[iwar] [fc:Who.Lost.China's.Internet?]

From: Fred Cohen (fc@all.net)
Date: 2002-02-18 23:01:03
Next message: e.r.: "Re: [iwar] [fc:Who.Lost.China's.Internet?]"
Previous message: televr: "[iwar] Office of Strategic Influence/Homeland Security"
Next in thread: e.r.: "Re: [iwar] [fc:Who.Lost.China's.Internet?]"
Reply: e.r.: "Re: [iwar] [fc:Who.Lost.China's.Internet?]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200202190701.g1J714N22810@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Mon, 18 Feb 2002 23:01:03 -0800 (PST)
Subject: [iwar] [fc:Who.Lost.China's.Internet?]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

Who Lost China's Internet?
From the February 25, 2002 issue: Without U.S. assistance, it will remain a
tool of the Beijing government, not a force for democracy.
by Ethan Gutmann 
02/15/2002 12:00:00 AM

BEIJING 
It's not easy being the father of the Chinese Internet. Children are running
by, boats are paddling, the smell of roast lamb fills the air, and Michael
Robinson, a young American computer engineer, sits rigidly, facing an empty
cafe on the shore of Qinghai Lake, speaking in a low voice of the crackdown.
"What is better? Big brother Internet? Or no Internet at all?" Michael asks.

Michael was hired in 1996 by the Chinese government and Global One (a
Sprint-France Telecom-Deutsche Telekom joint venture) to build the first
network in China providing public access to the Internet. One day sticks in
his mind. The Chinese engineers working with him suddenly convened a special
meeting, demanding to know if it would be possible to do keyword searching
inside e-mails and web addresses on the Chinese Internet. Not really,
Michael replied; all information that travels the Net is broken up into
little packets. It's hard to "sniff" packets of information, particularly
coded packets. You would need to intercept packets as they travel, and then
there's the problem of collating the information they contain, actually
making sense of it. Yes, yes, they said, but can you do it? On the third
go-round, it dawned on Michael that his fellow computer geeks wanted to end
the meeting, too. But at a higher level, someone required assurance. Before
Internet construction proceeded further, they would need to monitor what
Chinese users did with it. For the engineers, this was just cover-your-ass
stuff. As long as the foreigner assured them that down the road the Chinese
would be able to build an Internet firewall against the world and conduct
surveillance on its own citizens, the engineers could continue working with
him. Yes, yes, it can be done, Michael told them, and they went back to
work. 

Americans make dreams, and every generation carries new ones to China. Since
1979 that dream has been the fall of the Chinese Communist party and the
rise of the world's largest market, an event that U.S. businessmen and China
hands keep predicting is on the horizon or even imminent. Yet Michael was
not naive. He understood the self-serving nature of much of the
democracy-is-just-around-the-corner rhetoric. Working inside, he sensed the
Chinese leadership's true motives in building an Internet. One of his
friends, Peter Lovelock, author of the "Made For China Internet Update,"
puts it this way: "These are Marxists. Control the means of communication;
embrace the means of communication. Fill it with Chinese voices. If they can
block the outside, and block relationships between Chinese forces, no one
will listen." 

But for Michael, any reservations over complicity with Chinese government
objectives were outweighed by a bedrock faith in the Internet's ingenious
architecture. A system created to relay U.S. command messages over a damaged
network after sustaining a Soviet nuclear strike could surely find a way to
get messages through, securely, amid the white noise of millions of Chinese
users. Resistance would be futile--even the Chinese Borg could not stop it.
With the genie of free speech out of the bottle, it would just be a matter
of time before those predictions of democracy in China come true.

That vision has now been called into question, not by a failure of the
Internet's architecture, but in several cases, by a failure of American
corporate values. Let's start where Michael left off, with the expansion of
the Chinese Internet. I treated a top Chinese engineer (who wishes to remain
anonymous) to a 30-course imperial meal in Beijing. As hoped, the shark's
fin soup loosened his tongue--on the subject of Cisco Systems. In the United
States, Cisco is known (among other things) for building corporate firewalls
to block viruses and hackers. In China, the government had a unique problem:
how to keep a billion people from accessing politically sensitive websites,
now and forever. 

