On an early spring day in north-central China two years ago, the People’s Liberation Army held a ceremony to mark the establishment of an information warfare militia unit.
Local dignitaries were invited, and the county government noted on its Web site that the militia’s peacetime mission would be to “extensively collect information from adversary networks and establish databases of adversary network data.” In wartime, the militia’s assignment would be to “attack adversary network systems, and resist enemy network attacks.’’
The PLA even issued a press release touting the reliability of its new unit. A three-year development program, it said, would build ‘‘a unit that is steadfast in political belief, that has pure ideology and morals, that has a superior quality of professionalism . . . that performs propaganda for the Party, that benefits the people, and that can provide effective strength to the military for winning future wars.”
This information comes from last year’s report to Congress by the bipartisan U.S.-China Economic and Security Review Commission. Attacks on American military computer systems increased from about 1,400 in 2001 to more than 54,000 in 2008 and a projected 87,000 in 2009, the panel said. Though not all of this activity originates in China, the commission quoted a study it commissioned from Northrop Grumman that concluded China “is likely using its maturing computer network exploitation capability to support intelligence collection against the U.S. government and U.S. defense industries by conducting a long-term, sophisticated, computer network exploitation campaign.”
It therefore came as no particular surprise when Google announced that it was targeted last month in a series of attacks from China that appeared to be aimed, among other things, at compromising the email accounts used by Chinese dissidents. It also was no surprise that, of a least 20 Western companies that Google said were attacked at the same time, none publicly blamed China and only a handful, including software maker Adobe Systems Inc., even acknowledged the attacks. Corporate leaders have for years kowtowed to Chinese abuse to preserve access to the country’s potentially lucrative markets.
The surprise was that Google finally stood up to the Chinese. Since it launched Google.cn in 2006, Google has complied with the Chinese government’s onerous censorship requirements, helping to block over 300 million Internet users’ access to certain content. A search on the term “Tiananmen Square” produces more than 1.3 million Google results on my computer. That same search in China yields a blank screen.
But, in a sudden reversal, Google declared last week that it has had enough. Unless it can come to an agreement with the government permitting it to display unfiltered search results, which is highly unlikely, Google said it will pull out of the Chinese market, closing the Beijing office where it currently employs about 700 people.
Google has always had qualms about tolerating Beijing’s demand for censorship. It now says it did so only out of the “belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results.”
However, the Chinese government’s continued determination to restrict users’ access to information and the recent wave of attacks have led the search engine company to “conclude that we should review the feasibility of our business operations in China.”
It is nice that Google finally recognizes the realities of dealing with China’s self-appointed and self-perpetuating regime, but it is not enough. Google can take itself out of China’s jurisdiction by closing its offices there, but it cannot take itself beyond the reach of spies, saboteurs and criminals who operate in safety from behind the Great Firewall, as well as in Russia and other lawless corners of cyberspace. It is time to change that.
The Internet’s open structure has a lot of advantages. It is particularly important to people in places like China and Iran who can, with some effort, get around local authorities’ efforts to control the flow of information. But most of us in the West have no need to talk to anyone in Russia, China or Iran. I would prefer to have my computers connected to a network that excludes access from those places. The Internet, as it is presently structured, is pretty much an all-or-nothing option.
If the government or a private vendor — Google, are you listening? — offers me a proprietary, semi-closed solution in which all users would have to be authenticated through a central server, I probably would jump at the chance to use it. Content like this subversive column could be mirrored on the open Internet, but access to my computer, including the ability to send emails or other messages to me, would be limited to fellow members of the SecureNet. Users in uncooperative or unreliable jurisdictions need not apply.
We use passports and visas to control the flow of visitors to our shores and to keep out undesirables. We have customs inspectors and quarantines to try to ensure that only safe goods enter our stream of commerce. But in a world where more and more of what we value resides on our computers, we have doors without locks, and we prop them wide open, too.
This may have made sense once upon a time when the Internet was merely an academic tool. It makes no sense today. It is high time to face facts and fix the Web.