REEDOM ON THE
is active online, reported that security agents beat him during an eight-hour detention in March
2013, on the day before Xi Jinping took office as president.
Users hoping to avoid repercussions for their online activity face a rapidly dwindling space for
anonymous communication as real-name registration requirements expand online, among mobile
phone retailers, and at public internet facilities. The authorities justify real-name registration as a
means to prevent cybercrime, though experts counter that uploaded identity documents are
vulnerable to theft or misuse,
especially since some verification is done through a little-known
In December 2012, the CCP’s governing Standing Committee approved new rules to strengthen
the legal basis for real-name registration by websites and service providers.
The rules threatened
violators with “confiscation of illegal gains, license revocations and website closures,” largely
echoing the informal arrangements already in place across the sector.
Comment sections of major
news portals, bulletin boards,
blog-hosting services, and e-mail providers already enforce some
The MIIT also requires website owners and internet content providers to submit
photo identification when they apply for a license, whether the website is personal or corporate.
Nevertheless, the new rules are significant in extending regulation to the e-commerce and business
sectors, which typically benefit from more freedom than their counterparts in the news media, civil
society, or academia. The rules oblige these providers to gain consent for collecting personal
electronic data, as well as outline the “use, method, and scope” of its collection; yet they offer no
protection against law enforcement requests for these records.
Chinese providers are required to
retain user information for 60 days, and provide it to the authorities upon request without judicial
oversight or informing the user.
Isaac Stone Fish, “Chinese Dissident Allegedly Beaten as Xi Jinping Becomes President,” Passport (blog), Foreign Policy,
March 14, 2013,
Danny O’Brien, “China’s Name Registration Will Only Aid Cybercriminals,” Committee to Protect Journalists, December 28,
“Du Zi He Cha Wei Bo Shi Ming Guo Zheng Tong She Long Duan” [Real‐Name Verification of Weibo Suspected Monopolized
by Guo Zheng Tong], Hong Kong Commercial Daily, December 30, 2011, http://www.hkcd.com.hk/content/2011‐
12/30/content_2875001.htm; “Beijing Yao Qiu Wei Bo Yong Shi Ming Fa Yan” [Beijing Users of Weibo Required for Real‐Name
Verification], BBC, December 16, 2011, http://bbc.in/t2hZme.
“National People’s Congress Standing Committee Decision Concerning Strengthening Network Information Protection,”
China Copyright and Media, December 28, 2012, http://chinacopyrightandmedia.wordpress.com/2012/12/28/national‐
Joe McDonald, “China Real‐Name Registration Is Now Law in Country,” Huffington Post, December 28, 2012,
“Wen Hua Bu 2009 Jiang Da Li Zhen Zhi Hu Lian Wang Di Su Zhi Feng” [Ministry of Culture Will Curb Trend of Internet
Indecency in 2009], Net Bar China, January 6, 2009, http://www.netbarcn.net/Html/PolicyDynamic/01061954388252.html;
Chen Jung Wang, “Shi Min Zhi Rang Gao Xiao BBS Bian Lian” [Real Name System Intimidates High School BBS], CNHubei,
November 29, 2009, http://www.cnhubei.com/200511/ca936578.htm ; “Zhong Guo Hu Lian Xie Hui: Bo Ke Tui Xing Shi Min Zhi
Yi Chen Ding Ju” [Internet Society of China: Real Name System for Bloggers is Set], Xinhua News, October 22, 2006,
Elinor Mills, “China Seeks Identity of Web Site Operators,” CNET News, February 23, 2010, http://cnet.co/bXIMCp.
Tim Stratford et al., “China Enacts New Data Privacy Legislation,” Publication from Covington & Burling LLP, January 11,
2013, http://bit.ly/RRiMaM .
“China,” OpenNet Initiative, August 9, 2012, http://opennet.net/research/profiles/china‐including‐hong‐kong.
REEDOM ON THE
Microblog providers have struggled to enforce identity checks. Online reports of Sina Weibo users
trading defunct identification numbers to facilitate fake registration indicated that the requirements
were easy to circumvent.
