02/25/2002, Volume 007, Issue 23
BEIJING
It's not easy being the father of the Chinese Internet. Children are running by,
boats are paddling, the smell of roast lamb fills the air, and Michael Robinson,
a young American computer engineer, sits rigidly, facing an empty cafe on the
shore of Qinghai Lake, speaking in a low voice of the crackdown. "What is
better? Big brother Internet? Or no Internet at all?" Michael asks.
Michael was hired in 1996 by the Chinese government and Global One (a
Sprint-France Telecom-Deutsche Telekom joint venture) to build the first network
in China providing public access to the Internet. One day sticks in his mind.
The Chinese engineers working with him suddenly convened a special meeting,
demanding to know if it would be possible to do keyword searching inside e-mails
and web addresses on the Chinese Internet. Not really, Michael replied; all
information that travels the Net is broken up into little packets. It's hard to
"sniff" packets of information, particularly coded packets. You would need to
intercept packets as they travel, and then there's the problem of collating the
information they contain, actually making sense of it. Yes, yes, they said, but
can you do it? On the third go-round, it dawned on Michael that his fellow
computer geeks wanted to end the meeting, too. But at a higher level, someone
required assurance. Before Internet construction proceeded further, they would
need to monitor what Chinese users did with it. [...] As long as the foreigner
assured them that down the road the Chinese would be able to build an Internet
firewall against the world and conduct surveillance on its own citizens, the
engineers could continue working with him. Yes, yes, it can be done, Michael
told them, and they went back to work.
[...]
[Michael knows what Internet is about:] A system created to relay U.S. command
messages over a damaged network after sustaining a Soviet nuclear strike could
surely find a way to get messages through, securely, amid the white noise of
millions of Chinese users. [...]
That vision has now been called into question, not by a failure of the
Internet's architecture, but in several cases, by a failure of American
corporate values. Let's start where Michael left off, with the expansion of the
Chinese Internet. I treated a top Chinese engineer (who wishes to remain
anonymous) to a 30-course imperial meal in Beijing. As hoped, the shark's fin
soup loosened his tongue--on the subject of Cisco Systems. In the United States,
Cisco is known (among other things) for building corporate firewalls to block
viruses and hackers. In China, the government had a unique problem: how to keep
a billion people from accessing politically sensitive websites, now and forever.
The way to do it would be this: If a Chinese user tried to view a website
outside China with political content, such as CNN.com, the address would be
recognized by a filter program that screens out forbidden sites. The request
would then be thrown away, with the user receiving a banal message: "Operation
timed out." Great, but China's leaders had a problem: The financial excitement
of a wired China quickly led to a proliferation of eight major Internet service
providers (ISPs) and four pipelines to the outside world. To force compliance
with government objectives--to ensure that all pipes lead back to Rome--they
needed the networking superpower, Cisco, to standardize the Chinese Internet and
equip it with firewalls on a national scale. According to the Chinese engineer,
Cisco came through, developing a router device, integrator, and firewall box
specially designed for the government's telecom monopoly. At approximately
$20,000 a box, China Telecom "bought many thousands" and IBM arranged for the
"high-end" financing. Michael confirms: "Cisco made a killing. They are
everywhere."
Cisco does not deny its success in China. Nor does it deny that it may have
altered its products to suit the special needs of the Chinese "market"--a
localization scheme the company avoided elsewhere in the world--but it
categorically rejects any responsibility for how the government uses its
firewall boxes. David Zhou, a systems engineer manager at Cisco, Beijing, told
me flat out, "We don't care about the [Chinese government's] rules. It's none of
Cisco's business." I replied that he has a point: It's not the gun but the way
it's used, and how can a company that builds firewalls be expected to, well, not
build firewalls? Zhou relaxed, then confidently added that the capabilities of
Cisco's routers can be used to intercept information and to conduct keyword
searches: "We have the capability to look deeply into the packet." He admitted
that Cisco is under the direct scrutiny of State Security, the Public Security
Bureau, and the People's Liberation Army (PLA).
Does Cisco allow the PLA to look into packets? Zhou didn't know or wouldn't say.
But consider, for example, the arrest of veteran activist Chi Shouzhu last
April. He was picked up in a crowded train station minutes after printing out
online materials promoting Chinese democracy. Incidents such as this have
mushroomed in China, suggesting that Cisco may not be the only one capable of
looking deeply into the packets. In fact, Cisco's ability to thrive in China may
well depend on cooperation with the Public Security Bureau and the PLA.
Cisco's firewall has proven to be far from foolproof. New sites on forbidden
topics crop up daily, and with the proliferation of ISPs who just want more
subscribers surfing, the lag time between updating the government's list of
banned sites and implementation can be erratic. So Chinese security organs also
needed to control the search engines through which new sites can be found.
[To be continued]
http://www.weeklystandard.com/content/public/articles/000/000/000/923vznzw.asp