SPECIAL REPORT : Who Lost China's Internet?
VIP Reference
Without U.S. assistance, it will remain a tool of the Beijing
government, not a force for democracy
The Weekly Standard
February 25, 2002; Pg. 24
BY ETHAN GUTMANN;
Ethan Gutmann, a visiting fellow at the Project for the New American
Century, is completing a book, Beijing Boot Camp.
Beijing
It's not easy being the father of the Chinese Internet. Children are
running by, boats are paddling, the smell of roast lamb fills the air,
and Michael Robinson, a young American computer engineer, sits rigidly,
facing an empty cafe on the shore of Qinghai Lake, speaking in a low
voice of the crackdown. "What is better? Big brother Internet? Or no
Internet at all?" Michael asks. Michael was hired in 1996 by the Chinese
government and Global One (a Sprint-France Telecom-Deutsche Telekom
joint venture) to build the first network in China providing public
access to the Internet. One day sticks in his mind. The Chinese
engineers working with him suddenly convened a special meeting,
demanding to know if it would be possible to do keyword searching inside
e-mails and web addresses on the Chinese Internet. Not really, Michael
replied; all information that travels the Net is broken up into little
packets. It's hard to "sniff" packets of information, particularly coded
packets. You would need to intercept packets as they travel, and then
there's the problem of collating the information they contain, actually
making sense of it. Yes, yes, they said, but can you do it? On the third
go-round, it dawned on Michael that his fellow computer geeks wanted to
end the meeting, too. But at a higher level, someone required assurance.
Before Internet construction proceeded further, they would need to
monitor what Chinese users did with it. For the engineers, this was just
cover-your-ass stuff. As long as the foreigner assured them that down
the road the Chinese would be able to build an Internet firewall against
the world and conduct surveillance on its own citizens, the engineers
could continue working with him. Yes, yes, it can be done, Michael told
them, and they went back to work.
Americans make dreams, and every generation carries new ones to China.
Since 1979 that dream has been the fall of the Chinese Communist party
and the rise of the world's largest market, an event that U.S.
businessmen and China hands keep predicting is on the horizon or even
imminent. Yet Michael was not naive. He understood the self-serving
nature of much of the democracy-is-just-around-the-corner rhetoric.
Working inside, he sensed the Chinese leadership's true motives in
building an Internet. One of his friends, Peter Lovelock, author of the
Made For China Internet Update, puts it this way: "These are Marxists.
Control the means of communication; embrace the means of communication.
Fill it with Chinese voices. If they can block the outside, and block
relationships between Chinese forces, no one will listen."
But for Michael, any reservations over complicity with Chinese
government objectives were outweighed by a bedrock faith in the
Internet's ingenious architecture. A system created to relay U.S.
command messages over a damaged network after sustaining a Soviet
nuclear strike could surely find a way to get messages through,
securely, amid the white noise of millions of Chinese users. Resistance
would be futile -- even the Chinese Borg could not stop it. With the
genie of free speech out of the bottle, it would just be a matter of
time before those predictions of democracy in China come true.
That vision has now been called into question, not by a failure of the
Internet's architecture, but in several cases, by a failure of American
corporate values. Let's start where Michael left off, with the expansion
of the Chinese Internet. I treated a top Chinese engineer (who wishes to
remain anonymous) to a 30-course imperial meal in Beijing. As hoped, the
shark's fin soup loosened his tongue -- on the subject of Cisco Systems.
In the United States, Cisco is known (among other things) for building
corporate firewalls to block viruses and hackers. In China, the
government had a unique problem: how to keep a billion people from
accessing politically sensitive websites, now and forever.
The way to do it would be this: If a Chinese user tried to view a
website outside China with political content, such as CNN.com, the
address would be recognized by a filter program that screens out
forbidden sites. The request would then be thrown away, with the user
receiving a banal message: "Operation timed out." Great, but China's
leaders had a problem: The financial excitement of a wired China quickly
led to a proliferation of eight major Internet service providers (ISPs)
and four pipelines to the outside world. To force compliance with
government objectives -- to ensure that all pipes lead back to Rome --
they needed the networking superpower, Cisco, to standardize the Chinese
Internet and equip it with firewalls on a national scale. According to
the Chinese engineer, Cisco came through, developing a router device,
integrator, and firewall box specially designed for the government's
telecom monopoly. At approximately $ 20,000 a box, China Telecom "bought
many thousands" and IBM arranged for the "high-end" financing. Michael
confirms: "Cisco made a killing. They are everywhere."
Cisco does not deny its success in China. Nor does it deny that it may
have altered its products to suit the special needs of the Chinese
"market" -- a localization scheme the company avoided elsewhere in the
world -- but it categorically rejects any responsibility for how the
government uses its firewall boxes. David Zhou, a systems engineer
manager at Cisco, Beijing, told me flat out, "We don't care about the
[Chinese government's] rules. It's none of Cisco's business." I replied
that he has a point: It's not the gun but the way it's used, and how can
a company that builds firewalls be expected to, well, not build
firewalls? Zhou relaxed, then confidently added that the capabilities of
Cisco's routers can be used to intercept information and to conduct
keyword searches: "We have the capability to look deeply into the
packet." He admitted that Cisco is under the direct scrutiny of State
Security, the Public Security Bureau, and the People's Liberation Army
(PLA).
Does Cisco allow the PLA to look into packets? Zhou didn't know or
wouldn't say. But consider, for example, the arrest of veteran activist
Chi Shouzhu last April. He was picked up in a crowded train station
minutes after printing out online materials promoting Chinese democracy.
Incidents such as this have mushroomed in China, suggesting that Cisco
may not be the only one capable of looking deeply into the packets. In
fact, Cisco's ability to thrive in China may well depend on cooperation
with the Public Security Bureau and the PLA.
Cisco's firewall has proven to be far from foolproof. New sites on
forbidden topics crop up daily, and with the proliferation of ISPs who
just want more subscribers surfing, the lag time between updating the
government's list of banned sites and implementation can be erratic. So
Chinese security organs also needed to control the search engines
through which new sites can be found.
Enter Yahoo! The business press has painted a picture of a thriving,
home-grown Chinese market for portals and search engines -- mirroring
such companies as AOL, Google, and Excite -- with names like Sohu,
Netease, and Sina fighting for the top spots. Chinese Yahoo!, the
American outrider, trails in fifth place. A top Yahoo! representative
spoke to me on the condition that I would not use his name or give
identifying details other than that he had recently left the company. He
admitted that Yahoo! is actually the most popular portal in China by a
mile. Management had fudged the hit rate, because "we were viewed as
extremely aggressive. We were seen as too foreign."
Chinese xenophobia has led many other U.S. companies to play similar
games, but Yahoo! was particularly eager to please. All Chinese chat
rooms or discussion groups have a "big mama," a supervisor for a team of
censors who wipe out politically incorrect comments in real time. Yahoo!
handles things differently. If in the midst of a discussion you type,
"We should have nationwide multiparty elections in China!!" no one else
will react to your comment. How could they? It appears on your screen,
but only you and Yahoo!'s big mama actually see your thought crime.
After intercepting it and preventing its transmission, Mother Yahoo!
then solicitously generates a friendly e-mail suggesting that you cool
your rhetoric -- censorship, but with a New Age nod to self-esteem.
The former Yahoo! rep also admitted that the search phrase "Taiwan
independence" on Chinese Yahoo! would yield no results, because Yahoo!
has disabled searches for select keywords, such as "Falun Gong" and
"China democracy." Search for VIP Reference, a major overseas Chinese
dissident site, and you will get a single hit, a government site ripping
it to shreds. How did Yahoo! come up with these policies? He replied,
"It was a precautionary measure. The State Information Bureau was in
charge of watching and making sure that we complied. The game is to make
sure that they don't complain." By this logic, when Yahoo! rejected an
attempt by Voice of America to buy ad space, they were just helping the
Internet function smoothly. The former rep defended such censorship: "We
are not a content creator, just a medium, a selective medium." But it is
a critical medium. The Chinese government uses it to wage political
campaigns against Taiwan, Tibet, and America. And of course the great
promise of the Internet in China was supposed to be that it was
unfettered, not selective. The Yahoo! rep again: "You adjust. The
crackdowns come in waves; it's just the issue du jour. It's normal."
But what is "normal" in China can be altered under duress. When Chinese
authorities ordered Microsoft to surrender its software's underlying
source codes -- the keys to encryption -- as the price of doing business
there, Microsoft chose to fight, spearheading an unprecedented
Beijing-based coalition of American, Japanese, and European Chambers of
Commerce. Faced with being left behind technologically, the Chinese
authorities dropped their demands. Theoretically, China's desire to be
part of the Internet should have given the capitalists who wired it
similar leverage. Instead, the leverage all seems to have remained with
the government, as Western companies fell all over themselves bidding
for its favor. AOL, Netscape Communications, and Sun Microsystems all
helped disseminate government propaganda by backing the China Internet
Corporation, an arm of the state-run Xinhua news agency.
Not to be outdone, Sparkice, a Canadian Internet colossus, splashily
announced that it would serve up only state-sanctioned news on its
website. Nortel provides software for voice and closed-circuit camera
recognition -- technology that the Public Security Bureau has already
put to good use, according to the Chinese press. AOL is quietly weighing
the pros and cons of informing on dissidents if the Public Security
Bureau so requests; the right decision would clearly speed Chinese
approval for AOL to offer Internet services and perhaps get a foothold
in the Chinese television market. In fact, AOL signed a landmark deal
with a Chinese station at the end of October. Smaller American companies
and smaller nations smell the blood. Along with Chinese officials, they
dominate Chinese Internet-security trade shows. China Telecom is
considering purchasing software from iCognito, an Israeli company that
invented a program called "artificial content recognition," which surfs
along just ahead of you, learning as it censors in real time. It was
built to filter "gambling, shopping, job search, pornography, stock
quotes, or other non-business material," but the first question from the
Chinese buyers is invariably: Can it stop Falun Gong?
In the wake of terrorist attacks on America, some of the byplay between
Beijing and its entrepreneurial suitors has taken on new significance.
According to James Mulvenon of Rand Corporation, Network-1 Security
Solutions, a U.S. web security firm, gained entry to the Chinese market
by helpfully donating 300 live computer viruses to the Public Security
Bureau. The U.S. embassy has already monitored the picture.exe virus,
which worms into a user's computer and then quietly sabotages the widely
available encryption software Pretty Good Privacy by sending the
personal encryption keys to China. Last August's notorious Code Red
worm, which some thought originated in China, appears to have been
little more than an amateur nuisance. But Chinese military reports on
unconventional warfare explicitly advocate coordinated virus attacks to
debilitate U.S. communication and financial systems during a crisis.
America may expect a more sophisticated visit from the offspring of a
Network-1 sample virus in the future.
Why has there been so little oversight of such corporate activity? As
Michael Robinson puts it, for the first four years of the Net era, those
with paranoid visions of China's government were never quite able to
square their suspicions with the rapid expansion of the Chinese
Internet. Although it was widely rumored in Beijing that up to 30,000
state security employees were monitoring the Internet in that city
alone, the monitoring was also laughed at. Apparently the bureaucrats
liked monitoring pornography so much that they had a massive backlog.
State security was said to be lax, corrupt, full of holes. Chinese whiz
kids could still surf through the firewall and beyond. Associations
could flourish among the patrons of the cybercafes, using anonymous
monikers. Many saw the Internet as a populist river leading to the ocean
of the global community. Then, the Chinese government abruptly built a
cyber-version of the Three Gorges Dam.
In October 2000, the State Council ordered Internet Service Providers to
hold all Chinese user data -- phone numbers, time, and surfing history
-- for at least 60 days. In November, commercial news sites were banned.
In December, the National People's congress decreed all unauthorized
online political activity illegal. January 2001 saw the criminalization
of Internet transfer of "state secret information," such as reports of
human rights violations. February brought "Internet Police 110,"
software blocking "cults, sex, and violence" while monitoring users'
attempts to access such sites. By March, the surveillance started to
work; hundreds of e-mails on the controversy surrounding a schoolhouse
bombing in Jiangxi disappeared. Around the same time, Chinese
authorities announced near completion of a "black box" to collect all
information flowing across the Internet. In April, arrests of democracy
activists using the web and a nationwide crackdown on cybercafes reached
critical mass. Surviving cafes had to install internal monitoring
software. E-mail to Tibet now took three days to get through, if at all,
and Falun Gong e-mail was completely eradicated. By October 2001, when
President George W. Bush flew to Shanghai for the Asia-Pacific Economic
Cooperation Summit, he was entering an Internet police state. To deflect
criticism, but perhaps also as a demonstration of power, blocks on U.S.
news websites were magically lifted by Chinese authorities. The minute
Bush went airborne, the blocks were back in place. During Bush's current
visit to China, any attempt to discuss loosening Chinese Internet
controls is likely to be brushed aside using the rhetoric of our own
struggle against terrorism (what, you're against surveillance?). But if
the Chinese take this tack, they are of course being dishonest about
their own motives.
There were urgent reasons for the Chinese Internet crackdown; fighting
terrorism wasn't one of them. Instead, look to the slow-motion crisis of
a leadership transition, the release of the Tiananmen papers, the
emergence of a cyber-Falun Gong, and a stirring -- you could feel it on
the street -- for greater freedom of expression, if not genuine
democracy. Then again, there may be a more elaborate game afoot.
Chairman Mao knew the utility of briefly loosening controls to create a
dragnet. In effect, the current Chinese leadership promoted a "hundred
flowers" period of relative Internet freedom -- again, not to capture
terrorists, but to expose anyone who disagreed with the legitimacy of
their rule and to attract massive Western investment. American
technologies of surveillance, encryption, firewalls, and viruses have
now been transferred to Chinese partners -- and might even one day be
turned against our own ludicrously open Internet. We funded, built, and
pushed into China what we thought was a Trojan Horse, but we forgot to
build the hatch.
Consider a Chinese user in search of an unblocked news site
(weeklystandard.com, for example). He won't expect to get through, and
if he does, it will be cause for alarm, for the site may be a tripwire
-- not for spam, but for state security. Everything he does on the web
might conceivably be used against him. Pornography? Potentially, a
two-year sentence. Political? Possible permanent loss of career, family,
and freedom. E-mail may be the most risky: Two years ago, working from
my office in a Chinese TV studio, I received an e-mail from a U.S.
friend (in a browser-based Hotmail account, no less, which in theory
should be difficult to monitor) with the words "China," "unrest,"
"labor," and "Xinjiang" in queer half-tone brackets, as if the words had
been picked out by a filter. I now realize that it was a warning; any
savvy Chinese user would have sensed it instantly.
Before the crackdown one could escape and surf anonymously in a
cybercafe or use a proxy server -- another computer that acts as an
intermediary between surfers and websites, helping to hide their web
footprints and evade the filters. Not surprisingly, the most common
search words in China were not "Britney" and "hooters," but "free" and
"proxy." Fully 10 percent of Chinese users -- about two million people
-- used proxies regularly in an attempt to circumvent government
controls. In what Michael calls "the first sign of cleverness" by the
government, a proxy pollution campaign began last spring when the
Chinese authorities either developed or imported a system that sniffs
the networks for signs of proxies. A user, frantically typing in proxy
addresses until he finds one that isn't blocked, effectively provides
the government with a tidy blacklist. After a few of these tedious
sessions, many of my Chinese friends simply gave up climbing over the
firewall. For a small fee, expat users could turn to a web-based proxy
browser, such as Anonymizer. But credit cards are effectively blocked
for Chinese citizens. Just for good measure, Anonymizer was finally
blocked as well.
Is China's Internet beyond redemption? Is it destined to be a tool of
surveillance and repression, managed by the Chinese government and
serviced by cynical Western partners? Maybe not. The Great Firewall
might be vulnerable to a few physicists at the University of Oregon. I
spent a day watching Stephen Hsu diagram the Chinese web and its
weaknesses. Hsu and his company, SafeWeb, have developed a proxy server
system called Triangle Boy. The triangle refers to the Chinese user, to
a fleet of servers outside of the firewall, and to a mothership which
the servers report to, but the Chinese government cannot find. Already
tens of thousands of Chinese users have connected with it; five of the
top twenty Triangle Boy search sites are in the Chinese language. Every
day, the Chinese user receives an e-mail listing new addresses of
Triangle Boy servers, which allow the user to visit websites that they
would otherwise be unable to reach. Because the addresses of the servers
change constantly, the system is practically unbeatable. Any attack,
especially on the mothership, requires enormous resources.
But as surely as Triangle Boy works to liberate the surfing Chinese
masses, you can bet State Security is looking for a way to pounce on
this latest proxy rebellion. The simplest one will be to enlist American
companies, still eager to curry favor in Beijing, and get them to
develop software allowing the Public Security Bureau to sniff out and
block proxies as quickly as they are created.