The way to do it would be this: If a Chinese user tried to view a website
outside China with political content, such as CNN.com, the address would be
recognized by a filter program that screens out forbidden sites. The request
would then be thrown away, with the user receiving a banal message:
"Operation timed out." Great, but China's leaders had a problem: The
financial excitement of a wired China quickly led to a proliferation of
eight major Internet service providers (ISPs) and four pipelines to the
outside world. To force compliance with government objectives--to ensure
that all pipes lead back to Rome--they needed the networking superpower,
Cisco, to standardize the Chinese Internet and equip it with firewalls on a
national scale. According to the Chinese engineer, Cisco came through,
developing a router device, integrator, and firewall box specially designed
for the government's telecom monopoly. At approximately $20,000 a box, China
Telecom "bought many thousands" and IBM arranged for the "high-end"
financing. Michael confirms: "Cisco made a killing. They are everywhere."

Cisco does not deny its success in China. Nor does it deny that it may have
altered its products to suit the special needs of the Chinese "market"--a
localization scheme the company avoided elsewhere in the world--but it
categorically rejects any responsibility for how the government uses its
firewall boxes. David Zhou, a systems engineer manager at Cisco, Beijing,
told me flat out, "We don't care about the [Chinese government's] rules.
It's none of Cisco's business." I replied that he has a point: It's not the
gun but the way it's used, and how can a company that builds firewalls be
expected to, well, not build firewalls? Zhou relaxed, then confidently added
that the capabilities of Cisco's routers can be used to intercept
information and to conduct keyword searches: "We have the capability to look
deeply into the packet." He admitted that Cisco is under the direct scrutiny
of State Security, the Public Security Bureau, and the People's Liberation
Army (PLA). 

Does Cisco allow the PLA to look into packets? Zhou didn't know or wouldn't
say. But consider, for example, the arrest of veteran activist Chi Shouzhu
last April. He was picked up in a crowded train station minutes after
printing out online materials promoting Chinese democracy. Incidents such as
this have mushroomed in China, suggesting that Cisco may not be the only one
capable of looking deeply into the packets. In fact, Cisco's ability to
thrive in China may well depend on cooperation with the Public Security
Bureau and the PLA.

Cisco's firewall has proven to be far from foolproof. New sites on forbidden
topics crop up daily, and with the proliferation of ISPs who just want more
subscribers surfing, the lag time between updating the government's list of
banned sites and implementation can be erratic. So Chinese security organs
also needed to control the search engines through which new sites can be
found. 

Enter Yahoo! The business press has painted a picture of a thriving,
home-grown Chinese market for portals and search engines--mirroring such
companies as AOL, Google, and Excite--with names like Sohu, Netease, and
Sina fighting for the top spots. Chinese Yahoo!, the American outrider,
trails in fifth place. A top Yahoo! representative spoke to me on the
condition that I would not use his name or give identifying details other
than that he had recently left the company. He admitted that Yahoo! is
actually the most popular portal in China by a mile. Management had fudged
the hit rate, because "we were viewed as extremely aggressive. We were seen
as too foreign." 

Chinese xenophobia has led many other U.S. companies to play similar games,
but Yahoo! was particularly eager to please. All Chinese chat rooms or
discussion groups have a "big mama," a supervisor for a team of censors who
wipe out politically incorrect comments in real time. Yahoo! handles things
differently. If in the midst of a discussion you type, "We should have
nationwide multiparty elections in China!!" no one else will react to your
comment. How could they? It appears on your screen, but only you and
Yahoo!'s big mama actually see your thought crime. After intercepting it and
preventing its transmission, Mother Yahoo! then solicitously generates a
friendly e-mail suggesting that you cool your rhetoric--censorship, but with
a New Age nod to self-esteem.

The former Yahoo! rep also admitted that the search phrase "Taiwan
independence" on Chinese Yahoo! would yield no results, because Yahoo! has
disabled searches for select keywords, such as "Falun Gong" and "China
democracy." Search for VIP Reference, a major overseas Chinese dissident
site, and you will get a single hit, a government site ripping it to shreds.
How did Yahoo! come up with these policies? He replied, "It was a
precautionary measure. The State Information Bureau was in charge of
watching and making sure that we complied. The game is to make sure that
they don't complain." By this logic, when Yahoo! rejected an attempt by
Voice of America to buy ad space, they were just helping the Internet
function smoothly. The former rep defended such censorship: "We are not a
content creator, just a medium, a selective medium." But it is a critical
medium. The Chinese government uses it to wage political campaigns against
Taiwan, Tibet, and America. And of course the great promise of the Internet
in China was supposed to be that it was unfettered, not selective. The
Yahoo! rep again: "You adjust. The crackdowns come in waves; it's just the
issue du jour. It's normal."

