China’s head honcho when it comes to censorship recently stepped down. This being China, no-one seems to know whether he was effectively sacked, or asked to move to a new bigger and better role. But what we do know is that things aren’t going to get any better for those inside the Great Firewall.
Over the past three years, Lu Wei has been a constant thorn in the side of rights groups, diplomats and Silicon Valley bosses. His aggressive defence of China’s sovereign right to do with its internet what it sees fit – most notably at the laughably titled World Internet Conference in Wuzhen – has been jarring at times. The Cyberspace Administration of China (CAC) he headed up also runs root CA and .cn operator the Chinese Internet Network Information Center (CNNIC). As such, it was blamed by Google last year for issuing unauthorized TLS certificates for several of its domains, which were subsequently used in man-in-the-middle (MITM) attacks.
Even more damning, the CAC was accused of launching Man in the Middle attacks on Outlook users last year in response to its migration to HTTPS, which the authorities can’t monitor. And then it was pegged for a DDoS attack on anti-censorship organisation Greatfire.org – a constant thorn in the side of the authorities in Beijing.
I spoke to Greatfire.org co-founder Charlie Smith about the reasons for and implications of Lu’s departure.
“If it ain’t broke, don’t fix it, right? We probably just had the quietest anniversary of Tiananmen [Square massacre] yet, in terms of online dissent and discussion. There is more censorship in general. Less circumvention because of a crackdown on VPNs. And fewer foreign companies are trying to challenge the status quo,” he told me via email.
“We know controlling the medium is pretty near the top of [president] Xi Jinping’s agenda. So why make a change now? The timing likely indicates that this was a planned and not a rash decision. There was no need to unsettle things before the 4 June anniversary and the change happens well before the next ‘World’ Internet Conference in Wuzhen.”
Smith went on to argue that, even though Lu presided over an unprecedented crack down on internet freedom – primarily through a new regulation banning the spread of “rumours” online – he didn’t go far enough.
“Lu was not perfect. As we have shown, it is impossible to completely block all information for those inside China,” Smith continued. “Maybe in this regard, Lu was being blamed and Xi decided he wanted somebody who can get the job done. Maybe Xi was upset about being ‘vilified as a murder suspect’ and could not comprehend why Lu Wei was unable to scrub information from the Chinese internet.”
Lu’s removal, if that is what it was, may also have been an attempt by Xi at curbing his growing influence – after all, propaganda is at the heart of the Party’s power and everyone inside knows it. His replacement, Xu Lin, is a Xi Jinping acolyte and one time deputy secretary of Tibet’s Shigatse Prefecture who will certainly toe the presidential line.
As Smith put it, “if Xu Lin fails to quell ‘rumours and slander’ Xi does not have to second-guess whether or not Xu is doing everything within his power to stop these attacks.”
So what prospects for the future? Pretty grim if you’re inside China and are a fan of human rights and internet freedom.
Beijing was one of a few countries – Russia, India, Indonesia included – that voted against a non-binding resolution at the UN this week stating all individuals must be afforded the same rights online as offline and that the universal right to freedom of expression should be upheld online.
As Smith said, if Xu Lin “handles information control on the Chinese internet the same way the authorities handle information control in Tibet then the situation could even get worse.”
There is some hope for businesses and individuals which need to leap the Great Firewall.
The hope is that it will encourage greater use of VPNs and help developers improve their circumvention products, as well as provide a much needed additional source of revenue for Greatfire.
The concern is that if it gets popular enough, Beijing will do all it can to put it out of action.
Apple had a rip-roaring second quarter, as I’ve just reported here for IDG Connect. But the financials were about more than putting yet more dollars in the bank. In years to come, the quarter may well be seen as a tipping point – the point when the Cupertino giant came to rely way too much on China.
Although sales in China have yet to surpass the Americas, that point is not too far away. But the quarter did see iPhone sales from the Middle Kingdom overtake the US, and it also witnessed total revenue from China leapfrog that of Europe – two pretty significant milestones.
