The Enemies of the Internet 2013 - China

The Chinese Communist Party runs one of the world's biggest digital empires, if not the biggest. In the Middle Kingdom, all Internet access is owned by the state, which is usually another way of saying the Party. Individuals and companies have to rent their broadband access from the Chinese state or a state-controlled company. The four national networks, CTNET, Chinanet, Cernet and CHINAGBN, are the backbone of the Internet in China. The network was restructured in 2008, leading to the emergence of three major national service providers, China Telecom, China Unicom and China Mobile, in all of which the state has a majority control. Public access to the Internet is delegated to regional companies.

The Internet in China

• Population: 1.34 billion

• Number of Internet users: 564 million

• Internet penetration rate: 42.1 percent

• Number of journalists in prison: 30

• Number of netizens imprisoned: 60

In a report issued in January this year, the government's China Internet Network Information Center (CNNIC) claimed a penetration rate of 42.1 percent. It says China has 564 million Internet users, of whom 277 million access the Internet via a mobile device. Although it is difficult to give an accurate number of western social networks users in China, some reports say that Facebook users have reached 63.5 million (an eight-fold increase in two years) and that Twitter users are now 35 million (a three-fold increase in three years). Estimated number of Weibo users is 504 million.

A DSL connection with a data rate of one megabit costs between $10 and $20 a month, depending on the province.

Surveillance of the network

A government matter

Many government departments are involved in censoring and monitoring the Web:

• The Internet Affairs Bureau and the Centre for the Study of Public Opinion of the State Council Information Office (effectively the government)

• The Internet Bureau and the Information and Public Opinion Bureau of the Publicity Department (formerly the Propaganda Department).

• The Ministry of Industry and Information Technology (MIIT)

• The Internet Information Security Supervision of the Ministry of Public Security

• The Ministry of Industry and Information Technology's Internet Illegal Information Reporting Centre

Table: Internet control bodies

The fourth and fifth of these bodies deal with issues of pornography, violence and computer fraud. The MIIT does not have direct control over the Internet. The bodies that have any real effect are the State Council Information Office and the Publicity Department.

The Great Firewall of China

The tools put in place to filter and monitor the Internet are collectively known as the Great Firewall of China. Begun in 2003, it allows access to foreign websites to be filtered. Besides the usual routing regulations that allow access to an IP address or a particular domain name to be blocked, the Great Firewall of China makes large-scale use of Deep Packet Inspection (DPI) technology to block access based on keyword detection.

According to a report entitled Planet Blue Coat by The Citizen Lab, an interdisciplinary research centre at the University of Toronto, at least three Blue Coat servers are used by the ISP China Net (controlled by the Chinese government) in Szechuan Province. Their presence was detected in late 2012. Blue Coat is a company that specialises in network surveillance products. The servers identified in China are of the PacketShaper type. They allow monitoring and control of Internet traffic by blocking feeds and content that are considered undesirable.

Access to circumvention tools

There are many ways of circumventing this Orwellian surveillance system, such as proxy servers, VPN, and Tor, but these are little used by ordinary Chinese.

Subscription VPN is not popular in China. It requires a credit card, which is an effective means of identification. Also, given that any company selling VPN services in China must register with the Ministry of Industry and Information Technology, using them can be even more risky.

Free workaround tools such as Tor or Freegate are constantly targeted by the authorities, which makes them slow and unstable. This means they are not used regularly. That leaves solutions provided by companies outside China. Until recently, these were the preferred alternative for Chinese citizens.

Great Firewall of China now plugged in

During the 18th Chinese Communist Party Congress last November, the Chinese authorities, keen to tighten their stranglehold on news and information, carried out a major upgrade of the Great Firewall. VPN services provided by non-Chinese companies were scrapped. The main users of foreign-hosted VPN had their connections cut.

The Great Firewall now has the ability to dynamically block encrypted connections. One of the country's main ISPs, China Unicom, automatically cuts a connection as soon as it is used to transmit encrypted content.

Until now, only the VPN service of the company Astrill appears to allow Chinese citizens to pass through the Great Firewall and remain unidentified on the Internet. The other main VPN providers such as Witopia, StrongVPN and AirVPN remain blocked.

Workarounds blocked, netizens exposed

The use of VPN not only allows users to circumvent obstacles imposed by the authorities but also to conceal their IP addresses and encrypt their Internet communications. The main hitch caused by the upgrade of the Great Firewall and the blocking of all means of encryption is that this exposes Chinese journalists' and netizens' communications to the authorities' monitoring system.

