Internet & Democracy Blog

A bombshell out of Google today as they threaten to leave the very lucrative Chinese market entirely due to recent cyberattacks on human rights activists, Google itself, and a range of corporate and financial targets. Naturally, the news itself has been censored in China. From the Official Google Blog:

In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

However, while a number of corporations were attacked, Google believes that the real goal was to attack human rights activists critical of China, albeit unsuccessfully:

[W]e have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.

At the core of the decision to contemplate leaving China, according to Google, is their long internal struggle about how to access the huge Chinese market while living up to their corporate moto to ‘not be evil.’ This is pretty hard to do in what the OpenNet Initiative calls one of the most pervasive filtering systems in the world, which Google had to be a part of by prohibiting searches and access to a range of content the Chinese regime did not like. Former Berkman Fellow Rebecca MacKinnon told the Times today that “Google had endured repeated harassment in recent months and that by having operations in China it potentially risked the security of its users in China.” And as our own Jonathan Zittrain said in the same article:

‘I think it’s both the right move and a brilliant one’ said Jonathan Zittrain, a legal scholar at Harvard’s Berkman Center for Internet and Society.

It seems unlikely that the decision was based on human rights concerns alone, but I imagine that rights concerns taken together with the costs in bad PR, cyberattacks, and having to retreat from their own corporate mission are now outweighed by the relative small profits they make in China. The latest attack may simply have been the straw that broke the camel’s back.

The New York Times reports this morning that China has recently taken additional steps to control the Internet. Under the new measures China has shut down 700 Web sites, prohibited anyone but officially registered businesses from obtaining a .cn domain and limited third parties from providing content over China’s largest mobile network. China argues that the changes are to improve security, protect children from pornography and limit piracy (which is odd considering how much pirated content is tolerated by the government). However, many see the measures as a means to limit political opposition and further censor the Internet. The Times writes:

In various pronouncements, top propaganda and security officials have stressed anew the need to police the Internet on ideological and security grounds.

The ‘Internet has become an important avenue through which anti-China forces infiltrate, sabotage and magnify their capabilities for destruction,’ wrote the public security minister, Meng Jianzhu, in the Dec. 1 issue of Qiushi, a magazine published by the Communist Party’s Central Committee.

‘Therefore it represents a new challenge to the public security authority in maintaining national security and social stability,’ he said.

And as our friend Rebecca MacKinnon says in the article:

‘The trend in China is toward tighter and tighter control,’ said Rebecca MacKinnon, an assistant professor of journalism at the University of Hong Kong who specializes in Chinese Internet issues. ‘They are basically improving their censorship mechanisms.’

These moves follow previous, less-than-successful attempts to place filtering software on all computers in China, Green Dam and Blue Dam. Of course, China already has what the OpenNet Initiative calls one of the most sophisticated filtering regimes in the world.

According to a new report by the Committee to Protect Journalists, China and Iran are the leading jailers of journalists in the world, with those two states accounting for more than a third of all journalists held behind bars today. Increased arrests by Iran following post-election protests helped make 2009 even worse than 2008, with 11 more arrested worldwide this year than last. In its annual census, the CPJ also found that freelancers (who often write online) are more likely to be jailed than their counterparts at traditional news outlets. Last year was the first time ever that online journalists were more likely to be jailed than traditional ones.

If Iran had thrown just one more journalist in jail on December 1, it would have tied China (which has 24 journalists behind bars), as the leading jailer, a title China has held for the last 11 years. As Joel Simon writes in Slate, as opposed to 10 years ago when most of those Chinese journalists wrote for traditional media outlets, today they are primarily online authors, and this impacts how they are handled by the government:

[O]nline journalists can’t be fired, blacklisted, or, in most cases, bought off precisely because most work independently. They don’t have employers who can be pressured. Chinese authorities have few options when it comes to reining in online critics—censor them, intimidate them, or throw them in jail. This explains why 18 of the 24 journalists imprisoned in China worked online.

In Iran, there’s a similar dynamic. The 23 reporters jailed there fall roughly into two camps—those who worked for print media outlets allied with opposition candidates and those who worked independently online.

Experts at InfoWar Monitor have discovered that journalists working for foreign media outlets in China, including Reuters, the Straits Times, Dow Jones, Agence France Presse, and Ansa, are the targets of a recent malware (malicious software) attack. Nart Villeneuve and Greg Walton suspect that the attack is connected with increased security around the Communist regime’s upcoming 60 year anniversary:

These attacks correlate with reports of increased security measures within China as a result of the 60th anniversary of the founding of the People’s Republic of China. These increased security measures have also been extended to the Internet, with providers of anti-censorship technology reporting increased levels of blocking that prevents people from accessing the web sites of foreign media and news organizations.

