It is very interesting that the State Department is playing second fiddle to Google here. Intuitively I feel this has pretty far reaching consequences.
- Apparently Google has uncovered a chinese attempt to infiltrate a number of American companies[1]. The fact that this is being uncovered by Google and not the government is very interesting. And potentially very embarrasing for the state.
- America hasn't engaged China in relation to human rights, probably due to global politics which tends to tie you up in consensus, conventions and diplomacy. Google has done so in a very clear and public way.
- The state department is taking Googles lead. Hilary Clinton is playing catch-up. She even says so in the statement: "We have been briefed by Google"
This indicates an enormous shift in power.
[1] - The American government might have been aware of this or even uncovered it themselves, which I personally doubt.
The State Dept. isn't playing second fiddle. They simply can NOT come out as publicly as Google did, for many reasons. As the "official" foreign voice of the US Govt there are serious repercussions to coming right out and accusing China. Secondly, they would not tip their hand on any intelligence they received, or were actively receiving, on Chinese infiltrations in cyberspace.
While our Gov't isn't very good at some things, I can guarantee that they were aware of what was going on. There have been many well-publicized instances over the past 10 years where the Govt' has uncovered intrusions into commercial companies.
That's exactly my primary point - Government, as you say, can not come out publicly and have their hands tied in many ways. Google can, and this, combined with their size, konwledge and brand, makes them a strong player in international politics. In this particular instance they are clearly the lead that everyone else, including the state department, follows.
As for your second point, I totally agree. There might be a good chance the government knew, I'm no security expert so I'll refrain from taking a stance. That's why I added the footnote :-)
You're right, and it seems to be an escalating trend. There are plenty of examples, but none as big as this. Maybe there will be more if the trend continues.
Moreover, Page and Brin met with Obama once or twice during the campaign for some pretty in-depth meetings. More than the government "knowing", this response could very well be deniably calibrated with the US government's knowledge and advice.
Google doesn't need China; even the Nexus One is made in Taiwan. Unlike most other large companies (and all governments), they're in an excellent position to call out the Chinese government.
How long do you think Taiwan is going to last as an autonomous entity, now that it can no longer rely on the US for military support, because the US is in hock to the PRC?
The PRC owns many pieces of paper. Attacking Taiwan would be an excellent reason to repudiate the value of that paper.
That would be great - imagine if everyone worked like that. How would anyone ever collect on their loans? I owe you $50? Well, you hit my cousin the other day...
How long do you think Taiwan is going to last as an autonomous entity, now that it can no longer rely on the US for military support, because the US is in hock to the PRC?
The US was just as much in hock to the PRC in 1996, when Clinton decided to sail a few aircraft carriers through the Taiwan Straits. After that, the PRC lost their taste for attacking Taiwan.
The reintegration of Taiwan will happen through a political arrangement between the CPC and the KMT, not through war.
This is even worse than your earlier point about Chinese dumping dollars. The PRC would barely be able to invade Taiwan right now even without US aid. Worse for your point is that the US could screw over the PRC without firing a shot simply by repudiating the debt the Chinese hold.
That would be tantamount to a blockade of shipping lines, ie an act of war. They are certainly able to do it, but I don't think that right now they will.
I was wondering if the real problem wasn't that Google discovered the attack vectors were essentially government-mandated holes.
That is, the required local hires, the mandatory native firm partner, etc, It could be that the rules don't allow enough control over those resources to achieve acceptable risk.
If that's the case, it makes perfect sense that Google would issue a public threat to close the office. Nothing else would carry as much weight and if the current terms are untenable, there's essentially no risk.
What I've found most interesting in this news article is the oddly strong role that Google is playing in global politics. Corporations taking a strong line negotiating with nation-states.
This is pure speculation, but if the US government is willing to engage China on the back of what Google reported, China must have done something which threatens to weaken the US economy more than worsening their relationship with the Chinese government would.
It is no secret that the US and Chinese economies have a highly symbiotic relationship and are heavily dependent on each other - Americans buy the most Chinese production out of anyone else, while China is the main creditor of the US (just to name two examples).
If the US is willing to make the tradeoff I mentioned before, it should illustrate the gravity of what the Chinese government has done. That seems like a pretty scary scenario to me.
My guess is that the US government will not do anything big to seriously engage China on civil rights. I'm not even sure if I should hope they do or not. Again, this is only speculation, but fascinating.
The thing is, it's not embarrassing for the US government. I would guess they were told about the announcement way before it happened.
The thing is, Google can make this accusation and be above suspicion. If the US government made tis accusation, it would turn into a PR fight and no one would know who to believe.
>The fact that this is being uncovered by Google and not the government is very interesting.
