RConversation

Nobody else appears to have reported this - at least not anywhere I can find - but last week marked a major turning point for China's engagement with ICANN. It was probably also a major turning point in China's strategy on Internet governance.

The Chinese government sent Cui Shutian, Deputy Director, Division of Telecommunications Services and Resources, Ministry of Industry and Information Technology (MIIT) to represent its interests in ICANN's Governmental Advisory Committee (GAC) at last month's ICANN meeting in Sydney. Outgoing ICANN CEO Paul Twomey confirmed to me that it was the first time the Chinese government has engaged directly with ICANN since 2001.

(It's likely that some of my more China-focused and less-techie readers have never heard of ICANN - the Internet Corporation for Assigned Names and Numbers. This California-based non-profit corporation is responsible for making sure that the Internet functions as one globally inter-operable system. Its primary job is to coordinate the global assignment of domain names and IP addresses - which turns out to be a very complicated and increasingly political job. Click here, here, here, and here for useful background.)

One reason the Chinese government disengaged from ICANN and is now re-engaging will be familiar to China wonks: Taiwan. The issue of what it should be called. Beijing was not interested in lending any legitimacy to Taiwan's government under the pro-independence president Chen Shui-bian, and the Chen government wasn't big on compromising with Beijing either. Now it's agreed that Taiwan will officially be referred to as "Chinese Taipei" at ICANN (though the .tw designation won't change), and the two governments in the Ma Ying-jeou era are more willing to be pragmatic with one another, in cyberspace as well as in "meatspace."

The second reason for China's re-engagement with ICANN is that the Chinese government and ICANN have both realized they need each other, at least for the short and medium term.

Some background (skip this paragraph if you are an Internet governance wonk): The Chinese government has long suported Internet governance reform. The fact that ICANN (founded in 1998) ultimately answers to the U.S. Department of Commerce has for most of this decade been a matter of concern to a number of governments, from China to Brazil, Iran, and the European Union. Reform proposals have ranged from ICANN "internationalization" - with supervision by multiple governments - to scrapping ICANN completely and transferring its functions to a U.N. body like the ITU (International Telecommunication Union). Arguments over ICANN's future reached a climax in 2005 during the run-up to the World Summit on the Information Society in Tunis, at which governments agreed there wasn't enough consensus to change the ICANN-based status quo. Instead, the Internet Governance Forum was created with a 5-year mandate to continue inter-governmental and multi-stakeholder dialogue on how the global Internet should be governed, managed, developed, and regulated in the future. That mandate will end next year. In May of this year China publicly opposed the renewal of the IGF's mandate, declaring it a costly, messy, time-wasting shop and reiterating its longstanding position that Internet governance should be in the hands of sovereign governments, not other groups. Meanwhile the Joint Project Agreement between ICANN and the U.S. Department of Commerce expires this September. The U.S. Congress, concerned with U.S. interests, wants to keep things as they are. The European Union issued an official statement last month calling for "a more open, independent, and accountable governance of the Internet." African nations, interestingly, have shifted from supporting reform to supporting the status quo. Chinese officials have continued to express concern about a "monopoly" controlling the Internet, and have made it clear that they want to continue discussing the JPA, but I've not seen anything to indicate an official Chinese comment on the EU position or any other government's position.

According to Paul Twomey who stepped down as CEO of ICANN last week, China has not recently made public statements on ICANN and the JPA. Meanwhile he, the ICANN board, and the other members of the Governmental Advisory Committee have been working hard to make China feel comfortable engaging with ICANN. Here's what he said to me in response to my question about China's position:

In terms of the relationship with the United States government and the Joint Project Agreement, I haven't actually heard what the position of the Chinese government is but they have publicly said things in the past. But I dont think we're in anything like the bipolar situation that we had three four five six years ago, where we're sort of "ICANN love it or hate it." I don't think it's in that space anymore. I think it is, much more pragmatically, that this is an institution where there's a space for the Chinese government to participate in, that it's looking after the interests of the Chinese internet community, that they're dealing with real issues that really affect their concerns, and they're welcome. And i think that's important.

China can't afford not to engage with ICANN at this point in time. The Internet is about to undergo a huge real estate expansion and the Chinese government - along with China's domain name registrars - wants to make sure that Chinese government interests are well served as the rules and technical arrangements get laid out between now and early next year.

In 2010 ICANN will implement two big changes, and China has a big interest in how these changes are implemented. First, ICANN will soon allow anybody (who can pay the six-figure registration fee) to apply to run a "generic top-level domain" (gTLD) (Explanation for non-wonks: .com, .net, .cn, .asia, .mobi, .org, .gov, et cetera are all "top-level domains;" the word before the dot, for example "cnn" in cnn.com is called a second-level domain and that's what individuals, organizations, and companies buy when we purchase a domain name for our website. So for instance, if I was extremely rich and had the technical resources I could apply to create and operate .rebecca). So a religious organization, a political party, a company, or anybody with the resources who wants to administer a distinctive Internet address can apply to establish a new gTLD.

