Posts tagged “Internet Surveillance”

Google’s New Approach



Google has just announced that there were successful attacks against their infrastructure resulting in the theft of intellectual property. Google traced the attacks to China and although the attribution regarding the Chinese government is unclear, Google also discovered that the attackers also attempted to compromise the Gmail accounts of Chinese human rights activists.

But the most interesting result was due to the combination of attacks, surveillance and censorship Google has decided to reassess their operations in China:

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Wow.

The connection between censorship, surveillance and attacks is the key. Censorship, such as the blocking of web sites, is fairly crude but effective when combined with targeted surveillance and attacks. While many, especially the technically savvy, can circumvent China’s filtering system, the “GFW”, using tools such as Psiphon and Tor most Chinese citizens do not. The GFW doesn’t have to be 100% technically effective, it just has to serve as a reminder to those in China about what content is acceptable and that which should be avoided. The objective is to influence behaviour toward self-censorship, so that most will not actively seek out banned information of the means to bypass controls and access it.

The nexus of censorship, surveillance and malware attacks allows China is the key to China’s information control policies. It is not just about the GFW. Internet users in China face complex threats that are heavily dependent on additional factors, such as involvement in political activities, that involve targeted attacks and surveillance. China chooses when, where and how to exercise this granular control.

The InfoWar Monitor — which is a partnership between the Citizen Lab, Munk Centre for International Studies, University of Toronto and The SecDev Group (and SecDev.cyber which focuses on Internet threats) — has been focusing on these threats. For example, in a report “Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform” we documented how Tom-Skype (the Chinese version of Skype) was censoring and capturing politically sensitive content. In “Tracking GhostNet: Investigating a Cyber Espionage Network” we documented targeted malware attacks that compromised over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

Google’s decision to re-asses their operations in China is courageous. I strongly hope that Microsoft, Yahoo! and others follow Google’s lead — as, to their credit, they have done in the past. In “Search Monitor Project: Toward a Measure of Transparency” I compared the censorship practices of Google, Yahoo! and Microsoft as well as the domestic Chinese search engine Baidu and found that all followed Google’s lead to some extent by at least disclosing their censorship practices to their users. I hope that they stand by Google.

China, the ball is in your court.

Link Dump



BlackBerry Spyware Dissected – Analysis by Veracode. My favourite quote: “it’s not even necessary to send the .jar, but they did, completely unobfuscated. Arrogance or incompetence?

The 0s and 1s of Computer Warfare – Op-Ed by Evgeny Morozov. My favourite quote: “A serious international debate about cybersecurity is impossible if our only reference points are “digital Pearl Harbors” and “e-Katrinas.”

Lawmaker Wants ‘Show of Force’ Against North Korea for Website Attacks – Wired. My favourite quote: “They’re reaching the conclusion that this was a state act and that “this couldn’t be some amateurs,” claimed Hoekstra, in direct opposition to what security experts have actually been saying.

In you’re going to Defcon, go to:

0-day, gh0stnet and the inside story of the Adobe JBIG2 vulnerability

Lots of Stuff



CIPAV – docs 1, 2, 3 — Because suspects are increasingly using tools to mask their IP address the FBI now uses a “computer and internet protocol address verifier” to identify a suspect’s IP (as well as additional info) . It appears to work be levergaing various “drive-by” exploits. On a worrying note, the first few lines of the document obtained by Wired via FOIA note “we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions”.

Joint Strike Fighter – The same WaPo reporter behind the “electricity grid hack” story strikes again. This time with at least a few interesting details. What I found interesting is the mention of the fact that the attacks were reportedly on allies, such as Turkey, that are part of the development and on contractors such as Lockheed Martin, Northrop Grumman Corp. and BAE Systems PLC. (more here).

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities” — I haven’t read it in detail yet, but it looks very interesting. the best line so far: “Today’s policy and legal framework for guiding and regulating the U.S. use of cyberattack is ill-formed, undeveloped, and highly uncertain.”

