China’s VPN Crackdown Weighs on Foreign Companies There

China’s moves to tighten the screws on its already heavily gated internet stands to significantly raise the costs and level of difficulty for foreign companies doing business here.

The government’s recent crackdown on tools that allow internet users to circumvent the country’s elaborate system of web filters could make it harder for companies to communicate with business partners, clients and suppliers overseas.

The effort to block use of unapproved virtual private networks, or VPNs, and uncertainty over internet access is already weighing on foreign companies operations in China, according to foreign business groups.

“The success of our members is dependent upon instantaneous access to information on a world-wide basis as well as the ability to freely communicate with their affiliates, suppliers and customers around the world,” said Lester Ross, chairman of the policy committee at the American Chamber of Commerce in China. “We urge the government to take such concerns into account.”

Many see the crackdown as a sign that China plans to be aggressive in enforcing a new cybersecurity law aimed at giving the government even more control over flows of information across the country’s borders.

“This will affect the majority of foreign companies that operate in China,” said Han Lai, China country manager for Washington DC-based legal technology consulting firm KrolLDiscovery.

Forcing companies to send data offshore only through government-approved VPNs is a first step in implementing new rules that require businesses in “critical industries” to store broad categories of data inside China and get permission before moving it out of the country.

The new rules could significantly increase costs for foreign companies by requiring them to set up new data centers in China or renting space from local cloud providers, analysts said. Firms will also have to set up specialized data-management systems for their China business and figure how, or whether, to integrate them with their existing operations.

By using a VPN under the control of Chinese regulators, companies also make it easier for the government to track their activities and potentially steal their data, said Michael Hull, co-founder of Psiphon, an Ontario-based censorship circumvention company targeted in the crackdown.

“I can’t think of a worse thing for a company to do than that. It’s better not to use a VPN,” Mr. Hull said.

The closing of leaky windows on the Chinese internet began last month when censors disrupted Facebook Inc.’s popular messaging app WhatsApp, used by activists and others to send encrypted messages, and several foreign VPNs.

More recently, Apple Inc., Amazon.com Inc. and the Waldorf Astoria Hotel in Beijing joined a list of companies that have taken steps to shut down access to unregistered or illegal VPN services.

Apple’s move to withdraw some VPN apps from China’s iTunes store has already had its costs, said Graham Webster, senior research scholar at Yale Law School. Many foreign and Chinese businesses depend on the very commercial VPN products that Apple decided to remove from the iTunes store, other options could be less convenient and much more expensive, he said.

All three companies said they took the steps to comply with China’s new cybersecurity law.

Many internet users have speculated the new restrictions are related to a Communist Party conclave this fall, when President Xi Jinping is expected to promote allies into top leadership positions while seeking re-election to a new five-year term.

But industry insiders say the current assault on VPNs is broader and more intense than previous crackdowns associated with political events.

Cybersecurity has been a central focus for China’s leaders since U.S. government contractor Edward Snowden alleged in 2013 that the U.S. National Security Agency built back doors into technology gear to spy on other governments.

In January, the Ministry of Industry and Information Technology demanded that commercial VPN services available in China have approval from regulators. It also said dedicated lines to the global internet should only be used for companies’ internal communications and are banned from connecting to data centers.

An official with ministry said at a press briefing in late July that the VPN crackdown was aimed at illegal VPN providers and wouldn’t affect enterprises’ “normal” access to the global internet. The ministry didn’t respond to multiple requests for further comment.

Several VPN services registered in China have stopped or temporarily ceased services in the last month. Netfree Router, a Hong Kong-based service, sent an email to users on July 25 apologizing for a one-month service disruption as authorities checked their service for “incorrect network usage.” The company declined to comment.

Some foreign firms have gone without VPNs in the past, choosing to load sensitive data onto hard drives and shuttle it out by hand, according to Tom Groom, managing director of data-security consulting firm D4 Shanghai.

“I suspect we’ll see the government crackdown on that practice as well,” he said.

Original : China’s VPN Crackdown Weighs on Foreign Companies There