China Emphasizes Laws As Google Defies Censorship

Lomegor writes "Chinese Foreign Ministry spokeswoman Jiang Yu said on Thursday that all companies are welcome to operate in China but that they must do so under local laws. Although not explicitly, this is in some way a response to Google's threat to leave the country. China also stated that they have strict cyber laws and that they forbid any kind of 'hacking attack'; when asked if those laws apply to the government as well it was quickly avoided. 'It is still hard to say whether Google will quit China or not. Nobody knows,' the official in the State Council Information Office was quoted as saying." I sure would love to be a fly on the wall of these discussions. We certainly live in interesting times.

Looks like email and the desktop were not enough

[Cryacin]

It seems that google has moved firmly into politics. I wonder if as a kid good ol' Sergey Brinn would have ever imaged how much of a difference he would make in the world.

Two predictions

[spyrochaete]

Prediction #1 - google.cn becomes unavailable in China today, never to return.

Prediction #2 - no other companies will stand with Google on this matter, preferring to endure Chinese hackers rather than turning away Chinese business.

Re:Two predictions

[Opportunist]

The difference is probably that Google can easily do without the Chinese market. They're by far not the number one search engine in China. And the chance to become it is slim at best.

On the other hand, not playing along with China's demands would endear them greatly to a lot of groups. US nationalists and US government being amongst the first, not to mention every free-speech supporter from the EFF to most geeks around the globe. It sure would greatly improve their PR and image, and would probably make a few people overlook their own privacy "problems" because "at least they didn't bend over to the Chinese government".

Dunno if it would be so bad for Google to simply flip the Chinese the bird. The goodwill boost might offset the financial loss.

Re:Two predictions

[spyrochaete]

I wasn't referring only to search companies in my comment. Other articles on this story mentioned that Google had identified similar security breaches in at least 20 other companies, and I doubt those were all search/email companies. It will be very interesting to see whether any or all of those companies are identified and what their reaction will be. I was pretty shocked at Google's fierce ultimatum (suddenly removing censorship, effectively punishing the government for the hackers' actions) and will be doubly astounded if any other company dares to ally themselves with such brash action.

Re:Two predictions

[spyrochaete]

The difference is probably that Google can easily do without the Chinese market. They're by far not the number one search engine in China.

That's what I've been reading as well but the numbers don't add up. I read that the Chinese internet market is currently 300 million people and skyrocketing daily, and that Google accounts for 1/3 of search results served in the country. So that's 100 million Google users. Why is Google so dismissive of this enormous number of customers?

Re:Looks like email and the desktop were not enoug

[zwei2stein]

Not politic, business.

Operating in china does not bring google profit. Add Baidou, a govt-subsidied competition and being routinelly hacked, they have reasons leave market. Saying they leave market makes them look weak and stock price would drop.

Making chinese goverment kick them out makes for quite nice PR stunt and will not really to much about stock price. And it actually makes them look strong.

They are still happy to censor in many other countries.

Local laws? What about their constitution?

[mrjb]

The Chinese constitution has allowed free speech since 1982 (not that that mattered much 2 years afterwards). That is, censorship is officially *against* the Chinese constitution. I'd actually like to see this go to court; if it's a fair trial, the Chinese probably will end up being better off because of it.

Rigged Game?

[Software+Geek]

My employer does a lot of business in China, both development work and sales into the chinese market.
This incident with google has really made me stop and think about whether the whole game is rigged.

Invest in China? Your technology will stolen by chinese competitors.
Outcompete your chinese competitors? The local laws will be changed in their favor.
Complain? Your people will be arrested.
Leave? Your assets will be nationalized.

The chinese haven't done any of that stuff to my employer, as far as I know. But it is the only country we do business in where the question might even come up.
It turns out that doing business in a country without the rule of law entails some serious business risks.
I wonder how many executives are having this same thought, right now?

Re:Rigged Game?

