China’s head honcho when it comes to censorship recently stepped down. This being China, no-one seems to know whether he was effectively sacked, or asked to move to a new bigger and better role. But what we do know is that things aren’t going to get any better for those inside the Great Firewall.
Over the past three years, Lu Wei has been a constant thorn in the side of rights groups, diplomats and Silicon Valley bosses. His aggressive defence of China’s sovereign right to do with its internet what it sees fit – most notably at the laughably titled World Internet Conference in Wuzhen – has been jarring at times. The Cyberspace Administration of China (CAC) he headed up also runs root CA and .cn operator the Chinese Internet Network Information Center (CNNIC). As such, it was blamed by Google last year for issuing unauthorized TLS certificates for several of its domains, which were subsequently used in man-in-the-middle (MITM) attacks.
Even more damning, the CAC was accused of launching Man in the Middle attacks on Outlook users last year in response to its migration to HTTPS, which the authorities can’t monitor. And then it was pegged for a DDoS attack on anti-censorship organisation Greatfire.org – a constant thorn in the side of the authorities in Beijing.
I spoke to Greatfire.org co-founder Charlie Smith about the reasons for and implications of Lu’s departure.
“If it ain’t broke, don’t fix it, right? We probably just had the quietest anniversary of Tiananmen [Square massacre] yet, in terms of online dissent and discussion. There is more censorship in general. Less circumvention because of a crackdown on VPNs. And fewer foreign companies are trying to challenge the status quo,” he told me via email.
“We know controlling the medium is pretty near the top of [president] Xi Jinping’s agenda. So why make a change now? The timing likely indicates that this was a planned and not a rash decision. There was no need to unsettle things before the 4 June anniversary and the change happens well before the next ‘World’ Internet Conference in Wuzhen.”
Smith went on to argue that, even though Lu presided over an unprecedented crack down on internet freedom – primarily through a new regulation banning the spread of “rumours” online – he didn’t go far enough.
“Lu was not perfect. As we have shown, it is impossible to completely block all information for those inside China,” Smith continued. “Maybe in this regard, Lu was being blamed and Xi decided he wanted somebody who can get the job done. Maybe Xi was upset about being ‘vilified as a murder suspect’ and could not comprehend why Lu Wei was unable to scrub information from the Chinese internet.”
Lu’s removal, if that is what it was, may also have been an attempt by Xi at curbing his growing influence – after all, propaganda is at the heart of the Party’s power and everyone inside knows it. His replacement, Xu Lin, is a Xi Jinping acolyte and one time deputy secretary of Tibet’s Shigatse Prefecture who will certainly toe the presidential line.
As Smith put it, “if Xu Lin fails to quell ‘rumours and slander’ Xi does not have to second-guess whether or not Xu is doing everything within his power to stop these attacks.”
So what prospects for the future? Pretty grim if you’re inside China and are a fan of human rights and internet freedom.
Beijing was one of a few countries – Russia, India, Indonesia included – that voted against a non-binding resolution at the UN this week stating all individuals must be afforded the same rights online as offline and that the universal right to freedom of expression should be upheld online.
As Smith said, if Xu Lin “handles information control on the Chinese internet the same way the authorities handle information control in Tibet then the situation could even get worse.”
There is some hope for businesses and individuals which need to leap the Great Firewall.
The hope is that it will encourage greater use of VPNs and help developers improve their circumvention products, as well as provide a much needed additional source of revenue for Greatfire.
The concern is that if it gets popular enough, Beijing will do all it can to put it out of action.
First of all, the app market will see an ever-tightening regulatory regime following new regulations passed in October, according to co-founder Percy Alpha.
“I fear that in the future, apps will be like websites, i.e you have to get a license before publishing any,” he told me by email.
Then there’s the current trend for Man in the Middle attacks as a way to monitor and block access to various online services and sites.
The Great Firewall has already tried this tactic on Google, Yahoo and iCloud to name but three. It’s the only way the authorities can see what people are up to once a site switches to HTTPS.
The smart money is apparently on more of these attacks in 2015, but increasingly focused on smaller sites so as to not arouse much media attention.
The Chinese authorities have also been going after Greatfire itself of late, proof the anti-censorship group must be doing something right.
Their mirrored sites, which allow users behind the Great Firewall view blocked content, have been a minor irritant to the authorities until now. But since last week Beijing upped the ante in two astonishing moves against the content delivery networks (CDNs) Greatfire uses.
