Posts tagged: Google

Slip Slidin’ Away: Google in China

Google's Chief Legal Officer, David Drummond

Google's Chief Legal Officer, David Drummond

Originally Posted on The Huffington Post

The long, publicly drawn-out saga of Google in China continues.  And at this juncture, one wonders why.  On Monday, Google’s Chief Legal Officer, David Drummond, posted a blog entry to share with the world Google’s new troubles in China.  Drummond announced that in order to acquiesce to Chinese officials’ demands and guarantee that the Chinese government renew Google’s Internet Content Provider (ICP) license, Google would change certain aspect of its Chinese website, Google.cn.  This certainly is a different Google than the one just six months ago that had its guns blazing.

Back in January, after Google’s servers were hacked by an attack likely originating in China, Google announced that it would no longer censor its results on its Chinese search engine, Google.cn.  While the two issues – hacking and censorship – seem to have little to no relation to each other, Google successfully played up its moral stance against China’s internet censorship in the West and became the darling of the Western press for maintaining its motto of “don’t be evil.”  A few questioned Google’s sincerity (see here) and wondered if Google would have taken such a moral stance if its withdrawal from the largest internet market in the world had a greater impact on its profits.  In general however, Google was heralded as upholding freedom of speech and human rights.

But Google’s pull-out from China did not mean that it shut down its Google.cn site.  Instead, in order to conform with Chinese law and also with Google’s promise not to censor search results, Google redirected all traffic from Google.cn to Google.com.hk, a website locate in Hong Kong and thus not subject to the censorship rules of the Mainland.  Visitors to Google.cn would be automatically redirected to Google.com.hk.  But this doesn’t mean that a search on Google.com.hk, when conducted from the Mainland, is free from censorship.  The results from such a search are in fact censored – it’s just that Google itself is no longer doing the censoring; instead, China’s internet technology does the censoring (for an explanation of the different types of internet censoring in China see here).

Now though, Google’s make-shift solution has raised the ire of the Chinese government and Google fears that its ICP license is at stake.  Under the Telecommunications Regulations of the People’s Republic of China (PRC), every website that operates inside the borders of China, must obtain an ICP license.  Thus, Google.cn, which is housed within China’s borders, needs an ICP license; but Google.com, the U.S.-based search engine which is accessible on the Mainland, does not need an ICP license since it is housed within the U.S.  If the Chinese government does not renew Google.cn’s license, then the site will be shut down and will no longer exist.

What the Chinese government doesn’t like, at least according to Google, is the automatic redirection of traffic from Google.cn to Google.com.hk.  So to appease the Chinese regulators, Google has changed it so that there is no longer an automatic redirection; instead, Google has added a line on Google.cn stating in Chinese that the site has been moved to Google.com.hk and the if the user clicks anywhere on the page, he or she will be redirected to Google.com.hk.  So instead of an automatic redirection, it now takes a simple click.  According to Google, it needs Google.cn so that Mainland users will know that they can access a Chinese-language search language at Google.com.hk (Mainland users can in fact access Google.com, the U.S.-based search engine, but its interface is in English, not Chinese).

But will this change make a difference?  While technically there is a distinction between an automatic redirection to the Hong Kong-based site and a quick click of the mouse on the Google.cn website to get there, in reality it is more of a distinction without a difference.  Will the Chinese government find this distinction acceptable and renew Google’s license?  Or will it reject Google’s license renewal application?

If the Chinese government does reject Google’s ICP license renewal application where does this leave Mainland internet users?  Basically in the same place that they are in now, causing one to ask Google, what’s the big deal?  Contrary to popular belief, Chinese internet users have access to Google.com, the U.S.-based site, as well as direct access to Google.com.hk.  A search by a Mainland user on either of these sites will produce the same Chinese government-censored results.  If the Chinese government rejects Google’s application, the only difference will be that Google.cn, the Mainland-based site, will be shut down and will no longer exist.  So unless a Mainland internet user knows to go to Google.com or Google.com.hk, he or she will likely turn to the Chinese-based search engine, Baidu.com.  Since the start of “the troubles” between Google and the Chinese government in January, Baidu has increased its market share of internet users, from 58.4% to 64% of the market.  Google’s market share in China, with the automatic redirection to Google.com.hk, has decreased from 35% to 30% (see Rebecca MacKinnon, June 30, 2010 Congressional Testimony, p. 7).