If I understand correctly, google find out because they were companies using the google enterprise framework. Google was their IT dept. It doesn't surprise me they uncovered it first.
That's just random speculation. Sure, Acrobat could have been used to get malware into Google, but just because Adobe released a security patch for Acrobat at around the same time as Google's announcement doesn't mean they're related.
"This whole situation definitely feels like the start of something much larger than just Google pulling out of China."
The assumption in government (and of security researchers) right now is that every time you send an email, it gets read by 25 or so countries. However, they haven't bothered to tell the general public this yet. My guess is that they are going to use this incident to either start to break this news to the general public, or else push through additional computer security measures. Possibly both.
A temporary stopgap, at best, especially in a world where so few people use it. Encryption is maximally useful when people don't see -- or it doesn't matter that people see -- that you're using it.
My guess is that people who really, really want to protect what they saying and that they're saying it use nonsense spam as a steganographic medium.
Is your implication that smart, clueful people are never evil? Of course, you can always find an apologist who will explain that any given regime wasn't or isn't evil, so how would you test that?
No, not at all. My implication is that analyzing encrypted email traffic is probably the last place you should be looking. Trying to break encryption is almost always the hardest way to acquire information. Physically intimidating people, targeted client-side attacks, or a number of other things that you can do will be much more effective and easier than breaking crypto.
On the flip side of your statement, I think evil, oppressive regimes hire very smart and talented people.
But the OP didn't suggest breaking the encryption, but to run a traffic analysis, which includes things such as identifying the realworld identities of people sending encrypted email, determing who those people are communicating with (both for their encrypted and unencrypted emails), and other ways of extracting information from messages without needing to actually break the encryption.
Once you've carried out this analysis, you know on who you can apply the more realworld techniques that you suggest.
Or, the goons will just install a keylogger on your computer while you're away from the house. Or they'll try to exploit one of the umpteen jillion vulnerabilities in OSes and browsers to install something similar on your system remotely.
Or, they'll use a TEMPEST attack to read your screen without you even knowing it. Or they'll use a similar attack to read your keystrokes wirelessly.
Or, they'll get you in a room and use a $5 wrench on your face until you tell them what they want to know.
Breaking encryption is far down the list of techniques that are worthwile to oppressive regimes.
Hey, IT Goons. Spy on the network traffic to find out who is using encrypted communication, and who they are communicating with. Then pass that information to the knee-breakers, so we can find out what they are hiding.
This has nothing to do with breaking crypto. The breaking is done in an oubliette.
You can still analyze that Bob emailed Cindy and that Cindy emailed Marge, even without knowing the content of the emails. IIRC, the FBI has some sort of software that does this with telephone communications to identify 'networks' that was originally developed to combat the mafia.
Yes, and you can break Bob and Cindy's fingers to get their passphrases. That is a very easy step. That is why steganography should be used. There shouldn't even be an ecrypted text for them to try to decrypt, at least as far as they know. Because once, there is, they can always get the password. The next best thing is is fake encryption or some kind of nested encryption, so that the outer layer decrypts to something plausable but ultimately benign.
A password doesn't even fall under 'free speech', so even in a free country like US one can get slapped with 'obstruction of justice' if one doesn't provide a password. I'll leave it to your imagination to what happens in other, more oppressive countries...
But I guess that large webmail providers can band together and ensure that e-mails between their systems are encrypted (i.e. all messages sent by gmail to other gmail addresses or hotmail addresses are encrypted).
Then users would just use HTTPS to check their mail and everything would be encrypted.
This is not perfect, but it is at least a stopgap.
Considering most of the email I send is from gmail to gmail, if it's getting read by 25 or so countries, Google has much bigger problems than they've been letting on.
I'd call it the opening salvo in a trade war, if not a new cold war. Expect to see a lot of political pressure for other companies to 'follow Google' and repatriate manufacturing operations and the like.
I've never understood why America outsources so much half way around the planet for cheap labor when it is available on her doorstep - a short flight, easy transport, same time zone , reasonably stable, friendly democracy ... what's not to like?
Sending manufacturing to China and other SE Asian countries is far cheaper than even Mexican labor. While 1 day's wages of a median Mexican assembly worker is less than 1 hour of a median domestic US assembly worker's wages; 1 day's wages of a median Chinese assembly worker is cheaper than 1 hour of the media Mexican worker.
There were some articles last year (or maybe it was 2008) about textile manufacturing in the US, and how the Chinese were subsidizing them to the point where even if the US workers worked for free, the US plants could not compete on price.