The first resulted in EdgeCast losing all service in China – which could mean tens of thousands of sites affected. Then another swipe took out an Akamai subdomain also used by HSBC. The result? Its corporate banking services became unavailable. It just shows the lengths the Party is prepared to go to control the flow of information.
The last word goes to co-founder Charlie Smith:
“I think we will continue to see the kinds of crackdown we have seen this past year. I think that for a long time, many optimists have said, give the authorities some time, restrictions will loosen up and information will flow more freely. If anything, the exact opposite is happening – I’m not sure why people seem to make comments otherwise.
If anything, I think the authorities will take censorship too far in 2015. They will push the Chinese over the limit of what they are willing to tolerate.”
GreatFire.org, a not-for-profit calling for an end to China’s repressive censorship regime, has launched another tool designed to bring transparency to the Chinternet and no doubt some consternation in Beijing.
I covered the Decrypt Weibo announcement over at The Register. It pretty much does what it says on the tin, allowing users who see a post on Sina Weibo that has been blocked by the censors, to retrieve that message.
The founders of GreatFire have been mapping the censored Chinese internet for over two years now and last year launched FreeWeibo, a tool which allows users to conduct uncensored searches of Sina Weibo – by far China’s biggest weibo platform.
However their work so far seems to have flown under the radar, which probably comes down simply to user numbers.
“We’ve been operating FreeWeibo.com now for almost a year and they have not done anything to try to block that service,” co-founder Charlie Smith told me. “It may be that we are just a small blip on their radar. But we think that we are making things difficult for them and we are going to continue to makes things difficult.”
The big worry for internet freedom advocates is that China’s latest attempts to suppress online free speech have edged the closest yet to an Orwellian “thought police” model.
In attaching severe jail terms to any popular online message subsequently deemed to be a harmful “rumour”, the government will slowly and insidiously create a nation where all but the bravest are afraid to say anything mildly controversial online, for fear of reprisals.
That’s the worry anyway, as GreatFire alludes to in its post explaining the launch of Decrypt Weibo, although it’s good to hear that Smith and his team are undimmed in their fight.
“Sina’s likely reaction to our new service will be to inform the authorities about our presence … and put the matter in the hands of the police. The police won’t find us and won’t be able to shut us down which means that they would have to shut down the entire Sina Weibo service to stop us doing what we are doing. This would lead to a massive public outcry,” he said.
“Of course, we hope that they just decide to end online censorship voluntarily.”
In the end, the only way this could happen is if the Communist Party realised that its demand for indigenous innovation-based economic growth (rather than one reliant on copying and stealing IP) is doomed if it continues to suppress debate online and place such a heavy burden on web companies for self-policing their platforms.
Unfortunately I don’t think this will happen anytime soon, so in the meantime let’s hope Decrypt Weibo finds its way into the hands of as many Chinese netizens that need it as possible.
Reports emerged from China today that at first sight seem almost unbelievable: the Communist Party about to lift the Great Firewall and unblock access to Facebook, Twitter and a host of other banned sites.
Then the small print. If the anonymous government sources are speaking the truth, it will be only be relevant to Shanghai Free Trade Zone, a 28 sq km pilot project designed to encourage greater foreign investment in China and open its economy up to the international markets.
“In order to welcome foreign companies to invest and to let foreigners live and work happily in the free-trade zone, we must think about how we can make them feel like at home,” one government source told the South China Morning Post.
“If they can’t get onto Facebook or read The New York Times, they may naturally wonder how special the free-trade zone is compared with the rest of China.”
Now while that seems fair enough, the Communist Party isn’t known for its love of unfettered access to the internet – after all the free flow of information online is precisely the sort of thing which it knows will lead to its demise.
So what’s this all about? Well, a few things sprung to mind:
- China is in the middle of one of the worst crack downs on online freedom anyone can remember, so don’t expect this localised liberalisation to spread anywhere else in the Middle Kingdom. The party is very much still for the suppression of any discussion it deems “harmful”.
- Even if the Great Firewall is lifted in the Shanghai zone, doing so from a technical standpoint will take time, according to Forrester analyst Bryan Wang.
“The network within the free trade zone will exist something like an intranet, which is connected to the international backbone without going through the Great Wall firewall,” he told me. “Current infrastructure will not be enough to support the future development. China Telecom or Unicom will need to lay out new fibre in the free trade zone.”