Integrated monitoring system

The monitoring system developed by China is not confined to the Great Firewall, i.e. monitoring and blocking outgoing and incoming communications. Monitoring is also built into social networks, chat services and VoIP.

In China, private companies are directly responsible to the authorities for surveillance of their networks to ensure banned messages are not circulated.

The QQ application, owned by the firm Tencent, allows the authorities to monitor in detail exchanges between Internet users by seeking certain keywords and expressions. The author of each message can be identified by his or her user number. The QQ application is effectively a giant Trojan horse.

Since March last year, new legislation requires all new users of micro-blogging sites to register using their own name and telephone number. To force existing users to submit to scrutiny, the site Sina Weibo introduced a points-based permit two months later as part of its new user conditions. Each of Weibo's 300 million users is assigned an initial 80 points. A predetermined number of points is deducted for each violation of the conditions. When users have been stripped of all their points, their Weibo accounts are closed. Users on the verge of running out of points will be able to recover some if they spend two months without committing a violation or if they perform some unspecified promotional activity.

The highly popular WeChat mobile phone text and voice messaging communication service developed by Tencent changed its user conditions in February. Public users of the application, largely used by companies and celebrities, must now provide the number of their national identity card, their mobile telephone number and other personal information. They must also submit a copy of their identity card.

To ensure full control and put a stop to any attempt to prevent identification, the National People's Congress approved a rule requiring citizens who want to subscribe to Internet and phone services to provide their real identities.

TOM-Skype

It is not only social networks that are affected by these control measures. Skype, one of the world's most popular Internet telephone platforms, is closely monitored. Skype services in China are available through a local partner, the TOM media group. The Chinese-language version of Skype, known as TOM-Skype, is slightly different from the downloadable versions in other countries.

In order to conform to the restrictions imposed by the government, TOM-Skype software is equipped with an automatic filter. When certain keywords are detected in a text chat, the message is blocked and stored on an online server, according to a report by the OpenNet Initiative Asia. It said certain user names may also trigger the monitoring and interception of TOM-Skype text chats. The OpenNet Initiative Asia report also says everyday conversations are captured on servers. A sender's or recipient's name may be enough in itself to trigger the interception and storage of a conversation.

If workaround tools such as Tor or VPN are not used, the official Skye website (http://www.skype.com) redirects the user to the TOM-Skype website. The two sites are similar and some TOM-Skype users may not be aware that they are using a modified version of Skype and their security may be at risk.

In January this year, Reporters Without Borders and other NGOs sent an open letter to Skype asking it to clarify its relationship with TOM-Skype and to give details of the surveillance and censorship capabilities embedded in its software.

Foreign companies asked to help

The Quality Brands Protection Committee, which represents a number of multinational companies operating in China such as Apple, Nokia, Toyota and Audi, sent an email to its 216 members informing them of the Chinese authorities' concerns about the use of VPN by their employees in China to bypass the Great Firewall and communicate with other branches outside the country, and warning them they may be visited by the police. The email reported that the Chinese authorities were concerned about the use of VPN by multinational companies operating in China.

Police in Beijing, Hebei and Shandong were reported to have already asked some of these firms to install software allowing their networks to be monitored, on pain of having their Internet access cut off.

Collateral damage

A major impediment to the deployment of tools to monitor and control the network in China, aside from the issue of freedom of expression to which the Chinese pay little heed, is the economic impact of such measures on both Chinese and foreign companies. In the Internet age, surveillance is a cost that has an effect on business competitiveness.

Those who run online portals are frustrated by the time and energy invested in implementing censorship mechanisms. China's Web giant Tencent has to invest a huge sum in implementing censorship mechanisms in its online chat service. When the Great Firewall was upgraded, since when encrypted connections have been routinely blocked, many foreign companies operating in China that use VPN to access data outside the country have been penalised.

A recent example of the economic boundaries of censorship and control of the Chinese network concerns the biggest open-source hosting and repository platform, GitHub. GitHub hosts open-source software and numerous libraries of code that are invaluable for software developers.

After GitHub published a list of those who contributed code to the Great Firewall, and the large number of comments that ensued on the site, the Chinese authorities tried to block access to it. But GitHub uses the protocol https which prevents the authorities from blocking just the page containing the names of the Great Firewall contributors. Their other choice was to block access to the whole site, thereby denying access by Chinese companies working in the new technology sector to indispensible lines of code that it hosts, which was not an option.

Their only way of tackling the issue was a so-called "man-in-the-middle attack". A third party posing as a certification authority can interpose themselves between an https site and an individual user and intercept encrypted communications. This type of attack may not be obvious and most browsers, such as Chrome and Firefox, send security alerts to warn users when one is in progress.

