Foreign Firms Face Collusion, Control in VPN Crackdown
Since the introduction of new regulations in January, 2017 has seen a steady campaign against VPNs—encrypted network tunnels used for corporate security, user privacy, and censorship circumvention. More is expected, though authorities have denied some of the more draconian rumored policies. While recent attention has focused on the cooperation of foreign companies such as Apple and Amazon in enacting the crackdown, The Wall Street Journal’s Liza Lin and Josh Chin examine the impact it will have on others who do business in China:
The new rules could significantly increase costs for foreign companies by requiring them to set up new data centers in China or renting space from local cloud providers, analysts said. Firms will also have to set up specialized data-management systems for their China business and figure how, or whether, to integrate them with their existing operations.
By using a VPN under the control of Chinese regulators, companies also make it easier for the government to track their activities and potentially steal their data, said Michael Hull, co-founder of Psiphon, an Ontario-based censorship circumvention company targeted in the crackdown.
“I can’t think of a worse thing for a company to do than that. It’s better not to use a VPN,” Mr. Hull said.
[…] Some foreign firms have gone without VPNs in the past, choosing to load sensitive data onto hard drives and shuttle it out by hand, according to Tom Groom, managing director of data-security consulting firm D4 Shanghai.
“I suspect we’ll see the government crackdown on that practice as well,” he said. [Source]
At The New York Times, Paul Mozur writes that there is still considerable room for further tightening, either temporarily around the sensitive and politically pivotal 19th Party Congress or as a more permanent ratcheting of control:
“We do think that if the government has decided to do so, it could have shut down much more VPN usage right now,” said a spokesman for VPNDada, a website created in 2015 to help Chinese users find VPNs that work.
“If the government had sent more cats, the mice would have a tougher time,” said the spokesman, who declined to be named because of sensitivities around the group’s work in China. “I guess they didn’t do so because they need to give some air for people or businesses to breathe.”
[…] Much like economic policy or foreign affairs, censorship in China is part of a complicated and often imperfect political process. Government ministries feel pressure ahead of the party congress to show they are effective or can step in if a problem appears, analysts said.
“So it’s definitely not an apocalypse for VPNs,” said Paul Triolo, head of global technology at Eurasia Group, a consultancy.
“Just a more complex environment for users to navigate, and new capabilities and approaches give China better ability to shut off some delta of VPN use at a time and place of Beijing’s choosing,” he said. [Source]
Meanwhile, debate continues over Apple’s cooperation with Beijing’s demands. Amnesty International’s Joshua Franco noted parallel campaigns against VPNs in both China and Russia:
Anonymizers, such as VPNs or Tor, are a key enabler of human rights online. As the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Mr. David Kaye, has noted: “Encryption and anonymity provide individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks… A VPN connection, or use of Tor or a proxy server, combined with encryption, may be the only way in which an individual is able to access or share information in [environments with prevalent censorship].”
[…] That is why Apple’s decision is deeply disappointing. Internet censorship in China is expansive, and increasing: the country aims to ban all non-state-operated VPN services by January 2018. If other companies follow Apple’s lead, it could soon be much harder for people in China to access information freely online.
Apple says it is simply complying with Chinese law, but this is not a sufficient response. Businesses have a responsibility to respect international human rights law, independent of a state’s own compliance with their human rights obligations. By withdrawing access to VPNs from its Chinese customers, Apple is betraying these responsibilities. We would have expected a more robust stance from Apple, a company that prides itself on being a privacy champion. [Source]
At The Washington Post, Hamza Shaban suggested that Apple’s policy of engagement with the Xi and Trump administrations had shown little sign of moderating policy in either case, while conceding that in China the company may have little choice:
“The Chinese have not been convinced that an open Internet is good for them,” said Adam Segal, the director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations. “There is no case I can think of where tech companies have convinced the Chinese to change their mind on censorship.”
As with Google and Facebook, which have been banned in the country, Segal said the common refrain among American technology companies is to hold out hope that China will liberalize its policies, opening a wider space for U.S. firms to operate and expand. “You could make the argument that perhaps Apple is differently positioned — it is a product that Chinese users have embraced,” he said. “But the longer-term trends have certainly been more censorship.”
