On July 16, the Second Intermediate People’s Court of Beijing sentenced a male employee in his 60s from a Japanese pharmaceutical company, Astel Pharmaceuticals, to three years and six months in prison on charges of “spying.” The court only mentioned that the man was engaged in “spy activities” without disclosing specific details of his actions. This case quickly drew attention, especially due to the security concerns arising from the intense monitoring of communication by foreign companies by the Chinese Communist Party (CCP).
According to industry experts familiar with China’s internet security mechanisms interviewed by Epoch Times, the CCP is no longer content with just blocking information and restricting speech. They now control cross-border communications by strategically regulating the market for Virtual Private Network (VPN) software, which often affects foreign employees.
An internet security expert, Xu Jiaqing, who prefers not to disclose his location, mentioned in an interview on July 17 with Epoch Times that the CCP has been increasing its penetration and investment in VPN service providers both domestically and overseas. By implanting monitoring modules in the software, they can achieve real-time interception and analysis of user communications.
Xu Jiaqing expressed, “The CCP not only blocks VPNs but also actively invests in and controls certain VPN service providers, even deploying monitoring codes during the development stage.” He warned that foreign employees, especially those involved in communication with their parent companies, are key targets for CCP monitoring. While appearing as regular business dealings, the CCP may define these interactions as involving sensitive information.
He cautioned that many VPN service providers on the market, despite being registered in locations like Seychelles, Panama, or Hong Kong, may actually be Chinese technology companies. These seemingly free and secure applications could be collecting user data in the background and connecting with the Chinese security system.
Reports from the internet security research institution, Top10VPN, have also indicated that over 60% of the most downloaded VPN applications have been developed by companies in China or linked to Chinese backgrounds. These software often come with issues such as abnormal data permission requests, opaque privacy policies, and in some cases, alleged backdoor codes.
Gong, a network engineer who claimed to have participated in overseas VPN monitoring projects, disclosed that since 2015, the Chinese authorities have systematically deployed “camouflaged VPN projects.” Initially, these projects attract users by offering free services and then gradually switch to charging fees, packaging them as brands from Europe and America to conceal their true backgrounds. He warned that many users mistakenly believe they are secure as long as they use VPNs, but in reality, their every move is still within the visibility of the firewall.
Internet activist, Zhan Tianyou (pseudonym), also commented that VPNs were supposed to be tools to bypass censorship but have now potentially become an extension of the “Great Firewall.” Every connection and file transfer could be under surveillance or recorded.
Recent years have seen a rise in surprise investigations targeting foreign enterprises in China, as well as the continuous arrests of employees, intensifying concerns over the business environment. The amended “Counter-Espionage Law” implemented in July 2023 broadened the enforcement powers of CCP security agencies, encompassing “data,” “documents,” “materials,” and “items” into the scope of espionage activities, allowing routine business or research practices to be arbitrarily qualified as suspect behavior.
For example, in February 2024, Emily Chen, a Chinese national who had worked at a logistics company in the United States, was monitored by the Nanjing police upon her return to China under the allegation of “providing state secrets to overseas entities.” Additionally, in March 2023, the Mintz Group’s Beijing office, an American due diligence firm, was inspected, resulting in the detention of five Chinese employees.
In April 2023, employees from Bain’s Shanghai office were summoned by the authorities; in May 2023, Capvision’s offices in Beijing and Shanghai were investigated, leading to the arrest of several employees. In October 2023, executives from GroupM, a subsidiary of the British advertising group WPP, were detained on suspicion of bribery.
The Financial Times has reported that in recent years, the CCP has intensified law enforcement actions against foreign enterprises, particularly in sectors related to industry analysis, due diligence, and data analytics, leading to the forced suspension or termination of numerous international cooperation projects.
Gong, the network engineer, mentioned in an interview with Epoch Times that the Chinese authorities are constructing a digital surveillance system, considering cross-border communication as a potential security threat. Foreign pharmaceutical companies, technology firms, and data service platforms are all under intense CCP surveillance. He stated that even with encryption tools, complete avoidance of detection is not guaranteed. A simple file transfer or an unintentional remote log-in could potentially become reasons for investigation or conviction.
Xu Jiaqing pointed out that the CCP’s security agencies utilize big data and artificial intelligence methods to profile users’ online behaviors. Whenever a particular IP communication pattern is deemed “abnormal” by the system, it could trigger further investigations or even invoke the Counter-Espionage Law.
Analysts have indicated that within the CCP’s intensified monitoring of foreign company personnel, international businesses operating in China are facing unprecedented systemic risks. Aside from personal freedoms and information security vulnerabilities, concerns extend to the secrecy of business operations, client data, and even routine communication, all possibly falling under surveillance.
Zhan Tianyou remarked, “In this environment, every online action by foreign enterprise employees could be scrutinized. The challenges faced by foreign companies operating in China are not just about legal matters but also about survival in a highly controlled information society.”