Golden Shield Project

The Golden Shield Project (Chinese: 金盾工程; pinyin: jīndùn gōngchéng), also known as the Great Firewall of China[1] (Chinese: 防火长城; pinyin: fánghuǒ chángchéng) which is a censorship and surveillance project that blocks potentially unfavorable incoming data from foreign countries, is operated by the Ministry of Public Security (MPS) of the government of China. The project was initiated in 1998 and began operations in November 2003.[2] It is now used to attack international web sites using Man-on-the-side DDoS, for example to attack GitHub on 2015/03/28.[3]

History

The political and ideological background of the Golden Shield Project is considered to be one of Deng Xiaoping’s favorite sayings in the early 1980s: "If you open the window for fresh air, you have to expect some flies to blow in." (Chinese: 打开窗户,新鲜空气和苍蝇就会一起进来。; pinyin: Dǎkāi chuānghù, xīnxiān kōngqì hé cāngying jiù huì yìqǐ jìnlái.[nb 1]) The saying is related to a period of the economic reform of China that became known as the "socialist market economy". Superseding the political ideologies of the Cultural Revolution, the reform led China towards a market economy and opened up the market for foreign investors. Nonetheless, despite the economic freedom, values and political ideas of the Communist Party of China have had to be protected by "swatting flies" of other unwanted ideologies.[4]

The Internet in China arrived in 1994,[5] as the inevitable consequence of and supporting tool for the "socialist market economy". Gradually, while Internet availability has been increasing, the Internet has become a common communication platform and tool for trading information.

The Ministry of Public Security took initial steps to control Internet use in 1997, when it issued comprehensive regulations governing its use. The key sections, Articles 4-6, are:

Individuals are prohibited from using the Internet to: harm national security; disclose state secrets; or injure the interests of the state or society. Users are prohibited from using the Internet to create, replicate, retrieve, or transmit information that incites resistance to the PRC Constitution, laws, or administrative regulations; promotes the overthrow of the government or socialist system; undermines national unification; distorts the truth, spreads rumors, or destroys social order; or provides sexually suggestive material or encourages gambling, violence, or murder. Users are prohibited from engaging in activities that harm the security of computer information networks and from using networks or changing network resources without prior approval.[6]

In 1998, the Communist Party of China feared that the China Democracy Party (CDP) would breed a powerful new network that the party elites might not be able to control.[7] The CDP was immediately banned, followed by arrests and imprisonment.[8] That same year, the Golden Shield project was started. The first part of the project lasted eight years and was completed in 2006. The second part began in 2006 and ended in 2008. On 6 December 2002, 300 people in charge of the Golden Shield project from 31 provinces and cities throughout China participated in a four-day inaugural "Comprehensive Exhibition on Chinese Information System".[9] At the exhibition, many western high-tech products, including Internet security, video monitoring and human face recognition were purchased. It is estimated that around 30,000-50,000 police are employed in this gigantic project.[10]

A subsystem of the Golden Shield has been nicknamed "the Great Firewall" (防火长城) (a term that first appeared in a Wired magazine article in 1997)[11] in reference to its role as a network firewall and to the ancient Great Wall of China. This part of the project includes the ability to block content by preventing IP addresses from being routed through and consists of standard firewalls and proxy servers at the six[12] Internet gateways. The system also selectively engages in DNS cache poisoning when particular sites are requested. The government does not appear to be systematically examining Internet content, as this appears to be technically impractical.[13] Because of its disconnection from the larger world of IP routing protocols, the network contained within the Great Firewall has been described as "the Chinese autonomous routing domain".[14]

During the 2008 Summer Olympics, Chinese officials told Internet providers to prepare to unblock access from certain Internet cafés, access jacks in hotel rooms and conference centers where foreigners were expected to work or stay.[15]

Purpose

In September 2002, Li Runsen, the technology director at Ministry of Public Security and member of the Golden Shield leadership, further explained this broad definition to thousands of police nationwide at a meeting in Beijing called "Information Technology for China’s Public Security".

In October 2001, Greg Walton of the International Centre for Human Rights and Democratic Development published a report; he wrote:

Old style censorship is being replaced with a massive, ubiquitous architecture of surveillance: the Golden Shield. Ultimately, the aim is to integrate a gigantic online database with an all-encompassing surveillance network – incorporating speech and face recognition, closed-circuit television, smart cards, credit records, and Internet surveillance technologies.[16]

The empirical study by the OpenNet Initiative (collaboration between Harvard Law School, University of Toronto Citizen Lab, and Cambridge Security Program) found that China has the most sophisticated content-filtering Internet regime in the world. Compared to similar efforts in other countries, CPC Government effectively filters content by employing multiple methods of regulation and technical controls. In contrast, the PRC-sponsored news agency, Xinhua, stated that censorship targets only "superstitious, pornographic, violence-related, gambling and other harmful information."[17]

In July 2007, authorities intensified the "monitoring and control" of The Great Firewall, causing email disruption, in anticipation of the Shanghai Cooperation Organisation meeting scheduled for August 2007.[18]

Blocking methods

Some commonly used technical methods for censoring are:[19]

Method Description
IP blocking The access to a certain IP address is denied. If the target Web site is hosted in a shared hosting server, all Web sites on the same server will be blocked. This affects all IP protocols (mostly TCP) such as HTTP, FTP or POP. A typical circumvention method is to find proxies that have access to the target Web sites, but proxies may be jammed or blocked. Some large Web sites allocated additional IP addresses to circumvent the block, but later the block was extended to cover the new addresses.[20]
DNS filtering and redirection Doesn't resolve domain names, or returns incorrect IP addresses. This affects all IP protocols such as HTTP, FTP or POP. A typical circumvention method is to find a domain name server that resolves domain names correctly, but domain name servers are subject to blockage as well, especially IP blocking. Another workaround is to bypass DNS if the IP address is obtainable from other sources and is not blocked. Examples are modifying the Hosts file or typing the IP address instead of the domain name in a Web browser.
URL filtering Scan the requested Uniform Resource Locator (URL) string for target keywords regardless of the domain name specified in the URL. This affects the Hypertext Transfer Protocol. Typical circumvention methods are to use escaped characters in the URL, or to use encrypted protocols such as VPN and SSL.[nb 2]
Packet filtering Terminate TCP packet transmissions when a certain number of controversial keywords are detected. This affects all TCP protocols such as HTTP, FTP or POP, but Search engine pages are more likely to be censored. Typical circumvention methods are to use encrypted protocols such as VPN and SSL, to escape the HTML content, or reducing the TCP/IP stack's MTU, thus reducing the amount of text contained in a given packet.
Connection reset If a previous TCP connection is blocked by the filter, future connection attempts from both sides will also be blocked for up to 30 minutes. Depending on the location of the block, other users or Web sites may be also blocked if the communications are routed to the location of the block. A circumvention method is to ignore the reset packet sent by the firewall.[21]
SSL man-in-the-middle attack makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.[22]Most browsers report these fake certificates.

Censored content

Mainland Chinese Internet censorship programs have censored Web sites that include (among other things):

Blocked Web sites are indexed to a lesser degree, if at all, by some Chinese search engines. This sometimes has considerable impact on search results.[24]

According to The New York Times, Google has set up computer systems inside China that try to access Web sites outside the country. If a site is inaccessible, then it is added to Google China's blacklist.[25] However, once unblocked, the Web sites will be reindexed. Referring to Google's first-hand experience of the great firewall, there is some hope in the international community that it will reveal some of its secrets. Simon Davies, founder of London-based pressure group Privacy International, is now challenging Google to reveal the technology it once used at China's behest. "That way, we can understand the nature of the beast and, perhaps, develop circumvention measures so there can be an opening up of communications." "That would be a dossier of extraordinary importance to human rights," Davies says. Google has yet to respond to his call.[26]

Bypassing

Because the Great Firewall blocks destination IP addresses and domain names and inspects the data being sent or received, a basic censorship circumvention strategy is to use proxy nodes and encrypt the data. Most circumvention tools combine these two mechanisms.[27]

Unblocking

Certain sites have begun to be partially unblocked, including:

Exporting technology

Reporters Without Borders suspects that regimes such as Cuba, Zimbabwe and Belarus have obtained surveillance technology from China.[32]

Protest in China

Despite strict government regulations, the Chinese people are continuing to protest against their government’s attempt to censor the Internet. The more covert protesters will set up secure SSH and VPN connections using tools such as UltraSurf. They can also utilize the widely available proxies and virtual private networks to fanqiang(翻墙), or "climb the wall." Active protest is not absent. Chinese people will post their grievances online, and on some occasions, have been successful. In 2003, the death of Sun Zhigang, a young migrant worker, sparked an intense, widespread online response from the Chinese public, despite the risk of the government’s punishment. A few months later, Prime Minister Wen Jiabao abolished the Chinese law that led to the death of Sun. Ever since, dissent has regularly created turmoil on the Internet in China.[33] Also in January 2010, when Google announced that it will no longer censor its Web search results in China, even if this means it might have to shut down its Chinese operations altogether, many Chinese people went to the company’s Chinese offices to display their grievances and offer gifts, such as flowers, fruits and cigarettes.[34]

See also

Notes

  1. There are several variants of this saying in Chinese, including "如果你打开窗户换新鲜空气,就得想到苍蝇也会飞进来。" and "打开窗户,新鲜空气进来了,苍蝇也飞进来了。". Their meanings are the same.
  2. For an example, see Wikipedia:Advice to users using Tor to bypass the Great Firewall

