providers have a global footprint and their India presence is mainly focused on providing users in other countries to navigate the internet as a user from India. This is used predominantly by overseas Indians to browse OTT platforms in India.
A cybercriminal planning an attack in India would not necessarily need a VPN server in India. The attacker can use an overseas server or use any other compromised machines in India that are widely available to such criminals.
Forcing VPN service providers to retain logs may result in them packing up their India servers but they will continue to offer VPN services through their overseas servers and the issue largely remain unaddressed.
On the contrary, even if they start logging from their India servers, attackers can still use the overseas servers of VPN service providers which will remain outside the purview of Indian authorities.
© Copyright 2022. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
