China's Solution To The VPN Quandary: Only Authorized, And Presumably Backdoored, Crypto Links Allowed

from the will-Russia-follow-suit? dept

Tue, Jan 23rd 2018 11:56am — Glyn Moody

Two of the most important developments in China's clampdown on the digital world took place last year, when the country's Ministry of Industry and Information Technology declared that all VPN providers needed prior government approval to operate, and then apps stores were forced to remove the many VPNs on offer there. In some parts of China, VPNs were banned completely, but such a total shutdown is not really an option for cities with many businesses that require secure overseas communication channels. That put the Chinese authorities in something of a quandary: how could they reconcile their desire to prevent VPNs being used to circumvent online controls, while ensuring that the country's increasingly important corporate sector had access to the encryption tools it needed for operating globally? An article in the FT provides us with the answer (paywall). In recent months, international companies and organizations have found their VPNs blocked more frequently:

regulators have been pushing multinationals to buy and use state-approved VPNs. The state-approved versions can cost tens of thousands of dollars a month and expose users' communications to Beijing's scrutiny.

"China's intention is to control the flow of information entirely, making people use only government-approved VPNs by making it difficult, if not impossible, to use alternatives," said Lester Ross, partner at legal firm WilmerHale in Beijing.

The great thing about state-approved VPNs is that they can include backdoors for the government to use, and can be to shut down quickly if really serious problems arise that require even more stringent controls.

Backdoored crypto is inherently vulnerable to attacks against those built-in weaknesses, but the Chinese authorities are doubtless willing to let companies run that risk for the sake of maintaining overall control. Since Russia's views on VPNs are closely aligned with those of China, it will be interesting to see if it decides to adopt Beijing's solution to the VPN dilemma to tidy up its own rather clumsy approach.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, china, encryption, vpn

21 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 23 Jan 2018 @ 12:13pm

Can we VPN from within a state sponsored VPN?
[ link to this | view in chronology ]
- afn29129 (profile), 23 Jan 2018 @ 5:09pm
  
  Re: (layered encryption)
  Yes. Layered encryption is a real thing. Passing data that has already been encrypted by some other method within a VPN tunnel. Or chaining multiple VPN tunnels one inside another. But doing such in a oppressive regime like China probably isn't a good idea... when you a found-out!
  [ link to this | view in chronology ]
- dhess (profile), 23 Jan 2018 @ 5:46pm
  
  Re:
  That is exactly what I was thinking. I assume if you do that that you get into twice as much trouble.
  [ link to this | view in chronology ]
- Lawrence D’Oliveiro, 23 Jan 2018 @ 6:55pm
  
  Re: Can we VPN from within a state sponsored VPN?
  There are techniques which can work--at least for now.
  [ link to this | view in chronology ]
ECA (profile), 23 Jan 2018 @ 12:39pm

WHO wants a job...
Work for the Nation and get paid for reading english or other languages..
Get PAID by the corps not to interpret it PROPERLY..

Its the Corporate way..
[ link to this | view in chronology ]
Lawrence D’Oliveiro, 23 Jan 2018 @ 12:50pm

Even If Their Encryption Is Backdoored ...
... at least you now have a hole through the Great Firewall. What would prevent you from adding your own extra layer of encryption on top?
[ link to this | view in chronology ]
- Anonymous Coward, 23 Jan 2018 @ 1:17pm
  
  Re: Even If Their Encryption Is Backdoored ...
  How do you make that out, as the VPNs are inside the great firewall, and will have their access to the Internet controlled by the great firewall. Also, being a state controlled VPN, it is a man in the middle for HTTPS, and so can detect and block any added encryption..
  [ link to this | view in chronology ]
  - Sayonara Felicia-San (profile), 24 Jan 2018 @ 11:18pm
    
    Re: Re: Even If Their Encryption Is Backdoored ...
    Because no serious country with a well thought out and funded spying system, is going to put all their eggs in one basket.
    
    They almost certainly, have a number of different attack vectors in their arsenals, and this is just going to be one of many.
    
