The Magazine

Who Lost China's Internet?

Without U.S. assistance, it will remain a tool of the Beijing government, not a force for democracy.

Feb 25, 2002, Vol. 7, No. 23 • By ETHAN GUTMANN
Widget tooltip
Single Page Print Larger Text Smaller Text Alerts

The former Yahoo! rep also admitted that the search phrase "Taiwan independence" on Chinese Yahoo! would yield no results, because Yahoo! has disabled searches for select keywords, such as "Falun Gong" and "China democracy." Search for VIP Reference, a major overseas Chinese dissident site, and you will get a single hit, a government site ripping it to shreds. How did Yahoo! come up with these policies? He replied, "It was a precautionary measure. The State Information Bureau was in charge of watching and making sure that we complied. The game is to make sure that they don't complain." By this logic, when Yahoo! rejected an attempt by Voice of America to buy ad space, they were just helping the Internet function smoothly. The former rep defended such censorship: "We are not a content creator, just a medium, a selective medium." But it is a critical medium. The Chinese government uses it to wage political campaigns against Taiwan, Tibet, and America. And of course the great promise of the Internet in China was supposed to be that it was unfettered, not selective. The Yahoo! rep again: "You adjust. The crackdowns come in waves; it's just the issue du jour. It's normal."

But what is "normal" in China can be altered under duress. When Chinese authorities ordered Microsoft to surrender its software's underlying source codes--the keys to encryption--as the price of doing business there, Microsoft chose to fight, spearheading an unprecedented Beijing-based coalition of American, Japanese, and European Chambers of Commerce. Faced with being left behind technologically, the Chinese authorities dropped their demands. Theoretically, China's desire to be part of the Internet should have given the capitalists who wired it similar leverage. Instead, the leverage all seems to have remained with the government, as Western companies fell all over themselves bidding for its favor. AOL, Netscape Communications, and Sun Microsystems all helped disseminate government propaganda by backing the China Internet Corporation, an arm of the state-run Xinhua news agency.

Not to be outdone, Sparkice, a Canadian Internet colossus, splashily announced that it would serve up only state-sanctioned news on its website. Nortel provides software for voice and closed-circuit camera recognition--technology that the Public Security Bureau has already put to good use, according to the Chinese press. AOL is quietly weighing the pros and cons of informing on dissidents if the Public Security Bureau so requests; the right decision would clearly speed Chinese approval for AOL to offer Internet services and perhaps get a foothold in the Chinese television market. In fact, AOL signed a landmark deal with a Chinese station at the end of October. Smaller American companies and smaller nations smell the blood. Along with Chinese officials, they dominate Chinese Internet-security trade shows. China Telecom is considering purchasing software from iCognito, an Israeli company that invented a program called "artificial content recognition," which surfs along just ahead of you, learning as it censors in real time. It was built to filter "gambling, shopping, job search, pornography, stock quotes, or other non-business material," but the first question from the Chinese buyers is invariably: Can it stop Falun Gong?

In the wake of terrorist attacks on America, some of the byplay between Beijing and its entrepreneurial suitors has taken on new significance. According to James Mulvenon of Rand Corporation, Network Associates, a U.S. web security firm, gained entry to the Chinese market by helpfully donating 300 live computer viruses to the Public Security Bureau. The U.S. embassy has already monitored the picture.exe virus, which worms into a user's computer and then quietly sabotages the widely available encryption software Pretty Good Privacy by sending the personal encryption keys to China. Last August's notorious Code Red worm, which some thought originated in China, appears to have been little more than an amateur nuisance. But Chinese military reports on unconventional warfare explicitly advocate coordinated virus attacks to debilitate U.S. communication and financial systems during a crisis. America may expect a more sophisticated visit from the offspring of a Network Associates sample virus in the future.

Why has there been so little oversight of such corporate activity? As Michael Robinson puts it, for the first four years of the Net era, those with paranoid visions of China's government were never quite able to square their suspicions with the rapid expansion of the Chinese Internet. Although it was widely rumored in Beijing that up to 30,000 state security employees were monitoring the Internet in that city alone, the monitoring was also laughed at. Apparently the bureaucrats liked monitoring pornography so much that they had a massive backlog. State security was said to be lax, corrupt, full of holes. Chinese whiz kids could still surf through the firewall and beyond. Associations could flourish among the patrons of the cybercaf s, using anonymous monikers. Many saw the Internet as a populist river leading to the ocean of the global community. Then, the Chinese government abruptly built a cyber-version of the Three Gorges Dam.