References

  1. Norris, Pippa; World Bank Staff (2009). Public Sentinel: News Media and Governance Reform. World Bank Publications. p. 360. ISBN 978-0-8213-8200-4. Retrieved 11 January 2011.
  2. "How China’s Internet Police Control Speech on the Internet". Radio Free Asia. Retrieved 11 June 2013. China’s police authorities spent the three years between 2003 and 2006 completing the massive “Golden Shield Project.” Not only did over 50 percent of China’s policing agencies get on the Internet, there is also an agency called the Public Information Network Security and Monitoring Bureau, which boasts a huge number of technologically advanced and well-equipped network police. These are all the direct products of the Golden Shield Project.
  3. "China's Man-on-the-Side Attack on GitHub".
  4. R. MacKinnon "Flatter world and thicker walls? Blogs, censorship and civic discourse in China" Public Choice (2008) 134: p. 31–46, Springer
  5. "中国接入互联网". chinanews.com. Retrieved 28 August 2013.
  6. "China and the Internet.", International Debates, 15420345, Apr2010, Vol. 8, Issue 4
  7. Goldman, Merle Goldman. Gu, Edward X. [2004] (2004). Chinese Intellectuals between State and Market. Routledge publishing. ISBN 0415325978
  8. Goldsmith, Jack L.; Wu, Tim (2006). Who Controls the Internet?: Illusions of a Borderless World. New York: Oxford University Press. p. 91. ISBN 0-19-515266-2.
  9. 首屆「2002年中國大型機構信息化展覽會」全國31省市金盾工程領導雲集 (Chinese)
  10. "What is internet censorship?". Amnesty International Australia. 28 March 2008. Retrieved 21 February 2011.
  11. http://www.economist.com/news/special-report/21574631-chinese-screening-online-material-abroad-becoming-ever-more-sophisticated
  12. http://www.nbcnews.com/technology/welcome-wyoming-how-chinas-great-firewall-could-have-sent-web-2D11970733
  13. Watts, Jonathan (20 February 2006). "War of the words". The Guardian. Retrieved 3 May 2010.
  14. "Costs and Benefits of Running a National ARD" (PDF).
  15. Fallows, James (March 2008). "The Connection Has Been Reset". The Atlantic. Retrieved 22 May 2011.
  16. "China's Golden Shield: Corporations and the Development of Surveillance Technology in China" (PDF). Retrieved 2011-06-13.
  17. China and the Internet. International Debates, 15420345, Apr2010, Vol. 8, Issue 4
  18. "Chinese Internet censors blamed for email chaos". Reuters. 18 July 2007. Retrieved 19 August 2007.
  19. "Empirical Analysis of Internet Filtering in China". Cyber.law.harvard.edu. Retrieved 2011-06-13.
  20. "GFW (Great Firewall of China) FAQ". HikingGFW. See the section named 'IP blocking'. Retrieved 28 August 2013.
  21. "zdnetasia.com". zdnetasia.com. Retrieved 2011-06-13.
  22. "China, GitHub and the man-in-the-middle". greatfire.org. Retrieved 2014-10-13.
  23. Marquand, Robert (24 February 2006). "China's media censorship rattling world image". The Christian Science Monitor. Retrieved 22 May 2011.
  24. "controlling information: you can't get there from here -- filtering searches". The tank man. Frontline (pbs.org).
  25. Thompson, Clive (23 April 2006). "Google's China Problem (and China's Google Problem)". The New York Times. p. 8. Retrieved 22 May 2011.
  26. Will Google's help breach the great firewall of China? By: Marks, Paul, New Scientist, 02624079, 4/3/2010, Vol. 205, Issue 2754
  27. 1 2 3 4 5 "Splinternet Behind the Great Firewall of China: The Fight Against GFW", Daniel Anderson, Queue, Association for Computing Machinery (ACM), Vol. 10, No. 11 (29 November 2012), doi:10.1145/2390756.2405036. Retrieved 11 October 2013.
  28. "Leaping the Great Firewall of China ", Emily Parker, Wall Street Journal, 24 March 2010. Retrieved 11 October 2013.
  29. "Ignoring the Great Firewall of China", Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson, PET'06: Proceedings of the 6th international conference on Privacy Enhancing Technologies, Springer-Verlag (2006), pages 20-35, ISBN 3-540-68790-4, doi:10.1007/11957454_2. Retrieved 11 October 2013.
  30. "BBC website 'unblocked in China'". BBC News. 25 March 2008. Retrieved 22 May 2011.
  31. (Chinese) 如何访问维基百科#当前情况
  32. "Going online in Cuba: Internet under surveillance" (PDF). Reporters Without Borders. 2006.
  33. August, Oliver (23 October 2007). "The Great Firewall: China's Misguided — and Futile — Attempt to Control What Happens Online". Wired. Retrieved 4 February 2011.
  34. Ramzy, Austin (13 April 2010). "The Great Firewall: China's Web Users Battle Censorship". Time. Retrieved 4 February 2011.

External links

Wikibooks has a book on the topic of: Transwiki:Bypassing the Great Firewall of China
Listen to this article (info/dl)


This audio file was created from a revision of the "Golden Shield Project" article dated 2010-07-13, and does not reflect subsequent edits to the article. (Audio help)
More spoken articles

This article is issued from Wikipedia - version of the Saturday, April 30, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.