The weekend brought the latest step in Beijing’s ongoing campaign to rein in VPNs—encrypted tunnels under the "Great Firewall" between China and the global internet—ahead of the pivotal 19th Party Congress in the fall. Already this year, the government has introduced licensing requirements for providers, and shut down some while recruiting telecom companies to help implement new controls. It recently denied reports that personal VPN use would be banned altogether by next February. Documents continue to hint at further restrictions, however, with some suggesting that even companies will only be allowed to use VPNs to access their own servers. (It is unclear how this could be enforced.)
In June, rumors circulated on Chinese social media that a purge of VPN software from mobile app stores was imminent. On Saturday, four weeks behind the rumored schedule, the British Virgin Islands-based ExpressVPN announced that Apple had removed its app for iPhones and iPads from its App Store in China:
We received notification from Apple today, July 29, 2017, at roughly 04:00 GMT, that the ExpressVPN iOS app was removed from the China App Store. Our preliminary research indicates that all major VPN apps for iOS have been removed.
Users in China accessing a different territory’s App Store (i.e. they have indicated their billing address to be outside of China) are not impacted; they can download the iOS app and continue to receive updates as before.
While Apple’s decision is surprising and unfortunate, it does not change ExpressVPN’s commitment to keeping you securely and reliably connected. Our support team stands ready 24/7, including via live chat, to help any impacted users.
We’re disappointed in this development, as it represents the most drastic measure the Chinese government has taken to block the use of VPNs to date, and we are troubled to see Apple aiding China’s censorship efforts. ExpressVPN strongly condemns these measures, which threaten free speech and civil liberties. [Source]
ExpressVPN included a screenshot of the notification it had received from Apple, which stated that "your application will be removed from the China App Store because it includes content that is illegal in China, which is not in compliance with the App Store Review Guidelines." Apple later elaborated in a brief media statement:
Earlier this year China’s MIIT announced that all developers offering VPNs must obtain a license from the government. We have been required to remove some VPN apps in China that do not meet the new regulations. These apps remain available in all other markets where they do business. [Source]
Other providers reported similar notices:
— Star VPN (@star_vpn) July 29, 2017
This is very dangerous precedent which can lead to same moves in countries like UAE etc. where government control access to internet.
— Star VPN (@star_vpn) July 29, 2017
Golden Frog’s core mission is to fight for a free and open Internet experience for users around the world, so we will file an appeal with Apple — but I am not hopeful. When it comes to their App Store Apple is the judge, jury and executor, and now it appears the Chinese government is Apple’s overlord.
[…] We were excited to file an amicus brief in support of Apple in their backdoor encryption battle with the FBI last year, so we’re extremely disappointed that Apple has bowed to pressure from China to remove VPN apps without citing any Chinese law or regulation making VPNs illegal. Apple CEO Tim Cook recently said “accessibility is a human right.” If Apple views accessibility as a human right, we would hope Apple will likewise recognize Internet access as a human right (the UN has even ruled it as such!) and would choose human rights over profits. [Source]
South China Morning Post reported on Saturday that the crackdown on domestic providers had previously been boosting foreign ones, with Golden Frog’s subscriptions up 65% and NordVPN’s Chinese customer base surging 500% in a single month. ExpressVPN told Reuters in mid July that despite "an ongoing game of cat-and-mouse with China and VPNs … we’re optimistic that VPNs will continue to be accessible from China for the foreseeable future." Sixty or more apps may now have been removed by Apple; The New York Times’ Paul Mozur noted signs that Amazon is also sending out cease-and-desist notices regarding VPN-related use of its Amazon Web Services platform.
