Furious Google throws down gauntlet to China over censorship - Google is done censoring search results in China and is prepared to abandon the country over the issue. The move comes amid revelations that Chinese hackers spied on human rights advocates around the globe by infiltrating Google's network.
Well, we've got to hand it to Google—the company's "don't be evil" schtick has long worn thin and governments around the globe are already probing its potential monopoly power, but who else would come out swinging against the entire Chinese government and announce an end to its own collaboration in censorship, all while recognizing that it could lose access to the entire Chinese market? And do it in a blog post?
This far but no further
The extraordinary announcement came this afternoon: Google has had it with China's pervasive web of censorship and spying, and the company is done censoring its search results in China. The decision wasn't made in a vacuum, but rather came after years of increasing cyberattacks from the Chinese mainland. A recent, massive infiltration attempt that targeted Google and 20 other tech companies was the final straw. Though Google stops short of naming the Chinese government as the party behind the attacks, the implication is clear.
In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident—albeit a significant one—was something quite different.
The attack hit major companies in the "Internet, finance, technology, media, and chemical sectors" as well. Its goal was "accessing the Gmail accounts of Chinese human rights activists," though it does not appear that anything more than subject lines were ever compromised. If that's not bad enough, Google also says it has acquired some intriguing evidence over the course of its investigation: "the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers."
The sheer scope of such attacks is staggering. They show a coordinated effort to target specific human rights advocates not just in China but around the world, and to do so by attempting to infiltrate some of the world's most advanced computer networks belonging to some of the world's largest companies. (A Microsoft spokesperson tells Ars tonight, "We have no indication that any of our mail properties have been compromised." In response to some follow-up questions, we were told that the software giant would have no further comment.)
China has been well-known for going after the electronic communications of dissidents, and companies like Yahoo have in the past complied with Chinese government requests for e-mails. Those demands, however distasteful, at least followed a rough legal process in China. But Google's account indicates that, if the Chinese government is in fact linked to these recent attacks, it is willing to adopt extra-legal hacking in order to keep up its surveillance—and to do so anywhere in the world that communications of interest might be stored. Such a concerted program would be a marked escalation in the government's willingness to interfere in the operations of Internet companies in order to promote "stability."
Google has always claimed to be dissatisfied with the demands that it censor Chinese search results, but it has gone along with then since 2006. The argument has been that engagement with China, even in a censored fashion, was better than no access to tools like Google. But the recent attacks have caused a change of heart in Mountain View.
"We have decided we are no longer willing to continue censoring our results on Google.cn," announced Google's Chief Legal Officer David Drummond today, "and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."
That could be a big price to pay, given the size of China's burgeoning market. On the other hand, Google and other foreign search engines have had trouble gaining real traction in the local market and are regularly whipped by competitors like Baidu. And the price for operating in China is already high; the government has severe restrictions on ownership of businesses, which forces Internet companies into partnerships with local firms and subjects them to strict rules about censorship, pornography, and data retention.
A history of hacking?
China certainly isn't the only country to engage in hacking abroad, and it's certainly not the only country to employ powerful extra-legal surveillance of communications (the US' warrantless wiretapping comes to mind). China has become quite good at it, however, triggering reactions from countries as diverse as India, the US, New Zealand, and South Korea.
A recent report on Chinese cyber-warfare activities, produced by US military contractor Northrup Grumman, ends with a graphic showing the number of international incidents related to alleged Chinese hacking in the last decade. It's quite a list.
(image source: Northrup Grumman)
As to goals, one of the biggest is ripping off research breakthroughs in order to save time. The report notes that "Chinese industrial espionage is providing a source of new technology without the necessity of investing time or money to perform research... Chinese espionage in the United States, which now comprises the single greatest threat to US technology, according to US counterintelligence officials, is straining the US capacity to respond. This illicit activity both from traditional techniques and computer-based activity are possibly contributing to China’s military modernization and its acquisition of new technical capabilities."
Did that approach extend to the attack on Google? It's not clear what "intellectual property" was stolen by the attackers, but it went beyond just trolling for the e-mails of human rights advocates.
VeriSign's iDefense unit has been looking at the attacks already. In an e-mail sent to Ars tonight, the group concluded that "the attack is the work of actors operating on behalf of or in the direct employ of official intelligence entities of the People’s Republic of China—and in many cases the attacks were successful." According to VeriSign's count, more than 30 companies were affected, up from the 20 counted by Google.
Google to end China censorship after e-mail breach
SAN FRANCISCO – Google Inc. will stop censoring its search results in China and may pull out of the country completely after discovering that computer hackers had tricked human-rights activists into exposing their e-mail accounts to outsiders.