But that's not all. In 2010 ICANN will not only allow more gTLD's to be created, but it will also enable the creation of "internationalized" top-level domains, in non-English/non-Roman letter scripts. In other words it will for the first time be possible to have internationally accessible top-level Internet addresses in Chinese, Arabic, Farsi, Urdu, Thai, Japanese, and whatever other language can be input onto a computer. This is huge because it will make the Internet much more accessible to non-English speakers who have difficulty dealing with the current English-based global domain system. If we really want a truly global and multilingual Internet, having "international domain names," or IDN's as ICANN calls them, is essential. These new international top-level domains (IDN TLDs) will be divided into two categories: "country code TLDs" (ccTLDs) and "general TLDs" (gTLDs). For existing English-character ccTLD's (like .cn) each relevant country gets jurisdiction over how it is administered and the same will be the case for international ccTLD's. So .中国 will be controlled and administered the same way as .cn, and websites under that top-level domain will be subject to Chinese law. (Chinese bloggers have informed me that they stay away from .cn domain names because they lose their web address if their website is too politically controversial.) gTLD's, however, are different. ICANN's intention is that anybody anywhere in the world (with adequate resources) can apply to run a Chinese language gTLD. I asked Twomey what happens if people in, say, Canada or Australia apply to run .falungong and the Chinese-language equivalent. Here's what he said in response:

First of all our process, and the process of moving our policy forward, are neutral processes. And we have a series of objections mechanisms through which people can bring objections, one which we're still working through, which is morality or public order, which is a term that exists in international treaties. There's still a great deal of discussion including in the Government Advisory Committee about how that can possibly work, and should it even be there.... But ICANN is not in the business of the application level. We're not in the business of content. So the strings that people might put forward, were not in the buisiness of deciding whether its a good string or not. There are opportunities, but we're not in the business of saying that's a good string or a bad string. We dont like that one we like this one. And its global. The generic top level domains are global top level domains.

So, in other words, I followed up, anybody can apply to run a generic TLD in any language from anywhere? He replied:

That's right. Its a global technology. The technology doesn't recognize geographic boundaries so we support that. Now whatever governments might decide to do in terms of access or filtering is their business not ours... and we leave that.. because we are if you like the guardians of the single inter-operable internet, our community and the ISPs [internet service providers] are the people who provide the single inter-operable internet. We think it's very important that the issues of the addressing and routing system are separate from the issues of content carried on them. And so we don't comment, we dont condone, but we don't make comment upon those sort of content issues. But what we do say is: you know, if a government has a content issue, don't break the domain name system to try to fix it. Because that's like killing the goose that laid the golden egg.

Finally, here's what Twomey said about jurisdiction of gTLDs:

Let's make it clear that generic top level domains, when they're created, will have contracts with ICANN. And those contracts will clearly state that the applicable law is the law of California. And they will be contracts. Right? You know, any national laws that apply to end registrations we can't comment on, but the law under which the TLD will actually operate will be the law of California.

Many of the details, however, in terms of how a government or anybody else can object to the creation of a new TLD on the grounds of "morality and public order," and under what criteria the ICANN board then comes to a final decision, have yet to be worked out. Also, in the case of multiple applicants for the same TLD, there will be some kind of process for the ICANN "community" to decide who deserves to get that particular domain. So being there at ICANN meetings is very important if you want to influence how the rules get shaped and who has rightful claim over various names. Having the ear of board members by developing a personal relationship with them is also very important, I'm told by people who currently run generic TLDs.

Then there are trademark and other issues related to who has the "right" to a particular TLD name. There is already a big fight over the extent to which brand names can be protected or reserved by companies that are worried about their trademarks being (in their view) appropriated by others. The Chinese government and Chinese companies have an interest in trademark protection not overly favoring Western business and industry on the one hand, while still protecting Chinese companies on the other, while also making sure that arbitration mechanisms are properly internationalized and not overly Western-centric. There are also concerns about who has a right to register and administer, say, .beijing or .guilin - to name a couple examples. The Chinese are also concerned that fights over trademark protection and proposed attempts by ICANN to create a new trademark arbitration body will delay the roll-out of gTLDs in general, and internationalized gTLD's in particular.

Then there are a bunch of technical issues related to this multi-lingual rollout, including an appeal by the Chinese, Japanese, and Koreans among others that ICANN must change it's current rule that non-country TLD's must be 3 characters or more - given that most Chinese words are two characters in length, the three-character minimum requirement is obviously unreasonable. While the Chinese have actually already implemented Chinese-language TLD's within mainland China, they don't work outside of China. Asian ICANN participants last week repeatedly expressed frustration that it's taking too long for ICANN to move forward on this.

So there are lots of reasons why the Chinese need to engage with ICANN now, and not wait till it's restructured or its functions re-appropriated to its greater liking. Here's how Twomey put it:

First of all there's a much better understanding of what ICANN does, what it is and what it's not. I think secondly ICANN is working on issues that really are important to the internet communities of China, for instance. So particularly on the internationalized domain names and the internationalized domain names for the country codes, these are core areas of interest to the Chinese, especially to the Ministry of Information Industry and Technology. But also for the broader Chinese internet community. I'm very pleased that not only has China come back to the GAC but that there's a broad commitment in China now to have Chinese institutions and organizations participating in the ICANN context. ...ICANN is looking at the role of the GAC and what it does and how it participates. And how it interacts with the board. we've continued to have that discussion. I think it's useful that China's at the table to have that discussion.

I was a first-timer at ICANN last week, but sitting through a week of meetings, I got the distinct impression that few people expect ICANN to be radically restructured this year. Most people seemed to expect that the JPA will be renewed in some fashion for now, due to lack of consensus over an alternative. Meanwhile the Government Advisory Committee seems to be getting an expanded role, with more opportunity to lobby the interests of governments as ICANN moves forward in radically expanding the Internet's real estate. How things evolve in the longer run is harder to say, but the people running ICANN are clearly trying to make governments feel welcome to engage and work for change from within - pointing out that this is more likely to be conducive to a stable global Internet - rather than try to dismantle or radically and suddenly restructure it from the outside.

Bringing in China was likely a critical step by ICANN to ensure its own survival, at least in the short to medium term. For now, ICANN and China need each other.

As a number of China hands predicted, the Chinese government has postponed its mandate requiring that all computers sold in China must include the Green Dam -Youth Escort censorware by today.