Insider Threat — This is something I’ve been focusing on recently, but here is a report which suggests that “37% of employees would become insiders given the right incentive”.

TOM-Skype Logs



I received a request regarding the types of logs that TOM-Skype keeps and have seen some discussion around what Skype could possibly be keeping. (For background on TOM-Skype censorship and surveillance practices, see Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform and blog posts here, here and here.) While my report focused on the “content filter” logs that contained the text of chat messages there were a variety of other logs:

  • contentfilter*.log – ip, username, message, date, time (+ unknown parameters)‏
  • skypecallinfo*.log – ip, username, version, username/phone number, date, time (+ unknown parameters)‏
  • skypelogininfo*.log – ip, version, username, date, time
  • skypenewuser*.log – ip, version, username, date, time
  • skypenewusersendmoneytest*.log – unable to decrypt
  • skypeonlineinfo*.log – ip, username, version date, time (+ unknown parameters)‏
  • skypeversion*.log – version, ip, date, time (not encrypted)‏

The function of each logs is pretty self-explanatory based on the name of the file. In addition to the “contentfilter” logs, the “skypecallinfo” logs were very important as these files contain a record of who called who (skype usernames or phone numbers). In total, between the “skypecallinfo” logs and the “contentfilter” logs there are upwards of 4.5 million unique skype usernames or phone numbers in the logs I was able to download.

This doesn’t tell us anything about possible wiretapping with Skype or whether or not voice calls (other than the call data record in “skypecallinfo”) can be logged in other ways. Still, in many cases just knowing who is talking to who is as valuable as the content of the conversation itself.

Watching the Watchers



The Irish Times reports:

CHINA’S TOP surveillance tsar has been has been arrested for taking bribes and framing a business rival, a move that has inspired and gratified both local bloggers and foreign journalists used to stultifying censorship regulations, and prompted questions at senior levels of the Communist Party about how the “Great Firewall of China” is enforced.

Unfortunately, the article itself has some of the typical nonsense seen in many articles about surveillance in China such as:

But China has tens of thousands of “net nannies”, who read every e-mail, web posting or search for “Dalai Lama”, and they are a huge impediment to reporting in China.

I wish they’d think about what “read every e-mail” means.

Surveillance was a Chinese Gov’t Requirement — Skype



I raised questions in the “Breaching Trust” report regarding why TOM-Skype started to log their users’ messages and who had access to the data? Skype now says that the monitoring was a Chinese government requirement. Now we know why it was done and who had access to the captured messages.

Skype President Josh Silverman writes:

What have you learned from TOM about the uploading and storing of certain chats, and what are you doing about it?

What we have discovered in our conversations with TOM is that they in fact were required to do this by the Chinese government.

“Extremely Concerned” — Skype



UPDATE: Skype President Addresses Chinese Privacy Breach — Josh Silverman’s statement on the Skype blog.

The AFP reports:

Skype said it learned just Wednesday that a previously disclosed text filter operated by TOM-Skype, a joint venture between Chinese mobile firm TOM Online and Skype, had been altered.

“Last night, we learned that this practice was changed without our knowledge or consent and we are extremely concerned,” Skype, which is owned by US online auction house eBay, said.

“We deeply apologise for the breach of privacy relating to chat messages on TOM’s servers in China and we are urgently addressing this situation with TOM,” the company said.

AFP

Skype president Josh Silverman said in a statement that TOM Online “just like any other communications company in China, has established procedures to meet local laws and regulations.

“These regulations include the requirement to monitor and block instant messages containing certain words deemed ‘offensive’ by the Chinese authorities,” Silverman said.

“It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years,” he said.

He recalled that in April 2006, Skype admitted that TOM Online “operated a text filter that blocked certain words in chat messages” and unsuitable messages were to be “discarded and not displayed or transmitted anywhere.”