To understand how much manufacturing changed, I recommend reading The Box. The shipping container totally changed everything by reducing shipping costs by about 98%. A lot of cities that used to be manufacturing centers (such as NYC and Detroit) withered, and a lot of cities that used to be shipping centers (such as NYC and London) also shriveled up because they could not support container traffic.
So what would all of the people involved in the design, sale and distribution of that stuff do? Then what happens when the recently unemployed are put on welfare and stop paying income taxes? And what happens when raising taxes to compensate for the diminished tax base makes more thing unaffordable, further reducing spending... not to mention the questions about what happens when debts issued on the premise of growth go bad.
I voted this up, even though I think it's wrong, because it is a valid point. I don't think it's going to happen though, because it would screw up their own economy as badly as the US. Maybe if things weren't already so tight everywhere right now, but probably not even then.
...for now. There will come a time when dumping their dollars will no longer disadvantage China, and will indeed be to their advantage; but they need a somewhat larger middle class first. Give it ten or twenty years.
If China kills the dollar by dumping their reserves, they're going to hurt themselves just as much if not more than the US. They wouldn't do that over just Google. That's small potatoes compared to that...
You would want to be extremely careful - despite all logic against it, the US Dollar spikes when just about any international crisis takes hold. The dollar's decline might well occur afterwards, but that would be a longer term consequence.
The thing that will ultimately undermine the chokehold put by repressive regimes on their oppressed citizens will not be Google as a company nor the U.S. government as a countervailing political force nor the U.N. as a supervening agency nor human rights advocates as a principled opposition - though all these forces are helpful and necessary, they are not in themselves sufficient.
It will instead be the sheer wearing force of progressive technological advances that make it harder and harder with each passing day for such regimes ultimately to suppress the free flow of information and the spur toward freedom promoted thereby.
With its dramatic action, Google has demonstrated that any given company wielding sufficient power relating to the free flow of information has the capacity to make a big difference in moving to help liberate countries such as China. That company has to show some guts, which Google has done. And it needs to have some core principles, which is really at the heart of being able to act with courage and conviction as Google has done. But none of this would be enough, even if it is backed vocally or sub silentio by the force of the U.S. government, the U.N., and rights advocates. Repressive regimes like China's have gone for decades on their oppressive path in spite of vigorous opposition from the west (remember the long stretch when the U.S. would not even recognize the existence of the Chinese government) and have scarcely changed their worst policies over that time.
The change, then, ultimately has to come from within and it is there that the free flow of information makes all the difference. Knowledge is power, and that is precisely why oppressive regimes always seek to suppress free speech and to control thought through massive propaganda mechanisms.
It is the technological juggernaut that is progressively, albeit slowly, undermining the thought-control historically imposed by the Chinese government upon its citizens, and that government will be fighting a losing battle on this front as it becomes virtually impossible, in an exploding information age, ultimately to choke off the free flow of information so desperately needed by oppressed peoples.
In this sense, Google's action serves as a proxy for the technology forces that are having this salutary effect. But none of this happens in a vacuum. It takes real people to make real and difficult decisions to bring about the change. And it takes courage to stand up to authoritarian forces. Bravo to Google for taking a tremendous step in the right direction. I hope they stick with it to its logical outcome. It will not be easy.
"Google has demonstrated that any given company wielding sufficient power relating to the free flow of information has the capacity to make a big difference in moving to help liberate countries such as China"
How so? Has China moved yet, in reaction? It seems very unlikely to me that they would, and Google is not even the most popular search engine in China.
As for unstoppable technological progress, there are lots of examples of political regimes keeping their countries in the dark ages.
I'm curious about your "lots of examples of political regimes keeping their countries in the dark ages."
The only one I can think of that actually worked was Japan's repudiation of the gun, and that was broken open from the outside eventually. The Soviets tried to control communications technology, even requiring copy machines to be licensed, but it didn't work very well.
I think my statement focuses on broader, long-term trends, at least as I see them. I wouldn't disagree at all with your characterization about widespread repression in the world today, and I failed to clarify that the impact of Google's action short-term will be more psychological than anything else (still important, though, when contrasted with the kiss-up attitude shown by many companies - including Google itself - toward such regimes over the past few years).
Yes, it works both ways but the change today is huge compared to, say, the days of the "Iron Curtain" (where virtually no meaningful information could get across borders without exorbitant risk, with no form of widespread dissemination even if it could get across, and with only paltry means to bring such information to the attention of the broader world).
The State Department is being a bit hypocritical here. If China must give an explanation for its alleged cyberattacks/hacking attempts on gmail, then the U.S. government should also give an explanation for its NSA-sponsored eavesdropping/hacking/snooping of other countries' citizens' email, phone conversations, and other communications.