Yesterday after the news broke I told the Financial Times: "There's been this impression in the internet industry that when the Chinese government makes a demand, they have to roll over and play dead. The lesson here is that's not necessarily the case." I'll put it more strongly here: The Green Dam episode proves yet again that when companies respond to critics by saying things like: "it's beyond our control if we want to do business in China" or "there's nothing we can do or we will get kicked out," that is a huge pile of, well, equine excrement.

What should be abundantly clear from events of the past several weeks is that industry and even ordinary citizens can have a real impact on policy outcomes in China - especially information and technology policy that has a direct impact on large numbers of people nationwide. It's not clear whether a new deadline will be set, the mandate radically revised, or the whole thing quietly scrapped. Which of those three options becomes reality depends very much on the actions over the next few months by industry, Chinese netizens, and various other actors.

Andrew Lih writes:

This should be seen as a case study on how the complexities of China’s decision system is much more nuanced than what a “Communist” regime would suggest, and the role of citizen deliberation in a new, upwardly mobile, aspirational, IT-savvy China.

While the outside world sees the PRC government in absolute control, in reality the heavy handed, top down authoritarian system rides on a delicate balance of, bottom up public consent that supports the state’s legitimacy.

Sky Canaves at WSJ.com's China Journal has a great post titled Green Dam and the Politics of Consent, in which she points out:

While it’s impossible to know what impact Chinese critics of the plan had relative to the vocal protestations of foreign governments, trade organizations and PC makers, the ministry’s latest move on Green Dam highlights the consensual nature of government and politics in China, which emphasizes stability and agreement among all parties involved.

Dan Harris sees this as an example of how China really is moving in the right direction:

China is billing it as a delay, but I can virtually guarantee this software will never be heard from again. I say this for two reasons. One, the people did not like it and Beijing does NOT want to go against the people on something like this. Since there is absolutely no reason to believe the people will ever start liking something like this, there is absolutely no reason to believe the software will return. Two, I know movement has been slow, and I know it has been in fits and starts, but if we were to draw a straight line through the rises and falls, freedom is on a fairly inexorable march in China.

William Moss, a.k.a. "Imagethief," however, isn't ready to pop the champagne just yet:

Green Dam Youth Escort may have submarined as predicted, but make no mistake, this isn't over. The objective that drove it the Green Dam plan, the desire to "purify the Internet", still stands. All attempts are being made to wrap the demise of Green Dam in face-saving balm, but there is no disguising the thoroughly humiliating nature of the episode. Nothing stokes the fires of zealotry like a bout of punishing humiliation, and I'd expect to see that zealotry redirected in coming months in an attempt to justify the Green Dam initiative. The recent assault on Google may be a sign of things to come. PC makers may be able to breathe a sigh of relief now, but portals, video sharing sites, social networks, Internet cafes and others may be in for an interesting few months. Watch this space.

A piece in today's Financial Times (subscription required) points out that scrapped mandates sometimes get resurrected later on in somewhat different forms. One example was Beijing's failed attempt to require that all mobile phones sold in China adhere to a new WAPI standard (alternative to Wifi). Strong industry pushback caused that mandate to be scrapped but it's now been revived, the FT writes:

In 2004, the Chinese government surprised the communication industry with an edict that the homegrown wireless encryption standard – in competition to WiFi – would be compulsory for all mobile data products sold in the country. Only just before the May deadline, Wu Yi, then vice-premier, backed down during a visit to the US. After China failed to win recognition for WAPI as an international standard two years later, the industry assumed the episode was over.

But now, WAPI is back, with a demand by the Chinese government that WiFi handsets for sale in the country will only receive approval if they are also equipped with WAPI.

I agree with "Imagethief" that while the Green Dam mandate may never be revived in its present form, we can absolutely expect that Chinese government efforts to clean up Internet smut, promote a "green Internet," and control Internet content in the name of protecting China's children are by no means over.

There is the short run and the long run. In the short run, everybody's unavoidably in for a rough patch which is likely to continue in one way or another through the end of the year with the 60th anniversary of the PRC's founding on October 1st.

In the long run the Chinese public will value companies that treat adults like adults and give them choice and control over their lives. In the long run such products will win consumer loyalty. Ethical business practices that demonstrate respect for users' and customers' interests and rights - despite a very difficult regulatory environment - will serve companies better in the long run. A roll-over-and-play-dead policy is no way to build a brand's reputation in China or anywhere else.

Industry should take the Chinese government at its word that its goal is to protect children, and try to work out sustainable, ethical solutions on that basis. The drive to censor porn does actually have roots in genuine public frustration about children's easy access to smut and violence on the Chinese Internet. There is a real problem and lots of people expect their government to do something about it. Chinese parents' frustration is shared by parents around the world. Whether the problem can actually be solved by technical means without over-censoring and violating civil liberties, however, or whether the problem's real solutions are social and cultural (requiring parents and teachers to do the hard work as parents and teachers instead of foisting most of the responsibility on companies and governments), is subject of debate in China as well as in pretty much every country with substantial Internet penetration.

Because the Chinese government is un-transparent and unaccountable it will keep using porn as an excuse not only to exercise political control but also to go after foreign companies like Google when the mood suits them (with Chinese competitors egging them on) - and maybe even to help give a leg up to home-grown businesses. But it's also important to recognize that the Chinese government views itself as being part of a global pro-censorship, anti-porn freak-out "we have to do something" bandwagon.

Even democratically elected governments are increasingly turning to national-level Internet censorship as a solution to child porn and hate speech, and in some cases also intellectual property theft, and other real or perceived social ills - depending on whose opinion you go by. The German parliament passed a bill two weeks ago to implement a national Internet filtering system. As I wrote in my op-ed for WSJ Asia last month (links added):

In a petition against the bill, German civil liberties groups call it "untransparent and uncontrollable, since the 'block lists' cannot be inspected, nor are the criteria for putting a Web site on the list properly defined." These concerns aren't unfounded: Some German politicians have already suggested extending the block list to Islamist Web sites, video games and gambling Web sites, while book publishers have suggested it would also be nice to block file-sharing sites too.

Since 2007 Australia's Labor government has advocated a policy of mandatory national filtering. In the face of fierce public criticism the censorship plan may be downgraded to a voluntary industry initiative. But critics remain concerned the block list will not be selected and maintained in a transparent or accountable way -- and that the process for appeal is very unclear, making it likely that some Web sites will be blocked in error or that "mission creep" could take place without adequate public supervision.

In Britain, a "block list" of harmful Web sites, used by all the major Internet Service Providers, is maintained by a private foundation with little transparency and no judicial or government oversight of the list. At least one British family protection group, Mediamarch, has already spoken out in support of the Green Dam concept of moving censorship from the network down to the device level.

PC makers, mobile phone companies, search engines like Google and Internet content providers will remain under strong government pressure in China to "do something" about things the government doesn't like - just as today they are under pressure in many other countries from Thailand to Turkey.

Industry should give the Chinese government as little excuse as possible to use child protection as an excuse to accomplish other goals that have much less public support and which are contrary to globally recognized human rights norms. Industry should perhaps encourage and maybe even fund in China a set of public forums and independent research efforts and so forth to examine how can industry work together with China's parents, teachers, and government to protect China's children. Initiate efforts to work with Chinese experts to develop strong culturally appropriate Chinese-language parental control software that puts control in the hands of end users. China is a potential R&D test-bed to innovate on genuine best practices in child-protection technologies... to the extent that we can realistically expect technology to be able protect children from humans...

Ultimately the problem extends well beyond China and the solutions must also be approached in a global way. It's too easy once technical censorship systems are put in place for them to be abused, or for there to be "mission creep" even in democratic societies. There is little consensus in democratic countries on questions like: What are the best ways to protect children in the Internet age? Is too much emphasis being placed on technical solutions? Do politicians and civil society need to recognize that ultimately the solutions are social and cultural? How best to develop child protection policy and business practices that really accomplishes the goal of protecting children without encroaching on civil liberties and giving governments the excuse to censor content that goes beyond porn without appropriate accountability mechanisms? We need a more intelligent global policy and industry discourse on these questions, because as it stands global political trends are not on the side of free speech protections... whatever the trend-line might look like in China on any given day.

(Note: Some content at the end of this post appeared on this blog briefly last week when an unfinished draft post was mistakenly published.)

This photo, posted last week on Twitpic by a pseudonymous blogger claiming to be based in Hangzhou, shows a document included in the box of a new Sony Vaio computer. (Click to enlarge.)

It is titled: "Sony Disclaimer Notice Concerning the Green Dam - Youth Escort" Software." The document makes the following points (my summary, not verbatim translation):

• Green Dam doesn't support a 64-bit operating system, so PC's with the 64-bit OS don't include this software.
• The software is provided to users in accordance with government requirements.
• Sony cannot guarrantee the authenticity, legality, or compatibility of the software's content, function, service or any other feature.
• Sony assumes no responsibility whatsoever for any kinds of loss or harm incurred by the user as a result of use of Green Dam. Sole responsibility lies with the software's maker.
• The locations on the PC's hard drive of the program and user manual are then listed.

So it appears that Sony has gone ahead with distribution of Green Dam on at least some of its computers sold in China, providing the program on the hard disk for the user to install if they want, with major disclaimers.

Meanwhile the Wall Street Journal reports that a broad coalition of international business associations, including most of the world's major technology companies have issued an appeal directly to Premier Wen Jiabao:

The letter, which was viewed by The Wall Street Journal, says the plan "raises serious concerns for us and seems to run counter to China's important goal of becoming a vibrant and dynamic information-based society."

It urges the government to "reconsider implementing the Green Dam requirements," and proposes an open dialogue on parental controls over content for children. "The Green Dam mandate raises significant questions of security, privacy, system reliability, the free flow of information and user choice," it says.

An executive from the Taiwanese computer company Acer is quoted saying they're going ahead with compliance, having "no choice."

I have also received two documents from an anonymous source. Both were issued by the Ministry of Information Industry in 2006. They're in Chinese, and quite long. I have not had a chance to go over them in detail. I am sharing them both in full. Hopefully somebody with more time and stronger technical translation skills than I have will help the community by doing a partial or full translation.
In sending me these documents my source points out: "Note the Jinhui and others were drafters of this standard. The 国家计算机网络应急技术处理中心 is a national cyber security related organization... Note that it also refers to possible mobile phone standards of similar nature. Also language in there about having a remote access capability."

The first is titled "Technical Requirements of Internet Parental Control Software Based on PC"
Green Dam Technical Requirements - Official Doc (Chinese)

The second document is titled "Test Methods of Internet Parental Control Software Based on PC"Green Dam Test Methods Official Document

I'm not sure what the Chinese government is thinking, or whether certain parts of certain ministries and party apparatus have gotten completely out of control.  

Until recently, it had seemed to me that the Chinese government was managing its censorship system with surprising success: censoring enough (combined with strategic arrests) to keep people from using the Internet to organize a successful nation-wide political opposition movement; but at the same time allowing enough space for online discourse and citizen-muckraking that people have felt freer and more empowered than ever before, which actually seemed to work in favor of the central government's legitimacy - despite being very bad news for corrupt local officials. But this month, something shifted. It's unclear whether the shift is long-lasting or just temporary madness until the PRC's 60th anniversary on October 1st.

