In a purported effort to cut down on "ID sharing" in Beijing's Internet cafes, the government will require that by the end of 2008, first-time visitors will have their picture taken and ID scanned before being allowed online, according to The Beijing News and the China Media Project.
Users were already required to show identification when they entered, a rule that has been spottily enforced at times but more strictly, by most accounts, since preparations for the Olympics began. David Bandurski at China Media Project writes:
The newspaper quoted Li Fei (李菲), a spokesperson for the Beijing Cultural Law Enforcement Agency, as saying the policy was aimed at preventing "ID sharing" (一证多用). The monitoring platform will allow enforcement officials to target any terminal at any Internet bar in the city to compare the user with registered information.
Perhaps this is indeed aimed at "ID sharing," but another piece that Bandurski quotes, an editorial in the China Youth Daily, sees the new policy as creating the potential for invasion of privacy.
In this monitoring system that renders users "naked," how will the freedom and privacy of citizens using the Internet be protected? The Beijing Cultural Law Enforcement Agency reassures us that these controls end with the enforcement team's monitoring platform and that we "have no need to be concerned about the leaking of personal information."
But aside from worrying that personal information might be leaked to others, we also worry that the freedom of our online communication and the privacy of our conversations will be betrayed by public power.
Under this platform of "monitoring of any terminal at any Internet bar in the city," won't monitoring mean that enforcement officials will have the right or the opportunity to view our chat histories? Can they not read our private correspondence at will? Won't any and all online behavior fall under the eyes of the enforcement officials?
If this is the case, then all Web users really are "entirely naked," if only before a limited number of enforcement personnel.
Read a fuller quote from the editorial in Bandurski's post.
Security researchers recently found that IM conversations on the Chinese Skype program were not only filtered, but also recorded on a massive, nonsecure, server. The possibility of surveillance flies in the face of Skype's supposed strong encryption, and has provoked outcry among privacy advocates.
Users of the TOM-Skype platform, marketed in cooperation with a Chinese company, were "regularly scanned for sensitive keywords, and if present, the resulting data [were] uploaded and stored on servers in China," according to the report by Nart Villeneuve. Voice communications may have been catalogged, but researchers reported they did not find recorded conversations.
It wasn't just TOM-Skype users who were affected. Any Skype user who communicated with a TOM-Skype user was vulnerable, according to the report. And it didn't appear that keywords were the only trigger. Other factors, possibly individual usernames, might have been used to catalog data.
Villeneuve has posted a Q&A on his website that outlines some of the most common questions. (h/t Rebecca)
Although TOM-Skype was designed to prevent transmission of some keywords, such as an un-redacted "f*ck," Skype had claimed the filtering happened before the message was encrypted for transmission to the receiver, Villeneuve writes in the Q&A. His findings, if true, would contradict this claim.
Free expression advocates have been sharply critical of eBay, Skype's parent company, for this behavior. Rebecca MacKinnon, a professor at Hong Kong University and an expert on Chinese internet restrictions, writes:
"While Skype claims to have fixed the problem, the fact that TOM-Skype was enabling surveillance and privacy breaches in such a shocking manner for a significant period of time demonstrates that eBay/Skype as a company has not placed enough emphasis on protecting users' rights and interests."
Aside from an outpour from censorship activists, this finding also shows that many messages that were logged without users' knowledge were available to a hacker because the servers storing the information were not secure. The report notes that the servers were probably compromised before what the researchers might consider their "benign attack."
In fact, evidence suggests that the servers used to store captyured data have been compromised in the past and used to host pirated movies and torrents (for peer-to-peer file sharing).
Obviously, people who want to communicate securely in China will need to use other technologies.
User privacy concerns on Chinese social-networking sites have led the biggest players to block indexing by Baidu, China's leading search engine, according to Beijing-based Marbridge Consulting.
The blogging site of Sohu.com, China's leading portal, as well as social networking sites including 51.com, Xiaonei, and Hainei have blocked Baidu's spiders from indexing the sites, Marbridge reported. Other search engines may also be blocked.
The reasoning behind this move may reveal a pragmatic commitment to security by obscurity for people who post under their real names and may want to avoid attention from employers, acquaintances, and government monitors.
But if Sohu blogs aren't indexed, there may be radical effects on the Chinese blogosphere.
Regardless, the attempt at security is partial at best. The data, of course, is still published. Just as Americans have gradually come to terms with the fact that placing something on MySpace, Facebook, or other sites may make it accessible to prospective employers or others, data posted on Chinese portals is accessible to a variety of actors.
Even if privacy controls intended to restrict access to approved users are used, the Chinese government's power to look at data contained on servers within its borders makes government surveillance only slightly more circumscribed.
Further, search engines might simply switch to spider IPs or behaviors that get around the blocks, though this may be unlikely given that leading engines tend to obey "no spiders" signs in robots.txt.
This move may still be good for social-networking sites. But for blogs, a block can be disastrous if it isn't optional.
As those of us who blog know all too well, the success of one's work and the likelihood that anyone reads it is dependent on links. Links, links, and more links. But if someone searching for discussions of a certain topic can't find our work, we're out of luck.
For personal blogs, this is no big deal. I could care less if people index my daily musings on a personal blog. But for people who wish to participate in the vibrant world of online discourse, being obscured from search engines is a game changer.
It's unclear to me at this point whether Sohu's block will remove its blogs from the searchable world. But if it does, prepare to see a deluge of Chinese bloggers switching to different platforms.
- prev
- 1
- next
