78
F
REEDOM ON THE
N
ET
2013
C
HINA
is active online, reported that security agents beat him during an eight-hour detention in March
2013, on the day before Xi Jinping took office as president.
161
Users hoping to avoid repercussions for their online activity face a rapidly dwindling space for
anonymous communication as real-name registration requirements expand online, among mobile
phone retailers, and at public internet facilities. The authorities justify real-name registration as a
means to prevent cybercrime, though experts counter that uploaded identity documents are
vulnerable to theft or misuse,
162
especially since some verification is done through a little-known
government-linked contractor.
163
In December 2012, the CCP’s governing Standing Committee approved new rules to strengthen
the legal basis for real-name registration by websites and service providers.
164
The rules threatened
violators with “confiscation of illegal gains, license revocations and website closures,” largely
echoing the informal arrangements already in place across the sector.
165
Comment sections of major
news portals, bulletin boards,
blog-hosting services, and e-mail providers already enforce some
registration.
166
The MIIT also requires website owners and internet content providers to submit
photo identification when they apply for a license, whether the website is personal or corporate.
167
Nevertheless, the new rules are significant in extending regulation to the e-commerce and business
sectors, which typically benefit from more freedom than their counterparts in the news media, civil
society, or academia. The rules oblige these providers to gain consent for collecting personal
electronic data, as well as outline the “use, method, and scope” of its collection; yet they offer no
protection against law enforcement requests for these records.
168
Chinese providers are required to
retain user information for 60 days, and provide it to the authorities upon request without judicial
oversight or informing the user.
169
161
Isaac Stone Fish, “Chinese Dissident Allegedly Beaten as Xi Jinping Becomes President,” Passport (blog), Foreign Policy,
March 14, 2013,
http://blog.foreignpolicy.com/posts/2013/03/14/chinese_dissident_allegedly_beaten_as_xi_jinping_becomes_president.
162
Danny O’Brien, “China’s Name Registration Will Only Aid Cybercriminals,” Committee to Protect Journalists, December 28,
2012, http://www.cpj.org/internet/2012/12/chinas‐name‐registration‐will‐aid‐not‐hinder‐cyber.php.
163
“Du Zi He Cha Wei Bo Shi Ming Guo Zheng Tong She Long Duan” [Real‐Name Verification of Weibo Suspected Monopolized
by Guo Zheng Tong], Hong Kong Commercial Daily, December 30, 2011, http://www.hkcd.com.hk/content/2011‐
12/30/content_2875001.htm; “Beijing Yao Qiu Wei Bo Yong Shi Ming Fa Yan” [Beijing Users of Weibo Required for Real‐Name
Verification], BBC, December 16, 2011, http://bbc.in/t2hZme.
164
“National People’s Congress Standing Committee Decision Concerning Strengthening Network Information Protection,”
China Copyright and Media, December 28, 2012, http://chinacopyrightandmedia.wordpress.com/2012/12/28/national‐
peoples‐congress‐standing‐committee‐decision‐concerning‐strengthening‐network‐information‐protection/.
165
Joe McDonald, “China Real‐Name Registration Is Now Law in Country,” Huffington Post, December 28, 2012,
http://www.huffingtonpost.com/2012/12/28/china‐real‐name‐registration_n_2373808.html.
166
“Wen Hua Bu 2009 Jiang Da Li Zhen Zhi Hu Lian Wang Di Su Zhi Feng” [Ministry of Culture Will Curb Trend of Internet
Indecency in 2009], Net Bar China, January 6, 2009, http://www.netbarcn.net/Html/PolicyDynamic/01061954388252.html;
Chen Jung Wang, “Shi Min Zhi Rang Gao Xiao BBS Bian Lian” [Real Name System Intimidates High School BBS], CNHubei,
November 29, 2009, http://www.cnhubei.com/200511/ca936578.htm ; “Zhong Guo Hu Lian Xie Hui: Bo Ke Tui Xing Shi Min Zhi
Yi Chen Ding Ju” [Internet Society of China: Real Name System for Bloggers is Set], Xinhua News, October 22, 2006,
http://www.itlearner.com/article/3522.