Although Google’s loss of the search engine market share in China was likely inevitable since Baidu benefits from its close and special relationship with the Chinese government, it’s still important for Google to maintain its Google.cn website in China and have some sort of a toe-hold in the country for future development especially.  Currently only around a third of China’s population are internet users, causing internet companies to salivate at the potential profits in China.  Other Google applications, like Gmail and Google Earth (Google’s mapping tool), could also bring in huge amounts of revenue.  Google Earth is particularly promising since China has begun to make efforts to provide its population with accurate online maps.  In fact, this past June, Google applied for approval as one of China’s officially-licensed internet mapping companies.  But as of July 1, such approval does not look likely.  The Chinese State Bureau of Surveying and Mapping just issued a list of mapping companies it deems of “high quality,” a prerequisite for approval.  Google is not listed.

Google potentially has a lot to lose, at least profit-wise, by continuing to take a hard-line against the Chinese government, and that might explain its current change in demeanor and willingness to acquiesce to the Chinese government.  But Google’s attention to its business interest should not come as a shock; in fact, that’s likely what caused it to pull-out of China in the first place. A   corporation’s raison d’être is to maximize profits for its shareholders.  Regardless of what Google might say — that its goal is to “not do evil” — it is ultimately responsible, under law, to its shareholders.  And that’s the way it should be.  Society should not rely on corporations to act as stand-ins for its values.  It is the role of governments, individuals and non-governmental organizations (NGOs) to advocate on behalf of human rights and society’s moral values.  Corporations are not there to police themselves; others must do it for them.  Individuals and NGOs have the ability to shine the media spotlight on corporations’ morally-offensive behavior, calling for boycotts and effectively raising the economic cost of conducting undesirable business practices.

Governments can and should pass laws that are economically punitive to corporations that conduct morally-offensive

Tiananmen Square Protests, Spring 1989 - before the Government Crackdown

activities, making such actions too high of an economic cost to that company.  In fact, in terms of internet and technology, the U.S. already has such regulations.  Known as the Tiananmen Sanctions, and passed after the 1989 Tiananmen Square protests, Congress can deny export licenses to those U.S. companies that sell “crime control and detection instruments and equipment” to China (Congressional Research Service, “China: Economic Sanctions,” p. 2).  But these sanctions are never used.  U.S. companies like Cisco, Oracle and Motorola have provided Chinese state security forces with the technology necessary to police the internet.  Aside from a few articles in the U.S. press, these transactions have received little to no censure.

China’s internet censorship should not be condoned.  But Google is not the champion of our moral values, nor should it be asked to be.  The responsibility lies with us, through our elected officials and through our own actions.  But so far it appears that society is more willing to hide behind the mask of Google’s actions, seeing its pull-out from China as some moral victory instead of a business dispute.  This is unfair to Google, detrimental to the Chinese people and undermines the values which we hold dear.

Adam Segal Discusses U.S.-China Relations in a Cyber World

By , April 14, 2010

World leaders met this week in Washington, DC to discuss the danger of nuclear war.  But as the world becomes increasingly reliant on the internet and increasingly connected through it, another threat is beginning to loom large – cyberwar.  When noted technology giant Google is susceptible to cyber-attacks, that does not bode well for the rest of us.  How safe is the U.S. from a large-scale cyber-attack?  Today Chinese hackers attack Google’s servers, but what about tomorrow?  Will the next attack be on something more critical, like a U.S. power grid?