Sina’s 2012 report to the U.S. Securities and Exchange Commission
anxiously noted the company’s exposure to potentially “severe punishment” by the Chinese
government as a result of its failure to ensure user compliance.
When social-media sites offer online payment systems, many users voluntarily surrender personal
details to enable financial transactions. Mobile phone purchases have required identification since
2010, so providing a phone number is a common way of registering with other services.
one analyst estimated that approximately 50 percent of microblog users had unwittingly exposed
their identities to providers by 2012, simply by accessing the platform from their mobile phone.
Implementation of the real-name policy may continue to vary, not just because it is hard to enforce,
but also because registration makes it harder for the state’s hired commentators to operate
undetected. One study reported that some officials openly encourage commentators to use
pseudonyms and fake ID to hide their affiliation with the propaganda department.
Real-name registration is just one aspect of pervasive surveillance of internet and mobile phone
communications in place in China. Rapidly developing phone technology offers new opportunities
for the surveillance state. A 2011 Beijing city initiative to produce real-time traffic data by
monitoring the location of the city’s 17 million China Mobile subscribers sparked concern from
privacy experts, who said it could be used to trace and punish activists.
The timeline for the
program’s implementation is not known.
The deep-packet inspection technology used to censor keywords can monitor users as they try to
access or disseminate similar information. Private instant-messaging conversations and text
messages have been cited in court documents. One academic study reported that queries for
blacklisted keywords on Baidu automatically sent the user’s IP address to a location in Shanghai
affiliated with the Ministry of Public Security.
Given the secrecy surrounding such capabilities,
however, they are difficult to verify.
Police periodically try to force mandatory surveillance software on organizations and individuals,
with mixed success. Cybercafés check photo identification and record user activities, and in some
C. Custer, “How to Post to Sina Weibo without Registering Your Real Name,” Tech in Asia, March 30, 2012,
“Shou Ji Shi Ming Zhi Jin Qi Shi Shi, Gou Ka Xu Chi Shen Fen Zheng” [Mobile phone real name system implemented today, SIM
card purchasers have to present their ID documents], News 163, October 1, 2010, http://bit.ly/aIyYL4.
Song Yanwang, “ Jing Hua Wang Luo Huan Jing Xin Gui Yin Huan An Cang Weibo Shi Ming Zhi Ling Yung Ying Shang Mian Lin
Da Kao” [Internet Clean‐Up Regulations Conceal Obscure Issues. Weibo’s New Real‐Name Registration Rule Poses Challenge for
Telecom Operator], Net.China.com.cn, March 15, 2012, http://net.china.com.cn/txt/2012‐03/15/content_4875947.htm .
Rongbin Han, , “Manufacturing Consent in Censored Cyberspace.”
“Beijing Ni Yong Shou Ji Xin Hao Zhui Zong Shi Min Chu Xing Qing Kuang” [Beijing plans to track mobile phone users in real‐
time], Yahoo News, March 3, 2011, http://news.cn.yahoo.com/ypen/20110303/237829.html; Cecilia Kang, “China Plans to
Track Cellphone Users, Sparking Human Rights Concerns,” Washington Post, March 3, 2011, http://wapo.st/hw6qkg.
Becker Polverini and William M. Pottenger, “Using Clustering to Detect Chinese Censorware,” Eleventh Annual Workshop on
Cyber Security and Information Intelligence Research, Article No. 30, 2011. Extended Abstract available at:
REEDOM ON THE
regions, surveillance cameras in cybercafés have been reported transmitting images to the local
However, users successfully resisted attempts at mandatory installation of
antipornography software known as Green Dam Youth Escort in 2009, after experts voiced privacy
and censorship concerns. Some Beijing companies were threatened with disconnection in 2012 if
they failed to install government-designated software capable of logging web traffic, blocking sites,
and communicating with local police servers.
A similar effort to force businesses offering
wireless internet access in Beijing’s Dongcheng district to purchase expensive surveillance
equipment in 2011 caused some to disconnect rather than pay.
