Slashdot Mirror
Censorware Vendors Can Stop Mid-East Dealings
The Wall Street Journal published an article Monday listing the Western-made Internet censoring programs used by several Middle Eastern governments, in countries that filter what their citizens can access on the Web. Like a similar 2011 report from the OpenNet Initiative, hopefully this listing will shine a spotlight on the problem, and make it easier for human rights groups to call for these companies to stop aiding censorious governments.
However, I wish that the article had quoted someone giving a rebuttal to the several companies which claimed, "Once the customer buys the product, we have no control over it," as stated variously Netsweeper, Blue Coat, and McAfee (which makes Smartfilter). For a product that relies on continuous updates provided by the software company, this claim, of course, is nonsense. Unfortunately, the claim seems to go unchallenged so often, that there's a risk that it will start to affect policy -- people may believe that we can't regulate how American censorware is used by repressive countries, so we shouldn't even try.
Some background: When a customer buys a standard network filtering program like Websense, SmartFilter, or Blue Coat, the product comes with a built-in list of websites to be blocked by the software. (The customer can select or de-select categories of sites to be blocked, like "pornography" or "gambling".) The purchase of the software typically comes with a year or two of free updates to the blocked-site list. The software vendors employs a combination of human reviewers and (more often) automated crawlers to scour the Web looking for new sites that fall into their categories, and add these sites to their database. Customers who are within their subscription period can download periodic updates to this blocked-site list. After a customer's initial free subscription period runs out, they can opt to continue purchasing updates to the database. If they don't, then the product will continue to work, but the blocked-site list will be frozen (except for any new sites that the customer finds on their own and adds manually to their own blocked-site list).
Once the blocked-site list is frozen, the filtering product becomes ineffective against any user making a serious effort to get around it. This is because there are many mailing lists like mine that mail out new proxy sites every week (a proxy site is a site which contains a form that allows the user to access third-party Web sites indirectly, usually to circumvent Internet blocking). And as long as the user can access at least one unblocked proxy site, they can access any other blocked site by going through the proxy. So when a censorious regime stops updating their blocked-site list, the product becomes ineffective almost immediately. (For that, I suppose, the blocking companies should be grateful to us proxy site makers, since we make it necessary for their customers to keep renewing their blocked-site subscriptions year after year.)
So, even if one were to accept the (highly dubious) claim that the software vendors didn't realize what was going on when a foreign government approached them to buy their software, once they realize that their software is being used to violate the rights of the country's people, they can easily stop providing updates to that customer. This can be done by either (a) blocking the IP addresses that the customer uses to download the updates, or (b) blocking any further updates using that customer's license key. (Each installation of a blocking program like Websense comes with a license key unique to that customer, and the program has to submit the license key to the download server in order to download the latest update to the blocked-site list. If the customer's subscription runs out or gets cancelled, no more updates.)
This is roughly the situation that exists in Iran. The Iranian government claims to use McAfee's Smartfilter to filter Internet access for their citizens, despite McAfee's claim that they don't sell to Iran because of the embargo. But the evidence suggests that while Iran may have once acquired Smartfilter along with a copy of their filter list that was current at the time, they're not getting regular updates to the blocked-site list. From corresponding with Iranians and testing the filter through a server located inside Iran, I've found that most of the proxy sites we mail out never get blocked at all in Iran, even as they eventually get blocked in countries like Bahrain and Kuwait that are using Smartfilter with a subscription to the blocked-site database. The proxy sites we mail out that do get blocked in Iran are usually blocked a few days later than they are in Bahrain and Kuwait. This suggests that the Iranian censors are finding and blocking new proxy sites by ad hoc methods, and that they're not as effective at it as American censorware companies. So the Iranian situation proves two points: that Western blocking companies really can prevent a foreign government from using their products (well, duh), and that this restriction actually works, in the sense of making the country's filter less effective.
So when a McAfee spokesman told the WSJ reporters, "You can add additional websites to the block list; obviously what an individual customer would do with a product once they acquire it is beyond our control," that's true only in the most literal sense. Yes, Bahrain can add human rights web pages to their list of sites blocked by Smartfilter, and McAfee can't stop them, but the effectiveness of this block depends on the Bahrani censors using Smartfilter to block new proxy sites as well, which McAfee continues to aid them in doing, as a matter of choice.
Websense, incidentally, announced in 2009 -- in response to an earlier ONI report describing how their software was used to censor Internet access in Yemen -- that they would stop providing censoring software to the Yemeni government. But ONI's current report claims that the Yemeni government continued to use Websense into 2011, and Websense declined to comment. Maybe the Yemeni government was using Websense with a "frozen blocked-site list" -- but the ONI report includes at least one instance where a site that was un-blocked by Websense (the opennet.net domain itself!) became un-blocked in Yemen shortly afterwards. So maybe Websense just lied about canceling the Yemenis' license.