Dr. Adam Segal, Ira A. Lipman Senior Fellow, Council on Foreign Relations

Dr. Adam Segal, Ira A. Lipman Senior Fellow, Council on Foreign Relations

To understand the complex issues underlying the world of hacking and cyber-espionage, and how it relates to U.S.-China relations, China Law & Policy sat down with a noted expert on both China and cyber-security, Dr. Adam Segal, the Ira A. Lipman Senior Fellow at the Council on Foreign Relations.   In this exclusive interview, Dr. Segal discusses the nature of the attacks on Google, the involvement of the Chinese government in the hacking world and the danger China poses to the U.S.’ cyber-security.  But as Dr. Segal makes clear, it is not a one-sided affair; the U.S. also plays a very active role in hacking and cyber-espionage, making it difficult to challenge China when something like the Google incident arises.  Dr. Segal also explores the need for international cooperation on these issues and the role that international law can play in containing the threat.  Unfortunately, as he points out, the world community is far from reaching any sort of agreement, leaving all nations susceptible.

Click here to listen to the interview with Dr. Adam Segal (read below for transcript)

*****************************************************************************************

ELCan you just give our listeners a little bit of background on the hacking which lead to Google’s announcement in January that it was looking to leave China?  How widespread and sophisticated was the attack and what was the theft that Google referenced in its press release if you know at all?

AS: Google announced that it was going to be shutting down its business in China.  And what they said drove them to that decision was a hacking incident which seems to have two main components.  The first was, as you said, a kind of attack on Google’s intellectual property, its corporate knowledge and corporate property.  And the second was attacks on the G-mail accounts of human rights dissents.  Google said it traced those attacks back to China; it didn’t implicate the Chinese government.  Others, like the New York Times have traced it back to Shanghai Jiaotong University and a computer training institute but the source of it still remains a bit of a mystery.

There is some debate about how sophisticated the attacks actually were.  They were referred to as the Aurora attacksHacker hackingGoogle has consistently said that they were extremely sophisticated but a number of other security analysts have said that in fact they were fairly basic, that much of the code used has been floating around for a long time.  What the IPR that the Chinese got or were trying to get is unclear, Google hasn’t specifically said.  Some people seem to believe that it was basically that it was the data and databases that Google collects on its own users.  So basically the kind of core knowledge that Google extracts from what Google users do, how they do it, when they do it, which would be one of the most important kind of assets that Google has.

ELIn tracing back, or Google saying that the attacks were traced back to China, why is that difficult to ascertain?  To what degree…Can you put a percentage on how accurate you can trace back an attack?

AS:  The problem is that you can continually trace back the attacks to certain computers or to certain networks or IP addresses, but often once you get there, some more poking around leads you to another computer behind that.  And the other thing is the hackers themselves can spoof the address that they are using.  I think there becomes a fairly high degree of certainty about where the attack might have come within a national network.  In some cases, even down to specific IP addresses.  But even then you don’t know who the hacker was that was involved and you don’t know the hackers relationship to any state organization or anybody else for that matter.

ELAnd in terms of China specifically, the cyber-hacking, how prevalent is cyber-hacking from China compared to other countries like Russia or even the United States?  Is China being singled out here?

AS:  I think China is being singled out in a sense.  I mean given that it was a high profile attack on a company like Google, but also given the state of U.S.-China relations right now, that it fed into a worsening tenor in the bilateral relationship.  But in raw numbers, for criminal activity, clearly Russia is very high up there and we saw the political uses of cyber-hacking in the case of the Georgian war and Estonia and some other high profile political cases.  And there is a large amount of hacking that comes from the United States and that’s actually one of the big complaints on the Chinese side – is that the Chinese are being scapegoated and they themselves are often victims of attacks and many of those attacks come from servers in the United States.  When you look at the number of bad ISP – Internet Service Providers – that are hosting botnets and other kind of zombies that are attacking, there are a large number of them that are in the United States.  So, China is also a victim.