The Chinese authorities use this system. On 26 January this year, Chinese Internet users who connected to GitHub received a warning that a third party was impersonating the site. The authorities' man-in-the-middle attack lasted ,just an hour and was rather crude and easily identifiable. During that hour, however, any users who ignored their browsers' warnings could have been tracked, their IP address recorded and their passwords intercepted.

Internal and external surveillance

China has shown itself willing to extend surveillance beyond its own borders. On 30 January, the New York Times reported that it had been the target of attacks by the Chinese government. The first breach took place on 13 September 2012 when the newspaper was preparing to publish an article about the fortune amassed by the family of outgoing Prime Minister Wen Jiabao.

The newspaper said the purpose of attacks was to identify the sources that supplied the newspaper with information about corruption among the prime minister's entourage. The Wall Street Journal and CNN also said they had been the targets of cyber attacks from China. In February, Twitter disclosed that the accounts of some 250,000 subscribers had been the victims of attacks from China similar to those carried out on the New York Times.

Mandiant, the company engaged by the NYT to secure its nework, identified the source of the attacks as a group of hackers it called Advanced Persistant Threat 1. According to a Mandiant report, the group operated from a 12-storey building in the suburbs of Shanghai and had hundreds, possibly thousands, of staff. It is believed to have the direct support of the Chinese government and is a unit of the People's Liberation Army. While it is clear the attacks on the New York Times, the Washington Post and Twitter did take place and where they originated from, the debate sparked by the report by Mandiant, which also counts the U.S. government among its clients, has given the company unhoped-for media exposure. The boundary between a successful public relations campaign and a factual report is difficult to set.

Main violations in the country

China jails more people involved in news and information than any other country. Today 30 journalists and 69 netizens are in prison. Among them are several emblematic victims of the crackdown, which is subject to lulls as well as periods of tension, such as the start of the Arab spring and before and during last year's party Congress.

Many foreign journalists in China have told Reporters Without Borders that they take for granted that their telephones are tapped and their email is monitored. Local journalists also report that it has become more difficult for them to do their job. Many are suspicious of their foreign colleagues.

The cyber dissident Hu Jia served three-and-a-half years in prison for "inciting subversion". He was released in June 2011 but is still deprived of his civil rights and remains under house arrest. A few months after his release, the authorities seized his personal computer in order to retrieve his contacts and sensitive data.

In Tibet, there is now routine surveillance of Buddhist monks, among the last remaining conduits of information. The authorities have shown they are prepared to carry out raids on monasteries. On 1 September, 60 military vehicles descended on the Zilkar Monastery. Computers, DVDs, documents and photographs were seized from the monks' rooms.

During the night of 5 November, a few days before the party congress opened, the lawyer and blogger Shu Xiangxin, who specialises in land rights in the eastern province of Shandong, was arrested and his computer seized.

On 9 November, the blogger Cheng Zuo Liang was taken to the police headquarters in the eastern city of Ningbo for questioning about his links to a case involving the building of a polluting chemical plant. The police reminded Cheng he was banned from talking to Hu Jia during the party congress. The police also cited details from phone calls and emails between the two dissidents, confirming that Hu was under close police surveillance.

In April 2012, the artists and human rights campaigner Ai Weiwei, made a mockery of the surveillance arrangements by installing four webcams in his office and bedroom which filmed him around the clock. His web feed was shut down after a few hours.

Possible solutions

Websites such as GitHub, which are economically indispensible as well as performing a social function, present a real challenge to the Chinese authorities, who are unable to block or monitor them without penalising an entire section of the economy. This kind of service is a headache for China's Web monitors and provides a loophole for Chinese users of the Internet.

Other services such as repository services, servers that host the source code for Linux applications, have similar characteristics as GitHub and are an ideal way of getting past the Great Firewall, although they are difficult for non-developers to access.

Since the Great Firewall was upgraded, both subscription and free-of-charge VPN providers have developed their technologies still further. As of now, the free VPN available through Freegate still functions and can be used. As far as subscription software goes, Astrill has been the most responsive and its product is still able to circumvent the blockages in China.

This year the Chinese authorities have shown themselves to be responsive and that they know how to develop the Great Firewall to cope with major events such as the Bo Xilai scandal and the 18th party congress. It is a real cat-and-mouse game between government technicians and "hacktivists" or companies that offer data encryption and ways of circumventing the Great Firewall. In the words of a Freegate engineer, it is a matter of staying one step ahead and keeping future improvements in circumvention technology up one's sleeve. The main difficulty in this game is to provide journalists and netizens on the ground with the latest software.

For more information, read our Online survival kit.