It will be a long time before we understand all the ramifications of Google's decision to cease censoring their Chinese services — and the cyber-attack on their corporate and user data that prompted that change of heart. The story is still confusing in parts (Sky Canaves at the WSJ clarifies some of the more muddled reports). Nonetheless some intriguing new details have emerged since the initial announcement — but they raise as many questions as they answer.
Reporting by the New York Times has fleshed out the implication in Google's announcement that the attacks were co-ordinated, or at least conducted with the approval of, Chinese government agencies. And in a detailed analysis, Computer World writes that the security breach included an attack on Google's internal intercept systems, used to comply with requests from United States law enforcement.
Security experts have long warned that systems designed to make compliance with lawful interception more convenient can also create security vulnerabilities of their own. By providing an attractive one stop shop for outside attackers, surveillance compliance systems by their very nature often override the secure compartmentalization of data.
Security breaches that involve lawful interception systems are not new (see the Greek mobile eavesdropping scandal in 2005), and we're sure it will happen again. When a security conscious company like Google can get hit, it is a wake up call to all corporations about the dangers of hosting systems designed to snoop of their customers. What would the agent of a foreign power do with full access to Sprint Nextel's convenient live web interface for GPS location data on its fifty million subscribers?
We know that Google was not the only company targeted by this attack: other names mentioned have included Yahoo, Symantec, Juniper, Northrop Grumman and Dow Chemical. We don't know whether those attacks obtained proprietary information or personal user data. But users of these companies' products are rightfully concerned and we'd hope and expect more public statements that clarify this important difference.
The Obama Administration is also reacting to the Google China news. Secretary Clinton was already booked to make a detailed policy announcement on global Internet freedom next week; the White House has already said it supports Google. But what does government support for a censorship-free Internet look like? Advocacy groups and think-tanks have long suggested that blocking Internet traffic at the border of a country may be a violation of WTO free trade agreements. Foreign Policy runs with the idea, and looks in detail at the idea of "Firewall Protectionism".
If China were attempting to block the import of American tires, instead of American Internet media, would Americans applaud Goodyear and Congress for not putting up a fight against blatant WTO violations?
Reuters also reports that lawmakers are using the Google announcement as impetus for a proposed US law that, among other measures, would require Internet companies to keep records of requests for information from violating countries, and report them to the State department.
Will more United States government involvement in online free speech issues lead to greater international pressure on censorious countries like China? Or will it serve to aggravate US allies who have their own less visible systems of censorship, which as Rebecca MacKinnon notes, now includes traditional allies like France and Italy?