Could some censorious country like Yemen continue using the Websense filter -- with a continuously updated blocked-site list -- even after Websense truly tried to cut them off? Possibly, but it would probably be more trouble than it's worth. Yemen would have to set up a shell company outside of their own borders, with an overseas bank account, in order to purchase the software. Then after Yemen had installed Websense on their servers, they would have to download the updates indirectly by going through an anonymizing proxy set up in some other country as well. And if Websense ever found out which of their customers was a shell company used by the Yemeni government, they could cut off that customer's license, and the Yemeni censors would have to start all over again. It's probably safe to say that most Middle Eastern countries wouldn't find this worth the trouble. (After all, Iran could do everything I've just described, but apparently they haven't; they still seem to be using Smartfilter with an outdated copy of the blocked-site list, and adding new proxy sites to their blacklist manually.)
So far, proposals to ban American censorware companies from selling to foreign governments have not gotten off the ground -- and now with several Middle Eastern countries using or looking at Netsweeper, we'd have to get Canada on board as well. But at the very least, let's start calling out censorware companies on the canard that "We just sell the software and have no way of controlling who uses it." The companies know that foreign governments are using it to censor their own people, and they can cut them off as customers any time they want to; they just don't.
If the American military will agree to stop selling all these oppressive regimes jets, tanks, weapons, and training--all us software developers will agree to stop selling them software.
SJW: Someone who has run out of real oppression, and has to fake it.
"If Congress and the President will agree to stop selling all these oppressive regimes jets, tanks, weapons, and training--all us software developers will agree to stop selling them software."
Fixed.
Either way, saying I'll stop being bad if you stop first is simply childish shit.
As long as investors care more about quarterly profits than corporate ethics, this type of shit will never stop
If the American military will agree to stop selling all these oppressive regimes jets, tanks, weapons, and training--all us software developers will agree to stop selling them software.
The American military is often ridiculed for their role in strengthening oppressive regimes. These companies, on the other hand, actively deny their role in suppressing the free speech rights of other countries' citizenry. Whether or not they are legally permitted to supply that software is not the point; they should be held publicly accountable for their actions, and rightfully face any resulting backlash.
Hasn't this always been the case?
At the end of the day, the fact remains that if they do not do it, someone else will. Yes, that sounds like a bad and facetious argument, but unfortunately, it is a true one.
Now, one could argue that there is no need for the bigger companies to do this (e.g. McAfee), but the smaller ones will take whatever they can to survive (an unfortunate reality of capitalism). And if the bigger ones don't, then they could stifle the smaller ones (i.e. we are not doing this, you shouldn't, so where do you draw the line?).
At the end of the day, it is up to each individual country to determine, and the people to seek such rights from the government. Liberty should be earned -- and unless a civilization is mature enough to realize this, and fight for it, they will be stuck in a rut.
And unfortunately, once-enlightened societies such as the US are quickly giving up their liberty because newer generations have a fundamental lack of understanding of liberty, and what it takes to keep it.
And a couple of days before he left, the old president dropped his censorship all-together, trying to calm things down.
A couple of weeks after he left, the new gouvernment back then tried to restore the censorship again, just porn sites and the likes of 4chan. They were met with a new angry mob though, and now they dropped it alltogether.
Point is, I don't think that the people's mob will accept censorship again... For now....
I have a question. How do people who maintain proxy lists determine who to send the list out to? Basically, what stops the Iranian gov't from signing up to receive the weekly list and then quickly blocking the entries on the list?
While such software in of itself is not evil, and having an opt-in system to allow people to use such software to block out parts of the Internet they either do not want to see or are trying to protect someone else (think of the children!), I personally start having issues when its government mandated and no way to get around in a simple manner.
If my ISP (if it doesn't already) offered a mechanism to filter the Internet for me with a account specific password to get around it, I would not complain. However if tomorrow they put in a forced filter that I had no way to opt-out of, especially on a per-site basis, then I would have a problem with them.
To keep this on track, remember the article is talking about situations where governments force people to accept this, thus controlling what people can see and thus trying to think. Just using filtering software is not evil, and you are not forced to visit the whole Internet without it. Its forced censorship that is evil.
Free speech is a human right. The fact that some people are not allowed to exercise this right is a problem. After all, slavery is practiced in some countries and I doubt even the most morally challenged would claim that that this is not a human right issue.
Encryption software keeps working just fine when it's not allowed to phone home. In fact, it could be said to be a failure if it DOES phone home. Nobody expects anyone to keep the actual software under control, just direct access to the updates.
There's another side, a bit more onerous than "well, everyone else is doing it, why shouldn't they buy from US??".
That side is that these are international contracts, that when breached, have lots of implications for other contracts/contractors in that country. Arbitrarily killing someone's important software (to them) is as good as aiding the enemy in their minds. The paradox is that you can't censor this software, and no guidelines or international law covers what to do when something you've sold is abused by a foreign government to the perceived problem of the US government or its people.
Do you believe that oil drilling is bad? Should we censor software and equipment that does that? Should we stop searches that produce results that we don't like?
Can you sell to GB, whose human rights record is occasionally dubious? Or can you say no to South Africa, whose record until a couple of decades ago was abysmal? Should Israel get it, but not Egypt?
You open a can of worms if you start turning off or refusing to ratioanally update software to various regimes. If they should be quaratined, as I believe the McAfee-Iran citation is claimed, the McAfee has a clear 'out' by government fiat. If not, who's to say that Jordan is worse than Syria or Bahrain?
---- Teach Peace. It's Cheaper Than War.
An offer from Israel is an offer no company can refuse. It is illegal to say no. Howdya like that??
For justice, we must go to Don Corleone