A month after China announced its plan to crack down on companies offering virtual private networks (VPN), United States-based tech company Apple informed its customers that it would take down VPN services from its China store in compliance with the country's new regulation.
VPN is an application that allows Internet users to circumvent censorship by creating a secure and well-hidden connection to another network in a different geographic location.
On 29 July 2017, United Kingdom-based company ExpressVPN published a notification it received from Apple about the removal of VPN apps from its China store “because it includes content that is illegal in China”.
The company's research team also found out that all major VPN apps for iOS have been removed.
Express VPN criticized Apple for “aiding China's censorship efforts” which “threaten free speech and civil liberties.”
We’re disappointed in this development, as it represents the most drastic measure the Chinese government has taken to block the use of VPNs to date, and we are troubled to see Apple aiding China’s censorship efforts. ExpressVPN strongly condemns these measures, which threaten free speech and civil liberties.
Since VPN apps outside China are still available, Chinese users can download and continue using the app if their Apple accounts are registered in overseas app stores with a billing address outside China, as the company suggested:
Users in China accessing a different territory’s App Store (i.e. they have indicated their billing address to be outside of China) are not impacted; they can download the iOS app and continue to receive updates as before
The crackdown on VPNs is supposedly an assertion of Chinese “Internet sovereignty”, but it prevents Internet users from accessing a large number of foreign websites blocked by the government such as Google, YouTube, Facebook, and Global Voices.
The new regulation could also affect academic and scientific research. In a media interview, a professor from Tsinghua University who uses a personal VPN on his mobile device explained how the removal of VPN services can affect the work of scholars:
First-class research at a truly competitive level can’t go on with researchers cut off from the outside world. It’s truly unthinkable.
Earlier in January, China’s Ministry of Industry and Information Technology said it would ban “illegal services” that carry out cross-border operations. This ban covered unregistered VPNs, and indicated that they would be banned until March 2018.
The current crackdown on individual use of VPNs is believed to be related to the 19th National Congress of the Chinese Communist Party in autumn. There have been reports from overseas Chinese media outlets of an internal power struggle within the Politburo Standing Committee, since the majority of its members are expected to retire this year. Authorities do not want sensitive political news smuggled via domestic networks.
Although it may come as a surprise to some, Apple's decision was anticipated. On 12 July 2017, Apple announced that it would partner with a Chinese data management company in opening a new data center in compliance with the Chinese Cybersecurity Law, which requires companies to store Chinese users’ data in China.
Apple stressed that the data center has a strong encryption system that it could prevent any party including the government from accessing the company's user data. But according to China's cybersecurity law, a tech company has to provide technical support to the state for counter-terrorist measures, a requirement that would likely necessitate law enforcement access to user data.
Moreover, law enforcement authorities also have the power to request user data for other kinds of criminal investigations. In 2005, Yahoo handed over the user details of Chinese reporter Shi Tao to authorities even though the data was not stored in China and the company could have rejected the request. The government used the information to prosecute and convict the journalist for leaking state secrets. The journalist spent 8.5 years in jail as a result.
Before Apple announced its plan to open a data center in China, other tech giants such as Amazon, IBM and Microsoft had already begun hosting their data centers in China with local partners in compliance with Chinese laws.
Apart from the crackdown on VPNs, authorities have also applied other measures to stop the Chinese people from connecting with the outside world. Also targeted for blocking are circumvention tools like Shadowsocks, which is an application for encrypted communication that runs on virtual private servers (VPS).
A Chinese netizen who used Shadowsocks to visit foreign websites reported that his Internet connection was cut abruptly on July 17. The next day, a cybersecurity police officer called him to assist an investigation in the district police station, where he was interrogated. He was asked to sign a document (see image below) which obliged him not to use circumvention tools again. His Internet service was resumed on July 19.
The netizen suspects that internet service providers have been reporting irregular Internet connections, like an encrypted communication channel, to the cybersecurity police.