Virtual private networks (VPN) - you use one, right? Well, depending upon where you are in the globe, your ability to use one may be limited, restricted, or encouraged. While the mere definition of privacy is sliced and diced depending upon which continent you may reside, the VPN is a good step to take to protect your web presence/activity.
First piece of advice: If you have a VPN option available to you when connecting to the Internet, use it, most especially from public or semi-public environs, such as coffee shops, airports, libraries, etc. In addition, pick your VPN provider with care, as an analysis on VPN security conducted in early-2017 by Australia’s CSIRO on VPN’s clearly indicates that some providers ‘do security’ much better than others.
In this article, we’ll bypass the history of VPN’s and move straight into the meat and potatoes of what you need to know.
Countries and VPNs
With almost 200 countries in this world we share, one should not be surprised that the usage of VPNs and permissibility of VPNs varies greatly from one country to another. The good folks at thebestvpn have compiled a searchable list of the 196 countries and their laws.
The UAE altered Federal Law No. 9/2012 by royal edict in 2016 and banned VPNs - and also promised a prison sentence, accompanied by a hefty fine, to violators.
Iran has taken the stance, since 2013, that VPNs are illegal, except for those which are legal. Users can use one providing the VPN is registered and approved by the government.
Then there are the two countries whose ban on the VPN has gained the most notoriety: China and Russia. Their laws are different, and thus we can’t paint both with the same brush.
China’s “ban” was in fact a call for all VPN providers to “obtain government licenses to offer VPNs by 2018.” Shortly after, Apple removed 60 VPN apps from the App Store in China. According to CNBC, an Apple spokesperson advised, "Earlier this year China’s Ministry of Industry and Information Technology announced that all developers offering VPNs must obtain a license from the government.”
Companies wishing to use VPNs in China are directed by the ministry to “rent special lines from the telecommunications operators that legally provide such services, and the regulation will not affect their normal operations.”
While Russia’s ban is not identical to that of China, it has some interesting nuances. The Russian Duma information policy committee chief Leonid Levin notes the “VPN restrictions will not impede citizens’ use of VPNs, but rather prevent access to ‘unlawful content.’”
Russia also has in place the 2015 “Yaroyava Law” which requires ISPs to hold six months of metadata. The end result is that some VPNs will be removed, and others who adhere to the various requirements concerning metadata and logging, will be allowed to remain.
Sweden is pondering adjusting their regulations surrounding the use of VPNs and data retentions laws according to Privacy News Online. Data retention requirements will increase from 6 months to 10 months. VPNs will be permitted, but activation of a VPN must be logged.
The Swedish services providers apparently are apoplectic about the changes, and have not yet been told what “activation of VPN logging” entails.
And there you have it - 90+ percent of the world sees the value in allowing individual users and businesses to protect their engagement by using VPNS. And a few countries have crafted their internal legislation to support their unique needs in executing VPN control and surveillance.
About Christopher Burgess
About Christopher Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher served 30+ years within the Central Intelligence Agency. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, Secrets Stolen, Fortunes Lost - Preventing Intellectual Property Theft and Economic Espionage in the 21st Century (Syngress, March 2008).