Google has just announced that there were successful attacks against their infrastructure resulting in the theft of intellectual property. Google traced the attacks to China and although the attribution regarding the Chinese government is unclear, Google also discovered that the attackers also attempted to compromise the Gmail accounts of Chinese human rights activists.
But the most interesting result was due to the combination of attacks, surveillance and censorship Google has decided to reassess their operations in China:
These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
The connection between censorship, surveillance and attacks is the key. Censorship, such as the blocking of web sites, is fairly crude but effective when combined with targeted surveillance and attacks. While many, especially the technically savvy, can circumvent China’s filtering system, the “GFW”, using tools such as Psiphon and Tor most Chinese citizens do not. The GFW doesn’t have to be 100% technically effective, it just has to serve as a reminder to those in China about what content is acceptable and that which should be avoided. The objective is to influence behaviour toward self-censorship, so that most will not actively seek out banned information of the means to bypass controls and access it.
The nexus of censorship, surveillance and malware attacks allows China is the key to China’s information control policies. It is not just about the GFW. Internet users in China face complex threats that are heavily dependent on additional factors, such as involvement in political activities, that involve targeted attacks and surveillance. China chooses when, where and how to exercise this granular control.
The InfoWar Monitor — which is a partnership between the Citizen Lab, Munk Centre for International Studies, University of Toronto and The SecDev Group (and SecDev.cyber which focuses on Internet threats) — has been focusing on these threats. For example, in a report “Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform” we documented how Tom-Skype (the Chinese version of Skype) was censoring and capturing politically sensitive content. In “Tracking GhostNet: Investigating a Cyber Espionage Network” we documented targeted malware attacks that compromised over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.
Google’s decision to re-asses their operations in China is courageous. I strongly hope that Microsoft, Yahoo! and others follow Google’s lead — as, to their credit, they have done in the past. In “Search Monitor Project: Toward a Measure of Transparency” I compared the censorship practices of Google, Yahoo! and Microsoft as well as the domestic Chinese search engine Baidu and found that all followed Google’s lead to some extent by at least disclosing their censorship practices to their users. I hope that they stand by Google.
China, the ball is in your court.