I should point out that the State Department does not wiretap Chinese citizens phones so that they know which little old lady to beat to death. That is China's job.
Returning you now to your regularly scheduled moral relativism.
Yes but righteous indignation is so much easier to muster. Honestly though, this is more about China's history of human rights violations than the hacking attempts themselves.
Principles aside, you have to admit, "Google threatening to pull out of China", or, if it comes to that, "Google pulls out of China", is a much stronger headline than "Google not going into China".
I don't think so. If they had loudly and publicly stated that they were not going to do any business in China because of the human rights violations there I think it would have been a much stronger statement.
Now it looks to me as though they figure the income they make in China isn't worth the continued PR headache, or, alternatively, they decided to leave anyway and they use the occasion to polish up their image.
I'm very cynical when it comes to large companies doing things for the public good, but you could already tell that I guess.
Shell, Yahoo, Microsoft, Google (and many others beside) they all have their skeletons in the cupboard in this respect.
I guess we'll have to disagree regarding the headlines.
Still, if you apply the cynical view consistently, then Google refusing to do business in China can be seen as Google making a calculation, deciding they can't make enough money in China to justify the headache/bad PR, and claiming the decision is because of human rights issues. Same interpretation, 2 years earlier.
I think there is a substantial difference between saying a loud and clear 'No!' to the largest growth market on the planet before entering or saying it after several years of mapping that market.
For sure the calculation today is a lot more refined than it was several years ago, and probably the figures in the spreadsheets are smaller than they were back then.
>I think it would have been a much stronger statement.
To who are they trying to make a statement? If to "the rest of the world" then your statement makes sense. However, if they're trying to make a statement to the Chinese population it's probably better that google demonstrates their services worth then pulls the plug.
If the Chinese population would figure very high in their book then they would have made the statement earlier, and that statement would have been in Chinese, not in English.
It is clearly intended for consumption by the rest of the world.
Interesting. I would have expected the government to respond with something completely bland along the lines of “Google is a private company that makes its own decisions about international operations... Our law-enforcement authorities, including FBI Counterintelligence, are always vigilant against computer crime, but we cannot comment on an ongoing investigation.”
ISTM that nationalist elements within China would love to paint Western businesses that they disapprove of as arms of the CIA, and that if the US is too vocal in support of Google, then they give fodder to those nationalists (and risk damaging US commercial interests in China). I assume that the State Department considered this factor and decided that nevertheless, they had to speak up for an open international Internet.
This is an old article but compares the actions against the Barbary Pirates (US Navy used force to ensure Free Trade) with what US could do with Internet 'piracy' - and no thats not copying CDs.
This feels like a dumb question, but my first reaction to this was wondering how the Secretary of State could be relevant to this or why she is going to make a statement? I don't see what role her words have here or how they could change anything. Can someone enlighten me?
It hasn't been a huge secret that the Chinese government conducts all sorts of electronic espionage, both for economic and military information and to identify dissidents so they can imprison or shoot them. What's new here is that a powerful entity is finally willing to call them out in public, and it's about time.
You are working for Google and you have evil motives. You have access to Gmail's data, search logs and Google Documents (among other things). With this information it's pretty damn easy to hack anyone that uses Google products - - as users and companies hold a lot of sensitive data in emails and Google documents - - especially on Google Apps.
This could have been done from Google offices in China, but why not in other countries?
We have been briefed by Google on these allegations
The pertinent question is "when?". Google reported the attacks began in mid-December. NYT reported at least some against the 34 other companies occurred last week. Drummond said the Chinese government had been briefed before yesterday's statement. I have trouble believing The State Department hasn't been involved until now.
Ironic given the attacks were via a 3rd party, proprietary, monopoly-market share, monoculture, bloated, insecure, not-very-good program for reading ISO standard files (Adobe Reader). Though Google said many of the attacks were via standard keyloggers.
Similar to the recent, "don't internet bank via Windows" warnings, it appears that anyone involved with human rights should shift follow the same advice for all their online correspondence. But that tech/security element seems to be lost because of the geopolitical drama.
- Apparently Google has uncovered a chinese attempt to infiltrate a number of American companies[1]. The fact that this is being uncovered by Google and not the government is very interesting. And potentially very embarrasing for the state.
- America hasn't engaged China in relation to human rights, probably due to global politics which tends to tie you up in consensus, conventions and diplomacy. Google has done so in a very clear and public way.
- The state department is taking Googles lead. Hilary Clinton is playing catch-up. She even says so in the statement: "We have been briefed by Google"
This indicates an enormous shift in power.
[1] - The American government might have been aware of this or even uncovered it themselves, which I personally doubt.