Did the US Enable Chinese Hackers to Crack Google?

If you're a regular user of the Webtubes—and if you're reading this blog, you probably are—you're well aware of the kerfuffle that ensued after Google's decision to cease its search-engine operations in China.  And naturally, it's now become a political issue between the US and China.  A recap, in brief:

Google apparently discovered that Chinese hackers had broken into various Gmail accounts, including those of human rights activists.  Google, remembering that China also liked to censor the hell out of Google searches and that this didn't really jive with Google's "Don't be evil" motto, decides to publicly withdraw from the Chinese market. China gets bent out of shape by the accusations of hacking and censorship.  US Secretary of State Hillary Clinton weighs in, drawing a comparison between Internet censorship and the Iron Curtain.  Surprisingly, China doesn't like this comparison and calls the US a pot to China's kettle.

It's been very interesting to watch all this play out, for any number of reasons.  There's the debate as to whether Google was making a moral stand here, or business decision (because their operations in the Chinese search-engine arena were relatively modest).  There's the novelty of Google going public about the hackers' attacks on their sites—very much not the norm in the corporate world.  And of course, there's the conflict of philosophies about free online speech between the US and China.

But the piece of analysis of the China-Google-US fracas I've found most interesting is one written by security technology blogger Bruce Schneier and hosted by CNN.  Schneier, whose blog can be found here, writes that what the Chinese hackers used to break into Google were the very backdoors that the US government required Google to put there to comply with government search warrants.  And it's not just the US and Google where this is an issue:

Google's system isn't unique. Democratic governments around the world -- in Sweden, Canada and the UK, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell

Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies.

Schneier writes that, at least in the phone arena, such systems have led to abuse by both official and unofficial parties—the FBI illegally wiretapped some 3,500 times between 2002 to 2006, and between June 2004 and March 2005, someone tapped the phone calls of several Greek ministers, including the prime minister.

Ironically, when China responded to Secretary Clinton's speech about Internet freedom (via an editorial from Xinhua, one of China's official mouthpieces), they justified their own activities by citing the same sort of US actions as mentioned above:

It is common practice for countries, including the United States, to take necessary measures to administer the Internet according to their own laws and regulations.

The Internet is also restricted in the United States when it comes to information concerning terrorism, porn, racial discrimination and other threats to society.

Shortly after the Sept. 11, 2001 terrorist attacks, the U.S. Congress approved the Patriot Act to grant its security agencies the right to search telephone and e-mail communications in the name of anti-terrorism. The move aroused a great deal of controversy far and wide.

Now, I take issue with some of the editorial's simplifications, particularly when it tries to equate China's censorship with US actions.  First and foremost, what China considers "illegal information" is not what the US considers it to be.  Quite simply, the First Amendment prohibits the kind of censorship that China is engaging in, because China is clearly targeting the content, not the manner, of the censored material.  China's indignation rings false in this case.  But the editorial, if an accurate take on China's view of the situation, is nonetheless noteworthy in that it suggests US policy helped enable China's restrictions on Google, much as US policy helped enable the hackers' attacks on Google. 

This is not to say that the US is to blame for the attacks on Google, or that the US is to blame for the censorship imposed on China's portion of the Internet.  China and its hackers get the full blame for that. But it does appear that the US played a role, however unintentional, in enabling hackers and China to do their thing.  As Schneier writes:

Whether the eavesdroppers are the good guys or the bad guys, these systems put us all at greater risk.  Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in.  And it's bad civic hygiene to build technologies that could someday be used to facilitate a police state.

It bears thinking about.

(Arthur Bright is a third-year law student at the Boston University School of Law and a former CMLP Legal Intern. Before attending law school, Arthur was the online news editor at The Christian Science Monitor.)

Photo courtesy of Flickr user Popoever, licensed under a CC Attribution-Noncommercial-No Derivative Works 2.0 Generic license.


Subject Area: