Late last week a selection of VPN providers started to receive rather puzzling emails which all point legitimately to have come from the European Commission. The emails themselves were littered with mentions of various regulations, articles and acts specific to the European Union and made for hard reading for those unfamiliar with the EU or EU legislature.
Considering there is only a handful of large EU-based VPN providers the majority of these emails were received at non-EU companies. I was first alerted to this email privately by a well known VPN provider and days later knowledge was made public by another provider, VikingVPN, who published their responses to the email in a blog post.
So far VikingVPN are the only provider to have published details publicly of their response with LiquidVPN opting to disclose receipt in their transparency report. Token-based VPN provider Cryptostorm are also publicly claiming in a tweet on their social media account that they received the same email.
Along with other VPN providers I have spoken to it would appear that the email has been received widely across providers based outside the EU but who run servers inside.
The email in question
Directorate C – TF
Brussels, 08/07/2015 * 2015/066540
Subject: Case No COMP/HT.4607– E-commerce Sector Inquiry – Digital content – Request for information
Please quote this reference in all correspondence
On 6 May 2015, the Commission adopted a decision (C(2015) 3026 final) on the basis of Article 17 of Council Regulation (EC) No 1/2003, to launch a sector inquiry into e-commerce in the European Union.
This letter is a formal request for information made in accordance with Article 18(1) and (2) of Council Regulation (EC) No 1/2003, which empowers the Commission to require undertakings and associations of undertakings to provide all necessary information whether or not they are suspected of any infringement of the competition rules.
In line with Article 23 of Council Regulation (EC) No 1/2003, the Commission may impose fines on undertakings that supply incorrect or misleading information.
In line with Article 28 of Council Regulation (EC) No 1/2003, the information collected during the sector inquiry shall be used only for the purposes of that sector inquiry.
You will be able to access the formal request for information letter addressed to your organization in the Equestionnaire application.
Please note that you have received the Equestionnaire in English. Under the tab “Documents from the Commission”, you will find, for your information, a Dutch version of the questionnaire as well as of the tables included in some of the questions of the questionnaire.
Your reply to this request for information must reach the Commission no later than 14/08/2015.
You will find the details granting access to your questionnaire below:
Website URL: https://webgate.ec.europa.eu/competition/equest/?login=REDACTED
The Equestionnaire application provides respondents with a modern, secure and efficient web-based workspace to submit their reply the Commission. To ensure the security of the information provided, the website uses the HTTPS protocol with 256-Bit SSL (Secure Socket Layer) encryption technology.
For security reasons, you will be asked to change the password at your first login attempt. The above initial password is unique to each addressee and should not be given to anyone who does not have authority to submit a formal response to the request for information on behalf of the addressed organization.
Please note that submitting a response to the electronic questionnaire using the included username and password constitutes a formal response to the request for information on behalf of the addressee named in the letter.
Should you have a question or encounter technical difficulties with the online questionnaire, please send an e-mail to COMP-E-COMMERCE@ec.europa.eu.
Thank you in advance for your assistance and effort in replying to this questionnaire.
[signed] Thomas Kramler
Deputy Head of Unit
EU looking to ascertain amount of geo-restriction circumventors
While the email itself is rather hard to decipher for the average reader and essentially makes very little sense on its own the reasoning behind the email becomes clear once VPN providers logged into the secure questionnaire area of the European Commission’s website.
The purpose of the questionnaire is to establish what service the VPN providers themselves provide and also gain an insight into the percentage of users from each EU member state accessing certain types of content in other member states. In effect questioning how many users of a single country are using the VPN service to circumvent geo-restrictions to access content in another country. The questionnaire specifically queries how many users “access audio or video or audiovisual content”.
For those unaware of how the European Union works the basic premise behind it is a single market which allows freedom of movement of people including the ability to work in any member state but also a single free market that allows good to be purchased from any member state without restriction or import/customs taxes that would be the case when purchasing outside the EU.
With the exception of items such as alcohol, tobacco, and a few others the idea behind this is to provide a large competitive market in which companies across the EU have access to the entire purchasing power of every individual European Union citizen.
Could the EU be about to do away with geo-restriction
In May 2015 the European Commission launched an inquiry into the e-commerce sector which aims to look at barriers and blocks put in place online that restrict citizens of one EU member state from purchasing or accessing goods or services from another. Geo-restriction or Geo-blocking, as it is also known, is common around the world. For instance TV service Hulu in the United States restricts access to those located within the US, a geo-block stops users from outside accessing the service.
While this is legal in the United States the free market of the European Union requires each member state to allow access to their good and services from any citizen from any other member state and so geo-restriction or blocking would be anti-competitive and go against the ideology of the European Union and its single market.
In May 2015 the European Commission launched 16 initiatives to create a Digital Single Market with one of those initiatives calling “to end unjustified geo-blocking“. The survey received by VPN providers is an obvious fact-finding mission to clarify the amount of users within the EU using VPN technology to circumvent blocks that stop citizens of one member state from accessing the services of another.
No legal requirement to answer the email
Currently VikingVPN is the only provider to have publicly published their responses and to their credit any specifics on customer information have been declined to be answered, however, VikingVPN weren’t required to even answer the survey at all as there was no legal requirement to do so and it could have basically been ignored.
While VPN services are not technically a means to circumvent geo-restriction it is obvious that hundreds of thousands of users around the world make use of them for this specific reason and many VPN providers capitalize on this usage by directly marketing that aspect of the service.
VikingVPN ended their public blog post with the following statement
We were pretty alarmed to learn that the EC may be looking to take action against VPN services due to their ability to bypass geo-restricted content.
Although it would appear that their understanding was misjudged as the commission inquiry launched in May appears to be working towards removing digital restrictions put in place within the EU to ensure a free market is possible online just as it is offline.
I spoke with one provider who had the following to say on the email.
While we support the idea of eliminating Geo-fenced content on the internet we do not share any internal data with 3rd parties unless it is absolutely required. We have chosen to publish the email in our transparency report and have ignored the request for more information.
Geo-restrictions are a thorn in many users sides and if the European Commission finds them to be anti-competitive it could be the end of them within the borders of the European Union.
Whatever the future for EU geo-restrictions they will remain in place for those outside the EU and in other countries around the world which will no doubt lead to the continued increase in the uptake of VPN usage. That is until services find a more robust way of keeping users outside the territory from accessing content.
We contacted the European Commission to clarify the reasoning for questioning VPN providers specifically but at the time of publication had received no response, we will of course update this article should a response be received.