Most of China's educated, largely apolitical, internet-connected urbanites have until now been generally willing to accept the political status quo - and with it a certain amount of censorship, thuggishness and injustice, political paranoia and occasional bizarreness - in exchange for overall social stability (compared to any other time in living Chinese memory), economic growth, plus an impressive increase in China's global power and status. But whoever is driving the latest Internet crackdown and the accompanying moralistic propaganda drive may have done substantial damage to the government's credibility.

June began with the expected tightening of Internet censorship around the 20th anniversary of the June 4th crackdown, including the temporary blocking of Twitter and various other websites. That in itself was not a huge surprise. It followed the usual logic of Chinese Internet censorship: tighten up the bottleneck between the Chinese Internet and the outside Internet during politically sensitive periods. Chinese Internet users who tend to be concerned with politics know to expect this kind of thing. However a simultaneous suspension in service for "technical maintenance" on many domestic websites impacted a much larger number of Chinese Internet users who don't visit overseas-hosted news or social networking sites very much. It would likely not have occurred to many million Internet users that June 4th was a politically sensitive date if China's "net nanny" hadn't made it so blatantly obvious, prompting many teenagers who weren't even born in 1989 to ask each other and their parents what happened on June 4th. But that was June 4th. People expect a certain amount of government paranoia around that time.

Little did we know, that was just the beginning of The Month The Censors Stopped Taking Their Medication.

The next week the government's Green Dam censorware mandate became publicly known. Authorities insist on implementing the mandate despite the fact that it doesn't work as intended or advertised, is a security risk and has been subject to widespread domestic criticism (by bloggers as well as state-controlled media and respected public figures like Caijing editor Hu Shuli). Now the U.S. government warns it could be a violation of the WTO. It seems the government is having trouble finding a face-saving way to climb down. Rather than admit they made a mistake and work out a sensible solution with domestic and foreign industry, they have chosen instead to escalate in an increasingly irrational manner that serves only to increase Chinese Internet users' scorn and irritation.

Last week the propaganda department turned it sights on Google China, and continues to blame Google for smut on the Internet. Horror of horrors, when you type smutty words and phrases into the Google search box, you get smutty content coming back in your search results! Many people including this blogger (via Roland Soong) and this blogger have pointed out that plenty of smut remains available via Google's Chinese competitor Baidu. How commercially convenient for Baidu... though some bloggers point out that the whole fracas - aided by outrage and ridicule over a staged anti-Google interview on CCTV - is actually making Google more popular among netizens, who were already annoyed with the government for dispensing commercial favoritism on the makers of Green Dam.

So far this week we've seen the temporary blocking of Google.com and related services hosted outside of China including GMail. As if that wasn't bad enough for one week, we're now told that sexual health websites are a no-go for ordinary Internet users.

Meanwhile, the increased discussion of censorship all over the Chinese Internet is prompting China's netizens to educate themselves about the various technical methods to "jump over" the "great firewall." There are no hard and fast statistics on how many people in China are now using proxy servers, Tor, Psiphon, Freegate/Dynaweb, or OpenDNS as compared to a month ago. But based on the frequent mentions of these tools I've been seeing every day on blogs, in Twitter, and on other social networking sites, it seems that the latest Net Nanny follies have helped raise awareness of circumvention tools to a whole new level. If you plug the term 翻墙 (which means "scale the wall" - the most common Chinese euphemism for censorship circumvention) into Google's search insights and restrict it to searches coming from China, you see a big spike in early June and a bigger spkie in the past few days (click to enlarge):

Searches for Tor (a nonprofit tool for anonymizing and circumvention) are also substantially up this month, and Chinese-language searches originating in China for Freegate (a tool developed and operated by a FLG-affiliated organization) spiked dramatically over the weekend.

Aggravation is certainly mounting. After finding Google.com and GMail blocked on Wednesday night Beijing time, Jeremy Goldkorn, who runs Danwei.org wrote a letter to China's "net nanny," in which he pointed out: "You are making Chinese people look like children on the world stage. You are bringing shame to the People's Republic of China, and the Chinese Communist Party."

To protest the mounting ridiculousness, Ai Weiwei is calling for an Internet boycott on July 1st. Others like lawyer-blogger Liu Xiaoyuan believe a boycott is not the best way to protest Internet restrictions. He writes (translated by Roland): "We have nothing against the Internet. We should not boycott the Internet. We should be using the Internet to promote democracy, rule of law, people's livelihood and progressiveness." Roland suggests some other kind of protest that is more measurable, as the success or failure of an Internet boycott is very hard to measure. Meanwhile a group of anonymous Chinese Netizens have issued an open letter, vowing to take collective action on July 1st. It's not clear exactly what they will do, other than to say: "we are going to acquaint your censorship machine with systematic sabotage and show you just how weak the claws of your censorship really are. We are going to mark you as the First Enemy of the Internet."

The following paragraph is particularly interesting. They claim they're not interested in overthrowing the government; but the government is bringing on its own punishment for behaving in such a stupid manner:

NOBODY wants to topple your regime. We take no interest whatsoever in your archaic view of state power and your stale ideological teachings. You do not understand how your grand narrative dissipated in the face of Internetization. You do not understand why appealing to statism and nationalism no longer works. You cannot break free from your own ignorance of the Internet. Your regime is not our enemy. We are not affiliated in any way with any country or organization, and we are not waging this war on any country or organization, not even on you. YOU are waging this war on yourself. YOU are digging your own grave through corruption and antagonization. We are not interested in you, destined for the sewage of history. You cannot stop the Internetization of the human race. In fact, we won't bat an eyelid even if you decide to sever the transpacific information cables in order to obtain the total control you wanted. The harder you try to roll back history, the more you strain the already taut strings, and the more destructive their final release. You are accelerating your own fall. The sun of tomorrow does not shine on those who are fearing tomorrow itself.