“It was our understanding that it was not TOM’s protocol to upload and store chat messages with certain keywords, and we are now inquiring with TOM to find out why the protocol changed,” he said.

“We are currently addressing the wider issue of the uploading and storage of certain messages with TOM,” Silverman said, stressing that the millions of people around the world using standard Skype software were unaffected.

TOM-Skype Q & A



I have been getting a lot of questions and feedback on the “Breaching Trust” report. I’ll try to post more details and answer questions. Here are some of the common questions people have been asking.

How were you able to determine that messages containing keywords were being uploaded to a web server? How did you find and decrypt the messages?

Wireshark. Every time I typed the word “fuck” an HTTP connection was made to a TOM Skype server. I visited the URL directly in Firefox, cut off the file name and was able to view the contents of the directory. With a little poking around I found the encryption key. A few lines of Python and voila. I did not “crack” anything nor was there any “elite” hackery — just plain, simple stuff.

Is “normal” Skype affected?

No. The Skype software downloaded from skype.com is not affected by the behavior. The only time “normal” Skype users are affected is when they communicate with TOM-Skype users.

What is TOM-Skype and what is the difference between it and Skype?

If you go to www.skype.com from China, you are redirected to skype.tom.com — so that’s version most Chinese people will use.

In 2004 Skype developed a relationship with TOM Online, a leading wireless provider in China, and announced a joint venture in 2005. Skype and TOM Online produced a special version of the Skype software, known as TOM-Skype, for use in China.

What is Skype saying, have they said anything to you?

I contacted Skype to have the security issue fixed before the report was released. So, they have configured the servers so that one can no longer view the logs and they have deleted sensitive files, such as the one containing the encryption key. Other than that contact, I’ve only seen the
statements they’ve made to reporters.

The NYT:

Jennifer Caukin, an eBay spokeswoman, said, “The security and privacy of our users is very important to Skype.” But the company spoke to the accessibility of the messages, not their monitoring. “The security breach does not affect Skype’s core technology or functionality,” she said. “It exists within an administrative layer on Tom Online servers. We have expressed our concern to Tom Online about the security issue and they have informed us that a fix to the problem will be completed within 24 hours.” EBay had no comment on the monitoring.

To the WSJ

Jennifer Caukin, a spokeswoman for Skype, said in an emailed statement that the security problem had been remedied as a result of the new report. The idea that China’s government “might be monitoring communications in and out of the country shouldn’t surprise anyone,” Ms. Caukin said. “Nevertheless, we were very concerned to hear about the apparent security issue” that enabled people to view user information, and “we are pleased that, once we informed TOM about it, that they were able to fix the flaw.”

In a separate statement, TOM Group said that “as a Chinese company, we adhere to rules and regulations in China where we operate our businesses.”

The WSJ blog, has the statement in full.

In the past Skype stated:

The text filter operates on the chat message content before it is encrypted for transmission, or after it has been decrypted on the receiver side. If the message is found unsuitable for displaying, it is simply discarded and not displayed or transmitted anywhere.

What I found directly contradicts this.

How does this relate to Corporate Social Responsibility (and the voluntary Principles of Free Expression and Privacy process)?

This case demonstrates the critical importance of the issues of transparency and accountability by providers of communications technologies. It highlights the risks of storing personally identifying and sensitive private information in jurisdictions where human rights and privacy are under threat. It also illustrates the need to assess the security, privacy and human rights impact of such a decision.

Some companies, such as Google, has stated that while the censor some search results they “will not maintain on Chinese soil any services, like email, that involve personal or confidential data.”

In this case Skype appears to have delegated all of the censorship and surveillance responsibilities to TOM – I don’t think they read Rebecca’s paper; they should. While examining the Yahoo! China – Shi Tao case she warned:

Companies that choose to ignore the broader human rights implications of their business practices are gambling with their long-term global reputations as trustworthy conduits or repositories of people’s personal communications and information.

