Thursday 26 March 2015

“C” is for Chinese Censorship

In case there was any confusion, China wants you to know that the Great Firewall of China—the censorship of internet content potentially critical of the government—is alive and well.

In January, VPN users in China suddenly found they could not access the services they relied upon to reach blocked content such as Google, Facebook, and the New York Times. (We know some of you SumRandos are experiencing this pain. We’re working on it.)

By February, real-name registration was announced, requiring social media users to register accounts with their true identities. Although users could still represent themselves online with a pseudonym, any impersonations of others was banned. Think: no pretending to be Xi Jinping.

Which brings us to March.  

Just last week, the Chinese anti-censorship organization GreatFire experienced a distributed denial of service (DDoS) attack, in which an attempt was made to shut down the website by overwhelming its servers with 2.6 billion requests per hour. According to GreatFire co-founder Charlie Smith, “This kind of attack is aggressive and is an exhibition of censorship by brute force. Attackers resort to tactics like this when they are left with no other options.” Although the source of the attack has not been identified, Smith all but named the Cyberspace Administration of China (CAC) as a prime suspect. 

In his blog post immediately prior to the DDoS attack, Smith was boastful in explaining why the Chinese government did not pose a threat to GreatFire: “We believe that the Chinese authorities would not dare block all websites and apps being served by CDNs because they understand the economic implications of this action…Recognizing that the authorities have been hesitant to crackdown on our method of circumvention, we have accelerated our expansion of the development of collateral freedom…”

“Collateral freedom” is GreatFire’s response to Chinese censorship: GreatFire creates mirrors of blocked websites, which are delivered through major content delivery networks (CDNs). The government is given a choice: shut down all websites and apps associated with CDNs that Chinese businesses have come to rely upon (such as Amazon) and watch the economy flounder, or let GreatFire be.

The approach worked well, until last week. If March 17's DDoS attack were orchestrated by the Chinese authorities, it is clear that GreatFire underestimated the government as a worthy opponent in the game of exploiting loopholes. GreatFire survived the attack, but the war is far from over.

So, what’s next for the Chinese censors?*

April 1 brings controversial new banking regulations to China: by this date banks must have an initial plan for sharing all source code with the government and ensuring all encryption complies with Chinese standards. Rather than hand over source code and see their encryption broken or be run out of China altogether, the United States, the European Union, and Japan have been pushing for further discussion for months; the Chinese government, however, has continued with its characteristic steamroll ahead.

The Chinese government has repeatedly described the new banking regulations as necessary for security. In truth, they are a method for the government to continue to monitor content while also protecting domestic business, perhaps at the expense of the economy overall. And a China that puts nationalism ahead of economic prosperity is a dangerous place for Charlie Smith’s GreatFire to be.

*This article has overlooked last week’s man-in-the-middle (MITM) attack on Google, Microsoft and Mozilla. While undoubtedly linked to the China Internet Network Information Center (CNNIC) and, in turn, the CAC, the attack, which issued unauthorized digital certificates, was ultimately in the hands of MCS Holdings, an Egyptian company. Rather than use this incident as an opportunity to point fingers directly at China, we see this as demonstrative of a need for reform of the conditional access system. And that is a topic for another day.

No comments:

Post a Comment