Apple is in a position that its American rivals and counterparts – Google, Microsoft, Amazon, Facebook etc – would dearly love. They’ve all been either banned or investigated for anti-trust dealings – in other words harangued by the authorities. These firms face an uncertain future in the world’s soon-to-be largest technology market. But while Apple is largely loved by consumers still in style-obsessed China, its days too could be numbered.
Certainly the government has been making life difficult for US tech firms over the past year or two. The revelations from NSA whistleblower Edward Snowden has given it the perfect excuse to request stringent security checks on products destined for the public sector market. It’s a de facto ban for many providers. Beijing is trying to do the same with the banking industry. And it will get its way, eventually.
What does it mean for Apple? Yes the firm is a large investor in the country. But that won’t count for much if or when Beijing wants to apply some pressure. Apple has already been forced to comply with its unpalatable censorship demands, withdrawing apps from its store. It was notably silent when the authorities launched a Man in the Middle attack on iCloud last year. And CEO Tim Cook was forced to make a grovelling apology when a state TV-led witch hunt found issues with its customer service in the country. Cook has reportedly also agreed to give the government access to its source code in a bid to pacify regulators and ensure its devices are approved. This in itself could backfire if Beijing uses that intelligence to create backdoors to spy on Apple users outside the country.
Then there’s the issue of growth. China is not necessarily the license to print money many think it is for Apple.
IDC analyst Xiaohan Tay told me smartphone growth will begin to slow in the country over the coming years.
“Most of the growth in the smartphone market will come from the lower end segment of the market. As Apple is a high-end product in the China market, most of its growth will come from replacement users which are the Apple fans, as well as those who may be using the higher end Android phones at the moment,” she added.
“The new iPhones were a hit in the Chinese market as consumers were awaiting the release of the larger screen sized phones from Apple for the longest time, and this helped to drive growth in the past two quarters since the new iPhones were launched in China.”
Growth will continue, but at a slower rate, although the Apple Watch represents a great opportunity to arrest that slide, she added.
“The die-hard Apple fans as well as the middle and upper-middle class consumers in the cities will help to sustain the growth,” said Tay. “I believe that Apple’s high prices actually makes its phones more desirable for the consumers. Owning an iPhone represents a status symbol that the average consumer wants to work towards.”
Plenty of positives for the future for Apple in China, then. But what the Middle Kingdom giveth it can also taketh away. In my opinion, Cupertino had better disperse its eggs into other BRIC baskets if it wants to avoid a nasty surprise down the road.
First of all, the app market will see an ever-tightening regulatory regime following new regulations passed in October, according to co-founder Percy Alpha.
“I fear that in the future, apps will be like websites, i.e you have to get a license before publishing any,” he told me by email.
Then there’s the current trend for Man in the Middle attacks as a way to monitor and block access to various online services and sites.
The Great Firewall has already tried this tactic on Google, Yahoo and iCloud to name but three. It’s the only way the authorities can see what people are up to once a site switches to HTTPS.
The smart money is apparently on more of these attacks in 2015, but increasingly focused on smaller sites so as to not arouse much media attention.
The Chinese authorities have also been going after Greatfire itself of late, proof the anti-censorship group must be doing something right.
Their mirrored sites, which allow users behind the Great Firewall view blocked content, have been a minor irritant to the authorities until now. But since last week Beijing upped the ante in two astonishing moves against the content delivery networks (CDNs) Greatfire uses.
The first resulted in EdgeCast losing all service in China – which could mean tens of thousands of sites affected. Then another swipe took out an Akamai subdomain also used by HSBC. The result? Its corporate banking services became unavailable. It just shows the lengths the Party is prepared to go to control the flow of information.
The last word goes to co-founder Charlie Smith:
“I think we will continue to see the kinds of crackdown we have seen this past year. I think that for a long time, many optimists have said, give the authorities some time, restrictions will loosen up and information will flow more freely. If anything, the exact opposite is happening – I’m not sure why people seem to make comments otherwise.
