[Originally published in the Vanuatu Daily Post.]
On the 12th of January, David Drummond, Google’s Chief Legal Officer, made a startling announcement: Google – and dozens of other companies operating in China – had been the target of concerted online attacks originating from China. Google also claimed that the attackers, targeting human rights activists inside China and around the world, used the activists’ own PCs to take over numerous GMail accounts.
These attacks used ‘0-day’ exploits, hitherto-unknown vulnerabilities in common software applications. In a Wired Magazine interview, security analyst Ryan Olson stated that the code itself was unremarkable, but that ‘the sophistication here is all about the fact they were able to target the right people using a previously unknown vulnerability.’
Businesses and governments face online acts of vandalism and attempts at corporate espionage all the time. Even this attack, which exploited flaws in Microsoft’s Internet Explorer and Adobe’s Acrobat reader software, was ‘not ground-breaking’, according to security expert Mikko Hypponen.
‘We see this fairly regularly,’ he told the BBC, but ‘most companies just never go public.’
Running against tide of companies flooding into China, Google has retaliated against these intrusions by stating that they will no longer censor google.cn, their Chinese search site. If that can’t be done within Chinese law, wrote Drummond, it ‘may well mean having to shut down google.cn, and potentially our offices in China.’
With annual revenues of around US$150 million (some estimates range far higher), China is a small but significant part of Google’s global operation. Pulling out, however, is commonly seen as passing up on the largest single consumer market in the world. Virtually all large online search providers have quietly acquiesced to China’s diktat regarding search results.
Some, indeed, have gone above and beyond the call. Reporters Without Borders accused Yahoo of becoming a ‘police informant’ following the 2004 arrest and imprisonment of Shi Tao, a Chinese journalist. Yahoo had apparently exceeded the strict requirements of the law in granting Chinese authorities access to Shi’s offshore email accounts.
Microsoft, renowned for their winner-take-all approach to business, finds itself in a similarly subservient position. With trademark deftness, China largely de-fanged one of the most effective and brutal corporate negotiating teams in the world. Negotiators got virtually everything they wanted. China pays about 10% per license of what other governments do. They not only negotiated access to the Windows source code, they have to right to alter it to suit their purposes.
Just this week, both Microsoft CEO Steve Ballmer and founder Bill Gates made public pronouncements simultaneously espousing the principle of Internet freedom and respect for Chinese law. They did not elaborate on how they intend to square this circle. Gates characterised Chinese censorship as ‘very limited’ in a recent interview on US network television.
For its part, China angrily denounced Google’s assertions, calling them inaccurate and suggesting they were motivated by outdated, imperialistic notions. They refused to draw any link between their censorship activities and the attacks on Google and others, stating unequivocally that such attacks are just as illegal in China as other countries. IT security experts remain convinced nonetheless that China sponsors such activities.
Despite strong pronouncements from US Secretary of State Hillary Clinton, most US businesses are holding their fire, according to the Wall Street Journal. Nobody wants to miss out on China’s rapidly growing consumer market.
The principle of Internet freedom is increasingly under attack in other countries as well. When questioned about their complicity in the suppression of Iranian online dissent, Nokia-Siemens’ phlegmatic reply was that they hadn’t done anything unusual. Most European and North American carriers are required to make wholesale surveillance and censorship possible, too.
Australian Minister Stephen Conroy has been steadily advancing an agenda that includes censorship of online material ‘refused classification’ by an Australian ratings body.
Businesses and governments both have reason to feel uncomfortable about the Wild West atmosphere that pervades the Internet. Its organised anarchy and ability to reformulate itself from one day to the next makes it a threat to many traditional business practices as well as to governments leery of dissent.
Increasingly, network carriers and content providers are cooperating to introduce measures to make the Internet a ‘walled garden’ rather than an open range. This implies a top-to-bottom approach encompassing centralised networks and wholesale filtering, copy-protection technologies and the criminalisation of file-sharing as well as computing devices on which only pre-approved software can run.
Yet again, people are seeking technological solutions to problems that are social in nature.
So far, Internet activist Perry Barlow’s affirmation that ‘the Internet treats censorship as damage and routes around it’ remains true. But with the increasingly evident willingness of corporate and government agents to create and use what MIT researcher Benjamin Hill terms ‘anti-features’, we may soon find that there’s nowhere else to route to.
Copy protection mechanisms included on CDs, DVDs and other media only serve to inconvenience legitimate users. People intent on copying quickly rip new versions and shared them widely. Likewise, content filters on individual networks are easily avoided through the use of relatively anonymous Internet cafés and proxy servers, allowing people to access contentious content even over rigidly controlled networks. Locked-down phones and computing devices are quickly ‘jail-broken’.
But with the imposition of control over the actual cables and connections through which Internet traffic passes, proponents of Internet freedom lose their ability to manoeuvre. Their data can no longer route around censorship. For them, the damage is complete. The Internet has effectively ceased to exist.
Anti-features such as copy protections, filters and firewalls add to the cost of accessing information. They make things harder, not better. It would be far cheaper to rely on people to establish ethical and moral norms than to impose technical solutions which do little to deter the determined and much to inconvenience everyone else.
Often enough, their closed nature makes anti-features more susceptible to 0-day exploits, exactly the kind of attack that left Google and dozens of other companies so exposed.
Such measures have only one significant virtue: Technological solutions don’t require the consent of the people.