In October 2000, the State Council ordered Internet Service Providers to hold all Chinese user data--phone numbers, time, and surfing history--for at least 60 days. In November, commercial news sites were banned. In December, the National People's Congress decreed all unauthorized online political activity illegal. January 2001 saw the criminalization of Internet transfer of "state secret information," such as reports of human rights violations. February brought "Internet Police 110," software blocking "cults, sex, and violence" while monitoring users' attempts to access such sites. By March, the surveillance started to work; hundreds of e-mails on the controversy surrounding a schoolhouse bombing in Jiangxi disappeared. Around the same time, Chinese authorities announced near completion of a "black box" to collect all information flowing across the Internet. In April, arrests of democracy activists using the web and a nationwide crackdown on cybercaf s reached critical mass. Surviving caf s had to install internal monitoring software. E-mail to Tibet now took three days to get through, if at all, and Falun Gong e-mail was completely eradicated. By October 2001, when President George W. Bush flew to Shanghai for the Asia-Pacific Economic Cooperation Summit, he was entering an Internet police state. To deflect criticism, but perhaps also as a demonstration of power, blocks on U.S. news websites were magically lifted by Chinese authorities. The minute Bush went airborne, the blocks were back in place. During Bush's current visit to China, any attempt to discuss loosening Chinese Internet controls is likely to be brushed aside using the rhetoric of our own struggle against terrorism (what, you're against surveillance?). But if the Chinese take this tack, they are of course being dishonest about their own motives.

There were urgent reasons for the Chinese Internet crackdown; fighting terrorism wasn't one of them. Instead, look to the slow-motion crisis of a leadership transition, the release of the Tiananmen papers, the emergence of a cyber-Falun Gong, and a stirring--you could feel it on the street--for greater freedom of expression, if not genuine democracy. Then again, there may be a more elaborate game afoot. Chairman Mao knew the utility of briefly loosening controls to create a dragnet. In effect, the current Chinese leadership promoted a "hundred flowers" period of relative Internet freedom--again, not to capture terrorists, but to expose anyone who disagreed with the legitimacy of their rule and to attract massive Western investment. American technologies of surveillance, encryption, firewalls, and viruses have now been transferred to Chinese partners--and might even one day be turned against our own ludicrously open Internet. We funded, built, and pushed into China what we thought was a Trojan Horse, but we forgot to build the hatch.

Consider a Chinese user in search of an unblocked news site (weeklystandard.com, for example). He won't expect to get through, and if he does, it will be cause for alarm, for the site may be a tripwire--not for spam, but for state security. Everything he does on the web might conceivably be used against him. Pornography? Potentially, a two-year sentence. Political? Possible permanent loss of career, family, and freedom. E-mail may be the most risky: Two years ago, working from my office in a Chinese TV studio, I received an e-mail from a U.S. friend (in a browser-based Hotmail account, no less, which in theory should be difficult to monitor) with the words "China," "unrest," "labor," and "Xinjiang" in queer half-tone brackets, as if the words had been picked out by a filter. I now realize that it was a warning; any savvy Chinese user would have sensed it instantly.

Before the crackdown one could escape and surf anonymously in a cybercaf or use a proxy server--another computer that acts as an intermediary between surfers and websites, helping to hide their web footprints and evade the filters. Not surprisingly, the most common search words in China were not "Britney" and "hooters," but "free" and "proxy." Fully 10 percent of Chinese users--about two million people--used proxies regularly in an attempt to circumvent government controls. In what Michael calls "the first sign of cleverness" by the government, a proxy pollution campaign began last spring when the Chinese authorities either developed or imported a system that sniffs the networks for signs of proxies. A user, frantically typing in proxy addresses until he finds one that isn't blocked, effectively provides the government with a tidy blacklist. After a few of these tedious sessions, many of my Chinese friends simply gave up climbing over the firewall. For a small fee, expat users could turn to a web-based proxy browser, such as Anonymizer. But credit cards are effectively blocked for Chinese citizens. Just for good measure, Anonymizer was finally blocked as well.