If anything, I think the authorities will take censorship too far in 2015. They will push the Chinese over the limit of what they are willing to tolerate.”
It’s based on a Trend Micro report – The Mobile Cybercriminal Underground Market in China – published this week by its Forward Looking Threat Research Team, which reveals once again the sophistication and commercialisation of the underground networks via which cyber criminals trade goods and service.
Although the report itself doesn’t throw up a huge amount of new data it’s interesting to see evidence that such networks exist in China, selling common attack kits like premium service abusers, SMS Forwarder Trojans and spam.
Typically, being broadcast journalism we were kept strictly to 5 minutes of short, sharp soundbursts by the BBC which allowed for little meaningful discussion of the topic besides “what’s the Dark Web”? “How do I get on it?” and Who’s behind these attacks?”. I had a better chat with the researcher the night before.
That said, it’s an important topic to air publically.
Although we didn’t cover this in as much detail as I’d have liked, the real message to listeners of the program – which apparently has among the highest audience numbers on the planet – is to be more vigilant when downloading apps online and make sure they install basic AV on smartphones.
In China, where unregulated third party Android stores are the norm and mobile AV is rare, the cyber criminals have it made.
The only light I can see on the horizon in this part of the world is for the government to follow through with its planned regulation of the mobile app space. This would force industry to self-regulate and clamp down on malicious apps either pre-loaded onto phones or uploaded to web stores.
The only problem is that any new regulations are also likely to restrict content deemed “offensive” to Beijing – in other words censorship by the back door.
GreatFire.org, a not-for-profit calling for an end to China’s repressive censorship regime, has launched another tool designed to bring transparency to the Chinternet and no doubt some consternation in Beijing.
I covered the Decrypt Weibo announcement over at The Register. It pretty much does what it says on the tin, allowing users who see a post on Sina Weibo that has been blocked by the censors, to retrieve that message.
The founders of GreatFire have been mapping the censored Chinese internet for over two years now and last year launched FreeWeibo, a tool which allows users to conduct uncensored searches of Sina Weibo – by far China’s biggest weibo platform.
However their work so far seems to have flown under the radar, which probably comes down simply to user numbers.
“We’ve been operating FreeWeibo.com now for almost a year and they have not done anything to try to block that service,” co-founder Charlie Smith told me. “It may be that we are just a small blip on their radar. But we think that we are making things difficult for them and we are going to continue to makes things difficult.”
The big worry for internet freedom advocates is that China’s latest attempts to suppress online free speech have edged the closest yet to an Orwellian “thought police” model.
In attaching severe jail terms to any popular online message subsequently deemed to be a harmful “rumour”, the government will slowly and insidiously create a nation where all but the bravest are afraid to say anything mildly controversial online, for fear of reprisals.
That’s the worry anyway, as GreatFire alludes to in its post explaining the launch of Decrypt Weibo, although it’s good to hear that Smith and his team are undimmed in their fight.
“Sina’s likely reaction to our new service will be to inform the authorities about our presence … and put the matter in the hands of the police. The police won’t find us and won’t be able to shut us down which means that they would have to shut down the entire Sina Weibo service to stop us doing what we are doing. This would lead to a massive public outcry,” he said.
“Of course, we hope that they just decide to end online censorship voluntarily.”
In the end, the only way this could happen is if the Communist Party realised that its demand for indigenous innovation-based economic growth (rather than one reliant on copying and stealing IP) is doomed if it continues to suppress debate online and place such a heavy burden on web companies for self-policing their platforms.
Unfortunately I don’t think this will happen anytime soon, so in the meantime let’s hope Decrypt Weibo finds its way into the hands of as many Chinese netizens that need it as possible.
Reports emerged from China today that at first sight seem almost unbelievable: the Communist Party about to lift the Great Firewall and unblock access to Facebook, Twitter and a host of other banned sites.