ELJust focusing on just China and the hacking there, can you explain maybe a little bit more what the hacker community is like in China.  Is it an organized community?  And what motivates the hackers – do they do this just for fun or are they ever “hired” for their skills?  And also how do they determine targets – how was Google determined?  Was that just something for fun or for profit?

hacked-computer-june08AS:  I think the community itself is incredibly hard to characterize.  It’s very diverse, it’s, I think, very decentralized.  The community represents kind of the similar community that there is in the United States and Russia.  There are what they called script-kiddies – people, teenagers who are doing it for fun or to show off or to see what they can actually accomplish.  There are criminals – people that are just hacking for financial gains.  There are what are called patriotic hackers – people that hack websites out of a kind of nationalistic feeling.  Then there are hackers that are probably employed by the Chinese government, probably by the military and the security agencies that are used to attack specific targets for political reasons.  And then there are hackers in the military that are thinking about how cyber would be used in an actual military conflict.

Of course, the important question is the relationship about all of these people and I don’t think we really have a very good idea.  Clearly, there is some blurring of boundaries of patriotic hackers and criminal hackers.  The system itself seems to be in many ways a kind of mirror of the system that has made China such a power in the global manufacturing which is that there are kind of contracts and subcontracts and subcontracts of what people do.  Somebody might be in charge of writing a very low-level code and that code is then packaged up and used by people above them, who may then might contract for a specific project or may sell it on the open market.  Certain things are just put out there on hacker websites and you can just download them and buy them just for your own thing.

Why Google was targeted.  If, as Google says that they were part of an attack that seems to have included at least 30 other technology companies, there does seem to be a push from Chinese intelligence community, from its espionage community, to try and get advanced technology from foreign companies.  So we have seen for at least five years, if not longer, pretty concentrated, focused attacks on defense contractors and other U.S. technology providers.  And then, once you add the attack on the dissidents as well, then that also seems to be one of the interests of the attacks.  But who was, who within the Chinese government organized it or put it in a larger strategy, I think that we really have no idea. 

EL:  I guess that raises kind of the other issue that has been floating around there with the Google incident and cyber-hacking in general, is to what degree is the Chinese government involved in some of these incidences?  I know Northrop Grumman issued a report last year to the US-China Economic and Security Commission analyzing the link between, hacking for military purposes, but this general hacking of corporations, could it be that the Chinese government is behind it?  And also, when you make this distinction of political hackers, would that be motivated by the Chinese government or is it just a by-product of the nationalism that seems very active in China right now?

AS:  I don’t think we know.  I think the most we can say is on the espionage side, it just matches, or it pushes in the OLYMPICS/SECURITY-PLAsame direction of a general concern we know that China has about technological dependence and wanting to gain as much technology from the West as possible.  That strategy I think has been in place for fifteen, twenty years.  That includes perfectly harmless, normal technology policy about how China is going to increase its own technological capabilities, goes from that to espionage and theft.  You would expect that that would include the normal type of espionage or bribing, stealing, theft of secrets from corporations, to now including cyber-espionage and attacks and those things.  So I would say that the government has a role in the sense that it has set this general direction of the policy and these concerns about technology and China’s desire for it.

Clearly the intelligence agencies probably have a sense of specific technology that they are concerned about and want to know more about.  So the hacking of the F-35 and the F-22 and those kind of things, those are clearly probably driven by government agencies who are looking at a potential conflict with the United States and want to know what those capabilities are.

But once you get to the level of Google – is there a government official that says, well if we hack Google, then we can give that information to Baidu [the popular Chinese search engine] and we can have a competitor, I don’t think we can know.  That clearly is a possibility but at this point, it may just be criminal.  It may be a criminal that turns around and says to Baidu – we can sell this to you.

On the dissident side, I think it is probably very similar also.  I think in some cases the security agencies may have….are targeting specific individuals who are using those capabilities.  In other cases criminal hackers go after people and then turn around and say to the intelligence agencies – we’ve got this person so either do something for us or pay us for the information.