Others ignored the directive
As with censorship, surveillance disproportionately targets individuals and groups perceived as
antigovernment. Reports citing anonymous government officials noted that a camera grid system
known as “Skynet” may have “a camera on every road in Tibet” as part of the effort to contain self-
A Tibetan rights group reported police inspections of mobile phones for banned
content in Lhasa in March 2013.
A June 2013 report by Human Rights Watch put these activities
in the context of a three-year campaign by 5,000 teams of CCP personnel conducting surveillance
throughout the Tibetan Autonomous Region.
Beyond regional flashpoints, the national “Safe Cities” program offers security officials an advanced
system for monitoring public spaces across China.
The “social stability maintenance” budget that
supports these programs surpassed China’s defense budget in 2012.
Both international and local firms jockey for lucrative surveillance-related equipment contracts in
China. During 2011, two lawsuits were filed in U.S. courts against the American technology
company Cisco Systems, asserting that there was evidence the firm had customized its surveillance
equipment to assist Chinese security agencies in apprehending Falun Gong practitioners and
democracy activists. Cisco denied the allegations, and the cases were pending as of May 2013.
Naomi Klein, “China’s All‐Seeing Eye,” NaomiKlein.org, May 14, 2008, http://bit.ly/2nf29.
Kevin Voigt, “International Firms Caught in China’s Security Web,” CNN, August 24, 2012,
Zhao Zhuo, “Beijing Bu Fen Ka Fei Ting Ting Zhi Ti Gong Wu Xian Wang Luo” [Some cafés in Beijing suspend Wi‐Fi service],
Beijing Youth Daily, July 27, 2011, http://bjyouth.ynet.com/article.jsp?oid=79986791.
Malcolm Moore, “China Using Massive Surveillance Grid to Stop Tibetan Self‐Immolation,” Telegraph, November 9, 2012,
“China Launches Crackdown on Personal Cellphones in Lhasa,” Tibetan Centre for Human Rights and Democracy, March 11,
2013, http://www.tchrd.org/2013/03/china‐launches‐crackdown‐on‐personal‐cellphones‐in‐lhasa/#more‐1288. Radio Free Asia
also reported police requisitioning computers and cellphones belonging to Uighur students for inspection when they returned
to the region for the school holidays. “Chinese Controls on Uyghur Students Ahead of Ramadan,” Radio Free Asia, June 13,
According to Human Rights Watch, the goals of the campaign included “categorizing Tibetans according to their religious and
political thinking, and establishing institutions to monitor their behavior and opinions.” Human Rights Watch, “China: ‘Benefit
the Masses’ Campaign Surveilling Tibetans,” news release, June 19, 2013, http://bit.ly/11Y8EAF.
Andrew Jacobs and Penn Bullock, “Firm Romney Founded Is Tied to Chinese Surveillance,” New York Times, March 15, 2012,
Edward Wong and Jonathan Ansfield, “China’s Communist Elders Take Backroom Intrigue Beachside,” New York Times, July
21, 2012, http://www.nytimes.com/2012/07/22/world/asia/chinas‐communist‐elders‐take‐backroom‐intrigue‐beachside.html.
Somini Sengupta, “Group Says It Has New Evidence of Cisco’s Misdeeds in China,” New York Times, September 2, 2011,
Claims Cisco Helped China Repress Religious Group,” Thomson Reuters News & Insight, May 20, 2011, http://bit.ly/jxx6ds; Don
REEDOM ON THE
Uniview Technologies, a Chinese firm that offers software allowing police to share images between
jurisdictions in real time, is owned by the U.S. private equity company Bain Capital.
China is a key global source of cyberattacks, responsible for nearly a third of attack traffic observed
by the content delivery network Akamai in a 2012 worldwide survey.
The survey traced the
attacks to computers in China using IP addresses, meaning the machines themselves may have been
controlled from somewhere else. In January 2013, following the precedent set by Google’s
revelation of hacking in 2010, the New York Times announced that Chinese hackers had infiltrated its
computer systems and obtained staff passwords in the wake of the paper’s censored exposé on
wealth amassed by then premier Wen Jiabao’s family.
