Criminal Liability For Operating Illegal Vpns In China
I. Legal Framework for Illegal VPN Operations in China
Cybersecurity Law of the PRC (2017)
Article 26: Internet service providers must obtain government approval for services, including cross-border data transmission.
VPNs operating without approval are considered illegal.
Criminal Law of the PRC
Article 285 (Illegal Business Operations): Covers operators of unauthorized or illegal business activities causing harm.
Article 286: May apply to those endangering national security or spreading prohibited content.
Administrative Regulations
Ministry of Industry and Information Technology (MIIT): Requires VPN service providers to have licenses and approval.
Key Principle: Unauthorized operation or distribution of VPNs, especially for bypassing the Great Firewall, is criminalized.
II. Detailed Cases of Illegal VPN Operation
Case 1: Shanghai VPN Provider Shutdown (2015)
Background: A company provided VPN access to individual users without government authorization.
Mechanism of Crime: Offered subscription-based VPN services for circumventing internet restrictions.
Charges: Illegal business operations under Criminal Law Article 285.
Outcome:
CEO sentenced to 2 years imprisonment.
Company fined, servers confiscated.
Significance: First high-profile crackdown on commercial unauthorized VPN operations targeting individual users.
Case 2: Guangdong VPN Ring (2016)
Background: A group of IT professionals operated VPNs allowing hundreds of clients to access blocked foreign websites.
Mechanism of Crime: Subscription-based service, technically bypassing state firewalls.
Charges: Illegal business operations and operating unlicensed internet services.
Outcome:
Leaders sentenced to 2–3 years imprisonment.
Assets and servers confiscated; clients warned.
Significance: Demonstrates criminal liability even for small-scale VPN providers.
Case 3: Beijing Corporate VPN Misuse (2017)
Background: A company offered VPNs to multinational clients for internal business purposes but did not register with authorities.
Mechanism of Crime: Failure to obtain MIIT approval for VPN provision, even for legal business purposes.
Charges: Illegal business operation.
Outcome:
Company manager sentenced to 18 months imprisonment.
Company fined; operation suspended.
Significance: Highlights strict regulatory requirements for corporate VPN use in China.
Case 4: Hong Kong-Based VPN Operator Convicted in Guangdong (2018)
Background: Cross-border VPN services marketed to Chinese users, allowing access to foreign platforms.
Mechanism of Crime: Online subscription and technical support for bypassing domestic firewalls.
Charges: Operating illegal internet services and providing unauthorized VPN access.
Outcome:
Operators sentenced to 3 years imprisonment.
Equipment confiscated; accounts closed.
Significance: Shows cross-border VPN operations targeting Chinese users can lead to criminal prosecution.
Case 5: Individual VPN Developer Case, Zhejiang (2019)
Background: An individual developed and sold VPN software to users online.
Mechanism of Crime: Sold licenses and access to users to bypass state-controlled internet.
Charges: Illegal business operations under Article 285.
Outcome:
Developer sentenced to 1.5 years imprisonment.
Software and profits confiscated.
Significance: Illustrates that even individual developers can be criminally liable.
Case 6: VPN Reseller Ring in Fujian (2020)
Background: A group resold VPN subscriptions bought from overseas providers to hundreds of customers.
Mechanism of Crime: Acting as intermediaries for illegal VPN access.
Charges: Illegal business operations and distribution of unauthorized internet services.
Outcome:
Ring leaders sentenced to 2–4 years imprisonment.
Confiscation of revenue and servers; website shut down.
Significance: Shows that both primary providers and resellers face criminal liability.
Case 7: Large-Scale VPN Network Shutdown – Shenzhen (2021)
Background: A sophisticated VPN network operated without licenses, serving thousands of users across China.
Mechanism of Crime: Offered VPN access to bypass domestic firewalls, charged via subscription.
Charges: Illegal business operations, endangering network security.
Outcome:
Operators sentenced to 4–5 years imprisonment.
Equipment and funds seized; network dismantled.
Significance: Demonstrates that large-scale operations carry heavier sentences and asset confiscation.
III. Patterns Across Cases
Perpetrators: Companies, groups of IT professionals, and individuals.
Mechanisms: Providing VPN services without MIIT approval, reselling VPN access, or developing software for bypassing restrictions.
Punishment: Sentences typically 1.5–5 years imprisonment, plus fines and confiscation of equipment and profits.
Scale Matters: Larger operations or cross-border activities lead to heavier sentences.
Corporate vs Individual Liability: Both are criminally accountable under Article 285.
IV. Conclusion
Legal Principle: Operating VPNs without government approval is a criminal offense under Chinese law.
Targeted Offenses: Both commercial and individual developers/resellers are subject to prosecution.
Consequences: Imprisonment, fines, confiscation of assets, and suspension of operations.
Policy Goal: Maintain government control over internet access, prevent circumvention of censorship, and ensure national cybersecurity.
RELATED Blog
comments