June has been pretty wild. I wonder what July has in store...

Last week, computer scientists at the University of Michigan, The Open Net Initiative, and an independent group of Chinese programmers all found serious security flaws in the government-mandated Green Dam-Youth Escort software.

Earlier this week a Chinese official told the China Daily "that all security problems reported by the professors from University of Michigan had been fixed."

Well, not really. The Michigan team has found that while some problems are fixed, more serious security problems remain. Here is the summary of their latest update:

Following our initial analysis, the makers of Green Dam have released at least one security update and two filter updates. These updates address the original web filtering security vulnerability we described above, disable certain blacklists that were copied from the CyberSitter program, and bring the software into compliance with the OpenCV license.

Unfortunately, we have discovered an additional remotely-exploitable security vulnerability in the patched version. Even with the updated version installed, any web site a user visits can exploit this problem to take control of the computer. We continue to recommend that users protect themselves by uninstalling Green Dam immediately.

While Green Dam's developers have patched the software quickly, the program's continuing vulnerability suggests that its security problems run deep. We fear that the deeper problems cannot be resolved in time for the July 1 deadline for PC makers to distribute Green Dam on all new PCs sold in China.

Read the details here.

Also of possible interest is my Op-Ed in yesterday's Asian Wall Street Journal, The Green Dam Phenomenon: Governments everywhere are treading on Web freedoms.

Whether or not Green Dam ends up being mandated, this is not the end - not for China nor for the rest of the world. It's just the beginning. Get ready. I conclude:

It is very encouraging that a coalition of industry groups has pushed back publicly against the Green Dam mandate, calling on the Chinese government to reconsider. But the Green Dam incident is yet another example of why it behooves companies to think ahead about how they are going to uphold their larger responsibility to society. Industry has a choice: be reactive -- and be forced into growing complicity with government censorship and surveillance around the globe. Or be pro-active, develop robust human-rights policies, and consider how to responsibly handle the inevitable pressures by all kinds of governments to serve as national auto-parent, if not auto-cop.

Chinese netizens are certainly having fun mocking the government's mandate for PC manufacurers to install the Green Dam-Youth Escort software. Danwei posted some great pictures of cartoon "green dam girls," greated in the style of Japanese porno manga. This one on the left (click to enlarge) is removing the underwear of "Windows XP Girl". Hecaitou has a lot more.

The Guardian, Associated Press, and even the China Daily are now quoting an unnamed Chinese official at the Ministry of Industry and Information Technology who says that the installation of Green Dam-Youth Escort is "not compulsory." The China Daily reports:

"The PC makers only need to save the setup files of the program on the hard drives of the computers, or provide CD-ROMs containing the program with their PC packages," said an official of the department of software service under the Ministry of Industry and Information Technology, who did not want to be named.

PC users have the "final say" over installing the filter and recent reports of the government compelling them to use the software was "a misunderstanding", the official said.

"The government only provides the Green Dam-Youth Escort software for free."

It seems like there must have been some kind of policy tug-of-war going on these past few days. Late last week the Communist Party's Propaganda Department sent round an edict to the media instructing them to say nice things about Green Dam and stop being so critical. But Caijing and other media continued running critical articles, and then the People's daily website, Renminwang, launched a whole feature section on Saturday with full coverage of the Green Dam story - pro and con. Plus a reader opinion poll. Here's the screenshot I took Monday morning of the results, soon before the whole thing got taken down (click to enlarge):

At the time the screenshot was taken, more than 5 million readers had voted. 16 percent (nearly 880 thousand) supported Green Dam, while 74 percent (more than 4 million) voted against it.

On the left is a screenshot of the front page of the feature section, provocatively titled: "Have you been 'Green Dam-Youth Escort-ed' today?" (Click to enlarge.) Interestingly, the accompanying discussion forum has not been deleted - and it's full of comments criticizing or mocking Green Dam. Even though the main section has been taken offline, Chinese media insiders say the fact that the critical analysis and online poll managed to appear at all on the People’s Daily website is proof of strong internal government disagreement over how to respond to this public relations fiasco.

Despite today's reports about an apparent climbdown, however, I got an email from one person in the industry who said his company has yet to hear anything different from the original directive in his company's discussions with the government. So the game may not be completely over, and some in the industry are concerned about the implications of even providing an accompanying disc, knowing the security and IP issues in addition to the free speech implications.

Meanwhile the Ministry of Industry and Information Technology has ordered Green Dam's maker, Jinhui Computer System Engineering Co. to urgently patch their now well-documented security flaws. That could take a while if it’s to be done right: the University of Michigan computer scientists who analyzed Green Dam last week warned that the problems are so serious that they can only be resolved with “extensive changes to the software and careful retesting.” Whether the government requires installation or just an accompanying disc, it’s unclear whether it will still hold PC makers and importers to the original July 1^st implementation deadline. It also remains unclear whether the mandate will ultimately end up being enforced. If Jinhui fails to patch Green Dam’s leaks to government satisfaction in a timely manner, that could give the authorities solid reason to scrap the plan. Meanwhile, never a dull moment on the Chinese Internet. I look forward to the continued Chinese online humor... including this doozy that some reader managed to post for a short period of time also on the People's Daily site:

The Open Net Initiative has released a detailed analysis of Green Dam. Executive summary (emphasis added):

A recent directive by the Chinese government requires the installation of a specific filtering software product, Green Dam, with the publicly stated intent of protecting children from harmful Internet content. The proposed implementation of software as reviewed in this report would in fact have an influence that extends beyond helping parents protect their children from age inappropriate material; the filtering options include blocking of political and religious content normally associated with the Great Firewall of China, China’s sophisticated national-level filtering system. If implemented as proposed, the effect would be to increase the reach of Internet censorship to the edges of the network, adding a new and powerful control mechanism to the existing filtering system.

