My understanding is that some deep packet inspection methods can determine if potentially encrypted data is being passed through a filter. Obviously it's going to be error prone, but what does that matter when the general plan is to sufficiently inconvenience people so they don't even try. I doubt the PRC cares that maybe the odd innocent bystander's data gets hit as a false positive.
As a counter to that, I have read of encryption schemes that will bypass this kind of filtering, but it's going to be a lot slower as a lot more junk data has to be thrown in to fool detection. Good for low-bandwidth needs like passing text-based emails and the like, but not much good for anything high bandwidth like voice communications.