If China got their gear through shell companies in the West that would be one thing but to find outright proof that Cisco (and Juniper Networks) knew the destination of the hardware they sold and were cooperating with the Chinese authorities on this is unforgivable.
Their excuse is that 'other companies would do the same thing if they didn't do it'.
Selling hardware with deep packet inspection capabilities to repressive regimes should be against the law.
And maybe DPI should have never been added as a feature to begin with, the downsides of a feature like that are much larger than the upsides.
I've been involved in conversations with ISPs in different countries who are required by law to intercept their customers traffic. On one particular occasion I remember being told by an ISP in Germany that they wouldn't buy from us unless we developed a feature that allowed them to snoop on their users. It's called 'lawful interception'.
We developed this feature and sold them equipment. Am I a bad person? Where do you draw the line?
ISPs all over the world are looking at their users' traffic. Some of them are doing it nefariously while others are being required by law to do so against their will. It's shouldn't be the job of a vendor to determine right from wrong.
Before you go condemning networking vendors think about weapons manufacturers. American companies routinely sell guns to countries that use them against their own citizens. And nothing comes of it.
> Before you go condemning networking vendors think about weapons manufacturers. American companies routinely sell guns to countries that use them against their own citizens.
Yes, and that is something that ought to be illegal too.
Whether you're a bad person or not is not for me to say, you can make that judgment for yourself. Personally I would refuse to build such a feature and likely it would cost me my job. Then someone else, maybe you, would step in to do it anyway. So in the end my resistance would amount to 'nothing'. But I'd sleep a lot better because of that, as long as you don't lose sleep over it you're doing fine.
We all get to make these decisions on an individual basis.
Laws aren't always based in morality, even when they align with morals.
Even when a person commits a "bad" act, that does not necessarily make them a "bad person."
I think it doesn't make them a 'bad person' because people are always capable of changing (even if it only happens once in a while). And it doesn't make them a bad person because our actions are mostly a reaction to our environment, and we don't always have a correct/full view of it to begin with.
So, applying your judgments to a person who reacts to their environment based on limited information and experiences, and saying they are fundamentally good or bad may not be totally logical.
Then the saying "only God can judge" means that an omnipotent being, who perfectly understands everything, is the only being capable of perfect judgments and certain condemnation or praise.
What if the German people don't mind? Then in refusing to provide them with equipment you could otherwise provide, you are simply forcing your own beliefs on other people.
You will always find someone who minds (like me, in this case), and you will find people who don't mind. Whatever you do, you'll always influence the situation.
Right and wrong are often different from legal and illegal. I will pass no judgement (also because I still hold the believe that some communications technology is better than none)
but using laws by the German government as a counter point is probably not the best idea
http://en.wikipedia.org/wiki/Superior_orders#Nuremberg_Trial...
I disagree with you on the point that it shouldn't be the job of the vendor to determine right from wrong. Only you can determine that, and it is your responsibility. If you let other people determine it for you, you will have no defense come judgement.
It's an interesting question, and not an easy one to answer policy-wise I assume.
My 2 cents are that opening up a country is more effective than isolating it. I've been to China several times, and there are a lot of people living good lives out there, even by America's standards. As oppressive as internet tech communities like to make it sound, it is still more than possible to do business, make friends and have interesting political debates (even on subjects like democracy) over there.
I am a vehement supporter and believer in free speech, and I do not like the practices they have implemented over there. I just do not believe that cutting China off completely would solve anything (China has cut them selves off a couple times, you can read about how it worked out for them).
First off, I take issue with starting an article by citing an emperor from over 2000 years ago to bolster a claim about a modern government.
That said my brother is in China now, and I setup a squid proxy for him using AWS (in singapore). Unencrypted it does no good, facebook and youtube actually cause the proxy to stop working for him briefly (without a proxy its a coinflip wether they will load or not).
So he just sent me a public key so I can setup an SSH tunnel. That should do it, too bad it's impractical to set up 1billion+ SSH tunnels for the citizens over there!
> r from over 2000 years ago to bolster a claim about a
> modern government.
It may be specious reasoning, but I read justifications for a number of things coming out of China that appeal to their long history. E.g. Country X was part of China X hundred years ago, therefore it has always been a part of China and we are just reclaiming what is ours.
That is fair too, China has more history than any other country, and only few cultures can claim to be as old.
When asked about democracy most Chinese I have spoken to refer to their last hundreds years of history, which is filled with all kinds of turmoil. When thinking of managing a billion people stability is an easy concept to appeal to.
It always jars me (I was a Chinese major as an undergraduate) when people refer to "5,000 years of Chinese history," because that is wrong by 2,000 years. China only has 3,000 years of history, and the actual history of China, as for most countries, includes accounts of pre-historical legends that go back before accurate, recorded history.
It is correct (other comments in this thread) that Chinese political philosophers mostly came up with rationales for strong central authority rather than rationales for individual liberty like the Greek and Roman political philosophers, but that was a bug rather than a feature.
DNS Cache Poisoning is one method to perform censorship, however people could bypass it by distributing customized /etc/hosts file, when youtube and twitter were first blocked, it's widely used. Then ppl behind GFW realized that, they deployed keyword detection and IP blocking. Nowadays, to access "outside world" Chinese ppl have to use VPN or encrypted proxies.
I wonder how strategic they're being in their choice of IPs returned. Sending a large number of invalid requests from IPs all over China to foreign servers could help in masking their hacking attempts against those servers.
In the end, it won't matter whether the Chinese Communist Party controls routers and deploys DPI scans. It's irrelevant, because lasting change usually comes from WITHIN.
In the not too distant past, Eastern Germany suffered a similar fate; people couldn't receive western airwaves, phones were monitored, mail got searched... the 'Stasi' had almost 'the perfect control' setup. And they still collapsed. From within. Ditto for the new arab spring. It's just a matter of time.
No, because it's not that Chinese DNS servers are returning bogus data, it's that the DNS servers are returning correct data, which is being modified before it gets to you.
You could point your system to Google DNS (assuming for a moment that it isn't blocked, which it is), but then your DNS results would still be twiddled in transit.
I’m in Shanghai right now…Google’s DNS (as well as OpenDNS) work fine for many domains, but ones which are to be blocked (eg: a lot of the Witopia VPN endpoints) just either hang or I see an immediate reset of the connection.
I’m seeing less DNS blocking and more per-URL blocking compared to a visit here last year, with the exception of the witopia.net end points (which were blocked by the ISP at the hotel I was staying at, but are not blocked by the ISP at my expat–friend’s home)
The most common methods are using web proxies and VPNs. Web proxies usually get blocked fairly quickly, whereas VPNs normally cost money. I don't know what you mean by "tech-savvy" but both are widely used by ordinary citizens.
http://www.wired.com/threatlevel/2008/05/leaked-cisco-do/
and
http://www.nytimes.com/cfr/international/slot1_021606.html
If China got their gear through shell companies in the West that would be one thing but to find outright proof that Cisco (and Juniper Networks) knew the destination of the hardware they sold and were cooperating with the Chinese authorities on this is unforgivable.
Their excuse is that 'other companies would do the same thing if they didn't do it'.
Selling hardware with deep packet inspection capabilities to repressive regimes should be against the law.
And maybe DPI should have never been added as a feature to begin with, the downsides of a feature like that are much larger than the upsides.