167
Elinor Mills, “China Seeks Identity of Web Site Operators,” CNET News, February 23, 2010, http://cnet.co/bXIMCp.
168
Tim Stratford et al., “China Enacts New Data Privacy Legislation,” Publication from Covington & Burling LLP, January 11,
2013, http://bit.ly/RRiMaM .
169
“China,” OpenNet Initiative, August 9, 2012, http://opennet.net/research/profiles/china‐including‐hong‐kong.
209
66
F
REEDOM ON THE
N
ET
2013
C
HINA
Microblog providers have struggled to enforce identity checks. Online reports of Sina Weibo users
trading defunct identification numbers to facilitate fake registration indicated that the requirements
were easy to circumvent.
170
Sina’s 2012 report to the U.S. Securities and Exchange Commission
anxiously noted the company’s exposure to potentially “severe punishment” by the Chinese
government as a result of its failure to ensure user compliance.
When social-media sites offer online payment systems, many users voluntarily surrender personal
details to enable financial transactions. Mobile phone purchases have required identification since
2010, so providing a phone number is a common way of registering with other services.
171
In fact,
one analyst estimated that approximately 50 percent of microblog users had unwittingly exposed
their identities to providers by 2012, simply by accessing the platform from their mobile phone.
172
Implementation of the real-name policy may continue to vary, not just because it is hard to enforce,
but also because registration makes it harder for the state’s hired commentators to operate
undetected. One study reported that some officials openly encourage commentators to use
pseudonyms and fake ID to hide their affiliation with the propaganda department.
173
Real-name registration is just one aspect of pervasive surveillance of internet and mobile phone
communications in place in China. Rapidly developing phone technology offers new opportunities
for the surveillance state. A 2011 Beijing city initiative to produce real-time traffic data by
monitoring the location of the city’s 17 million China Mobile subscribers sparked concern from
privacy experts, who said it could be used to trace and punish activists.
174
The timeline for the
program’s implementation is not known.
The deep-packet inspection technology used to censor keywords can monitor users as they try to
access or disseminate similar information. Private instant-messaging conversations and text
messages have been cited in court documents. One academic study reported that queries for
blacklisted keywords on Baidu automatically sent the user’s IP address to a location in Shanghai
affiliated with the Ministry of Public Security.
175
Given the secrecy surrounding such capabilities,
however, they are difficult to verify.
Police periodically try to force mandatory surveillance software on organizations and individuals,
with mixed success. Cybercafés check photo identification and record user activities, and in some
170
C. Custer, “How to Post to Sina Weibo without Registering Your Real Name,” Tech in Asia, March 30, 2012,
http://www.techinasia.com/post‐sina‐weibo‐registering‐real/.
171
“Shou Ji Shi Ming Zhi Jin Qi Shi Shi, Gou Ka Xu Chi Shen Fen Zheng” [Mobile phone real name system implemented today, SIM
card purchasers have to present their ID documents], News 163, October 1, 2010, http://bit.ly/aIyYL4.
172
Song Yanwang, “ Jing Hua Wang Luo Huan Jing Xin Gui Yin Huan An Cang Weibo Shi Ming Zhi Ling Yung Ying Shang Mian Lin
Da Kao” [Internet Clean‐Up Regulations Conceal Obscure Issues. Weibo’s New Real‐Name Registration Rule Poses Challenge for
Telecom Operator], Net.China.com.cn, March 15, 2012, http://net.china.com.cn/txt/2012‐03/15/content_4875947.htm .
173
Rongbin Han, , “Manufacturing Consent in Censored Cyberspace.”