IS CHINA'S Internet beyond redemption? Is it destined to be a tool of surveillance and repression, managed by the Chinese government and serviced by cynical Western partners? Maybe not. The Great Firewall might be vulnerable to a few physicists at the University of Oregon. I spent a day watching Stephen Hsu diagram the Chinese web and its weaknesses. Hsu and his company, SafeWeb, have developed a proxy server system called Triangle Boy. The triangle refers to the Chinese user, to a fleet of servers outside of the firewall, and to a mothership which the servers report to, but the Chinese government cannot find. Already tens of thousands of Chinese users have connected with it; five of the top twenty Triangle Boy search sites are in the Chinese language. Every day, the Chinese user receives an e-mail listing new addresses of Triangle Boy servers, which allow the user to visit websites that they would otherwise be unable to reach. Because the addresses of the servers change constantly, the system is practically unbeatable. Any attack, especially on the mothership, requires enormous resources.

But as surely as Triangle Boy works to liberate the surfing Chinese masses, you can bet State Security is looking for a way to pounce on this latest proxy rebellion. The simplest one will be to enlist American companies, still eager to curry favor in Beijing, and get them to develop software allowing the Public Security Bureau to sniff out and block proxies as quickly as they are created.

The only practical solution to this puzzle is for the Bush administration to make Internet freedom in China a high priority. At the moment it is a laughably small priority. The Voice of America, whose website has been a high-profile target of Chinese blocking, last summer began funding Triangle Boy to the tune of $10,000 per month. VOA officials undertook that small effort in frustration; they attempt to send daily news via e-mail to some 800,000 addresses in China, with no guarantee that they are getting through. Hsu estimates that supplying one million Chinese users with Triangle Boy (approximately 600 million page views a month) would require just $1 million annually. Budgeted at $300 million a year, VOA has the means and is wisely looking at several other solutions as well. But for VOA to justify an anti-blocking effort on a scale that will make a difference, it will need to be seen as carrying out an important plank of American foreign policy, not just acting on the margins as it is now.

And why not make this a higher profile U.S. policy? Cracking the Chinese firewall is at least as technically interesting as strategic defense. Triangle Boy is still theoretically vulnerable to spoof sites, authorization problems, or a Code Red-style worm attacking the servers. That implies a need for a highly technical layering operation, involving an endless and ever-changing supply of low-key web-based proxies, mirror sites, and encrypted e-mail and instant messenger services in Mandarin, Cantonese, and English, in sufficient volume to overwhelm the Chinese firewall.

Creative engineers, unleashed to solve the problem of bringing Internet freedom to China, might take any number of approaches. They might go through Hong Kong, where illicit cables are said to run to Guangzhou. They might cut some deals with a "loose" Chinese ISP, such as Jitong. They might use messages formatted as images to defeat software that sniffs out characters. They might exploit the fact that Chinese Internet addresses were originally configured in peculiar blocks. Or the fact that the government's proxy-hunters come from only a few locations. A shrewd native engineer could probably root out and defeat 99 percent of these government agents.

None of these measures will be cheap. Nor can we expect the U.S. government to fully manage such a multi-pronged private-and-public defense of Internet freedom. Even if they back the overall concept, administration officials will inevitably want deniability about certain parts of such an operation. This means the project will need to attract the support of foundations, human rights groups, religious organizations--any group that cares about a free China.

But it will be worth it. Given the willingness of capitalists to work hand in hand with the Chinese regime, the Internet may be the only force left that is potentially anti-hierarchical. Think of it as a way to levy a web-based democracy tax on the Chinese government. Think of it also as a way around the university students and the intelligentsia, who are overrated as agents for democratic change in China.

As the father of the Chinese Internet Michael Robinson notes, "In the Chinese Internet's infancy, the first three sites that the government blocked were two anti-government sites--and one Maoist site. What threatens them? . . . The heartland." Ultimately, it won't be the intellectuals who are key to bringing democracy to China. Irate overtaxed peasants with Internet-enabled cell phones ten years from now are the real target market. And those whose dream is democracy in China are operating with diminishing points of entry. The American business presence in China is deeply, perhaps fatally, compromised as an agent for liberalizing change. The Internet remains the strongest force for democracy available to the Chinese people. But it remains a mere potentiality, yet another American dream, unless we first grapple with the question: Who lost China's Internet? Well, we did. But we can still repair the damage. We can, in Michael's words, "lay down the communication network for revolution." If we don't, his progeny may not forgive us.

Ethan Gutmann, a visiting fellow at the Project for the New American Century, is completing a book, "Beijing Boot Camp."

Correction Appended, 2/19/02: In the original version of this article, Network Associates was mistakenly identified as Network-1 Security Solutions.