Are the “key words” censored? Or are the messages just logged?

The only key word that I could use to trigger the content filter (the messages is not displayed to the user) and have logged in the content filter logs (uploaded to the tom-skype server) was “fuck” (and variations like f*ck). If a message contains the word “fuck” it is not displayed to the user (the entire message is not displayed) and the entire message is uploaded and logged.

In the same content filter logs I found that the majority of the logged messages did not contain obscenities, like fuck. However, many of the messages contained words like “Communist Party”, I counted the number of logged messages that contained these words, from that I identified what I think are key words. It is unclear if these messages are just logged, or are censored and logged.

Post questions in the comments and I’ll try to answer them :)

Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform



[UPDATE: New York Times coverage of the report here.]

Our investigation reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype. It also raises troubling questions regarding how these practices are related to the Government of China’s censorship and surveillance policies.

The questionable security practices of TOM-Online led to the disclosure of millions of records containing personal information regarding mobile phone accounts, SMS messages, and the usage of TOM-Skype. However, this disclosure also confirms that TOM-Skype is censoring and logging text chat messages that contain specific, sensitive keywords and may be engaged in more targeted surveillance.

These findings raise key questions. To what extent do TOM Online and Skype cooperate with the Chinese government in monitoring the communications of activists and dissidents as well as ordinary citizens? On what legal basis is TOM-Skype capturing and logging this volume and detail of personal user data and communication, and who has access to it?

Full Report (mirror)

More… »

Yahoo, MSN Censor More than Baidu



China unblocked many usually censored web sites following intense international pressure and scrutiny after having promised uncensored access during the Olympics. Five days later (August 6, 2008) I tested the search engines that Google, Yahoo! and Microsoft customize for the Chinese market as well as the leading domestic search engine Baidu. I found that all of the search engines were still censoring content that was unblocked by China. one interesting find was that Yahoo! was censoring less than all the others and Baidu (and Google) were censoring much less than Microsoft.

For purposes on comparison Google and Microsoft make a good match because both have to de-list web sites form search results while Yahoo! and Baidu index form within China and thus do not (usually) index sites already censored by China. (For more read my report on search engine comparison.)

Now over a month later things have changed. While these sites remain accessible in China some are still censored by the search engines. Google has dropped to only censoring two sites and is now censoring the least amount of content. Baidu is next with three censored sites. Microsoft remained steady, but Yahoo! has shifted from censoring the least amount of sites to the most!

The divergence between Yahoo! and Baidu is very interesting. If both crawl from within China and are subject to China’s filtering why is Yahoo! censoring so much more than Baidu? It could be that the conclusion that Yahoo! and Baidu do not de-list content is not fully accurate. If the sites are accessible in China then Yahoo! is likely de-listing the sites. Because of the suboptimal method of censorship notification employed by Yahoo! (a standard disclaimer on every page regardless of whether any of the results are censored or not) I cannot fully distinguish between sites that are de-listed and sites that have not been indexed (e.g. because China blocks them).

I’m still struck by the fact that over a month later sites that are available and uncensored in China are still censored by these search engines.

DOMAINS Google Yahoo Microsoft Baidu
ip =
"203.208.39.99"
host = "www.google.cn"
ip =
"202.165.102.243"
host = "one.cn.yahoo.com"
ip =
"202.89.236.206"
host = "cnweb.search.live.com"
ip =
"202.108.22.43"
host = "www.baidu.com"
chinese.wsj.com OK OK OK OK
cn.reuters.com OK OK OK OK
news.chinatimes.com OK CENSORED (0) CENSORED (0) OK
olympics.scmp.com OK OK OK OK
udn.com OK OK OK OK
www.amnesty.org OK CENSORED (0) CENSORED (0) CENSORED (0)
www.atchinese.com OK CENSORED (0) CENSORED (0) OK
www.ftchinese.com OK OK OK OK
www.hrw.org OK) CENSORED (0) CENSORED (0) CENSORED (0)
www.libertytimes.com.tw CENSORED (0, message) OK OK OK
www.mingpaomonthly.com OK OK OK OK
www.mingpaonews.com OK CENSORED (0) CENSORED (0) OK
www.rfa.org CENSORED (0, message) CENSORED (0) CENSORED (0) OK
www.rsf.org OK CENSORED (0) CENSORED (0) OK
www.scmp.com OK OK OK OK
www.voanews.com OK CENSORED (0) CENSORED (0) CENSORED (0)
www.yzzk.com OK CENSORED (0) OK OK
www1.appledaily.atnext.com OK CENSORED (0) OK OK
zh.wikipedia.org OK CENSORED (0) CENSORED (0) OK