174
“Beijing Ni Yong Shou Ji Xin Hao Zhui Zong Shi Min Chu Xing Qing Kuang” [Beijing plans to track mobile phone users in real‐
time], Yahoo News, March 3, 2011, http://news.cn.yahoo.com/ypen/20110303/237829.html; Cecilia Kang, “China Plans to
Track Cellphone Users, Sparking Human Rights Concerns,” Washington Post, March 3, 2011, http://wapo.st/hw6qkg.
175
Becker Polverini and William M. Pottenger, “Using Clustering to Detect Chinese Censorware,” Eleventh Annual Workshop on
Cyber Security and Information Intelligence Research, Article No. 30, 2011. Extended Abstract available at:
http://www.intuidex.com/whitepapers/CSIIRW_Chinese_Censorship_Paper.pdf.
210
78
F
REEDOM ON THE
N
ET
2013
C
HINA
regions, surveillance cameras in cybercafés have been reported transmitting images to the local
police station.
176
However, users successfully resisted attempts at mandatory installation of
antipornography software known as Green Dam Youth Escort in 2009, after experts voiced privacy
and censorship concerns. Some Beijing companies were threatened with disconnection in 2012 if
they failed to install government-designated software capable of logging web traffic, blocking sites,
and communicating with local police servers.
177
A similar effort to force businesses offering
wireless internet access in Beijing’s Dongcheng district to purchase expensive surveillance
equipment in 2011 caused some to disconnect rather than pay.
178
Others ignored the directive
without repercussions.
As with censorship, surveillance disproportionately targets individuals and groups perceived as
antigovernment. Reports citing anonymous government officials noted that a camera grid system
known as “Skynet” may have “a camera on every road in Tibet” as part of the effort to contain self-
immolations.
179
A Tibetan rights group reported police inspections of mobile phones for banned
content in Lhasa in March 2013.
180
A June 2013 report by Human Rights Watch put these activities
in the context of a three-year campaign by 5,000 teams of CCP personnel conducting surveillance
throughout the Tibetan Autonomous Region.
181
Beyond regional flashpoints, the national “Safe Cities” program offers security officials an advanced
system for monitoring public spaces across China.
182
The “social stability maintenance” budget that
supports these programs surpassed China’s defense budget in 2012.
183
Both international and local firms jockey for lucrative surveillance-related equipment contracts in
China. During 2011, two lawsuits were filed in U.S. courts against the American technology
company Cisco Systems, asserting that there was evidence the firm had customized its surveillance
equipment to assist Chinese security agencies in apprehending Falun Gong practitioners and
democracy activists. Cisco denied the allegations, and the cases were pending as of May 2013.
184
176
Naomi Klein, “China’s All‐Seeing Eye,” NaomiKlein.org, May 14, 2008, http://bit.ly/2nf29.
177
Kevin Voigt, “International Firms Caught in China’s Security Web,” CNN, August 24, 2012,
http://edition.cnn.com/2012/08/24/business/china‐foreign‐companies‐internet/index.html.
178
Zhao Zhuo, “Beijing Bu Fen Ka Fei Ting Ting Zhi Ti Gong Wu Xian Wang Luo” [Some cafés in Beijing suspend Wi‐Fi service],
Beijing Youth Daily, July 27, 2011, http://bjyouth.ynet.com/article.jsp?oid=79986791.
179
Malcolm Moore, “China Using Massive Surveillance Grid to Stop Tibetan Self‐Immolation,” Telegraph, November 9, 2012,
http://bit.ly/TgUg0g.
180
“China Launches Crackdown on Personal Cellphones in Lhasa,” Tibetan Centre for Human Rights and Democracy, March 11,
2013, http://www.tchrd.org/2013/03/china‐launches‐crackdown‐on‐personal‐cellphones‐in‐lhasa/#more‐1288. Radio Free Asia
also reported police requisitioning computers and cellphones belonging to Uighur students for inspection when they returned
to the region for the school holidays. “Chinese Controls on Uyghur Students Ahead of Ramadan,” Radio Free Asia, June 13,
2013, http://www.rfa.org/english/news/china/students‐06132013105142.html.
