The Best Way Through the Great Firewall of China

eldavojohn writes "The MIT Technology Review brings news of a new report from Harvard assessing circumvention software. The best tools they tested (and they actually did test them in cybercafes in China) were Ultrareach, Psiphon, and Tor, while Dynaweb and Anonymizer also scored well — of course, the huge downside is the long loading times. The report also includes responses from developers of the tools."

CCP's rules on foreigners' use of crypto in PRC

[Anonymous+Bullard]

Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China.

Announcement of State Encryption Administration

(No. 9)

The Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China are hereby promulgated and shall come into force as of May 1, 2007.

State Encryption Administration

March 24, 2007

Measures for the Use of Encryption Products by Overseas Organizations and Individuals within China

Article 1 For the purpose of regulating the use of encryption codes and equipment containing encryption technologies (hereinafter referred in general as encryption products) by overseas organizations and individuals within China, these Measures are formulated in accordance with the Regulation on Commercial Ciphers.

Article 2 The use of encryption products by overseas organizations and individuals within China shall be governed by these Measures, excluding China-based embassies and consulates of foreign countries, China-based representative offices of international organizations and other institutions enjoying the corresponding privilege and immunity.

Article 3 The term "overseas organization" as mentioned in these Measures refers to an organization set up outside China under foreign law, including the branch institutions, offices, representative offices, etc. established by it inside China.

The term "overseas individual" refers to a person who does not have the Chinese nationality under the Nationality Law of the People's Republic of China.

The term "encryption products" as mentioned in these Measures refers to the products for which the information is subject to protection or security authentication on the basis of encryption technologies, including the encryption products made within and outside China.

Article 4 The State Encryption Administration (hereinafter referred to as the SEA) shall be responsible for the administration of the use of encryption products by overseas organizations and individuals within China.

The encryption administrative departments of all provinces, autonomous regions and municipalities directly under the Central Government shall undertake the relevant administrative tasks in accordance with these Measures.

Article 5 When an overseas organization or individual intends to use an encryption product within China, it (he) shall fill out a Form of Application for the Registration of Use of Encryption Products by Overseas Organization or Individual in advance and submit it to the encryption administrative department of the local province, autonomous region or municipality directly under the Central Government.

The encryption administrative department of the province, autonomous region or municipality directly under the Central Government shall, within 5 working days from the day when it accepts an application, examine the Form of Application for the Registration of the Use of Encryption Products by Overseas Organization or Individual and submit it to the SEA.

The SEA shall, within 20 working days from the day when the encryption administrative department of the province, autonomous region or municipality directly under the Central Government accepts an application, examine the Form of Application for the Registration of the Use of Encryption Products by Overseas Organization or Individual.

If it approves the use, it shall issue to the applicant a Permit to Use Encryption Product by Overseas Organization or Individual.
A Permit to Use Encryption Product by Overseas Organization or Individual shall be valid for three years.

Article 6 Where an overseas organization or individual needs to use any encryption product imported from abroad, it (he) shall apply for a License for the Import of Encryption Product.

When such encryption product enters into China, the overseas organization or individual shall faithfully make a declaration and submit the License for the Import of Encr

Re:All encryption requires permission from the Par

[Anonymous+Bullard]

You have either been misinformed or are deliberately making stuff up for some reason... spreading blatant lies like this is not going to help... because your so-obviously-made-up description of china

Dear sir, what exact blatant lies did I write, and why did the post make you so angry?

What exactly does the PRC law say about Chinese nationals' right to use encryption (or lack thereof)?

I am also aware that especially in the larger cities of China proper the Han-Chinese people (who are not suspected of any "anti-state activities") running their own computers are not generally bothered by the State authorities, especially since only a tiny percentage of them would be using encyption software not vetted by the State. I also hope you realize that the reality for people in the PRC Government's bad books (human rights activists, independent thinkers and writers) and in the so-called "autonomous regions" is somewhat different.

Pointing out the shortcomings of your unelected regime and its laws was in no way criticism of you as an individual, but as the modding is already showing there's a strong Hive Mentality among many Chinese which causes them to attack any critic of their rulers...

Re:All encryption requires permission from the Par

[Anonymous+Bullard]

Thank you for kindly pointing out that HTTPS is a protocol, not a cipher. It is the latter that actually encrypts the traffic.

Now, is it actually legal under the PRC's laws to use ciphers not specifically approved by the State authorities?

Are Chinese individuals or organizations inside the PRC allowed to freely operate servers with strong encryption of their choice and without permission from the State? Which authority within the PRC is allowed to grant certificates?

Are the State's routers/filters able to recognize and simply drop HTTPS connections at their whim?

Does simply using HTTPS protocol prevent the State from logging your connections or attempts to connect to "suspicious sites" (eg. those about democracy and human rights or just critical of the Party)? You know the State's most powerful censorship tool is in fact instilling an inherent sense of self-censorship in its subjects.

Does the mere presence of HTTPS (with whatever ciphers are bundled) allow the Chinese "netizens" to connect to material otherwise banned or filtered by the State freely and without fear of retribution?

Thanks for any clarification.

Re:All encryption requires permission from the Par

[Anonymous+Bullard]

Thanks for your constructive query. :-)

I've many Chinese friends who are as worried about the FQ phenomenom as I am. It's always unpleasant to be shouted down or having your message buried for ideological reasons.

Anyway, I'm not sure if you noticed but elsewhere in this thread I posted the regulations governing foreign-based organizations' (like businesses and NGOs) and foreign individuals' use of crypto in the PRC. The laws governing PRC nationals' use of crypto are said to be nearly identical. But as is often the case in today's China, the actual enforcement of laws is very haphazard and selective. Using SSH while keeping totally clear of anything the State might consider subversive or controversial (like simple river crabs!) and not pushing your luck on foreign connections seems safe. Open-source disk-encryption tools are also a download away and their use highly recommended (by me!), but if the PSB comes knocking on your door they'll only make offers you can't refuse.

Surely the PRC's statute books are available online for concerned people to study, and if you are interested in looking into the exact legal terms regulating crypto in China, some useful keywords would be "State Encryption Administration" and "State Encryption Management Commission" which are the organizations charged with enforcing the regulations.