ELIn the press it has often been the Chinese government attached to this cyber-hacking, but does the Chinese government ever see this cyber-hacking as a threat to its own rule either from domestic hackers or from hackers in the U.S.?  Are the government agencies ever a victim of the cyber-hacking and cyber-espionage either domestically or from abroad?

national-security-agency-sealAS: Yeah, I would think all of the time. I think, from the international perspective the Chinese basically assume that the United States is engaged in cyber-espionage all of the time.  And that given our capabilities, in particular the capabilities that exist in the NSA – the National Security Agency – that they are….we are probably getting more from them then they are getting from us, in the Chinese perspective, and that we are constantly hacking them.  So they point to that as well as to the discussions in the United States about creating a cyber-command in the military and discussions about controlling the commons and all these other things as kind of a representation of American hypocrisy.  We are talking about militarizing cyber-space while they are being hacked.  So I think yes, that’s clearly and issue from outside of China.

On the domestic front I think yes, that Chinese government agencies and corporations are being hacked.  There’s been a number of prominent cases of Chinese hackers spreading malware to try and steal identity numbers and virtual money from these multiple player games.  Very prominent hackers have been arrested and eventually imprisoned.  So I think that is part of the threat.

The other threat is of course is that, dealing with these patriotic hackers is a double-edged sword for the Chinese government.  There is a fear that while they are focusing externally, U.S. corporations or U.S. government websites, in the case of the Olympics on French websites and things like that.  But if their ire is turned inward then those people could hack Chinese government websites.   I think the Chinese government is very concerned and you can see that in discussions about their own cyber-security but also trying to develop new types of software.  The problem is that the Chinese is hyper-reliant in Microsoft, something like 90% of Chinese government offices use Windows.  A lot of that is pirated which means that it is not updated regularly for security patches.  So there is a lot of vulnerability.

EL:  You make this distinction between patriotic hacking, criminal hacking, commercial hacking, but under Chinese law itself, is hacking in general illegal?

AS:  It is.  There are laws on the books against hacking, criminal hacking, privacy laws.  Those were strengthened in

Cute & Cuddly until he infests your computer

Cute & Cuddly until he infests your computer

December 2008 and then again in February of this year I think.  The Chinese announced that they were going again to try to strengthen anti-hacking laws, in particular the kind of punishment for hackers.  Also on-line privacy issues and some tort issues about privacy and defamation.  Like I said, there are prominent cases of hackers who have been arrested and fined.  This guy who wrote this malware called Panda malware I think it was, and was sentenced to I think 3 years and fined $18,000.  So there are domestic laws against it.

ELAnd do you think the domestic laws are sufficient in dealing with this?  And also how do Chinese laws compare to laws in the United States against hacking?

AS:  I think they’re comparable.  I think the issue is with all laws in China has to do with implementation.  Clearly the issue for the United States or other countries, investigating hacking requires more cooperation from the Chinese about, who’s behind the attacks and actually following up on prosecution.  But I think within China, I suspect the issue is not the law per se but expertise….all the things we have in the United States about how do you prosecute cyber-crimes – expertise at the local level, resources, enough people staffing these kinds of issues.  From the Chinese perspective also, the U.S. hasn’t been all that helpful either.  I have heard a number of cases where the Chinese have turned around to the FBI and said –we think this hacking is coming from the United States.  And the United States has not been all that responsive from what I’ve heard.

EL: I guess cyber-hacking, it’s definitely a crime more without borders.  So how do you see international law or treaties coming into play here to battle the threat of cyber-espionage?

AS:  I don’t think there’s much to be done about espionage.  There’s no international treaties against espionage.  We engage in it, they engage in it, our allies engage in it.  I think that is likely to happen.  I think espionage we have to figure out how we are going to defend ourselves against.  The problem with espionage of course though is that it is hard to differentiate espionage from what could become vandalism or an attack.  So I think what we want to kind of agree on with the Chinese is that we know espionage is going to go on, but things like probing electricity grids, that should not be occurring or other kind of critical infrastructure.  We should be working on how do we declare those off limits.

