The Great VPN Shutdown: China and Russia have banned VPNs - is the UK next?

If you are a regular internet user, you’ve more than likely come across the term virtual private network (VPN). But unless you are trying to access geo-locked content or are part of a multinational corporation, you may not have had any reason to actually use one. For the most part, VPNs have escaped scrutiny in the UK. They exist in a legal grey area; many big name organisations and even governmental departments themselves use VPNs to securely access and distribute content.

Using a VPN is like throwing a big blackout tent over that house and digging a tunnel underneath that lets you anonymously transport your mail to a secret safe house. If anyone happens to stumble across this disguised mail, they won’t know who it came from or where it’s going. It masks your computer, keeping your IP address hidden from prying eyes and encrypting connections over the internet, so that if they are intercepted, they can’t be read anyway.

Unlike nations such as China and Russia, or even the US where the general public is even warier of political figures, VPNs haven’t quite grasped the attention of internet users in the UK. According to a recent survey by Wombat Security, of 1,000 participants, only 44% of those surveyed in the UK said that they had used a VPN (including free VPNs). It’s not altogether unsurprising that British users have been slow to adopt a digital invisibility cloak. Before 2014, internet users in the UK had little reason to actively safeguard their privacy online. Despite how comfortable we have become with the digital spectrum, the internet remains a vulnerable place for most of us. While big corporations and international businesses may have employed VPNs to ensure that confidential information could safely travel from location to location, private law-abiding internet users had little reason to suspect that their information was of interest to anyone, least of all some of the most powerful intelligence agencies in the Western world.

So, when Edward Snowden revealed that not only was GCHQ unlawfully spying on and collecting browser data from private citizens, but that the organisation had been covertly doing so for more than ten years, it set off some pretty loud alarm bells that maybe, just maybe, the UK Government wasn’t too concerned with breaching one of the fundamental principles of UK law: innocent until proven guilty.

The first few attempts to force through the bill were knocked back, the second notably dismissed by Nick Clegg for its Russian-style “dragnet approach”. Luckily for Mrs. May, and unluckily for the rest of us, Brexit offered the perfect red herring to push through the third draft of the bill while we were all busy bickering over the political ramifications of leaving the EU. With no Nick Clegg to cast out the draft, it passed with little scrutiny. Well, with just one glaring addendum – MPs were to be spared from the ‘draconian’ authorisation that granted 48 government bodies (including the Food Standards Agency, for some reason) access to 12 months worth of private user data.

With technology as ubiquitous as it is in the UK, our digital footprints provide a wealth of ammunition for those looking to use it against us. Our personal data, professional accomplishments, Google searches, friendships, and private thoughts can be found somewhere on the web. With an increase in web literacy, more and more individual users are also becoming aware of the necessity of cyber security. As awareness about VPNs is increasing, more and more users are using them for their personal use.

Have you ever wanted to be in two places at once? Say, if you’re travelling abroad and wished you could be back in the UK to watch Blue Planet II on BBC iPlayer because the on demand service isn’t available in your current location. Well, then a VPN may become an appealing solution.

Every country censors online content to some degree, although very few states go to the extremes that China does to stop users viewing information that the government doesn’t like. Unless you wanted to access geo-locked entertainment content or streaming services blocked by ISPs in the UK, you are unlikely to have stumbled across obvious forms of online censorship. But, when it was announced that under stipulations in the Digital Economy Bill, online porn websites would be legally required to implement age-verification systems that link the personal sexy-time preferences of its visitors with their banking details, VPNs were hailed as a saving grace for the second time in less than a year.

So, it’s quite understandable that users may be less than willing to link their personal details with their most intimate kinks. That’s exactly the kind of information that can be used to blackmail people – just look at the Ashley Madison hack. Nothing that the members of the cheat-on-your-spouse website were doing was illegal, morally iffy yes, but not against the law. Yet, they became a target for online extortion and doxing. 

The majority of the sexy-time practices outlawed under the Data Economy Bill are perfectly legal to perform in the UK, and still exist beyond that invisible curtain of censorship. Accessing them is as simple as switching on a VPN. Voila; suddenly you’re not the depraved wanker looking for more than four fingers in the UK, you’re in Germany and pursuing a wide range of smut without fear of reprisal from nanny-state stuffed shirts, who let’s be honest, have had far more sex scandals than the rest of us. So, the question becomes: who in their right mind would hand over their information to a tube site when they don’t have to? No one would.

And that’s the problem. When it comes to regulating technology, the UK Government has proven itself to be woefully inept. Politicians push through unworkable legislation and then try to patch up the holes with more bills that make it even more dangerous for marginalised groups to access online content. As with the Snooper’s charter, VPNs expose a serious weakness in recent attempts to regulate online activity, which is embarrassing for people who write legislation for a living. And if there is one thing that politicians can’t tolerate, it’s embarrassment.