The change of heart announced Tuesday heralds a major shift for the Internet's search leader, which has repeatedly said it will obey Chinese laws requiring some politically and socially sensitive issues to be blocked from search results available in other countries. The acquiescence had outraged free-speech advocates and even some shareholders, who argued Google's cooperation with China violated the company's "don't be evil" motto.
The criticism had started to sway Google co-founder Sergey Brin, who openly expressed his misgivings about the company's presence in China.
But the tipping point didn't come until Google recently uncovered hacking attacks launched from within China. The apparent goals: breaking into the computers of at least 20 major U.S. companies and gathering personal information about dozens of human rights activists trying to shine a light on China's alleged abuses.
Google spokesman Matt Furman declined to say whether the company suspects the Chinese government may have had a hand in the attacks.
Secretary of State Hillary Rodham Clinton said the Google allegations "raise very serious concerns and questions" and the U.S. is seeking an explanation from the Chinese government.
Google officials also plan to talk to the Chinese government to determine if there is a way the company can still provide unfiltered search results in the country. If an agreement can't be worked out, Google is prepared to leave China four years after creating a search engine bearing China's Web suffix, ".cn" to put itself in a better position to profit from the world's most populous country.
"The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences," David Drummond, Google's top lawyer, wrote in a Tuesday blog posting.
A spokesman for the Chinese consulate in San Francisco had no immediate comment.
Abandoning China wouldn't put a big dent in Google's earnings, although it could crimp the company's growth as the country's Internet usage continues to rise. China's Internet audience already has soared from 10 million to nearly 340 million in the past decade.
Google, based in Mountain View, said its Chinese operations account for an "immaterial" amount of its roughly $22 billion in annual revenue. J.P. Morgan analyst Imran Khan had been expecting Google's China revenue to total about $600 million this year.
Although Google's search engine is the most popular worldwide, it's a distant second in China, where the homegrown Baidu.com processes more than 60 percent of all requests.
Free-speech and human rights groups are hoping Google's about-face will spur more companies to take a similar stand.
"Google has taken a bold and difficult step for Internet freedom in support of fundamental human rights," said Leslie Harris, president of the Center for Democracy & Technology, a civil-liberties group in Washington. "No company should be forced to operate under government threat to its core values or to the rights and safety of its users."
It's "an incredibly significant move," said Danny O'Brien, international outreach coordinator at the Electronic Frontier Foundation, an Internet rights group in San Francisco. "This changes the game because the question won't be 'How can we work in China?' but 'How can we create services that Chinese people can use, from outside of China?'"
Many Web sites based outside China, including Google's YouTube video site, are regularly blocked by the country's government.
Google's new stance on China was triggered by what it described as a sophisticated computer attack orchestrated from within the country. Rep. Anna Eshoo, D-Calif., praised Google for disclosing chicanery that "raises serious national security concerns."
Without providing details, Google said it and at least 20 other major companies from the Internet, financial services, technology, media and chemical industries were targeted. The heist lifted some of Google's intellectual property but didn't get any information about the users of its services, the company said. Google has passed along what it knows so far to U.S. authorities and other affected companies.
It does not appear that any U.S. government agencies or Web sites were affected by the attack, according to two U.S. administration officials. The officials spoke on condition of anonymity because they were not authorized to speak publicly about the issue.
The assault on Google appeared primarily aimed at breaking into the company's e-mail service, "Gmail," in an attempt to pry into the accounts of human right activists protesting the Chinese government's policies.
Only two e-mail accounts were infiltrated in these attacks, Google said, and the intruders were only able to see subject lines and the dates that the individual accounts were created. None of the content written within the body of the e-mails leaked out, Google said.
As part of its investigation into that incident, Google stumbled onto another scam that was more successful. Google said dozens of activists fighting the Chinese government's policies fell prey to ruses commonly known as "phishing" or malware. The victims live in the United States, Europe and China, Google said.
Phishing involves malicious e-mails urging the recipients to open an attachment or visit a link that they're conned into believing comes from a friend or legitimate company. Clicking on a phishing link of installs malware — malicious software — on to computers.
Once it's installed on a computer, malware can be used as a surveillance tool that can obtain passwords and unlock e-mail accounts.
Google's unfettered search results won't necessarily ensure more information will be made available to the average person in China because the government could still use its own filtering tools, said Clothilde Le Coz, Washington director for Reporters Without Borders, a media watchdog group.
"The Chinese government is one of the most efficient in terms of censoring the Web," she said. The blocking technology has proven so effective that it's become known as the "Great Firewall of China."
I'm really proud of Google for finally saying that enough was enough and living up to their motto.
UPDATE: Google has already stopped censoring google.cn, and apparently put their Beijing staff on paid leave. They did not mess around.