News Cluster: China



There has been a flurry of articles on Internet censorship in China recently. One very interesting AFP article suggests that China may relax its restrictions and allow access to some sites currently blocked by the GFW:

Plans to tear down the so-called Great Firewall of China were being debated and a decision was expected soon, said Wang Hui, head of media relations for the organising committee…

“I believe you will be able to (access banned sites such as the BBC) but I can’t give you a promise yet. The relevant government departments are still working on it,” she said.

That’s something to keep an eye on for sure.

An article in The Guardian discusses the rapid growth of Internet usage in China the related effects. The article discusses how the Internet, and blogs in particular, have created “competing public opinions.” This is an interesting way to frame the topic as censorship in China is often characterized as monolithic when in fact there is a significant amount of competition in the realm of ideas. Even within a confined informational space there is considerable movement — what I’ve called wiggle room in the past — if one looks for it.

However, the article repeats the charge that China is exporting their Internet censorship technology:

Campaigners suspect China is passing its censorship know-how to Cuba, Vietnam and several African countries.

Now, I don’t doubt that others are looking at the forms of control China is applying to the Internet and evaluating how they too can keep the benefits, particularly economic, that come with the Internet while minimizing its use for free expression but I’m not so sure that this means that China is actively exporting censorship technology. As it currently stands, ONI found no filtering in Zimbabwe despite reports to the contrary. While Vietnam does censor the Internet it does so in a very different way than China does. Cuba may conduct a limited amount of filtering, but it is also much different than that in China. RSF reported:

There is hardly any censorship of the Internet in Internet cafes. Tests carried out by Reporters Without Borders showed that most Cuban opposition websites and the sites of international human rights organisations can be accessed using the “international” network. In China, filtering for key-words makes it impossible to access webpages containing “subversive” words. But, by testing a series of banned terms in Internet cafes, Reporters Without Borders was able to established that no such filtering system has been installed in Cuba.

While not ruling out the possibility, I am skeptical of this claim based on my experience with testing filtering systems in these countries. (What’s more interesting is that Comcast’s filtering in the USA is more like the GFW than any of these countries.)

The New York Times published an article that looks at the resistance to Internet censorship in China. It picks up on the theme of backlash that I’ve suggested comes about when over blocking occurs. When common web sites and services are blocked, it helps turn normally apolitical people into activists. The NYT reports:

For a vast majority of Internet users, censorship still does not appear to be much of a factor. The most popular Web applications here are games and messaging services, and the most visited Internet sites focus on everyday subjects like entertainment news and sports. Many, in fact, seem only vaguely aware that China’s Internet universe is carefully pruned, and even among those who know, a majority hardly seems to care.

But growing numbers of others are becoming increasingly resentful of restrictions on a wide range of Web sites, including Flickr, YouTube, Wikipedia, MySpace (sometimes), Blogspot and many other sites that the public sees as sources of harmless diversion or information. The mounting resentment has inspired a wave of increasingly determined social resistance of a kind that is uncommon in China.

