China's Ministry of Industry and Information Technology (MIIT) has issued a notice (Mandarin) declaring a fourteen-month "nationwide Internet network access services clean-up.” VPN services, in particular, have been singled out as requiring approval in order to operate in the country. Hysterical reports in the press of a VPN ban in China, however, are inaccurate to the point of being misleading.
According to the notice,
"In recent years, as advances in information technology networks, cloud computing, big data and other applications have flourished, China’s Internet network access services market is facing many development opportunities. However, signs of disorderly development show the urgent need for regulation norm.”
What Does This VPN Ban Mean in Practice?
Central to the operation is draft legislation first released for public consultation in March 2016. This requires all websites and services that operate within China to register for a top-level .cn domain.
"Internet data centers, ISP and CDN enterprises shall not privately build communication transmission facilities, and shall not use the network infrastructure and IP addresses, bandwidth and other network access resources…without the corresponding telecommunications business license.”
Only websites and services that do not offer content deemed undesirable, of course, will be approved by the Chinese government. And operating such a service without a government-approved business license will constitute an offense:
"Without the approval of the telecommunications administrations, entities can not create their own or leased line (including a Virtual Private Network) and other channels to carry out cross-border business activities.”
A Largely Domestic Crackdown
Alarming as this move is for privacy advocates and proponents of free speech in China, the new law will mainly affect domestic internet services. And foreign companies who wish to do business in China may well deem it prudent to comply with the new rules, as Facebook has done.
But China has no way to force such measures on overseas VPN providers who choose not to play that game. The Great Firewall has always tried to block the use of VPNs that are used to access content not curated by the Chinese government.
However, China is a huge country, with a population approaching 1.5 billion people (18.5% of the world’s population). In 2016, over 720 million of these were internet users (52.2% of the population). With numbers like this, even the most far-reaching and sophisticated internet surveillance system in the world is bound to struggle.
So despite its best efforts, VPN use in China is common and is very difficult to prevent.
Widespread reports that VPNs have been "banned” in China, therefore, misrepresent the issue. VPNs have always been banned in China. They are nevertheless widely used. And the new measures announced by the Ministry of Industry and Information Technology appear to do little to change this.
Domestic VPN providers will be affected, as will international providers who offer servers located in China. These will either cease to operate or will be required to cooperate with the Chinese authorities.
But international VPN services are unlikely to be affected. As a spokesperson for GreatFire.org, an activist organization that monitors GFW censorship, notes,
"I think actually that everyone is kind of misreading this info at the moment. I do not think that consumers are the ones who will get hit. Businesses who need unfettered access to the internet will suffer if their local provider decides not to provide this.”
So What Do VPNs Say?
That the "crackdown” is likely to primarily affect domestic services and companies who wish to do business in China, rather than domestic VPN users, is a view shared by many VPN providers.
"At HMA!, we view this attempt by the Chinese government to exert further control over VPN services by forcing registration onto a Chinese domain as great free publicity for VPNs. Most VPN services will remain unaffected by the regulations as people will simply investigate how to get a VPN without going via a domestic website,” said Julien Dersy, Consumer Product Manager at Avast.
A similar view was expressed by David Lang, Communications Manager at ExpressVPN:
"The impact of the regulations depends heavily on how they actually intend to enforce it.
"The most serious implications seem to be for foreign journalists reporting in China. It's hard to say what it would mean for the Wall Street Journal if cn.wsj.com becomes wsj.cn. Does that mean they need to report the news any differently?
"We expect that people in China will continue to use VPN services as a means of accessing the free and open Internet.”
Golden Frog, parent company of VyprVPN, has released lengthy statement on the issue. It agrees that domestic companies are the primary target:
"The new Chinese regulations appear to target ISPs and network providers that are operating from within China. It remains to be seen if China will enact any new blocking strategies against VPN services that operate outside of China, such as VyprVPN...
Amidst these claims, it’s business as usual for us here at Golden Frog – and for VyprVPN customers. Golden Frog is incorporated in Switzerland and does not operate any servers within China, so we are not subject to the harsh new regulations. We will continue to provide our customers connecting from China and around the world unrestricted, uncensored Internet access via any of our 70+ worldwide VyprVPN server locations."
Private Internet Access, however, strikes a more cautious note::
"China's efforts to censor the web and restrict internet access are an affront to human rights. Internet users will always find a way to the real, open Internet."
This new initiative is very bad news in terms of human rights and the internet freedoms of Chinese citizens. The Chinese government keeps its cards very close to its chest. But despite some bluster on the part of the MIIT, it seems unlikely to have much effect on users of international VPN services. Importantly, it does not criminalize individuals who use VPNs to evade the Great Firewall.