But what is "normal" in China can be altered under duress. When Chinese
authorities ordered Microsoft to surrender its software's underlying source
codes--the keys to encryption--as the price of doing business there,
Microsoft chose to fight, spearheading an unprecedented Beijing-based
coalition of American, Japanese, and European Chambers of Commerce. Faced
with being left behind technologically, the Chinese authorities dropped
their demands. Theoretically, China's desire to be part of the Internet
should have given the capitalists who wired it similar leverage. Instead,
the leverage all seems to have remained with the government, as Western
companies fell all over themselves bidding for its favor. AOL, Netscape
Communications, and Sun Microsystems all helped disseminate government
propaganda by backing the China Internet Corporation, an arm of the
state-run Xinhua news agency.

Not to be outdone, Sparkice, a Canadian Internet colossus, splashily
announced that it would serve up only state-sanctioned news on its website.
Nortel provides software for voice and closed-circuit camera
recognition--technology that the Public Security Bureau has already put to
good use, according to the Chinese press. AOL is quietly weighing the pros
and cons of informing on dissidents if the Public Security Bureau so
requests; the right decision would clearly speed Chinese approval for AOL to
offer Internet services and perhaps get a foothold in the Chinese television
market. In fact, AOL signed a landmark deal with a Chinese station at the
end of October. Smaller American companies and smaller nations smell the
blood. Along with Chinese officials, they dominate Chinese Internet-security
trade shows. China Telecom is considering purchasing software from iCognito,
an Israeli company that invented a program called "artificial content
recognition," which surfs along just ahead of you, learning as it censors in
real time. It was built to filter "gambling, shopping, job search,
pornography, stock quotes, or other non-business material," but the first
question from the Chinese buyers is invariably: Can it stop Falun Gong?

In the wake of terrorist attacks on America, some of the byplay between
Beijing and its entrepreneurial suitors has taken on new significance.
According to James Mulvenon of Rand Corporation, Network-1 Security
Solutions, a U.S. web security firm, gained entry to the Chinese market by
helpfully donating 300 live computer viruses to the Public Security Bureau.
The U.S. embassy has already monitored the picture.exe virus, which worms
into a user's computer and then quietly sabotages the widely available
encryption software Pretty Good Privacy by sending the personal encryption
keys to China. Last August's notorious Code Red worm, which some thought
originated in China, appears to have been little more than an amateur
nuisance. But Chinese military reports on unconventional warfare explicitly
advocate coordinated virus attacks to debilitate U.S. communication and
financial systems during a crisis. America may expect a more sophisticated
visit from the offspring of a Network-1 sample virus in the future.

Why has there been so little oversight of such corporate activity? As
Michael Robinson puts it, for the first four years of the Net era, those
with paranoid visions of China's government were never quite able to square
their suspicions with the rapid expansion of the Chinese Internet. Although
it was widely rumored in Beijing that up to 30,000 state security employees
were monitoring the Internet in that city alone, the monitoring was also
laughed at. Apparently the bureaucrats liked monitoring pornography so much
that they had a massive backlog. State security was said to be lax, corrupt,
full of holes. Chinese whiz kids could still surf through the firewall and
beyond. Associations could flourish among the patrons of the cybercaf s,
using anonymous monikers. Many saw the Internet as a populist river leading
to the ocean of the global community. Then, the Chinese government abruptly
built a cyber-version of the Three Gorges Dam.