- The Party giveth and it taketh away. Nothing is confirmed yet, and until state-run media reprint the story, we can probably take it as just a rumour, possibly one designed to increase international publicity for the zone, which is a pet project of new premier Li Keqiang.
The whole free trade zone itself is only a pilot, so we can expect Beijing to bring the Great Firewall crashing back down on the region if its censorship-free internet policy backfires.
On a side note, how will Hong Kong react to the free trade zone?
If the Shanghai pilot is successful, more of them could spring up across China, effectively stealing its thunder as the only truly outward facing, economically liberalised, online censorship-free region in the Middle Kingdom.
Although a free and unfettered internet may soon no longer be a differentiator for Honkers, however, it’s likely that its superior IP protection regime, rule of law and business friendly visa system will still tip the balance in its favour for most MNCs.
Schneier, if you haven’t come across him, is BT’s chief security technology officer, author, cryptographer extraordinaire and philosopher-cum-infosecurity out-of-the-box-thinker.
Basically, what he says in info-security circles is usually listened to, although his propensity to tackle the subject more from a socio- or even biological perspective than a mere discussion of bits and bytes can make quotable extracts from a conversation with him pretty thin on the ground.
That said, Schneier was on form last night, focusing on the topic of trust and the notion that all systems, be they sociological, biological and so on, need co-operation to work. These systems also feature, inevitably, ‘defectors’, who don’t obey the rules and require security to keep their activities to manageable levels.
All fine and dandy, but what about the future? Does Schneier think we’re all doomed?
Well he certainly believes that the gap between the bad guys profiting from new technologies and the good guys catching up is greater than at any point in the past thanks to the sheer volume of new tech and the huge social change it is spurring, which is somewhat worrying.
However, there is hope that all is not lost. For one, he declared the bad stuff that happens online still a “tiny percentage” of the whole.
“I’m a short term pessimist but a long-term optimist,” he added.
As the older generation dies out things will gradually change too, he explained, as new norms around things like privacy come into play, and even the music industry is eventually be forced to change.
“The internet is the greatest generational gap since rock n roll,” he declared.
“People stealing music now are doing what will be normal in ten years’ time, they just figured it out first. The business model of scarcity doesn’t work.”
In less reassuring news, he argued that the balkanisation of the internet is likely to continue as national governments seek to establish their own controls – particularly appropriate given we were sitting in the Conrad Hong Kong, just a few miles from mainland China and the Great Firewall.
“It turns out the internet does have boundaries,” Schneier concluded. “Governments are enforcing their rules more and more and it makes for a less stable internet but it is the geopolitical future.”
No news as such but key themes from that part of the business included Big Data; stellar growth in China thanks to the datacentre needs of the large internet firms over there like Tencent and Alibaba; and continued security risks as pointed out by a McAfee representative.
Jason Fedder, Intel’s Asia Pacific datacentre group GM, agreed with the view of EMC and others that China is where some of the most exciting cloud projects are taking place today thanks in part to the lack of legacy infrastructure in organisations there.
But he went further to say that the PRC is really turning itself from being a technology follower to innovator – pointing to Tencent and Alibaba’s efforts to craft their own compute standards under the Project Scorpio banner, and of the state-run telcos ripping out their IBM boxes to replace them with spanking new Xeon kit.
Intel’s been in China for some time and is about as well-supported over there as any foreign company can be given the sometimes harsh business climate afforded non-local companies.
As an example of its growing influence in the country, Fedder explained how Intel is trying to broker a deal to ensure the closed Chinese crypto-standard Trusted Cryptography Module (TCM) is made interoperable with the Trusted Platform Module (TPM) hardware authentication standard its TXT technology is built on.
However, there are some aspects of doing business in China which even Intel can’t get around fully, as IT manager Liam Keating told me. The network infrastructure is still pretty bad outside the Tier 1 and 2 cities in the PRC, a fact made worse by the Great Firewall and meaning challenges in the firm’s smaller field offices and complaints from staff, he said.
To get around this Keating and his team have been forced to look at other ways to improve traffic flow, such as “in-country cacheing” using outsourced cacheing providers, and by modifying app design to reduce the amount of dynamic content.
It’s reassuring to know that even Intel has the same problems experienced by many when it comes to China’s infernal internet infrastructure.