[radtea]

I am pretty sure there *are* laws in China

Lacking the rule of law has nothing to do with lacking laws. There were laws in the Soviet Union, too, but the rule of law--access to an independent judiciary, a right to a fair and public trial, minimal political interference in the judicial process, etc--was lacking.

The rule of law is a human right. It gets violated egregiously in China every day. So it's pretty damned funny to what the spoiled children of the Party who rule China whining about how important it is to respect the rule of law.

Fly on the wall -i'll pass

[furby076]

I sure would love to be a fly on the wall of these discussions. We certainly live in interesting times.

No you wouldn't. It's not that lively - on the contrary it is quite boring, full of ritual and face saving. If you ever have a case of insomnia attend one of these meetings - it will be clearly taken care of.

Now if you want a bit of excitement, political meetings that have some energy, then go to UK parliment meetings - especially when the prime minister is around. I remember watching video's of former PM Blair and boy was exciting. The guy was in the center of the room, turning around and launching off complex answers to complex questions. Any political group where you can get a bunch of old boys to start a fist fight will be exciting...and you will not see that in a Chinese gov't meeting.

Re:Looks like email and the desktop were not enoug

[Rising+Ape]

I'm not trying to defend China - I'm just interested in where we draw the line. At what point does censorship become a human rights violation severe enough to require non-cooperation? Some forms of censorship have widespread public support (e.g. child porn).

So, is DMCA-style censorship bad enough?
Censorship of pornography or violence in films?
Restrictions on what news can be reported or discussed openly?

I don't think any country is completely free of questionable activities in the area of human rights. China is worse than most, to be sure.

Re:China's Capability to Conduct Cyber Warfare

[Rich0]

While I'm sure China isn't the only country doing this, when you think about it this is a very scary proposition.

Just think - China decides that being able to take over the CNN front page at a future point in time might be useful to them (just a random example - it could be any site, and it could be some other country).

Teams work around the clock probing the CNN servers. They monitor tons of network traffic so they can passively identify every server that people actually make connections to (even for the most obscure things like a rare banner ad or the data feed for some weather applet or whatever). If ANY of those servers have a vulnerability they can get in.

Each lead is sent to a team that specializes in exploiting it. Hmm, looks like they're using some load balancer on their webservers - based on traffic patterns it might be this one. Let's give it to the guy who has taken apart two of them and knows the firmware inside and out. Looks like their weather uses some obscure XML type - let's get a guy who knows all about it to see if maybe the parser lets in some obscure field in the spec that the underlying app server might choke on.

Then you get in. The guy who manages to get a little access on a single box doesn't have to try to figure out the whole network on his own. Instead a team that specializes in DMZ mapping takes over and figures out what their datacenter looks like. Whole new teams work on additional exploits.

Once they find some good places to hide trojans then another team takes over. That load balancer firmware expert knows exactly how to create a hidden partition in the flash on one of the NICs installed in it which somehow gets triggered by some interrupt to run some code - maybe triggered by a specially crafted packet hitting it from the net. Specialists could sneak code into all kinds of places where nobody would ever spot it - probably in more than one place so a system upgrade wouldn't break their access.

Big companies have all kinds of proprietary software that isn't all that secure. The thing is that most teenage/college hackers don't ever see this software and as a result don't hack it. They might write a virus that targets excel, but they don't have one that targets some $3M payroll management system.

Once everything is in place it goes to the monitoring team which makes sure the trojans/etc stay in place with some stealthy pings from time to time. They can stay on top of thousands of hacks and bring in help when something goes wrong - just think of them like you think of your server monitoring team at work...

Don't under-estimate the capability of a well-run professional team - especially a fairly new one.

Granted, in 20 years it will start to resemble the IT at many fortune 500s. Hmm, the exploit script doesn't work - too bad we didn't pay the guy who wrote it enough and he's gone. What, the monitoring team isn't doing its job right - oh, but the guy who heads it up is the boss's cousin - well, maybe we won't ever need those exploits to remain in place...