[…] “Apple is not just participating in the consumer market in China, it also manufactures a significant portion of its products in China. So this is a really extraordinarily difficult circumstance that Apple finds itself in,” said Chris Calabrese, the vice president for policy at the Center for Democracy & Technology, a Washington-based advocacy group that champions free speech and human rights.
Apple could make the monumental choice to leave the country, but Calabrese doubts that taking a dramatic stand in that way would actually bolster freedom of expression in China. “It’s not clear to me that another actor would step forward and would do a better job of providing services like VPNs than Apple,” he said. [Source]
Comparing Apple’s position to that of an author facing selective cuts to a book in exchange for mainland publication, Tyler Cowen also took a relatively sympathetic stance at Bloomberg View:
Those remarks are unfair to Apple, which in difficult circumstances probably did the right thing. China has already shown Facebook Inc. and Google parent Alphabet Inc. that it is willing to do without their services. How would it help the world to have Apple join that list, either partially or in full? I don’t approve of Chinese censorship, but the VPNs are in fact illegal. It hardly seems unreasonable for a major company to follow the laws of the country it is operating in, even if those laws are unjust or imprudent.
[…] At this point the company probably has learned some patience; many of the previous Chinese government attacks on VPNs ended up being reversed or neglected, so perhaps Apple is expecting it can wait out this round and restore the apps later. Or Apple might think this is an appropriate topic for U.S. trade negotiators to raise, and it doesn’t want to lock Beijing into an oppositional stance.
To the extent Apple is criticized, other institutions in the future might avoid having anything to do with controversial products in foreign nations, which will be worse for everyone. If Apple had never offered the VPN apps in the first place, no one would be talking about the company right now. The danger is that this lesson is learned all too well.
Might Apple at least have publicly complained about the actions of the Chinese government? That’s a judgment call, and of course the company could still do so. The case for a public corporate complaint is strongest either when the government might back down or when civil society might be emboldened by the company’s support. Subjective judgments come into play here, but note that the Chinese government often cracks down more when publicly challenged, and the democracy movement in China isn’t exactly on the verge of triumph. [Source]
At Wired, Emily Parker wrote that Apple is only the latest in a long line of American tech companies bowing to China’s censorship regime, and is unlikely to be the last:
Doing business in China requires playing by Chinese rules, and American tech companies have a long history of complying with Chinese censorship. Every time a new compromise comes to light, indignation briefly flares up in the press and on social media. Then, it’s back to business as usual. This isn’t even the first time Apple has complied with Chinese censors. Earlier this year, the company removed New York Times apps from its Chinese store, following a request from Chinese authorities. "We would obviously rather not remove apps, but like we do in other countries we follow the law wherever do we business," Apple CEO Tim Cook said during Tuesday’s earnings call, in response to the vanished VPN apps.
Here is a non-exhaustive list of American companies that have aided Chinese censorship. In 2005, Yahoo provided information that helped Chinese authorities convict a journalist, Shi Tao. Shi had sent an anonymous post to a US-based website. The post contained state secrets, according to authorities, and Shi was sentenced to 10 years in prison. [Read more on the case and its aftermath via CDT.] Also in 2005, Microsoft shut down the blog of a Chinese freedom-of-speech advocate. A year later, Google agreed to censor its search results in China. Internal documents show that Cisco apparently saw China’s "Great Firewall" as a choice opportunity to sell routers at around the same time. In 2006, Yahoo, Microsoft, Google, and Cisco faced a congressional hearing about their Chinese collaboration. “I do not understand how your corporate leadership sleeps at night," representative Tom Lantos said at the time.
[…] Facebook has eyed the mainland for a while. A Facebook entry may appear unlikely, especially as China temporarily blocked its WhatsApp messaging service. But CEO Mark Zuckerberg appears willing to go the distance; Facebook has reportedly worked on a censorship tool for the purposes of getting China’s approval. [Read more via CDT.] Conventional wisdom once held that Facebook would not risk the public outcry following a decision to self-censor in China. But is that really true? All those other companies got away with it, and Facebook probably would too. [Source]