Corporate complicity with the Great Firewall

Published 13.08.2008 ‘Comment is Free’

China is strongly criticised for its internet censorship – but it is western technology firms that have provided the tools for the job

Like its precursor, the Great Wall of China, the Great Firewall was constructed to guard China from waves of foreign influence and information intrusion. With the world’s spotlight on China and widespread criticism of its repressive actions, one should not forget that the knowledge and technology used to create the world’s most prominent Big Brother society was designed in the west, often by the very same corporations whose advertisements on TV take up the time between the relay race and the javelin competition.

Much more than your standard internet filtering gateway, the Great Firewall comprises an administrative collaboration of seven government ministries, unrestricted access to numerous public record databases, closed circuit television footage with built-in facial recognition systems, as well as the more well-known information surveillance and censorship technology. Software and hardware purchased from around the world continue to tighten the screws of a digital information society. Network control and optimisation, intrusion detection and other security features promised in the product brochures of western IT firms are put to use against the rights to privacy and freedom of an entire populace. This is a brief survey of the surveillance scene:

A recent (non-intrusive) scan through the website of the Chinese Ministry of Public Securityrevealed a number of documents listing an inventory of various security technologies. One spreadsheet details software and hardware implemented for network surveillance, packet scanning and user detection. A closer inspection reveals that the Chinese internet infrastructure employs a huge array of security products, procured from companies all around the world. An example of four tools, chosen from the several hundred found in the inventory:

XSGuard Management System: purchased from the Els Shield (Shanghai) Information Technology Co Ltd, network management software developed in the Netherlands. It allows for monitoring of network packets and performing digital forensics.

Cisco 4125 Intrusion Detection System:purchased from Cisco China and used for monitoring activity on the T1 subnet. Other items sold include the ASA 5505, which “provides intelligent threat defense and secure communications services that stop attacks before they impact business continuity.”

YangNet Police Network Intrusion Detection System: purchased from the Bright Oceans Corporation in China. According to their (badly translated) website, the product “acts in a transparent based on a URL filtering and text content filtering, shielding bad, illegal site, on the conduct of fine-grained web content filtering and the precise control and prevent all internal net users to browse the cult, pornography and other undesirable foreign websites and webpages. This feature is suitable for primary and secondary schools, tertiary institutions, government, business and professional applications.”

Radware DefensePro 2000: an Israeli technology organisation; in this case, the product offers an “Adaptive Decision Engine: behaviour-based, self-learning mechanism proactively scans for anomalous network, server and client traffic patterns … and is designed for enterprise core and perimeter deployment, data centers, university campuses and carrier backbones.”

A popular acronym in government, big business and the military for today’s centralised surveillance technologies is “C4I” (Command, Control, Communications, Computers and Intelligence). The top shelf of the technology market offers solutions that integrate closed circuit television with criminal records databases, national health insurance with biometric ID cards, holiday travel bookings with international terrorist lists and so on.

Security China 2000, the largest national security exhibition, attended by the world’s most renowned IT corporations, marked a beginning of Chinese endeavours to create the world’s most sophisticated surveillance infrastructure. It was sponsored by the Chinese Public Security Bureau, the ministry in charge of policing the internet. The meeting was attended by US-based Lucent, Sun Microsystems and Cisco, European wireless giants Nokia and Ericsson, and Canada’s Nortel Networks, among many others. The main event was China’s Golden Shield Project – an ambitious plan to link China’s national and internet surveillance networks, public record databases, CCTV cameras, speech and face recognition databases, smart cards, credit records and a myriad of regional and national ministries. Their mission was to make the network “see, hear and think” in the continuing effort to solidify state control.

Nortel Networks continues to work with the Chinese Tsinghua University on developing speech recognition software, often used in surveillance of telephone conversations, allowing the network to hear. It has also widely distributed its “personal internet suite” to providers in Shanghai, Beijing and other major Chinese cities. The software allows IPs not only to monitor what their subscribers are doing online, but to control what information is delivered to them.

Content requested from a home computer for topics deemed undesirable will be stored against that person’s personal file in numerous databases. The network rolled out with product and knowledge support from western IT firms is designed to think – that is, to identify individual subscribers when they log on, matching names to IP addresses, and learning, over time, what interests them.

The Golden Shield Project also integrates a facial recognition system (FRS), partly developed by Acsys Biometrics, a Canadian company. Rolled out across closed-circuit video surveillance networks in Chinese cities, it allows the Golden Shield to see. Rick Collins, senior manager of Nortel’s advanced research laboratory, ProtoNet, said of the Acsys system: “Layering Acsys’ face recognition’s capabilities within Nortel Networks’ solutions will make communication networks more personal. I envision a network that knows who you are, where you are and can reach you whether you’re on your mobile phone or at your desktop.”

An enthusiastic business partner of the Chinese state apparatus has been Cisco. Notorious for its several appearances before the US House of Representatives to explain their role in supplying virtually the entire hardware on which the Golden Shield Project operates, as well as multiple systems to assist Chinese ministries responsible for catching political and social dissidents and censoring the internet. In 1997, Cisco won the contract to supply internet “firewall boxes” and, by 2006, they supplied 60% of the Chinese market for routers, switches and other sophisticated networking gear. Its estimated annual revenue from China is $500m.

In 2003, Cisco’s “Policenet” software was rolled out as the backbone of the Chinese state security system. This software, in conjunction with Intel’s fingerprint technology, is compatible with the Chinese surveillance systems and allows a policeman stopping a person on the street to scan that person’s ID card and access instantly the individual’s past political and social behaviour, family history and recent internet activity.

Terry Alberstein, director of corporate affairs for Cisco Systems (Asia Pacific), confirmed in 2005 that Cisco does indeed sell networking and telecommunications equipment directly to the Public Security Bureau and other law enforcement offices throughout China. Cisco recently stated that it also provides service and training to Chinese police officials. Unlike other IT companies, Cisco has signed contracts directly with Chinese public security authorities.

It is futile to argue whether western corporations are directly responsible for the uses to which China puts their technologies. Following basic free-trade principles, products are most likely sold “as is” to (rather than customised for) the Chinese government or third-party resellers. However, just as in the arms trade, these practices have led to the creation of a hostile digital environment, inhabited by Da Ge (pinyin for Big Brother). Whenever we pause to discuss or protest China’s decision to filter websites or jail Yahoo email account holders, we must bear in mind that the technology that has made this possible was built in our own backyard.

Trackback: The Guardian