iOS’ built-in support for manually configuring VPNs remains in place, but apps make the services more widely accessible and user friendly. The effect of their removal is magnified by the App Store’s position as the only approved source of third-party iOS software for most Apple users. As John Gruber commented at his Apple-focused Daring Fireball blog:
The App Store was envisioned as a means for Apple to maintain strict control over the software running on iOS devices. But in a totalitarian state like China (or perhaps Russia, next), it becomes a source of control for the totalitarian regime. [Source]
Apple’s compliance with Beijing’s demands has drawn intense criticism. For example:
Apple values profit over human right since it removed VPN services from China app store because of the pressure from Beijing regulators. pic.twitter.com/LC68iLRLs4
— Joshua Wong 黃之鋒 (@joshuawongcf) July 31, 2017
Apple aiding censorship recalls corporate collaboration with the apartheid regime. Dollars can't wash out the stain. https://t.co/NGPUhuZakM
— Edward Snowden (@Snowden) July 29, 2017
Apple has done much good for privacy and security in recent years, but actively assisting censorship crosses the red line of human rights. https://t.co/gzhRPqs5g9
— Edward Snowden (@Snowden) July 29, 2017
But this is not to say that China’s conduct is acceptable. The VPN crackdown and the pursuit of a narrow “cyber sovereignty” reveal much that is worrying about Beijing’s vision for an illiberal global order. The free flow of information, whether it be economic, political or scientific in nature, has been an essential underpinning of global prosperity in recent decades.
As China’s own internet giants, including Alibaba and Tencent, expand into the US and European markets, Beijing should realise that it will be hard for the west to remain open indefinitely to Chinese companies while it throws up barriers to western corporations in its own domestic market.
The US and Europe should engage with China vigorously on a mutually agreed code for cyber freedoms. Failure to hammer out such regulations at a government level will leave the field open for Beijing to prey on individual companies such as Apple. [Source]
The Council on Foreign Relations’ Elizabeth Economy presented an argument for broader reciprocity demands at The Hill on Sunday.
The New York Times’ technology columnist Farhad Manjoo argued that even if Apple had to comply with the new rules, it need not have done so almost silently:
Search Apple’s website for a letter from Mr. Cook issuing a public rebuke of China’s intrusion into his customers’ privacy and freedom of expression — you won’t find it. The company has not fully tested its political and economic leverage in China. It hasn’t tested the public’s immense love of its products. It hasn’t publicly threatened any long-term consequences — like looking to other parts of the world to manufacture its products.
The company’s silence may be tactical; the Chinese government, the conventional thinking goes, does not take well to public rebuke. Yet Apple’s quiet capitulation to tightening censorship in one of its largest markets is still a dangerous precedent.
“Apple’s response is tremendously disappointing,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, a digital-rights advocacy group. “I think it’s possible that Apple is playing a bigger role behind the scenes here. But the problem with that is, from the outside it looks exactly like doing nothing.”
[…] “It will only get worse,” said [CDT founder] Xiao Qiang, a Chinese human rights activist and an adjunct professor at the University of California, Berkeley, School of Information. Mr. Xiao sees the latest crackdowns as the beginning of a new wave of internet censorship in China. And he doesn’t buy the argument that saying something publicly would have backfired for Apple. [Source]
Amid uncertainty about how far Beijing will go with the VPN restrictions, users, businesses, and researchers are apprehensive. At The Wall Street Journal last week, Andrew Browne argued that a backlash could be approaching:
Until now, access to VPNs has kept the Great Firewall from being too bothersome for China’s elites. “It’s kind of annoying,” says David Li, a founder of the Shenzhen Open Innovation Lab, a startup incubator in a city that has become the technology-hardware capital of the world.
The VPN, in other words, is a political safety valve. Remove it, and annoyance might turn to frustration, and frustration to anger. Wait then for an explosion.
[…] In cracking down hard on foreign movies and live-streaming apps in recent months, internet censors aren’t just denying the public its favorite Korean soaps and the antics of figures like “Gourmet Sister Feng,” who gobbles down live goldfish and lightbulbs. They are challenging the tolerance of millions of individuals for a censorship regime that has until now seemed far removed from the concerns of everyday life.
Ban VPNs and almost everybody is a dissident. It would be “one control too far for the creative, academic, scientific and business communities,” says James McGregor, chairman of the greater China region for the consulting firm APCO Worldwide. [Source]