In October 2000, the State Council ordered Internet Service Providers to
hold all Chinese user data--phone numbers, time, and surfing history--for at
least 60 days. In November, commercial news sites were banned. In December,
the National People's Congress decreed all unauthorized online political
activity illegal. January 2001 saw the criminalization of Internet transfer
of "state secret information," such as reports of human rights violations.
February brought "Internet Police 110," software blocking "cults, sex, and
violence" while monitoring users' attempts to access such sites. By March,
the surveillance started to work; hundreds of e-mails on the controversy
surrounding a schoolhouse bombing in Jiangxi disappeared. Around the same
time, Chinese authorities announced near completion of a "black box" to
collect all information flowing across the Internet. In April, arrests of
democracy activists using the web and a nationwide crackdown on cybercaf s
reached critical mass. Surviving caf s had to install internal monitoring
software. E-mail to Tibet now took three days to get through, if at all, and
Falun Gong e-mail was completely eradicated. By October 2001, when President
George W. Bush flew to Shanghai for the Asia-Pacific Economic Cooperation
Summit, he was entering an Internet police state. To deflect criticism, but
perhaps also as a demonstration of power, blocks on U.S. news websites were
magically lifted by Chinese authorities. The minute Bush went airborne, the
blocks were back in place. During Bush's current visit to China, any attempt
to discuss loosening Chinese Internet controls is likely to be brushed aside
using the rhetoric of our own struggle against terrorism (what, you're
against surveillance?). But if the Chinese take this tack, they are of
course being dishonest about their own motives.

There were urgent reasons for the Chinese Internet crackdown; fighting
terrorism wasn't one of them. Instead, look to the slow-motion crisis of a
leadership transition, the release of the Tiananmen papers, the emergence of
a cyber-Falun Gong, and a stirring--you could feel it on the street--for
greater freedom of expression, if not genuine democracy. Then again, there
may be a more elaborate game afoot. Chairman Mao knew the utility of briefly
loosening controls to create a dragnet. In effect, the current Chinese
leadership promoted a "hundred flowers" period of relative Internet
freedom--again, not to capture terrorists, but to expose anyone who
disagreed with the legitimacy of their rule and to attract massive Western
investment. American technologies of surveillance, encryption, firewalls,
and viruses have now been transferred to Chinese partners--and might even
one day be turned against our own ludicrously open Internet. We funded,
built, and pushed into China what we thought was a Trojan Horse, but we
forgot to build the hatch.

Consider a Chinese user in search of an unblocked news site
(weeklystandard.com, for example). He won't expect to get through, and if he
does, it will be cause for alarm, for the site may be a tripwire--not for
spam, but for state security. Everything he does on the web might
conceivably be used against him. Pornography? Potentially, a two-year
sentence. Political? Possible permanent loss of career, family, and freedom.
E-mail may be the most risky: Two years ago, working from my office in a
Chinese TV studio, I received an e-mail from a U.S. friend (in a
browser-based Hotmail account, no less, which in theory should be difficult
to monitor) with the words "China," "unrest," "labor," and "Xinjiang" in
queer half-tone brackets, as if the words had been picked out by a filter. I
now realize that it was a warning; any savvy Chinese user would have sensed
it instantly. 

Before the crackdown one could escape and surf anonymously in a cybercaf �or
use a proxy server--another computer that acts as an intermediary between
surfers and websites, helping to hide their web footprints and evade the
filters. Not surprisingly, the most common search words in China were not
"Britney" and "hooters," but "free" and "proxy." Fully 10 percent of Chinese
users--about two million people--used proxies regularly in an attempt to
circumvent government controls. In what Michael calls "the first sign of
cleverness" by the government, a proxy pollution campaign began last spring
when the Chinese authorities either developed or imported a system that
sniffs the networks for signs of proxies. A user, frantically typing in
proxy addresses until he finds one that isn't blocked, effectively provides
the government with a tidy blacklist. After a few of these tedious sessions,
many of my Chinese friends simply gave up climbing over the firewall. For a
small fee, expat users could turn to a web-based proxy browser, such as
Anonymizer. But credit cards are effectively blocked for Chinese citizens.
Just for good measure, Anonymizer was finally blocked as well.

IS CHINA'S Internet beyond redemption? Is it destined to be a tool of
surveillance and repression, managed by the Chinese government and serviced
by cynical Western partners? Maybe not. The Great Firewall might be
vulnerable to a few physicists at the University of Oregon. I spent a day
watching Stephen Hsu diagram the Chinese web and its weaknesses. Hsu and his
company, SafeWeb, have developed a proxy server system called Triangle Boy.
The triangle refers to the Chinese user, to a fleet of servers outside of
the firewall, and to a mothership which the servers report to, but the
Chinese government cannot find. Already tens of thousands of Chinese users
have connected with it; five of the top twenty Triangle Boy search sites are
in the Chinese language. Every day, the Chinese user receives an e-mail
listing new addresses of Triangle Boy servers, which allow the user to visit
websites that they would otherwise be unable to reach. Because the addresses
of the servers change constantly, the system is practically unbeatable. Any
attack, especially on the mothership, requires enormous resources.