On the criminal front there is a…the Council on Europe has this convention on cyber-crime.  I can’t remember how treatymany countries have signed it now, it’s about I think 20 or 40, I can’t remember exactly.  But part of the problem is that most of the major players haven’t signed it; the U.S. has signed it, Japan has signed it but Russia hasn’t signed it.  Which goes a long way in defining consistent standards across national borders about what a cyber-crime is, how do you punish hacking, create a deterrent.  The problem with Russia, China things that we see as freedom of speech they see as a cyber-crime so that has been a problem in the case of Russia.  But the Chinese seem to be at least studying the Council on Europe convention which often kind of the first sign that the Chinese are moving toward international standards.  So I think that is a way to move forward.  And within Asia itself, ASEAN has had a couple of discussion about creating a similar kind of convention on cyber-crime in the region.

And then the other issue is this international convention on arms control, on cyber-war.  The United States has entered into discussions with the Russians about it.  That I think is very difficult and I think unlikely to be very useful because in the kind of traditional terms of arms control verification, inspection, those are all impossible with cyber-weapons.  So, that I think is useful just for talking for talking’s sake but will not result in any kind of concrete agreements.

EL: Just to follow-up on the convention on cyber-crime, you said that one of the problems is definition of terms.  Is that the only thing that would hold back a country like China or Russia from signing on to this kind of convention?  Or are there other factors?

AS: I think that’s a big one but I do think also that right now at least China and Russia find it politically and strategically useful to kind of have this arms-length relationship with hackers.  As we talked about earlier, this ties the government’s willingness to directly use or indirectly use hackers for their own political purposes makes it….right now that’s a reason for them not to crackdown too hard on criminal hacking.  So that is I think another reason why it has been hard to create a common ground.

ELDo you think that there is any space for having maybe a bi-lateral agreement between U.S. and China or a tri-lateral agreement between U.S., China and Russia about issues of cyber-espionage like not probing electricity grids or things like that?  Or do you think it would have to be global?

AS:  Well I think any convention would have to be global.  But I think there is a benefit for having these bi-lateral discussions only if because this area is newly emerging and policymakers I don’t think are particularly cognizant of all the risks and problems involved in any of these issues.  So just having a discussion with the Russians and the Chinese and others about what the potential rules of the road might I think are probably pretty useful.

EL: Absent any kind of global agreement, how best should the U.S. government and U.S. corporations deal with this issue of their own?  How can they better prevent it from happening?  Or can they?

Howard Schmidt - Cyber Czar

Howard Schmidt - Cyber Czar

AS: That’s what we are struggling with now.  The United States finally has the cyber-czar in place, Harry Schmidt.  I think one of the big things that is still occurring in the United States is kind of a debate about what the best metaphor for this is, how do you think about this cyber-issue.  You have those like, the op-ed in the Washington Post several weeks ago by the former head of NSA, McConnell, about basically cyber-war and we’re losing it and his response was very much a militarization of cyber-space.  In fact he calls for something like the re-engineering of the internet so we can basically see where any attack is coming from.

And then you have Schmidt at a conference a couple of weeks ago saying – I don’t believe in cyber-war, I don’t think cyber-war is the right metaphor.  And you have those people talking about resilience and more of a public health model for how you respond to these things – you have to defend, you have to respond, you have to quarantine.

So I think we have this broad outline, we have this debate to settle in the States.  But the way we are moving is probably closer to the public health, well actually probably both tracks at the same time.  From the defense side I think you are beginning to see more traction on private-public cooperation, about definitions of standards – what does secure actually mean and how should it be implemented, more spending on R&D for cyber-security, more training of people and that’s a major issue is about getting people trained, more public awareness.  These are all domestic issues.

EL: And just a final question.  Since President Hu Jintao is in the United States, in Washington today, do you think in his side talks with President Obama, the issue of cyber-hacking and cyber-espionage will be coming up?  How important do you think the Administration views this issues especially in light of the fact that Secretary of State Clinton has openly talked about it?

AS:  I suspect it wasn’t brought up in these meetings if only because over the last two and a half weeks it has been a clear effort on both sides to try to get the relationship back on track.  Clearly the Administration’s major strategic concern right now is Iran and then with the currency being the second concern.  So those are the two issues, from what I’ve heard, were discussed in the meeting.  I suspect there were no reasons to bring up the cyber-issues because there are no solutions or discussion that is helpful to both sides at this point.  So other than just poking them in the eye with it, I don’t see why they would bring it up.  So I suspect it was not discussed.

