Every now and then, a controversial issue triggers a flood of online discourse. For our Noise Filter feature, the WHIR pans the raging rivers of opinion for shining nuggets of useful commentary.
(WEB HOST INDUSTRY REVIEW) — Last week, Google (www.google.com) said it may pull out of China because of the increasingly threatening online environment in China following online attacks that, evidence suggests, uncovered third-parties snooping on the contents of the Gmail accounts of human rights activists.
Google stated that a mid-December attack that stole its intellectual property was different than a normal security incident in a number of ways. The attack was not just on Google, but also on at least 20 other large companies from a wide range of businesses spanning the IT, finance, technology, media and chemical sectors.
More damning, however, is that Google said it has evidence suggesting that one of the main objectives of the attack was to access the Gmail accounts of Chinese human rights activists. And while the attempt fell short of its objective, in the course of its investigation, Google found independent of the attack that of dozens of American, Chinese and European Gmail users who are advocates of human rights in China had their accounts routinely accessed by third parties, likely via phishing scams or malware placed on the users’ computers.
Combined with attempts over the past year to further limit free speech on the web, these attacks and the surveillance they have uncovered has led it to re-examine “the feasibility” of its operations in China. After thorough review, Google has essentially given the Chinese government an ultimatum — It will no longer continue to censor its results on Google.cn, and in the coming weeks it will discuss with the Chinese government the basis on which Google could operate an unfiltered search engine within the law.
If such a search engine is not possible, Google will shut down Google.cn.
Given the far-reaching consequences of this decision, which could anger China’s business community and even cause a rift in US-China relations, many government leaders and those in the online community have offered their commentary on the matter. In today’s Noisefilter, The WHIR will look at some of the most interesting statements to come out of this highly contentions situation.
Founding developer of open-source blogging platform WordPress Matt Mullenweg, one of Business Week’s 25 Most Influential People on the Web, noted in a blog post that China is a difficult country to get along with for many Internet companies – including his own.
Mullenweg: “Google is taking a new approach to China. This is a big deal, they’re basically implying the Chinese government has been hacking Google accounts to compromise human rights advocates. Interesting the note at the end where they say these decisions and investigations were entirely in the US, it’s almost like they’re trying to protect their employees there … We already are blocked and choose not to operate directly in China.”
Given the far-reaching consequences of this decision to potentially pull out of China, US Secretary of State Hillary Clinton issued a statement on the matter.
Clinton: “We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation. The ability to operate with confidence in cyberspace is critical in a modern society and economy. I will be giving an address next week on the centrality of Internet freedom in the 21st century, and we will have further comment on this matter as the facts become clear.”
According to a Bloomberg report, Foreign Ministry spokesperson Jiang Yu essentially said that China’s Internet policy would not bow to Google.
Yu: “The Chinese government administers the Internet according to law and we have explicit stipulations over what content can be spread on the Internet.”
The source of this conflict was a blog post from Google corporate development senior vice president and chief legal officer David Drummond, in which he expressed to the public that Google would not stand for China’s stance on human rights.
Drummond: “These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.”
Web host Rackspace (www.rackspace.com), which was identified as one of the companies that has had a small part in the situation, has consequently become the target of media attention. Rackspace issued the following statement:
“Rackspace hosts tens of thousands of websites for customers and we take every precaution to make them safe and secure. As a hosting and cloud computing company, we run the servers and operating systems for our customer’s websites, but customers run their own applications on those servers. In this case, a server at Rackspace was compromised, disabled, and we actively assisted in the investigation of the cyber attack, fully cooperating with all affected parties. Cyber attacks are a common occurrence in today’s online world, and we work every day to combat them and make our servers safe for our customers.”
While not getting into politics, Imperva CTO Amichai Shulman noted in an email to The WHIR that Google’s findings are likely accurate.
Shulman: “Although Google hasn’t disclosed the exact details of the attack, it is reasonable to conclude that the Chinese hackers tried to gain access Google internal databases to pull passwords. We can presume that Google determined that the attackers were after civil rights activists from queries that the hackers tried to run on the databases containing the activists’ user names. Google probably discovered the issue through audit trails when they examined the infiltrated databases. How did they infiltrate to Google systems in the first place? We can only speculate. The likely attack methods were sending mail containing malware to Google employees or through a vulnerability in Google’s web servers.”
McAfee chief technology officer George Kurtz reported his security company’s findings on the nature of the Zero Day attack that spurred Google’s investigation.
Kurtz: “McAfee Labs has been working around the clock, diving deep into the attack we are now calling Aurora that hit multiple companies and was publicly disclosed by Google on Tuesday… In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer. We informed Microsoft about this vulnerability and Microsoft is expected to publish an advisory on the matter soon.”
Ethan Zuckerman, co-founder of web hosting firm Tripod.com, and later founder of NPO Geekcorps layed out four scenarios for Google’s actions in a well-thought-out blog entry.
Zuckerman: “In my opinion – shaped, no doubt, by the fact that I’ve got a lot of friends within Google and have worked closely with the company in a couple of contexts – Google was a lot less evil than some of its competitors. But continued involvement in China continued to be a thorn in the side of Google on the PR front, and I know many people within the company questioned whether engaging in China was worth the compromises it entailed. The move to leave the Chinese market may be an example of Google returning to its core values and demonstrating an unwillingness to compromise.”
No related posts.