    To answer your question the two ways are going to be:
    1. Identifying those VPN's who attempt to confuse or defeat deep packet inspection techniques.
    
    2. compromise systems en-masses, using our own backdoors and exploits, we forced or encouraged manufacturers to build in themselves.
    
    Most of which will either already have been stolen by the numerous spies working in the United States and/or by identifying reverse engineering those exploits.
    
    And of course, their newest method, which is simply to copy us and force manufacturers to include backdoor not only in encryption but in literally numerous electronic devices and technologies.
    [ link to this | view in chronology ]
flyinginn (profile), 23 Jan 2018 @ 3:15pm

No doubt the NSA won't want to lag the field on this one, so here we go with multinational backdoor keys.
[ link to this | view in chronology ]
- Sayonara Felicia-San (profile), 24 Jan 2018 @ 9:37pm
  
  Re:
  You know that's a great idea.
  
  Why not just work out a royalties type deal whereby China can simply have access to all the NSA backdoored CPU's, drives, and GPU's...
  
  Say, $100 per request.
  [ link to this | view in chronology ]
  - Anonymous Coward, 27 Jan 2018 @ 7:57am
    
    Re: Re:
    You have it the wrong way round. By what country do you think most computer hardware is manufactured and exported, is in possession of most of the design schematics, and so is in the best position to take advantage of them?
    [ link to this | view in chronology ]
orbitalinsertion (profile), 23 Jan 2018 @ 9:01pm

This is probably more interesting for corporations running their own VPN, like they should. Or does anyone do that anymore?
[ link to this | view in chronology ]
- Lawrence D’Oliveiro, 23 Jan 2018 @ 10:54pm
  
  Re: Or does anyone do that anymore?
  I’m not a “corporation”, just a self-employed developer and sysadmin. And I currently have two VPN connections into my office. Does that count?
  [ link to this | view in chronology ]
pixelation, 24 Jan 2018 @ 7:56am

The Nigerians are drooling...
This will be interesting to watch. A test to see how much this gets abused by bad actors and the Chinese government over time.
[ link to this | view in chronology ]
Sayonara Felicia-San (profile), 24 Jan 2018 @ 9:32pm

How does this differ from our own?
I'm talking about our own governments destruction of privacy, which inconveniently has to take an incremental approach:

2018 FBI Says Device Encryption Is 'Evil' And A Threat To Public Safety

1997 FBI, Security Chiefs Ask SenateFor Keys to All Encrypted Data https://partners.nytimes.com/library/cyber/week/071097encrypt.html

...and this is just the FBI, which clearly doesn't have the black budget, like the NSA and CIA to sabotage so many different attack surfaces as to make encryption basically pointless for the majority of targets.
[ link to this | view in chronology ]
warung303, 25 Jan 2018 @ 1:59pm

Yes. Layered encryption is a real thing. Passing data that has already been encrypted by some other method within a VPN tunnel. Or chaining multiple VPN tunnels one inside another. But doing such in a oppressive regime like China probably isn't a good idea... when you a found-out!
<a href="http://www.warung303.com/Promo">PIALA DUNIA 2018</a>
[ link to this | view in chronology ]
dewa633, 25 Jan 2018 @ 2:30pm

comen
terimah kasih<a href="http://dewa633.com/live-game">PIALA DUNIA 2018</a>
[ link to this | view in chronology ]
Chris, 29 Jan 2018 @ 2:21am

Will someone use such VPN services approved by the government? There are still methods to use VPN in China. For example you may use VPN services that use StealthVPN protocol or Double VPN.
[ link to this | view in chronology ]
dewa633, 29 Jan 2018 @ 4:54pm

i like it
i like it"<a href=""http://dewa633.com/live-game"">POOL GAMES</a>
"
[ link to this | view in chronology ]
Ludmils, 5 Jun 2018 @ 5:09am

http://zilladesigns.net/ works great. No Ip bans and tunnelling issues
[ link to this | view in chronology ]
togel online hongkong, 2 Sep 2018 @ 3:58pm

situs judi online terpercaya
Respect people’s feelings. Even if it doesn’t mean anything to you.
[ link to this | view in chronology ]