As a policy decision, mandating the installation of a specific software product is both unprecedented and poorly conceived. In this specific instance, the mistake is compounded by requiring the use of a substandard software product that interferes with the performance of personal computers in an unpredictable way, killing browsers and applications without warning while opening up users to numerous serious security vulnerabilities. The level of parental control over the software is poor such that this software does not well serve parents that wish to the limit exposure of their children to Internet content.

The mandate requiring the installation of a specific product serves no useful purpose apart from extending the reach of government authorities. Given the resulting poor quality of the product, the large negative security and stability effects on the Chinese computing infrastructure and the intense backlash against the product mandate, the mandate may result in less government control.

Read the whole thing online here or download the PDF here.

Several primary documents related to the government-mandated Green Dam censorware/malware - and the opposition to it - have emerged over the past 12 hours or so. Here are some of them:

• In chatrooms like this one people have been posting scanned copies of the above notice sent from the Central Propaganda Department to news media, telling them to tone down the criticism and take on a more positive tone toward Green Dam. The document has been quoted in blog posts like this one as well.

• Chinese Lawyer Challenges Filtering Software Order and Requests Public Hearing. Human Rights in China has translated the request by Beijing rights lawyer Li Fangping. Summary: "Li challenges the legality of the directive, citing an October 2008 notice1 sent by the State Council – China’s legislature – to government agencies requesting them to “hold hearings for items subject to examination and approval which concern the major public interests or the vital interests of the people.” Using regulations relevant to the Chinese government’s Open Government Information policy, Li also submitted an application to MIIT requesting the ministry to make public the legal basis for the new directive and information relating to the approval process for the funds to purchase the software, the impartiality of the bidding process, and how the software would affect the protection of individual privacy and information security, etc."

• Green Dam censorship system internal brief to Chinese government, doc, Jan 2008 "This internal document from early 2008 contains negotiations between Jin Hui, the maker of the software, and the Chinese government, together with a detailed description of the Green Dam system." Posted as a downloadable PDF (very detailed, in Chinese) on Wikileaks.

• A technical analysis of the Chinese 'Green Dam Youth-Escort' censorship software, a collaborative work by Chinese bloggers and programmers, posted on Wikileaks and constantly being updated.

• Chinese Green Dam Falun Gong related censorship keywords: June 2009, posted on Wikileaks. So much for the claim by Jin Hui executives and officials that Green Dam censors porn only.

• GNI Principles Offer Guidance to ICT Manufacturing and Software Sector: The Global Network Initiative's position statement on Green Dam and appeal for computer manufacturers and software companies to follow the GNI principles for free expression and privacy. Below is the statement in full:

GNI Principles Offer Guidance to ICT Manufacturing and Software Sector

Posted: Jun 11, 2009

The Global Network Initiative is actively monitoring developments regarding the Chinese government’s directive that requires computer manufacturers to install the Green Dam/Youth Escort content control software on personal computers produced or sold in China. This directive is ostensibly intended to protect children from sexually explicit content, but in fact raises significant challenges for companies in the technology sector that also have a responsibility to respect human rights. The Global Network Initiative (GNI) offers a multi-stakeholder forum that provides operational guidance and a credible system for companies to develop effective strategies in response to these challenges.

Protection of children from exploitation and exposure to inappropriate material online is a legitimate public policy goal, which many countries around the world pursue. This goal can be achieved in ways consistent with international norms protecting the rights to freedom of expression and privacy. For example, public education regarding the availability of a wide variety of user-controlled filtering tools to choose from allows parents and guardians to manage unwanted content in a way that is most appropriate for children under their care. Various companies – including the three company members of GNI – as well as other organizations offer a wide range of such software tools. However, the government mandate to pre-load the Green Dam/Youth Escort software on all PCs produced and sold in China clearly raises human rights concerns that the information and communications technology (ICT) sector must address.

The GNI Principles are grounded in international human rights standards for freedom of expression and privacy. Under these standards, the right to freedom of expression should not be restricted by governments except in narrowly defined circumstances, consistent with international human rights norms and the rule of law. Importantly, such restrictions should be necessary and proportionate for the relevant purpose.

Much about how the Green Dam/Youth Escort software functions in practice is yet to be determined and several GNI members are undertaking such an analysis. However, a number of facts about the software have been established that raise human rights concerns.

The concurrent and cumulative issues that implicate human rights and undermine user choice include the requirement for mandatory installation; the difficulty of uninstalling the software; and filtering that goes beyond sexually explicit or other content inappropriate for children. Results from independent tests of the software reported on Global Voices Online and elsewhere indicate that political content was indeed part of the website library of filtered content. An approach for protecting children online that requires the mandatory installation of a particular software package that is difficult to uninstall and filters far more than sexually explicit content is not consistent with the practices of other countries that have encouraged parental control tools and is far out of proportion to the goal of child protection.

Public opposition (including a legal challenge) to this software mandate within China is growing. The Chinese press and diverse parts of Chinese civil society have expressed concerns about privacy, security, transparency, consumer choice, and whether the cost of this effort is justifiable. In fact, the government recently clarified that use of the software by citizens is not mandatory in its official media statements. We hope that the domestic reaction within China will encourage the Chinese government to reconsider this mandate more fundamentally.

Nevertheless, there are many questions unanswered. Are any companies working with the software vendor to try and put the software in the market? If the government clarifies its directive so that the software is shipped on a disk but not pre-installed, what should companies do to avoid complicity in censorship of political, religious, and cultural information online? How can governments appropriately protect children from exploitation and exposure to inappropriate material? What steps should companies take to address such requests or directives? Hardware and software design companies will need to have adequate due diligence measures in place to ensure that they are prepared to address these questions in a way that respects fundamental human rights.