The Financial Times reports that Guo Quan, a Chinese scholar, is planning to sue Google because a search for his name in google.cn is censored. If some one gives me the proper Chinese translation for his name I can check this out further. (In English it returns results, using 郭泉 results are also returned along with Google’s standard censorship notification. The name itself is a censored term as a search for it with a non-existent domain will produce the censorship notification as well. Yahoo.cn and Baidu produce no results. They will produce results if something is appended to the search (yahoo.cn, baidu)

The Atlantic published an article on censorship in China (it seems to be gone now, here are links to Google’s cache: 1, 2, 3, 4) that takes on the challenge of explaining the technical measures used to censor the Internet. The article also discusses circumvention and the self-censorship component that is so integral. The article concludes with some salient points regarding the important role of domestic censorship as well as the widening space for dialog:

It would be wrong to portray China as a tightly buttoned mind-control state. It is too wide-open in too many ways for that. “Most people in China feel freer than any Chinese people have been in the country’s history, ever,” a Chinese software engineer who earned a doctorate in the United States told me. “There has never been a space for any kind of discussion before, and the government is clever about continuing to expand space for anything that doesn’t threaten its survival.” But it would also be wrong to ignore the cumulative effect of topics people are not allowed to discuss.

However, the are several issues with the technical analysis as well as underlying tones of “exceptionlism” that obscure some of the bigger picture issues.There seems to be confusion over surveillance and filtering. Its best to think of filtering a set of rules, if packets contain something that violates the rules certain actions are taken. If a destination IP address is on a block list, the connection is not made, if packets contain certain keywords reset packets are sent to the source and destination to terminate the connection. Surveillance implies that someone is watching the traffic, or more logically it is stored, parsed and then someone looks at it. When surveillance and filtering are (con)fused together you get something strange like this:

Thus Chinese authorities can easily do something that would be harder in most developed countries: physically monitor all traffic into or out of the country. They do so by installing at each of these few “international gateways” a device called a “tapper” or “network sniffer,” which can mirror every packet of data going in or out. This involves mirroring in both a figurative and a literal sense. “Mirroring” is the term for normal copying or backup operations, and in this case real though extremely small mirrors are employed. Information travels along fiber-optic cables as little pulses of light, and as these travel through the Chinese gateway routers, numerous tiny mirrors bounce reflections of them to a separate set of “Golden Shield” computers.Here the term’s creepiness is appropriate. As the other routers and servers (short for file servers, which are essentially very large-capacity computers) that make up the Internet do their best to get the packet where it’s supposed to go, China’s own surveillance computers are looking over the same information to see whether it should be stopped.

If one conducts passive surveillance with a tap, one cannot then go back and interfere with the packets. For filtering, such a setup is not needed. You just route the traffic though something that filters — basically all routers can filter. The filter looks at the packets and matches them to the rules. There are no “tiny mirror” or whatever. If you want to conduct passive surveillance you can use a tap and record the traffic for analysis. The two things are not really related. Moreover, internet surveillance is not something that only China does or that is easier for China to do — a quick look at the most sophisticated internet surveillance system in world can demonstrate that.

On to the mechanisms:

DNS tampering
is explained well (although there may be some new variant). An important point is that most ISPs have their own DNS servers, managing a centralized system could be awkward (though not impossible), and users can use other uncensored DNS servers.

IP Blocking: This technique is incorrectly explained in the article.

While your signal is going out, and as the other system is sending a reply, the surveillance computers within China are looking over your request, which has been mirrored to them. They quickly check a list of forbidden IP sites. If you’re trying to reach one on that blacklist, the Chinese international-gateway servers will interrupt the transmission by sending an Internet “Reset” command both to your computer and to the one you’re trying to reach.

If packets are sent (trying to establich a tcp connection) for a particular IP and they pass through a router configured to block packets for that IP, the router will block those packets. Thats it. There is no connection ever made. If you sniff such a connection you will only see outgoing syn packets and nothing else. No reset packets are sent. There’s no “mirror” processing anything while you wait.

