A timely piece in Rest of World on the tightening of regulations on the use of VPNs by the Modi administration in India. In this instance, the enforcement of visibility is carried out at the business level, with a regulatory requirement of customer data retention placed on VPN providers. This new policy may precipitate the exit from the Indian market of certain foreign companies, such as Proton VPN (which is headquartered in Switzerland).
A blanket requirement of data collection on VPN use at the source, such as in the Indian case, strongly suggests that the underlying goals of the policy are the unfettered operation of mass surveillance and a chilling effect on stigmatized activity online, since more targeted and discriminating solutions exist technically to deal with specific forms of malfeasance and lawbreaking behind VPNs. In this case (as in the resort to prolonged internet shutdowns), Indian digital policies can be seen to inhabit a troubling hybrid zone, in which a democratic government acts in ways more readily associated with authoritarian regimes. In general, the hardening of India’s policymaking on IT, including a muscular assertion of its data sovereignty, cannot easily be disentangled from geopolitical considerations (specifically, concern over Chinese influence), but has also undeniably benefited the government’s domestic agenda and its electoral and interest coalition.