But as surely as Triangle Boy works to liberate the surfing Chinese masses,
you can bet State Security is looking for a way to pounce on this latest
proxy rebellion. The simplest one will be to enlist American companies,
still eager to curry favor in Beijing, and get them to develop software
allowing the Public Security Bureau to sniff out and block proxies as
quickly as they are created.

The only practical solution to this puzzle is for the Bush administration to
make Internet freedom in China a high priority. At the moment it is a
laughably small priority. The Voice of America, whose website has been a
high-profile target of Chinese blocking, last summer began funding Triangle
Boy to the tune of $10,000 per month. VOA officials undertook that small
effort in frustration; they attempt to send daily news via e-mail to some
800,000 addresses in China, with no guarantee that they are getting through.
Hsu estimates that supplying one million Chinese users with Triangle Boy
(approximately 600 million page views a month) would require just $1 million
annually. Budgeted at $300 million a year, VOA has the means and is wisely
looking at several other solutions as well. But for VOA to justify an
anti-blocking effort on a scale that will make a difference, it will need to
be seen as carrying out an important plank of American foreign policy, not
just acting on the margins as it is now.

And why not make this a higher profile U.S. policy? Cracking the Chinese
firewall is at least as technically interesting as strategic defense.
Triangle Boy is still theoretically vulnerable to spoof sites, authorization
problems, or a Code Red-style worm attacking the servers. That implies a
need for a highly technical layering operation, involving an endless and
ever-changing supply of low-key web-based proxies, mirror sites, and
encrypted e-mail and instant messenger services in Mandarin, Cantonese, and
English, in sufficient volume to overwhelm the Chinese firewall.

Creative engineers, unleashed to solve the problem of bringing Internet
freedom to China, might take any number of approaches. They might go through
Hong Kong, where illicit cables are said to run to Guangzhou. They might cut
some deals with a "loose" Chinese ISP, such as Jitong. They might use
messages formatted as images to defeat software that sniffs out characters.
They might exploit the fact that Chinese Internet addresses were originally
configured in peculiar blocks. Or the fact that the government's
proxy-hunters come from only a few locations. A shrewd native engineer could
probably root out and defeat 99 percent of these government agents.

None of these measures will be cheap. Nor can we expect the U.S. government
to fully manage such a multi-pronged private-and-public defense of Internet
freedom. Even if they back the overall concept, administration officials
will inevitably want deniability about certain parts of such an operation.
This means the project will need to attract the support of foundations,
human rights groups, religious organizations--any group that cares about a
free China. 

But it will be worth it. Given the willingness of capitalists to work hand
in hand with the Chinese regime, the Internet may be the only force left
that is potentially anti-hierarchical. Think of it as a way to levy a
web-based democracy tax on the Chinese government. Think of it also as a way
around the university students and the intelligentsia, who are overrated as
agents for democratic change in China.

As the father of the Chinese Internet Michael Robinson notes, "In the
Chinese Internet's infancy, the first three sites that the government
blocked were two anti-government sites--and one Maoist site. What threatens
them? . . . The heartland." Ultimately, it won't be the intellectuals who
are key to bringing democracy to China. Irate overtaxed peasants with
Internet-enabled cell phones ten years from now are the real target market.
And those whose dream is democracy in China are operating with diminishing
points of entry. The American business presence in China is deeply, perhaps
fatally, compromised as an agent for liberalizing change. The Internet
remains the strongest force for democracy available to the Chinese people.
But it remains a mere potentiality, yet another American dream, unless we
first grapple with the question: Who lost China's Internet? Well, we did.
But we can still repair the damage. We can, in Michael's words, "lay down
the communication network for revolution." If we don't, his progeny may not
forgive us. 

Ethan Gutmann, a visiting fellow at the Project for the New American
Century, is completing a book, "Beijing Boot Camp."

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/nuyOHD/7.PDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: e.r.: "Re: [iwar] [fc:Who.Lost.China's.Internet?]"
Previous message: televr: "[iwar] Office of Strategic Influence/Homeland Security"
Next in thread: e.r.: "Re: [iwar] [fc:Who.Lost.China's.Internet?]"
Reply: e.r.: "Re: [iwar] [fc:Who.Lost.China's.Internet?]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST