Outsourcing

China cracks Google security: Google defies Chinese censors

A recent policy conflict between Google and the Chinese government is stirring up a lot of confusion and speculation about Google's motives. Chad Perrin summarizes the current response.

A recent policy conflict between Google and the Chinese government is stirring up a lot of dust and creating a lot of confusion.


Google recently announced A new approach to China in the Official Google Blog. The 12 January 2010 announcement makes allegations of security cracking by agents of the Chinese government in an attempt to gain access to dissidents' emails:

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.

The announcement also makes it clear that Google's official policy for China has been pushed by this event in the direction of stronger support for free speech in the country, effectively turning Google itself into a dissident:

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The public announcement was explained:

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech.

Google's initial policy for doing business in China was considerably more conciliatory toward the nation's censorship and surveillance policies. In the Official Google Blog's own words:

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results.

This turn-around in policy in China appears to be consistent with a deeper desire to adhere to the principles of its motto, "Don't Be Evil." One might be inclined to forgive earlier transgressions, such as Google CEO Eric Schmidt's comments on privacy:

If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

In fact, a very cynical person might wonder if the convenient timing of this conflict with China, and Google's publicly moral stand, might not be intentionally used to paper over Schmidt's PR-damaging comments on CNBC. A slightly less cynical interpretation, perhaps, but also possibly more palatable to those who fancy themselves hard-headed realists who eschew paranoid conspiracy theories, was expressed by Stan Abrams in Google Threatens to Stop Following Censorship Rules. Is This A Joke?:

Cynic and all-around horrible person that I am, I wonder if Google would be doing this if they hadn't screwed the pooch on the China market several years ago and were still doing a fairly sh***y job trying to catch up to Baidu.

It is more than a threat, actually. You can now find photos of tanks, heroic dissidents, and mangled bodies in google.cn image results for the search string tiananmen massacre, including the picture of one of the most heroic figures of the 20th century, "tank man", standing resolutely in the path of a column of tanks sent to quell student demonstrations.

Where this will all end is a subject of much speculation right now, and it seems everyone has an opinion.

  • The Chinese government's official news agency reports China seeks clarity on Google's intentions:

    If Google quit, it would leave a huge hole in the market for other search engines in China to fill, said Liu Dan, a researcher with a Beijing-based consulting company affiliated to the China Center for Information Industry Development. "The Chinese market welcomes competition, but maybe Google should also think more about adapting to China, rather than just working in its U.S. way without flexibility," Liu said.

  • The Electronic Frontier Foundation's Danny O'Brien encouraged other corporations to take a page from the Google playbook, in Uncensoring China: Bravo Google:

    Our hope is that other tech companies will follow Google's lead. Too many of them have been willing to comply with Chinese demands that they check their values at the border.

  • Google Enterprise President Dave Girouard offered reassurances to customers that Google is keeping your data safe:

    While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure.

  • Secretary of State Hillary Clinton issued a Statement on Google Operations in China:

    We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation. The ability to operate with confidence in cyberspace is critical in a modern society and economy. I will be giving an address next week on the centrality of internet freedom in the 21st century, and we will have further comment on this matter as the facts become clear.

These all appear to point to a fulfillment of Google's promise, "don't be evil," at least from the point of view of an ethic of Western free speech. There may be a fly in the ointment, however.

  • Julian Sanchez, writing for Cato at Liberty, shares his thoughts on Surveillance, Security, and the Google Breach:

    One thing that leaped out at me from the announcement was the claim that the breach "was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves." That piqued my interest because it's precisely the kind of information that law enforcement is able to obtain via court order, and I was hard-pressed to think of other reasons they'd have segregated access to user account and header information.

For more on that subject, I will follow-up this overview of the situation between Google and China in my next post, "How China exposed Google's hypocrisy."

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

2 comments
www.CompuNerds.Net
www.CompuNerds.Net

The fact that the breach "was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves" is NOT trivial. All the Chinese security apparatus needs is the email header info, not the content of emails. They breached Google's security and got into the system for tracking dissidents' messages. So if they already know these messages are from or to dissidents, all they need is the header info (IP addresses, From: and To: email addresses, Subject:) and with that they can locate the home, business, Internet cafe, etc. and arrest the dissidents. A major part of intelligence gathering consists of discovering the network of contacts that the targeted person has. So China hit the jackpot by hacking into Google's "gold mine" of dissident emails.

ad_valorem
ad_valorem

The U.S. checks our email (in the U.S.) at will? What the big fuss about China wanting to do the same thing?