URL keyword block – This technique is actually the resest one described under IP blocking. If any part of the get request contains certain keywords — and domain names are often used as keywords — a reset packets will be sent to both the source and destination to terminate the connection. When is it triggered? This is confusing because the GFW’s keyword filtering is bi-directional but in my experience it is triggered on the way out of China. I say this because you can trigger it by requesting non-existent content. Depending on how long it takes to send the reset packet you may receive some of the content you requested which is what makes it appear that the filtering happens on the way in. After receiving reset packets the source and destination will not be able to connect to each other for a period of time.

Body Filtering – This is a bit of a tough one. Basically, if you create a web page with a keyword that normally triggers the reset packets if it appears in the url path, you can access it fine from China. I originally thought that this meant that body content was not filtered, but if you create a large page of such words the reset packets can be triggered. This may mean that a sampling of packet are checked, not all packets. In any case the behavior is the same as discussed above — the source and destination cannot connect to one another for a period of time. If you keep requesting the content you trigger more reset packets so t takes longer to be able to connect, but if you wait, and then trigger the reset packets again it won’t be longer the second or third time. There’s no escalating punishment.

Bi-directional keyword filtering

As Chinese-speaking people outside the country, perhaps academics or exiled dissidents, look for data on Chinese sites—say, public-health figures or news about a local protest—the GFW computers can monitor what they’re asking for and censor what they find.

Again, the keyword filtering is bi-directional, if you trigger it on connections to China the same behavior applies. Again, the issue of “monitoring” in this context implies that there’s something intelligent and deliberate about the filtering. If the packet matches the rules, it triggers the filtering mechanism, in this case reset packets.

Circumvention

Easy is a relative concept here. If a user chooses to break the law and acquires the necessary knowledge to by pass censorship then, yeah, it can be easy. You can buy vpn access — at least until lots of people start using and then it gets blocked – or use an encrypted proxy — at least until it gets blocked. They don’t need to block all VPNs, they can just block the IP addresses of those they want — those that become popular amongst citizens seeking to circumvent the GFW.

But despite the issues with the technical mechanisms the article is dead on with its conclusions:

What the government cares about is making the quest for information just enough of a nuisance that people generally won’t bother. Most Chinese people, like most Americans, are interested mainly in their own country. All around them is more information about China and things Chinese than they could possibly take in… When this much is available inside the Great Firewall, why go to the expense and bother, or incur the possible risk, of trying to look outside?

All the technology employed by the Golden Shield, all the marvelous mirrors that help build the Great Firewall—these and other modern achievements matter mainly for an old-fashioned and pre-technological reason. By making the search for external information a nuisance, they drive Chinese people back to an environment in which familiar tools of social control come into play.

Ding! We have a winner.

Index On Censorship: Evasion Tactics



The journal Index on Censorship has published an article I wrote. In it I argue that there is a failure to recognise Internet censorship and surveillance as a growing global concern. There is a tendency instead to criticise the most infamous offenders-notably China and Iran-and to overlook repressive practices elsewhere. There is, however, a growing resistance to Internet censorship and surveillance, although it is often characterised as a struggle confined to dissidents in a few select authoritarian regimes.

Battles are being fought all over the globe, while the development and use of technologies that protect privacy and make it possible to circumvent censorship are rapidly increasing. The same tools helping dissidents to evade censorship in repressive countries are also being used by citizens in democratic countries-to protect themselves from unwarranted Internet surveillance. Focusing on the global character of both the practice of Internet censorship and surveillance, as well as the resistance to it, provides for both a better understanding of this important trend as well as for the possibility of creating global alliances to combat its spread.

The full article is available below.

More… »

Skype encryption and surveillance



German police are unable to decrypt Skype, but rather than asking the company to provide keys to decrypt the transmissions, or implement a backdoor, they are seeking to intercept communication before they are encrypted:

“We can’t decipher it. That’s why we’re talking about source telecommunication surveillance — that is, getting to the source before encryption or after it’s been decrypted.”…

Ziercke said there was a vital need for German law enforcement agencies to have the ability to conduct on-line searches of computer hard drives of suspected terrorists using “Trojan horse” spyware.