The revelation prompted similar reports of
hacking from Bloomberg, the Wall Street Journal, and the Washington Post.
The scale and targets of illegal cyber activity lead many experts to believe that Chinese military and
intelligence agencies either sponsor or condone it, though even attacks found to have originated in
China can rarely be traced directly to the state. However, the geographically diverse array of
political, economic, and military targets that suffer attacks reveal a pattern in which the hackers
consistently align themselves with Chinese national goals. In one 2012 example, the Indian
Express reported that hackers based in China had targeted computer systems of India’s Eastern Naval
Command headquarters in Visakhapatnam.
The most convincing documentation of a state
connection was reported by U.S.-based cybersecurity firm Mandiant in February 2013, after the
company traced sophisticated attacks on American intelligence targets to a military unit in
Hackers, known in Chinese online circles as heike (dark guests), employ various methods to
interrupt or intercept online content. Both domestic and overseas groups that report on China’s
human rights abuses have suffered from distributed denial-of-service (DDoS) attacks, which
temporarily disable websites by bombarding host servers with an unmanageable volume of traffic.
In a development that echoes the trajectory of China’s overall information control, hackers
increasingly intimidate service providers into cooperating with them. A massive DDoS attack on
the exile-run Chinese-language news website Boxun in 2012 threatened the entire Colorado-based
hosting company, name.com, and was accompanied by an e-mailed demand that the company
Tennant, “Second Lawsuit Accuses Cisco of Enabling China to Oppress Citizens,” IT Business Edge, June 9, 2011,
http://bit.ly/jnXH84; Mark Chandler, “Cisco Supports Freedom of Expression, an Open Internet and Human Rights,” The
Platform (blog), Cisco, June 6, 2011, http://bit.ly/l8fgeh.
Jacobs and Bullock, “Firm Romney Founded Is Tied to Chinese Surveillance.”
Quarter 2012 Executive Summary.
Nicole Perlroth, “Hackers in China Attacked the Times for Last 4 Months,” New York Times, January 30, 2013,
Samuel Wade, “New York Times Hacking Highlights Other Cases,” China Digital Times, February 1, 2013,
http://chinadigitaltimes.net/2013/02/new‐york‐times‐hacking‐highlights‐other‐cases/; Nicole Perlroth, “Washington Post Joins
List of News Media Hacked by the Chinese,” New York Times, February 1, 2013, http://nyti.ms/12gEGZF.
Manu Pubby, “China Hackers Enter Navy Computers, Plant Bug to Extract Sensitive Data,” Indian Express, July 1,
David E. Sanger, David Barboza, and Nicole Perlroth, “Chinese Army Unit Is Seen as Tied to Hacking against U.S.,” New York
Times, February 18, 2013, http://nyti.ms/XZRMHo.
REEDOM ON THE
disable Boxun for good.
Name.com resisted and helped Boxun switch servers, but hackers with
the power to bring down whole businesses may well find other companies more compliant.
Another well-documented tactic is spear-phishing, in which targeted e-mail messages are used to
trick recipients into downloading malicious software by clicking on a link or a seemingly legitimate
In a 2012 analysis, the U.S.-based computer security firm Symantec linked the group
responsible for the 2010 Google breach—dubbed “the Elderwood gang” after a signature coding
parameter—to a series of “watering hole” attacks, in which the hackers lay in wait for a self-
selecting group of visitors to specific websites. The targeted sites included defense companies as
well as human rights groups focused on China and Tibet; one of the sites was Amnesty International
Most concerning, according to Symantec, were the gang’s frequent “zero day”
attacks, which exploit previously unknown vulnerabilities in the source code of programs that are
widely distributed by software giants like Adobe and Microsoft. Groups that can pull off these
attacks are scarce, since uncovering security loopholes requires huge manpower and technical
capability, or internal corporate access to the source code itself. Yet the Elderwood gang
“seemingly has an unlimited supply” of zero-day vulnerabilities at its fingertips.
