Some VPN firms shut down Hong Kong servers over security law concerns

NEW YORK, NY - NOVEMBER 10: Network cables are plugged in a server room on November 10, 2014 in New York City. Michael Bocchieri/Getty Images/AFP. Sketched by the Pan Pacific Agency.

HONG KONG, Jul 17, 2020, CNBC. A number of virtual private network (VPN) providers in the U.S. and Canada have shut down their servers in Hong Kong, citing concerns over the national security law. VPNs are a way for users to protect their privacy and circumvent internet censorship by connecting to servers around the world, CNBC reported.

U.S.-based IPVanish and Private Internet Access are among those that announced their decision to disable their Hong Kong servers after China implemented a new security law in the special administrative region last month.

Under Beijing’s new security law, people found guilty of secession or subversion can be punished with a life sentence in prison. Law enforcement also has the power, sometimes without a warrant, to search electronic devices, according to the security law.

Critics say the new law undermines the autonomy that Hong Kong was promised when it returned to Chinese rule in 1997. Under the Basic Law of the Hong Kong Special Administrative Region of the People’s Republic of China, Hong Kong is granted certain rights such as freedom of speech, which does not apply to other Chinese cities.

Technology companies are worried about provisions in the law, some of which give authorities powers to police online content, which could include requiring tech platforms and internet service providers to delete content that falls foul of the legislation.

Already, a number of major U.S. firms, including Google and Facebook, said they would pause handling requests for user data from authorities in response to the new legislation. Facebook said at the time that “freedom of expression is a fundamental human right” and that the company will “support the right of people to express themselves without fear for their safety or other repercussions.”

To be clear, content is regularly censored on internet platforms on mainland China. In addition, two pieces of legislation — the 2017 National Intelligence Law and the 2014 Counter-Espionage Law — appear to compel companies to hand over data if Beijing requests it in the name of “intelligence work,” according to experts who previously spoke to CNBC.

Censorship fears

VPN providers fear this level of intrusion could spill over to Hong Kong.

U.S.-based IPVanish said in a blog post that it had decommissioned its Hong Kong VPN servers and suspended operations there in order to protect “the freedoms of users in Hong Kong.”

“The new law also places the region, once a stronghold of online freedom, behind the same tight internet restrictions that govern mainland China,” IPVanish said. “With this legislative change, we, unfortunately, have to consider Hong Kong and China as one.”

Located in Denver, Colorado, Private Internet Access, said earlier this week it will be “wiping and shutting down” its Hong Kong servers “because new national security laws in the region endanger the privacy of our users and all Hong Kong residents.”

On Monday, Toronto, Canada-based TunnelBear said it would disable its Hong Kong servers. The VPN provider said the national security law has “led to widespread worry that this new law will hurt freedom of expression in Hong Kong.”

The Hong Kong and Macao Affairs Office was not immediately available for comment when contacted by CNBC via email.

Other VPN companies said they would continue keeping their Hong Kong servers online.

ProtonVPN said it is “outraged” by the new security law but it will keep its servers in the city “not only because we believe we can keep them secure, but also because we believe in fighting for Hong Kong.”

The company said it feels it can keep user privacy and data safe because it does not log user activity and does not store personally identifiable information on any of its servers. However, ProtonVPN did add that it would not recommend “handling sensitive content or communications” via Hong Kong servers.

SurfShark, another VPN firm, told CNBC by email that it will not be shutting down servers in Hong Kong as they do not contain any user information and should be safe.

But it added that if there are “requirements from authorities to start logging user activity, we would immediately shut down our VPN servers in Hong Kong.”

Hong Kong Chief Executive Carrie Lam has continuously defended the legislation, saying it “only targets an extremely small minority of offenders” while the “legitimate basic rights and freedoms enjoyed by the overwhelming majority of citizens will be protected.”

Share it

Exclusive: Beyond the Covid-19 world's coverage