One of the key findings in the report is that the attack appears to have originated at a (possibly unsuspecting) university in Taiwan:

The IP addresses currently used by the malware are assigned to Taiwan. One of the servers is located at the National Central University of Taiwan, and is a server to which students and faculty connect to download anti-virus software. The second is an IP address assigned to the Taiwan Academic Network. These compromised servers present a severe security problem as the attackers may have substituted their malware for anti-virus software used by students, employees, and faculty at the National Central University.

It is difficult to prove the extent to which governments use malware and other computer attacks as a tool of foreign policy, but many experts have strong suspicions that, for example, Russia may be exploiting the criminal networks that exist around malware and computer crime in that country for political ends. (More malware comes from Russia, China and the US than anywhere else in the world according to Stopbadware.) For more details on the recent attack in China see the full report or check out this article in the Globe and Mail.

Global Voices Advocacy tells us that China’s latest attempt to control the Internet – ‘Blue Dam’ – became active on September 13, and the government is requiring ISPs to use the software or face punishment. Blue Dam is an ISP-level surveillance application that is, apparently, meant to solve many of the problems stemming from the failed launch of Green Dam, which the Chinese government initially insisted must be installed on all PCs sold in China, even those sold by foreign companies, and even though large chunks of the code were stolen from existing, patented software applications.

Carrying surveillance out at the ISP level follows the methodology China employs to filter blogs, as Rebecca McKinnon (the go to source on Chinese Internet issues) has shown, by forcing ISPs to do much of the dirty work of the censors. This is also not dissimilar from how Russia apparently monitors Internet activity. How effective any government will be at monitoring the work of millions of Internet users remains to be seen, but it is certainly a development free speech advocates are going to be concerned about, and could lead to another backlash by Chinese Internet users.

During recent turmoil in Xinjiang, China again revealed the Chinese Communist Party’s (CCP) ability to stonewall Internet access regionally, and block sites such as Twitter nationally. However, with the growth of domestic copy-cat micro-blogging services such as Fanfou, TaoTao, Jiwai, Komoo, Zuosa, and Digu, China’s government may be losing their cat and mouse game with connected denizens. Broad proliferation of comparable micro-blogging services are making central control harder to manage. For example, despite recent turmoil in Western China, according to the Berkman Center’s Herdict Project, all of the above sites are still accessible except for Fanfou.com which recently went down for “server maintenance.” Although Fanfou was supposed to come back online on June 6, it is still suspiciously inaccessible. Protracted unavailability of Fanfou points to possible CCP involvement to stifle destabilizing conversation. However, most other domestic micro-blogging services –even Jiwai.de, Komoo.cn, Digu.com and Zuosa.com which bear striking resemblance to Twitter– are still accessible in China. Perhaps user bases differ, and the CCP has shrewdly allowed for this less-threatening Internet persistence. More likely, however, is the fact that a plurality of diversely-hosted, yet similar, services is becoming tougher to patrol.

Another emerging form of domestic communication is Tencent’s Instant Messaging (IM) on QQ.com. No site in China enables greater horizontal web communication than QQ.com, now the 9th largest web property in the world. Founded by Pony Ma in 1998, Tencent –a Chinese-listed company earning $1.2 billion annually in revenue, 88 percent via the sale of “virtual goods” rather than online advertising– has over 570 million registered users of its IM service. In January Tencent launched an English version of the IM platform at IMQQ.com, and a 3G version that offers QQ chat, real-time news, and search engine accessible over mobile phone.

Many users in Western China, and across rural China, do not have email accounts. And many rural Chinese view and understand the Internet as Tencent, the platform on which they’ve grown up. In fact, as of March 2009 China had as many active Tencent QQ users as it officially had people online. Despite focus on access to Google and Twitter –observations of Tweet trends, and Google search engine query data patterns– undoubtedly most relevant in China is continued access to those domestic services of communication most widely used by Chinese citizens.

As advised last week by a Chinese colleague –“mail me at my university account. The government might shut down Google, but they never mess with my college email”– the CCP is selectively choosing what to patrol, because it can’t do it all. While the Western media predominately pay attention to the CCP denying access to Western sites and services, domestic entrepreneurship and a swelling offering of overlapping tools of communication are mitigating the effectiveness of the Internet muzzle. In line with Ethan Zuckerman’s Cute Cate Theory, Web 2.0 may have been created to share photos of adorable creatures, but new platforms for user-generated content are empowering digital activism in profound ways. For the CCP, perhaps it’s the “cute cat,” that is now out of the bag.

China’s efforts to limit access to information about ethnic violence in the country, which has resulted in over 150 deaths, shows that the Internet is more difficult than traditional media to control, but not impossible. The OpenNet Initiative reports that China has completely shut off access to the Internet in Xinjiang province and blocked access to Twitter throughout the country. The New York Times also reports that links about the riots have been deleted from Fanfou, the Chinese version of Twitter, as well as popular forums such as Mop and Tianya. The Times also argues that, similar to SMS during post election violence in Kenya last year, the Internet may have helped mobilize rioters:

Internet social platforms and chat programs appeared to have unified Uighurs in anger over the way Chinese officials had handled the earlier brawl, which took place in late June thousands of miles away…photographs that appeared online after the battle showed people standing around a pile of corpses, leading many Uighurs to believe that the government was playing down the number of dead Uighurs. One Uighur student said the photographs began showing up on many Web sites about one week ago. Government censors repeatedly tried to delete them, but to no avail, he said.