181
According to Human Rights Watch, the goals of the campaign included “categorizing Tibetans according to their religious and
political thinking, and establishing institutions to monitor their behavior and opinions.” Human Rights Watch, “China: ‘Benefit
the Masses’ Campaign Surveilling Tibetans,” news release, June 19, 2013, http://bit.ly/11Y8EAF.
182
Andrew Jacobs and Penn Bullock, “Firm Romney Founded Is Tied to Chinese Surveillance,” New York Times, March 15, 2012,
http://www.nytimes.com/2012/03/16/world/asia/bain‐capital‐tied‐to‐surveillance‐push‐in‐china.html.
183
Edward Wong and Jonathan Ansfield, “China’s Communist Elders Take Backroom Intrigue Beachside,” New York Times, July
21, 2012, http://www.nytimes.com/2012/07/22/world/asia/chinas‐communist‐elders‐take‐backroom‐intrigue‐beachside.html.
184
Somini Sengupta, “Group Says It Has New Evidence of Cisco’s Misdeeds in China,” New York Times, September 2, 2011,
http://www.nytimes.com/2011/09/03/technology/group‐says‐it‐has‐new‐evidence‐of‐ciscos‐misdeeds‐in‐china.html; “Suit
Claims Cisco Helped China Repress Religious Group,” Thomson Reuters News & Insight, May 20, 2011, http://bit.ly/jxx6ds; Don
211
67
F
REEDOM ON THE
N
ET
2013
C
HINA
Uniview Technologies, a Chinese firm that offers software allowing police to share images between
jurisdictions in real time, is owned by the U.S. private equity company Bain Capital.
185
China is a key global source of cyberattacks, responsible for nearly a third of attack traffic observed
by the content delivery network Akamai in a 2012 worldwide survey.
186
The survey traced the
attacks to computers in China using IP addresses, meaning the machines themselves may have been
controlled from somewhere else. In January 2013, following the precedent set by Google’s
revelation of hacking in 2010, the New York Times announced that Chinese hackers had infiltrated its
computer systems and obtained staff passwords in the wake of the paper’s censored exposé on
wealth amassed by then premier Wen Jiabao’s family.
187
The revelation prompted similar reports of
hacking from Bloomberg, the Wall Street Journal, and the Washington Post.
188
The scale and targets of illegal cyber activity lead many experts to believe that Chinese military and
intelligence agencies either sponsor or condone it, though even attacks found to have originated in
China can rarely be traced directly to the state. However, the geographically diverse array of
political, economic, and military targets that suffer attacks reveal a pattern in which the hackers
consistently align themselves with Chinese national goals. In one 2012 example, the Indian
Express reported that hackers based in China had targeted computer systems of India’s Eastern Naval
Command headquarters in Visakhapatnam.
189
The most convincing documentation of a state
connection was reported by U.S.-based cybersecurity firm Mandiant in February 2013, after the
company traced sophisticated attacks on American intelligence targets to a military unit in
Shanghai.
190
Hackers, known in Chinese online circles as heike (dark guests), employ various methods to
interrupt or intercept online content. Both domestic and overseas groups that report on China’s
human rights abuses have suffered from distributed denial-of-service (DDoS) attacks, which
temporarily disable websites by bombarding host servers with an unmanageable volume of traffic.
In a development that echoes the trajectory of China’s overall information control, hackers
increasingly intimidate service providers into cooperating with them. A massive DDoS attack on
the exile-run Chinese-language news website Boxun in 2012 threatened the entire Colorado-based
hosting company, name.com, and was accompanied by an e-mailed demand that the company
Tennant, “Second Lawsuit Accuses Cisco of Enabling China to Oppress Citizens,” IT Business Edge, June 9, 2011,
http://bit.ly/jnXH84; Mark Chandler, “Cisco Supports Freedom of Expression, an Open Internet and Human Rights,” The
Platform (blog), Cisco, June 6, 2011, http://bit.ly/l8fgeh.
