Reporters Without Borders broke the story yesterday.
Chinese Journalist Shi Tao was arrested for "divulging state secrets abroad" thanks to Yahoo!'s help. Shi used a Yahoo China account to e-mail his notes on an internal government circular detailing measures to control the press to a dissident website. Yahoo! complied with Chinese authorities' requests for information, which helped trace those emails back to Shi.
A full copy of the original Chinese sentencing document and the full English translation was posted on Global Voices yesterday. Click here for the PDF.
Media reports quote a Yahoo! spokeperson who only says that the company is "looking into it." Reporters Without Borders says:
"The company will yet again simply state that they just conform to the laws of the countries in which they operate. But does the fact that this corporation operates under Chinese law free it from all ethical considerations? How far will it go to please Beijing?"
In discussions of this case in various places, it has been pointed out that the Yahoo! Terms of Service - which are identical in Chinese - make it clear that Yahoo! does not intend to protect people's communications from their governments:
"You acknowledge, consent and agree that Yahoo! may access, preserve, and disclose your account information and Content if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (a) comply with legal process; (b) enforce the TOS; (c) respond to claims that any Content violates the rights of third-parties; (d) respond to your requests for customer service; or (e) protect the rights, property, or personal safety of Yahoo!, its users and the public."
GMail's terms of use are similar.
Lots of people are morally outraged by what Yahoo! did to Shi Tao. It is indeed upsetting that a man who was merely acting in accordance with principles of the Universal Declaration of Human Rights gets thrown in jail with help from an American tech company.
That aside, there is another concern: A lot of people in China and elsewhere use Yahoo! and GMail accounts under the false illusion that their communications are more secure from government eyes than if they were to use Chinese e-mail services. This is clearly wrong.
Human rights organizations, media organizations, and others who are seeking and receiving sensitive information via e-mail from people inside China have a responsibility to educate the e-mailers about the security dangers they face. People must be warned very clearly:
IF YOU ARE WORRIED ABOUT GETTING IN TROUBLE, DO NOT USE YAHOO OR GMAIL, OR ANY OTHER SERVICE WHOSE PARENT COMPANY HAS A BUSINESS PRESENCE IN CHINA.
The same goes for blogging tools.
For secure e-mailing purposes, people in the security community recommend Hushmail.
One recommended blogging service run by people committed to human rights and freedom of speech is Civiblog, based in Canada.
CORRECTION/CLARIFICATION/ADDENDUM: (9/7, 8:30pm) A friend at Google points out that since Gmail isn't currently "offered in China" and is a U.S.-based service run on U.S. servers, on a .com domain name, it is not subject to Chinese legal jurisdiction. Only when Gmail gets offered "via a PRC entity" (as Chinese Yahoo! is) will that be the case.
The same person also writes:
"Likewise, Hotmail was for many years provided to Chinese users from the US, on US servers, etc. -- the result was that MSFT didn't have to respond to Chinese requests for info about Hotmail subscribers. I don't know if that's changed with the new joint venture for ICP services in China, but it was verifiably true that MSFT didn't (at least the last time I checked) serve Hotmail from inside the PRC.
PRC jurisdiction doesn't apply to services that are run outside of the PRC. If Hotmail or Gmail isn't served in Iran, neither MSF nor Google will respond to an Iranian government demand for information about a subscriber. Yahoo has apparently decided to offer email from inside the PRC, meaning that it had to comply with PRC rulings.
The MSFT/Hotmail experience demonstrates that the PRC authoriities have (so far) respected this jurisdictional line on a service-by-service basis, meaning that MSFT's OS software operation in China wasn't interpreted to mean that Hotmail (a separate US service) was subject to PRC jurisdiction."
The preformatted text at the end of the entry is being cut off by the right sidebar.
Posted by: Martey | September 07, 2005 at 10:10 PM
Thanks Martey. Fixed it.
Posted by: Rebecca MacKinnon | September 07, 2005 at 11:27 PM
I think this just shows how important email security and privacy really are and how much we have neglected them in the past. I have a professor who will not send emails to people using Gmail because of Gmails lack of policy on how long deleted emails can be stored (Yahoo deletes them after 3 months). People who want protection from oppressive governments or businesses that want to protect their privacy from hackers will have to rely on secure email solutions. The computer industry needs to focus on providing easy to use secure communication solutions so privacy does not just exist for those few experts who know how to set up their own encryption systems.
Posted by: Can Sar | September 08, 2005 at 02:24 AM
(Ooops...messed up the HTML in the previous post, please delete that and keep this.)
There are two seperate questions here: First, must they respond, and second, if its a choice, what choice will they make?There's some interesting language in that update:
As a 40% owner of Baidu, and as a company in the midst of opening offices in China, I think its unlikely that Google would fight for its users.
Posted by: Adam | September 08, 2005 at 11:24 AM
There is one interesting (though relatively minor) aspect of all this: To my mind, part of what the Chinese govt. is getting by saying that they got Shi Tao's name & info from Yahoo is that few people will question their evidence because of Yahoo's reputation as a major global Internet firm. In contrast, if the company were a little-known Chinese firm easily subjected to govt. pressure, or one w/ very close ties to Beijing, or worst of all a state-owned company, observers would more likely question whether the "evidence" was simply fabricated to please the govt. Having the evidence from Yahoo lets the Chinese govt. say that Shi Tao got a "fair" trial, at least as to some of the evidentiary mechanics, although the charges against him and/or the laws they're based on are surely unfair & in violation of international human rights law (caveat: I haven't read over the trial transcript). So Yahoo isn't just providing its work & evidence to the Chinese govt. - the govt. is using Yahoo's international reputation as a credible & technically expert company as well, to some degree. All the more reason for Yahoo's reputation as a responsible international corporate citizen to be challenged.
(Yes, go ahead & laugh at my email address.)
Posted by: Reg | September 09, 2005 at 11:49 AM
I have a professor who will not send emails to people using Gmail because of Gmails lack of policy on how long deleted emails can be stored (Yahoo deletes them after 3 months). People who want protection from oppressive governments or businesses that want to protect their privacy from hackers will have to rely on secure email solutions
Posted by: Ann | January 04, 2006 at 12:50 AM
I am intrested inform me what to do
Posted by: SMITH | February 03, 2006 at 09:16 PM