Trojaning the computer, however, does allow for much more surveillance than just Skype communications. In many respects these are not technology issues but policy issues. See, for example, the privacy issues with the US carnivore/dcs1000 and the increased concern now that they’ve switched to private, commercial applications.

This also raises some interesting questions with regard to Skype and China. While the text message is filtered — although I could only find one censored word, fuck, when I checked it out — I’m not convinced this supports the allegations of surveillance.

A Few Important Echoes



Do you have any idea who last looked at your data? Seth Finkelstein brings up some some great points in this article but the one I want to focus on concerns the use of privacy protecting technology:

Note that while it’s a common recommendation to use technical means to protect one’s privacy (such as the “Tor” anonymity system, at torproject.org), such measures are frequently not workable for any but the most knowledgeable and dedicated people. They are often inconvenient and shift a burden on to citizens to be constantly on guard, as opposed to not requiring such guarding in the first place. Using privacy/anonymity programs is good advice, but in overall terms, a bad solution.

I think the point is well taken. Not only should we be making these technologies easier to use (and I think the Tor folks doing so) but we should also recognize that the problem is embedded in a host of other issues. Technology may help us in the short run, but it does not solve the problem. (Oh, and I too like the phrase Seth coined “The price of total personalisation is total surveillance.”).

Catspaw also picks up on a similar theme in response to esquire’s nomination of psiphon as one of the six ideas that will change the world.
She writes:

I’m glad that the issues around internet censorship are getting mainstream attention, as every additional mention helps, but I worry when software programs like Psiphon are advertised as a magic bullet that’s going to make the problem go away. It won’t. This is a complicated issue with very deep social, political and legal structures supporting the censorship, and no piece of software is going to be able to counter that; it’s not just a technical issue.

Anti-Censorship/Privacy Enhancing Technologies



This article in Foreign Policy is representative of accounts of the development and use of anti-Censorship/privacy enhancing technologies that only tell part of the story. While technologies such as Tor and psiphon are given great treatment, the frame used to contextualize their use gives the misleading impression that they are only used in “repressive” countries:

One software program called Psiphon, which was developed by researchers at the University of Toronto’s Citizen Lab, allows any person with a computer to serve as a proxy for someone living behind a firewall. Since it was launched a year ago, more than 100,000 people have turned their personal computers into proxies.

The most sophisticated proxy technology may be Tor, developed jointly by the U.S. Naval Research Laboratory and the Electronic Frontier Foundation, an Internet freedom advocacy organization. Tor is a downloadable software that routes an Internet surfing session through three proxy servers randomly chosen from a network of more than 1,000 servers run by volunteers worldwide. “Tor is state of the art,” says John Mitchell, an expert on Internet security at Stanford University. For citizens of repressive regimes, it may be the best hope or evading the cat’s paw.

This partial picture ignores the global use of these technologies. More and more countries are censoring the Internet — not just China and Iran.

Here’s an interesting anecdote. When psiphon was released the CBC, Canada’s national public broadcaster, covered it but the reporter working on the story had to phone me at the Citizen Lab because she could not access the psiphon website from CBC because it was blocked by their filtering software, aka censorware. This is not the first time I’ve heard this. Reporters at CBC need to use tools like psiphon to do their jobs!

The other missing piece is surveillance. The U.S., which has the most sophisticated electronic surveillance program in the world, has been caught illegally spying on citizens. Anti-Censorship/privacy enhancing technologies are used all over the world. Even the Privacy Commissioner of Canada recommends that Canadians use anonymous communications technologies. These are tools developed for and used by people all over the world. To pitch them as something that’s only used in repressive countries is misleading and inaccurate.