185
Jacobs and Bullock, “Firm Romney Founded Is Tied to Chinese Surveillance.”
186
Akamai, 3
rd
Quarter 2012 Executive Summary.
187
Nicole Perlroth, “Hackers in China Attacked the Times for Last 4 Months,” New York Times, January 30, 2013,
http://www.nytimes.com/2013/01/31/technology/chinese‐hackers‐infiltrate‐new‐york‐times‐computers.html.
188
Samuel Wade, “New York Times Hacking Highlights Other Cases,” China Digital Times, February 1, 2013,
http://chinadigitaltimes.net/2013/02/new‐york‐times‐hacking‐highlights‐other‐cases/; Nicole Perlroth, “Washington Post Joins
List of News Media Hacked by the Chinese,” New York Times, February 1, 2013, http://nyti.ms/12gEGZF.
189
Manu Pubby, “China Hackers Enter Navy Computers, Plant Bug to Extract Sensitive Data,” Indian Express, July 1,
2012, http://www.indianexpress.com/news/china‐hackers‐enter‐navy‐computers‐plant‐bug‐to‐extract‐sensitive‐data/968897/.
190
David E. Sanger, David Barboza, and Nicole Perlroth, “Chinese Army Unit Is Seen as Tied to Hacking against U.S.,” New York
Times, February 18, 2013, http://nyti.ms/XZRMHo.
212
63
F
REEDOM ON THE
N
ET
2013
C
HINA
disable Boxun for good.
191
Name.com resisted and helped Boxun switch servers, but hackers with
the power to bring down whole businesses may well find other companies more compliant.
Another well-documented tactic is spear-phishing, in which targeted e-mail messages are used to
trick recipients into downloading malicious software by clicking on a link or a seemingly legitimate
attachment.
192
In a 2012 analysis, the U.S.-based computer security firm Symantec linked the group
responsible for the 2010 Google breach—dubbed “the Elderwood gang” after a signature coding
parameter—to a series of “watering hole” attacks, in which the hackers lay in wait for a self-
selecting group of visitors to specific websites. The targeted sites included defense companies as
well as human rights groups focused on China and Tibet; one of the sites was Amnesty International
Hong Kong.
193
Most concerning, according to Symantec, were the gang’s frequent “zero day”
attacks, which exploit previously unknown vulnerabilities in the source code of programs that are
widely distributed by software giants like Adobe and Microsoft. Groups that can pull off these
attacks are scarce, since uncovering security loopholes requires huge manpower and technical
capability, or internal corporate access to the source code itself. Yet the Elderwood gang
“seemingly has an unlimited supply” of zero-day vulnerabilities at its fingertips.
Chinese web users have also been victims of cybercrime perpetrated by hackers both inside and
outside the country. Tibetans, Uighurs and other individuals and groups subject to monitoring have
been frequently targeted with e-mailed programs that install spyware on the user’s device.
194
Other
attacks affect the broader population. In 2012, a military source reported that 8.9 million
computers in China were infected with Trojan-horse viruses controlled from overseas IP
addresses.
195
The hacker group SwaggSec announced in 2012 that it had broken into the database of
the state-owned China Telecom, and that the company neglected to make a public statement or
change its passwords. China Telecom subsequently confirmed the attack, but said any stolen data
had “little value.” However, a Chinese internet security expert acknowledged that China’s internet
was vulnerable, as many business owners and government officials lack the skills and awareness
needed to defend themselves against cyberattacks.
196
191
“Boxun News Site Attacked Amid Bo Xilai Coverage,” Committee to Protect Journalists, April 25, 2012,
http://www.cpj.org/2012/04/boxun‐news‐site‐attacked‐amid‐bo‐xilai‐coverage.php.