‘Uighurs posted it again and again in order to let more people know the truth, because how painful is it that the government does bald-faced injustice to Uighur people?’ said the student, who spoke on the condition of anonymity for fear of retribution from the government.

A call for protests spread on Web sites and QQ, the most popular instant-messaging program in China, despite government efforts to block online discussion of the feud.

If history is any guide, the Chinese will likely ease their online restrictions when the riots end, but the cat and mouse game will continue. As Michael Wines argues:

Chinese experts clearly have studied the so-called color revolutions — in Georgia and Ukraine, and last month’s protests in Iran — for the ways that the Internet and mobile communication devices helped protesters organize and reach the outside world, and for ways that governments sought to counter them…As the Internet and other media raise new challenges to China’s version of the truth, China is finding new ways not just to suppress bad news at the source, but also to spin whatever unflattering tidbits escape its control.

In regards to the resources at China’s disposal, Jonathan Zittrain may have said it best, “Given that it’s a game of cat and mouse they could bring to bear a lot of cats if they had to.”

The Times has a front page article this morning (yes, I still read the hard copy) on circumvention in Iran and China, which highlights a lot of people and tools we’ve discussed on this blog before, including Tor and Psiphon. (You can learn about additional circumvention resources in our tools database.) The piece also mentions Rebecca MacKinnon’s research, which we wrote about here . Her full paper is also a must read (preview: private sector blog hosting services are doing a lot of the heavy lifting for China’s online sensors).

You should also check out the recently released Berkman paper by Hal Roberts, Ethan Zuckerman and John Palfrey, where they share the results of the testing of various circumvention tools. The technology behind them all is basically the same (like a bank shot in basketball, as the Times piece says), and their testing found that not all tools work as well as one might assume. Of course, users need to make their own decision about what to use and their relative merits, so this paper is an important read. They found that Tor and Psiphon were two of the best at the time of testing. Finally, at a recent meeting of bloggers and activist from the Middle East, I was struck by how many people in countries with restrictions on free speech don’t use these advanced tools–and are often not even aware of them. Hopefully, the press coverage will help spread the word a bit further.

Following up December’s CSIS report and in anticipation of the National Research Council report due out tomorrow, the New York Times has the skinny on cyber-warfare in the 21st century.

As Estonia learned the hard way, democracies (and their infrastructures) are increasingly the target of nationalist hackers,  digital pirates, and government spooks (from China, Russia, the USA?). The alarming possibility that all these groups have or could be in cahoots is scaring the pants off the Pentagon, which is considering developing an alternate strategic command simply for cyber-related conflicts.

Up until now, most of the discussion has focused on defense, the so-called “fortress” method: secure and separate networks for critical infrastructure, virus protection and a cyber-czar to coordinate federal response. As this article illuminates, however, the Pentagon is preparing to bolster those defensive capabilities with offensive cyber-weapons. Hacking the hackers, the article suggests, is the newest form of deterrence.

But here, I think, the Cold War metaphor breaks down. Mutually assured destruction might be a functional way to deter a world war by superpowers, but will it really stop what amount to de-localized (possibly independent) digital guerrillas? There’s a certain asymmetry in favor of the hackers. You don’t have to enrich uranium in defiance of world opinion to hack Wall Street or the U.S. power grid.

In fact, you need to do surprisingly little. With millions of potentially anonymous actors, the problem is multiplied. As in the 1983 film War Games, no one knows whether you’re dealing with a real threat or just a clever punk in a Chinese basement. It’s a warzone as dangerous as it is hazy.

1. Oman, one of the world’s most closed societies, is prosecuting a Web forum moderator for allowing an anonymous post to go up criticizing a telecom company for corruption. I think Arab autocracies are going to come face to face with the explosion of internet speech sooner rather than later. Blogging (particularly anonymous) posting will continue, though aggressively prosecuting the fora where dissenting speech is found might set things back a bit.

2. For a comprehensive look at Chinese censorship and a chart of the security agencies which control the web, see this Digital East Asia article. As it turns out, even Chinese e-books have keyword filtering code buried in their javascript (Hat Tip: NetEffect). Add this to Skype, video sharing websites, WordPress, and so on… Between self-censorship and the Golden Shield, the crackdown on Chinese cyber-freedom is as terrifying as it is ubiquitous. I’m thinking aloud, but doesn’t it seem plausible that the oft-cited Pew poll which suggests the Chinese approve of censorship are results conditioned by fear of authority and a closed information world? From that grossly limited perspective, Tibetans and Falun Gongers may really seem like rabblerousing no-goodniks.