02/25/2002, Volume 007, Issue 23

BEIJING
It's not easy being the father of the Chinese Internet. Children are running by, boats are paddling, the smell of roast lamb fills the air, and Michael Robinson, a young American computer engineer, sits rigidly, facing an empty cafe on the shore of Qinghai Lake, speaking in a low voice of the crackdown. "What is better? Big brother Internet? Or no Internet at all?" Michael asks.

Michael was hired in 1996 by the Chinese government and Global One (a Sprint-France Telecom-Deutsche Telekom joint venture) to build the first network in China providing public access to the Internet. One day sticks in his mind. The Chinese engineers working with him suddenly convened a special meeting, demanding to know if it would be possible to do keyword searching inside e-mails and web addresses on the Chinese Internet. Not really, Michael replied; all information that travels the Net is broken up into little packets. It's hard to "sniff" packets of information, particularly coded packets. You would need to intercept packets as they travel, and then there's the problem of collating the information they contain, actually making sense of it. Yes, yes, they said, but can you do it? On the third go-round, it dawned on Michael that his fellow computer geeks wanted to end the meeting, too. But at a higher level, someone required assurance. Before Internet construction proceeded further, they would need to monitor what Chinese users did with it. [...] As long as the foreigner assured them that down the road the Chinese would be able to build an Internet firewall against the world and conduct surveillance on its own citizens, the engineers could continue working with him. Yes, yes, it can be done, Michael told them, and they went back to work.

[...]

[Michael knows what Internet is about:] A system created to relay U.S. command messages over a damaged network after sustaining a Soviet nuclear strike could surely find a way to get messages through, securely, amid the white noise of millions of Chinese users. [...]

That vision has now been called into question, not by a failure of the Internet's architecture, but in several cases, by a failure of American corporate values. Let's start where Michael left off, with the expansion of the Chinese Internet. I treated a top Chinese engineer (who wishes to remain anonymous) to a 30-course imperial meal in Beijing. As hoped, the shark's fin soup loosened his tongue--on the subject of Cisco Systems. In the United States, Cisco is known (among other things) for building corporate firewalls to block viruses and hackers. In China, the government had a unique problem: how to keep a billion people from accessing politically sensitive websites, now and forever.

The way to do it would be this: If a Chinese user tried to view a website outside China with political content, such as CNN.com, the address would be recognized by a filter program that screens out forbidden sites. The request would then be thrown away, with the user receiving a banal message: "Operation timed out." Great, but China's leaders had a problem: The financial excitement of a wired China quickly led to a proliferation of eight major Internet service providers (ISPs) and four pipelines to the outside world. To force compliance with government objectives--to ensure that all pipes lead back to Rome--they needed the networking superpower, Cisco, to standardize the Chinese Internet and equip it with firewalls on a national scale. According to the Chinese engineer, Cisco came through, developing a router device, integrator, and firewall box specially designed for the government's telecom monopoly. At approximately $20,000 a box, China Telecom "bought many thousands" and IBM arranged for the "high-end" financing. Michael confirms: "Cisco made a killing. They are everywhere."

Cisco does not deny its success in China. Nor does it deny that it may have altered its products to suit the special needs of the Chinese "market"--a localization scheme the company avoided elsewhere in the world--but it categorically rejects any responsibility for how the government uses its firewall boxes. David Zhou, a systems engineer manager at Cisco, Beijing, told me flat out, "We don't care about the [Chinese government's] rules. It's none of Cisco's business." I replied that he has a point: It's not the gun but the way it's used, and how can a company that builds firewalls be expected to, well, not build firewalls? Zhou relaxed, then confidently added that the capabilities of Cisco's routers can be used to intercept information and to conduct keyword searches: "We have the capability to look deeply into the packet." He admitted that Cisco is under the direct scrutiny of State Security, the Public Security Bureau, and the People's Liberation Army (PLA).

Does Cisco allow the PLA to look into packets? Zhou didn't know or wouldn't say. But consider, for example, the arrest of veteran activist Chi Shouzhu last April. He was picked up in a crowded train station minutes after printing out online materials promoting Chinese democracy. Incidents such as this have mushroomed in China, suggesting that Cisco may not be the only one capable of looking deeply into the packets. In fact, Cisco's ability to thrive in China may well depend on cooperation with the Public Security Bureau and the PLA.

Cisco's firewall has proven to be far from foolproof. New sites on forbidden topics crop up daily, and with the proliferation of ISPs who just want more subscribers surfing, the lag time between updating the government's list of banned sites and implementation can be erratic. So Chinese security organs also needed to control the search engines through which new sites can be found.

[To be continued]

http://www.weeklystandard.com/content/public/articles/000/000/000/923vznzw.asp