So much stuff here.
The saddest part about this is the complete ignorace of the fact that VPNs exist in the commercial and business world. Not just to protect data, but let people work remotely as well as letting different offices and resources connect to each other. It isn’t just used by ‘pirates’.
Imagine if a business had its data taken by the AFP, and then ‘misplaced’? Someone gets their hands on the data, and the business doesn’t know about it. And even if they did, they couldn’t whistleblow because of the anti-whistleblowing laws. This is why we should be concerned.