The only practical solution to this puzzle is for the Bush
administration to make Internet freedom in China a high priority. At the
moment it is a laughably small priority. The Voice of America, whose
website has been a high-profile target of Chinese blocking, last summer
began funding Triangle Boy to the tune of $ 10,000 per month. VOA
officials undertook that small effort in frustration; they attempt to
send daily news via e-mail to some 800,000 addresses in China, with no
guarantee that they are getting through. Hsu estimates that supplying
one million Chinese users with Triangle Boy (approximately 600 million
page views a month) would require just $ 1 million annually. Budgeted at
$ 300 million a year, VOA has the means and is wisely looking at several
other solutions as well. But for VOA to justify an anti-blocking effort
on a scale that will make a difference, it will need to be seen as
carrying out an important plank of American foreign policy, not just
acting on the margins as it is now.
And why not make this a higher profile U.S. policy? Cracking the Chinese
firewall is at least as technically interesting as strategic defense.
Triangle Boy is still theoretically vulnerable to spoof sites,
authorization problems, or a Code Red-style worm attacking the servers.
That implies a need for a highly technical layering operation, involving
an endless and ever-changing supply of low-key web-based proxies, mirror
sites, and encrypted e-mail and instant messenger services in Mandarin,
Cantonese, and English, in sufficient volume to overwhelm the Chinese
firewall.
Creative engineers, unleashed to solve the problem of bringing Internet
freedom to China, might take any number of approaches. They might go
through Hong Kong, where illicit cables are said to run to Guangzhou.
They might cut some deals with a "loose" Chinese ISP, such as Jitong.
They might use messages formatted as images to defeat software that
sniffs out characters. They might exploit the fact that Chinese Internet
addresses were originally configured in peculiar blocks. Or the fact
that the government's proxy-hunters come from only a few locations. A
shrewd native engineer could probably root out and defeat 99 percent of
these government agents.
None of these measures will be cheap. Nor can we expect the U.S.
government to fully manage such a multipronged private-and-public
defense of Internet freedom. Even if they back the overall concept,
administration officials will inevitably want deniability about certain
parts of such an operation. This means the project will need to attract
the support of foundations, human rights groups, religious organizations
-- any group that cares about a free China.
But it will be worth it. Given the willingness of capitalists to work
hand in hand with the Chinese regime, the Internet may be the only force
left that is potentially anti-hierarchical. Think of it as a way to levy
a web-based democracy tax on the Chinese government. Think of it also as
a way around the university students and the intelligentsia, who are
overrated as agents for democratic change in China.
As the father of the Chinese Internet Michael Robinson notes, "In the
Chinese Internet's infancy, the first three sites that the government
blocked were two anti-government sites -- and one Maoist site. What
threatens them? . . . The heartland." Ultimately, it won't be the
intellectuals who are key to bringing democracy to China. Irate
overtaxed peasants with Internet-enabled cell phones ten years from now
are the real target market. And those whose dream is democracy in China
are operating with diminishing points of entry. The American business
presence in China is deeply, perhaps fatally, compromised as an agent
for liberalizing change. The Internet remains the strongest force for
democracy available to the Chinese people. But it remains a mere
potentiality, yet another American dream, unless we first grapple with
the question: Who lost China's Internet? Well, we did. But we can still
repair the damage. We can, in Michael's words, "lay down the
communication network for revolution." If we don't, his progeny may not
forgive us.
KillerUsagi
the Chinese government’s attempts to build the world’s
largest firewall, encompassing the entire Chinese population.
Companies like Yahoo! and Cisco have been built by the American
economic system, and have thrived because of the freedom they have
from being in a free country. Using their power to help suppress the
voice of choice in China is just not right. Although it may be a good
move for business, I am disappointed that these powerhouse companies
in the tech world are helping oppress the Chinese citizens. Imagine
what the internet might be like in America if there were restrictions
on what people could view; if all the content had to be approved by
our government. Would sites like Yahoo! exist? Probably not, and if
they did, they wouldn’t be nearly as large as they are today.
The internet was founded on the free flow of information, and still
today the free flow of information is what makes it so popular.
It’s not called the information superhighway for nothing. But
the Chinese government has gone out of their way to
‘neuter’ the internet’s content to what they approve
of. All with the help of American companies. What China is doing to
their own citizens concerning the internet is simply not fair. It is
a human-rights nightmare. What is even worse is that it’s all
due to the almighty dollar – big internet corporations want to
make a dollar, any way they can. Even if that means turning their
back while the Chinese citizens are being monitored on every web site,
and a government – sponsored monitor in every chat room. The
only corporate values that are left are the ones that have dollar
signs in front of them, and it is truly a sad sad thing.