The GNI can help to address those dilemmas since it is a unique organization with the capacity to provide operational guidance on human rights issues in a collaborative setting. In particular, the GNI offers credible, operational guidance for companies, built on extensive experience, guided by a broad set of perspectives, and rooted in international human rights principles. The GNI also offers both technology sector companies and academics, investors, and non-governmental organizations an opportunity for frank discussion, collaboration on matters of public policy and corporate responsibility, and the sharing of expertise. Among the GNI principles and operational guidelines that are relevant to manufacturing and software companies:

   * Participating companies will respect and protect the freedom of expression of their users by seeking to avoid or minimize the impact of government restrictions on freedom of expression.

   * Participating companies will employ human rights impact assessments to identify circumstances when freedom of expression and privacy may be jeopardized or advanced, and develop appropriate risk mitigation strategies, e.g., when designing and introducing new technologies, products, and services.

   * GNI participants will engage proactively with governments to reach a shared understanding of how government restrictions can be applied in a manner consistent with human rights norms. Companies will seek modification from authorized officials when government restrictions appear overbroad, not required by domestic law or inconsistent with international human rights standards.

   * Participating companies will give clear, prominent, and timely notice to users when access to content has been limited due to government restrictions.

   * GNI participants acknowledge and support appropriate initiatives that seek to identify, prevent, and limit access to illegal online activity such as child exploitation. Such initiatives raise potential concerns regarding freedom of expression and should therefore be narrowly tailored and subject to the rule of law.

A team of computer scientists at the University of Michigan have released this report about the Chinese government-mandated censorware, Green Dam. Here is the summary:

We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.

According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.

We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.

We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.

Read the rest of it here.

...so reads one of the many sarcastic netizen comments translated by ChinaSmack. It's like being mandated to use only one brand, made by one company, and word from people who've used them is that they're very low quality....

(Note that the official government edict mandating Green Dam, along with background information about the product, has now been translated in full by Human Rights in China.)

People aren't limiting their scorn for Green Dam to words alone. This is the opening menu for "Green Dam - Youth Escort":

Here is a spoof uploaded by somebody to a forum on Mop.com, also courtesy of ChinaSmack:

Domestic Chinese critiques abound in the domestic media as well on the blogs, chatrooms, and Twitter networks. The New York Times, Wall Street Journal, and BBC have some good roundups of what the Chinese editorials, blog posts, and chatroom postings have to say about Green Dam. Even the state-run Xinhua news agency covered a range of critiques. A group of Chinese techies have been testing the software and are posting their findings (with translation) here. The Open Net Initiative is also conducting tests and will release a report at some point in the coming days. Critiques of Green Dam cover several categories of issues:

Free speech issues: Many people are arguing that the government has no right to act as "The Big Parent" to all Chinese - and that it should be left to the individual user to decide what software comes with his or her computer, and left to individual families, schools and teachers to decide how best to protect and safely educate their children. This argument is made forcefully by Yang Hengjun, Isaac Mao, and Qin Xudong in Caijing, among others.

Testers report that some programs will shut down when the word "Falun Gong" is typed, and that the circumvention tool Freegate is blocked. This flies in the face of claims by government officials and by Jinhui that it is anti-porn only. Also we know that the blacklist of blocked URL's and terms can be updated by Jinhui remotely at any time, and that there is no transparency to the process. Given that all other levels of filtering in China include political terms, nobody believes that Green Dam will deviate from the norm and be apolitical.

Ham-fistedness: As user feedback shows, the software itself isn't even very good at accomplishing it's goal. It censors things that aren't obscene (like pictures of pigs) and fails to censor porn involving black-skinned people. Plus it is reported not to work with Firefox, at least with some settings some of the time.

Intellectual property issues: A U.S. software developer who has examined Green Dam in detail, but who asked not to be quoted by name because he isn't authorized by his employer to talk to the media, writes:

From what I have seen, the product is a bit of frankenware, that is bits and pieces from different projects out there. I would guess that many of the ‘contributors’ to this project have not been asked. So that there are numerous licensing violations in the product. If I were Dell or another PC manufacture, I would stay the hell away from associating my name with this software. They would be opening themselves up to a lawsuit. Some notable references I found: PrettyWall – GUI Skinning software; OpenCV – Neural network software (BSD license) not having the source code or an acknowledgement is a violation.

Security issues: As discussed in this BBC report and in other posts by Chinese testers, the software has serious security issues and makes computers in China even more vulnerable to hackers than they already are. By making this product available to users even in an accompanying disk, PC makers could knowingly be putting their customers in harm's way.

Privacy issues: Data about the user's activities are sent back to Jinhui. It is not clear what Jinhui will do with this data and what right they have to it. Plus testers say it is transmitted in an insecure manner making the user vulnerable to criminals as well as to the police.

Public expenditure issues: The government paid 40 million RMB for the rights to this software for a year. Many believe their tax money would have been better spent in any number of other ways - like helping China's poor, or fixing the medical system.

Anti-monopoly and fair competition issues: Netizens have raised two possible laws that may have been broken by the government's Green Dam edict: the anti-monopoly law and the law against unfair competition.

Some people are so incensed they're calling for a boycott of computer makers and shops that actually comply with the order to pre-install the software. It would certainly seem that there will be a lot of consumer love for any companies that push back against the edict, stall on implementation, and - if really left with no choice - implement it to the minimum extent possible with maximum support and information for users about how to uninstall the software, what its known flaws and problems are, what it does and doesn't do, what ways it might make them vulnerable and how to protect against those vulnerabilities, etc.