Growing awareness of VPNs is likely to put them on the radar of easily startled politicians, but what should really concern internet users is that the government has gone after similar platforms in a big way in recent months. I’m not sure when it happened, but at some point over the last eight years, politicians in the UK decided that tech monopolies were in fact in charge of protecting homeland security. Specifically those tech giants like WhatsApp (FYI also banned in China) who employ end-to-end encryption (E2EE) to ensure that the content of messages can only be viewed by the sender and recipient.

Employing a convenient selective memory, our elected representatives choose to overlook the fact that many perpetrators are already known to security services when militant attacks occur on British soil. Instead, they throw their hands up and wail “IT’S THEIR FAULT FOR REASONS THAT I DON’T UNDERSTAND AND ALSO CAN’T TELL YOU.” E2EE services provide many of the same functions that VPNs do, namely concealing information from unwanted eyes, something that has become a bit of a thorn in the side of Theresa May and Amber Rudd.

This is where the discrepancy between knowledge and power is very important. Amber Rudd may think it doesn’t matter that she doesn’t understand end-to-end encryption, but it really does. Because she is the person who has been charged with saying no to people, who may, with all the best intentions, be overstepping their mark in pursuit of a target. If she doesn’t understand what she is talking about, then she puts us at risk.

For better or worse, those charged with dictating the policies that we have to live by have decided to view any platform that cloaks or conceals users with inherent suspicion, whereas the reality is that people who use the internet for really dark purposes aren’t stupid enough to do it openly. That’s criminal 101. Encryption bequeaths stronger encryption. Once one code has been broken, those with the knowhow and determination will simply develop a new way to avoid surveillance. Leaving the rest of us at the mercy of whatever government is in power.

The biggest question is: why now? What would possess the UK Government to follow in the footsteps of autocratic nations with a pretty detailed history of doing dodgy things on the internet? Well, of course, the answer ultimately falls down to the same thread that has dogged every political development over the past year: trying to uphold the ‘Strong and Stable’ party image, despite continued demonstrations of ignorance and incompetence.

Oddly enough, most internet users don’t like being treated as criminals. And, as those who value secure communications – lobbyists, journalists, lawyers to name a few – harkened Mrs. May’s bill to authoritarian powers in – you guessed it – China, information about VPN services began to spread like wildfire. In fact, according to Google trends, interest in VPNs has doubled since the act was granted Royal Assent in late 2016. Despite now-Home Secretary Amber Rudd’s claim that the bill was “world-leading legislation that provides unprecedented transparency and substantial privacy protection,” it pushed the average internet users into the same realm occupied by Russian and Chinese users only a few years ago: a brave new world of top down transparency where the private lives of citizens become public property, while the ruling elite’s remain private.

Because we have the luxury of living in a country that not only criticises politicians, but delights in their scandals and downfalls, it’s easy to dismiss the actions in China and Russia as the quaint idiosyncrasies of foreign governments. Who cares that people can’t send that rainbow Putin meme in Russia when I can tweet out a link to Theresa May’s worst facial expressions of 2017?

Well, if you want a more up to date example to demonstrate just how valuable encrypted VPN systems can be to citizens of a democratic nation, just ask the members of the now-exiled Catalonian Government. During what should have been a peaceful (if technically illegal) vote on 1 October, the supposedly democratic Spanish Government tasked ISPs with blacklisting pro-independence websites, at the same time as pro-independence Catalonians were subject to the same police pushback that you’d expect to see during a prison riot.

Faced with an unmovable object in the ruling government, the digitally minded began to mobilise in a different way – using digital tools. By routing smartphones through VPNs, polling station volunteers created secure data networks to communicate without access to the open (and traceable) internet. This gave voters a lifeline to access information without exposing themselves to surveillance forces. That covert operation, however power-to-the-people it may be, has exposed a big gaping weakness in state control. Namely, that there are ways around current regulation that undermine the changes that politicians have introduced. For now, that might not be enough motivation for lawmakers in the UK to clampdown on unregistered platforms, but if enough users start to employ them to bypass surveillance and censorship laws, you can bet your life that those systems will become a target.

In the run-up to the election in June, the Conservative Government made it very clear that any technology that offers internet users, “somewhere to hide” (as Amber Rudd so misguidedly put it) was a target for further regulation. Granted she was talking about terrorists at the time, but realistically, any attempt to undermine encryption platforms, including VPNs, immediately incriminates all users, law abiding or nefarious. On the slippery slope towards a Great British Firewall, VPNs are a pretty obvious target. Much in the same way that China has moved to block services that are not registered with authorities, banning access to foreign-based VPN services is a logical move for a government looking to solidify its power in a digital age. To complete her masterpiece of a surveillance state, Theresa May needs tech companies to fall into place, giving her unlimited access to the user information of her subjects. And if the crackdown in China has proven anything, it’s that tech companies, despite all airs and graces about privacy, will bow to political pressure.