Then the small print. If the anonymous government sources are speaking the truth, it will be only be relevant to Shanghai Free Trade Zone, a 28 sq km pilot project designed to encourage greater foreign investment in China and open its economy up to the international markets.
“In order to welcome foreign companies to invest and to let foreigners live and work happily in the free-trade zone, we must think about how we can make them feel like at home,” one government source told the South China Morning Post.
“If they can’t get onto Facebook or read The New York Times, they may naturally wonder how special the free-trade zone is compared with the rest of China.”
Now while that seems fair enough, the Communist Party isn’t known for its love of unfettered access to the internet – after all the free flow of information online is precisely the sort of thing which it knows will lead to its demise.
So what’s this all about? Well, a few things sprung to mind:
- China is in the middle of one of the worst crack downs on online freedom anyone can remember, so don’t expect this localised liberalisation to spread anywhere else in the Middle Kingdom. The party is very much still for the suppression of any discussion it deems “harmful”.
- Even if the Great Firewall is lifted in the Shanghai zone, doing so from a technical standpoint will take time, according to Forrester analyst Bryan Wang.
“The network within the free trade zone will exist something like an intranet, which is connected to the international backbone without going through the Great Wall firewall,” he told me. “Current infrastructure will not be enough to support the future development. China Telecom or Unicom will need to lay out new fibre in the free trade zone.”
- The Party giveth and it taketh away. Nothing is confirmed yet, and until state-run media reprint the story, we can probably take it as just a rumour, possibly one designed to increase international publicity for the zone, which is a pet project of new premier Li Keqiang.
The whole free trade zone itself is only a pilot, so we can expect Beijing to bring the Great Firewall crashing back down on the region if its censorship-free internet policy backfires.
On a side note, how will Hong Kong react to the free trade zone?
If the Shanghai pilot is successful, more of them could spring up across China, effectively stealing its thunder as the only truly outward facing, economically liberalised, online censorship-free region in the Middle Kingdom.
Although a free and unfettered internet may soon no longer be a differentiator for Honkers, however, it’s likely that its superior IP protection regime, rule of law and business friendly visa system will still tip the balance in its favour for most MNCs.
Schneier, if you haven’t come across him, is BT’s chief security technology officer, author, cryptographer extraordinaire and philosopher-cum-infosecurity out-of-the-box-thinker.
Basically, what he says in info-security circles is usually listened to, although his propensity to tackle the subject more from a socio- or even biological perspective than a mere discussion of bits and bytes can make quotable extracts from a conversation with him pretty thin on the ground.
That said, Schneier was on form last night, focusing on the topic of trust and the notion that all systems, be they sociological, biological and so on, need co-operation to work. These systems also feature, inevitably, ‘defectors’, who don’t obey the rules and require security to keep their activities to manageable levels.
All fine and dandy, but what about the future? Does Schneier think we’re all doomed?
Well he certainly believes that the gap between the bad guys profiting from new technologies and the good guys catching up is greater than at any point in the past thanks to the sheer volume of new tech and the huge social change it is spurring, which is somewhat worrying.
However, there is hope that all is not lost. For one, he declared the bad stuff that happens online still a “tiny percentage” of the whole.
“I’m a short term pessimist but a long-term optimist,” he added.
As the older generation dies out things will gradually change too, he explained, as new norms around things like privacy come into play, and even the music industry is eventually be forced to change.
“The internet is the greatest generational gap since rock n roll,” he declared.
“People stealing music now are doing what will be normal in ten years’ time, they just figured it out first. The business model of scarcity doesn’t work.”
In less reassuring news, he argued that the balkanisation of the internet is likely to continue as national governments seek to establish their own controls – particularly appropriate given we were sitting in the Conrad Hong Kong, just a few miles from mainland China and the Great Firewall.
“It turns out the internet does have boundaries,” Schneier concluded. “Governments are enforcing their rules more and more and it makes for a less stable internet but it is the geopolitical future.”