Recently China implemented new restrictions on the use of Virtual Private Networks (VPNs), by introducing the requirement for VPN providers to be registered with the Chinese Government.
VPNs are very popular in China as a means of getting around the Chinese Government’s internet monitoring and censorship programme that goes under the euphemism of the “Great Firewall of China”. Given the ability of VPNs to break state censorship it is not surprising that the Chinese government has initiated a clamp-down on their use.
The internet monitoring busting capabilities of VPNs is something that the UK Government may have to face in the near future following the introduction of the Investigatory Powers Act (IP Act) and the Digital Economy Act (DE Act). Both of these will drive an increased use of VPNs in the UK.
In the case of the IP Act VPNs are likely to be employed by internet users to prevent snooping on web habits and ensure their privacy. However, the DE Act may have even more of an impact in driving VPN use as it will introduce widespread website blocking. Much talk has been on the blocking of porn sites that fail to introduce age verification, but what is often not realised is that legislation also requires ISPs and so called ancillary service providers such as Twitter and Facebook to block sites or web pages that carry adverts for such sites, or link to them either accidentally or deliberately. A consequence of this is that blocked pages and websites will likely become very common and this will drive work arounds. In addition, the potential for widespread credit card fraud if these cards are used to verify age, along with privacy concerns around handing over personal details to “dodgy” websites will also drive UK internet users to look for means to bypass web blocks.
Any increased use of VPNs presents the government with a significant problem as if VPNs are taken up by only a small but significant number of internet users the effectiveness of measures implemented in the IP Act and DE Act will clearly be severely reduced. In such a situation the UK Government may ask the question what can be done to restrict access to VPNs?
The obvious solution would be to crack down on VPNs in a similar way to what has happened in China and although this may sound far-fetched, in 2015 the NO2ID Newsblog reported on a long forgotten 1997 proposal by the UK Government to require licensing of strong encryption. This would have used Trusted Third Parties (TTPs) to provide encrypted communication services to businesses and other bodies requiring it (in 1997 the idea that individuals would want strong encryption of their communications had not been considered). Licensing of VPNs could follow this model, which would be similar to the controls China has introduced.
Of course many people will point out that restrictions on VPNs would be a disaster for UK business and especially for digital industries which are a very important and growing part of the UK economy. In addition, the UK would almost certainly become a hotspot for cyber crime as many financial and data transactions would be subject poor levels of digital security, as smaller websites and traders would be unlikely to be able to afford the inevitably expensive TTPs fees.
Unfortunately, experience has shown across a range of legislative measures and situations that the UK Government and UK politicians rarely consider the practical consequences of the policies they implement. There is no reason to assume that the things would be any different in the case of restrictions on VPNs.