192
Dennis Fisher, “Apple Phishing Scams on the Rise,” Threat Post, June 24, 2013, http://bit.ly/GDS51j.
193
Kim Zetter, “Sleuths Trace New Zero‐Day Attacks to Hackers Who Hit Google,” Wired, September 7, 2012,
http://www.wired.com/threatlevel/2012/09/google‐hacker‐gang‐returns/; “The Elderwood Project,” Symantec (blog),
September 6, 2012, http://www.symantec.com/connect/blogs/elderwood‐project.
194
Dylan Neild, Morgan Marquis‐Boire, and Nart Villeneuve, “Permission to Spy: An Analysis of Android Malware Targeting
Tibetans,” Citizen Lab, April 2013, https://citizenlab.org/wp‐content/uploads/2013/04/16‐2013‐permissiontospy.pdf.
195
Jia Lei and Cui Meng, “Ma Xiao Tian Yu E ‘Wnag Luo Jun Bei Jing Sai” [Ma Xiaotian Appeals for Suppressing ‘Cyber Armament
Race’], Takungpao, May 29, 2012, http://www.takungpao.com.hk/news/12/05/29/ZM‐1484251.htm .
196
Steven Musil, “Hackers Claim Breach of China Telecom, Warner Bros. Networks,” Cnet, June 3, 2012,
http://news.cnet.com/8301‐1009_3‐57446348‐83/hackers‐claim‐breach‐of‐china‐telecom‐warner‐bros‐networks/.
213
48
F
REEDOM ON THE
N
ET
2013
C
HINA
Authoritarian regimes around the world look to Chinese methods of information control as a
model, but activists can do the same. Anticipating what methods of censorship and control may be
coming down the pipeline in China would be valuable for governments and internet users seeking
to safeguard online freedoms against further encroachment. It is notoriously difficult to make
accurate forecasts about China, but here are some technological developments worth watching:
Cross-platform censorship: While online content has traditionally been separated from
both telephony and radio and television broadcasting, experts say the three platforms are
increasingly being brought under the same management and regulated by the same agencies.
This could potentially streamline censorship and provide a more direct way of throttling
dissent.
Interprovincial filtering: At least one academic study has found evidence that internet
censorship technology had been installed at the provincial level. Experts wonder whether
this would enable officials to manipulate the information flowing between provinces—a
more subtle and long-term alternative to total blackouts in areas of unrest.
Targeting circumventors by usage pattern: Circumvention tools like VPN
technology serve a broader commercial market in China, as well as users transmitting
apolitical content like pirated movies. Rather than blocking the tools entirely, experts
believe, censors are seeking to refine controls in order to block only circumventors with a
specific usage pattern that indicates censorship evasion.
Ironically, this last example may provide some hope for online freedoms in China. So long as
internet users defy censorship by creating content that current technology cannot trace or delete,
propaganda agents and intermediary companies can adjust their methods in response. But if censors
themselves are seeking to carve out exceptions, and grant privileges to pro-government or
commercial groups, internet users benefit from what one study termed “collateral” freedom, “built
on technologies and platforms that the regime finds economically or politically indispensable.”
197
Collateral freedom is a poor substitute for full and free access to information and communication
technologies. But the existence of such a phenomenon is proof that internet control runs counter to
the public interest. By attempting to develop a partial, selective censorship apparatus, the CCP is
acknowledging that internet freedom is central to China’s success as a modern nation—and keeping
doors open that netizens will continue to exploit.
197
“Collateral Freedom: A Snapshot of Chinese Users Circumventing Censorship,” OpenITP, May 21, 2013,
http://openitp.org/pdfs/CollateralFreedom.pdfNews‐Events/collateral‐freedom‐a‐snapshot‐of‐chinese‐users‐circumventing‐
censorship.html.
C
ONCLUSION
214
Documents you may be interested
Documents you may be interested