Chinese web users have also been victims of cybercrime perpetrated by hackers both inside and
outside the country. Tibetans, Uighurs and other individuals and groups subject to monitoring have
been frequently targeted with e-mailed programs that install spyware on the user’s device.
attacks affect the broader population. In 2012, a military source reported that 8.9 million
computers in China were infected with Trojan-horse viruses controlled from overseas IP
The hacker group SwaggSec announced in 2012 that it had broken into the database of
the state-owned China Telecom, and that the company neglected to make a public statement or
change its passwords. China Telecom subsequently confirmed the attack, but said any stolen data
had “little value.” However, a Chinese internet security expert acknowledged that China’s internet
was vulnerable, as many business owners and government officials lack the skills and awareness
needed to defend themselves against cyberattacks.
“Boxun News Site Attacked Amid Bo Xilai Coverage,” Committee to Protect Journalists, April 25, 2012,
Dennis Fisher, “Apple Phishing Scams on the Rise,” Threat Post, June 24, 2013, http://bit.ly/GDS51j.
Kim Zetter, “Sleuths Trace New Zero‐Day Attacks to Hackers Who Hit Google,” Wired, September 7, 2012,
http://www.wired.com/threatlevel/2012/09/google‐hacker‐gang‐returns/; “The Elderwood Project,” Symantec (blog),
September 6, 2012, http://www.symantec.com/connect/blogs/elderwood‐project.
Dylan Neild, Morgan Marquis‐Boire, and Nart Villeneuve, “Permission to Spy: An Analysis of Android Malware Targeting
Tibetans,” Citizen Lab, April 2013, https://citizenlab.org/wp‐content/uploads/2013/04/16‐2013‐permissiontospy.pdf.
Jia Lei and Cui Meng, “Ma Xiao Tian Yu E ‘Wnag Luo Jun Bei Jing Sai” [Ma Xiaotian Appeals for Suppressing ‘Cyber Armament
Race’], Takungpao, May 29, 2012, http://www.takungpao.com.hk/news/12/05/29/ZM‐1484251.htm .
Steven Musil, “Hackers Claim Breach of China Telecom, Warner Bros. Networks,” Cnet, June 3, 2012,
REEDOM ON THE
Authoritarian regimes around the world look to Chinese methods of information control as a
model, but activists can do the same. Anticipating what methods of censorship and control may be
coming down the pipeline in China would be valuable for governments and internet users seeking
to safeguard online freedoms against further encroachment. It is notoriously difficult to make
accurate forecasts about China, but here are some technological developments worth watching:
Cross-platform censorship: While online content has traditionally been separated from
both telephony and radio and television broadcasting, experts say the three platforms are
increasingly being brought under the same management and regulated by the same agencies.
This could potentially streamline censorship and provide a more direct way of throttling
Interprovincial filtering: At least one academic study has found evidence that internet
censorship technology had been installed at the provincial level. Experts wonder whether
this would enable officials to manipulate the information flowing between provinces—a
more subtle and long-term alternative to total blackouts in areas of unrest.
Targeting circumventors by usage pattern: Circumvention tools like VPN
technology serve a broader commercial market in China, as well as users transmitting
apolitical content like pirated movies. Rather than blocking the tools entirely, experts
believe, censors are seeking to refine controls in order to block only circumventors with a
specific usage pattern that indicates censorship evasion.
Ironically, this last example may provide some hope for online freedoms in China. So long as
internet users defy censorship by creating content that current technology cannot trace or delete,
propaganda agents and intermediary companies can adjust their methods in response. But if censors
themselves are seeking to carve out exceptions, and grant privileges to pro-government or
commercial groups, internet users benefit from what one study termed “collateral” freedom, “built
on technologies and platforms that the regime finds economically or politically indispensable.”
Collateral freedom is a poor substitute for full and free access to information and communication
technologies. But the existence of such a phenomenon is proof that internet control runs counter to
the public interest. By attempting to develop a partial, selective censorship apparatus, the CCP is
acknowledging that internet freedom is central to China’s success as a modern nation—and keeping
doors open that netizens will continue to exploit.
“Collateral Freedom: A Snapshot of Chinese Users Circumventing Censorship,” OpenITP, May 21, 2013,
Documents you may be interested
Documents you may be interested