EL: Thank you very much.  This was very interesting and I appreciate your time.

AS:  Thank you.

Google & China: Is it Really About Censorship?

By , March 30, 2010
Is it St. George or Google that Slays the Dragon?

Is it St. George or Google that Slays the Dragon?

Google has become the Western media’s new Saint George.  With its pullout from China last week and its refusal to submit to the Chinese government, Google slew the dragon of censorship, or at least that is the story being marketed by the press.

But if we look back to Google’s announcement from January 12, 2010, the catalyst of Google’s troubles in Beijing had little to do with censorship.  Instead, what initiated Google’s eventual withdrawal from China was the hacking attack of its computer infrastructure and the theft of valuable intellectual property.  Absent this attack, would Google have left China?  How did we go from a cyber-attack to a principled stance on censorship and why?  And is relying on Google to promote human rights a good thing?

Don’t Be Evil….Unless it Doesn’t Correspond with Shareholders’ Interests

Google claims that its informal motto of “don’t be evil” is a central pillar of its corporate core values.  But in reality, its motto can only be applied to the extent that it does not conflict with shareholders’ interest.

Google is a publicly traded company and as such, its primary duty to is to its shareholders, usually achieved through the maximization of profits.  This isn’t just a precept of sound business; it is an actual requirement of the law.  In the U.S., directors and officers of a corporation have certain fiduciary duties toward the corporation’s shareholders; if an officer or director acts in a way that breaches these duties, shareholders may bring an action against the board of directors and the officers.   This is to guarantee that the directors and officers act in good faith toward a corporation’s shareholders and make decisions based upon reasonable business interests and not upon personal ones.

Before Google made its January 12 announcement, rest assured that it probably checked with legal counsel to guarantee that shareholders could not bring a suit against it for violating fiduciary duties.  Most likely someone wrote a memo analyzing the merits of shareholders’ potential claims against Google for pulling out of the largest internet market in the world.

The current China internet market totals around 348 million users, more than the population of the United States but Google profitsless than a third of China’s potential internet population of 1.3 billion people.  With such an untapped potential, even if Google maintained its 33% market share of the Chinese search market, it could potentially reach 429 million people.

Can walking away from a market that potentially could be that big ever be justified to shareholders on the grounds of Google’s censorship?

Likely not.  A rational shareholder purchases shares of Google not because of its founders’ stance on censorship in China but more for high return on its equity investment; in other words, profits through increased share price.

So how does Google get away with avoiding a shareholder lawsuit?

First, Google’s foray into China resulted in marginal benefits for the company.  Google did not enter the Chinese market with its Chinese search engine google.cn until January 2006 (to understand the difference between google.cn and google.com see CL&P’s previous article).  However, prior to 2006, Chinese internet users were able to access the U.S.-based search engine, google.com.  At the end of 2005, just through the use of the U.S.-based google.com, Google already had 27% of the Chinese search engine market.  Fast-forward to 2010, four years after it launched its censored Chinese search engine, Google was only able to raise its market share six percentage points to 33%.  Even with its withdrawal from the Chinese mainland, Chinese internet users will still have access to Google either through its U.S.-based search engine, google.com, or its newly established Hong Kong-based search engine, google.com.hk.  Thus, Google’s market share in China will likely continue to hover around 30%.  So the impact of Google’s withdrawal on its profits is relatively small, staving off a shareholder lawsuit.  If profits in China were higher, would Google still have left?  Maybe not.

Furthermore, the initial reason behind Google’s departure – a cyber-attack – is likely sufficient to justify giving up the domestic China market and the meager increased profits.  Although the cyber-attack has been pushed to the background, it’s actually a pretty big deal.  The attack on Google, which was coordinated with an attack on over 30 other western high tech companies, resulted in the theft of proprietary source code and other intellectual property.  While Google hasn’t openly discussed the extent of the cyber-attack, Adam Segal of the Council on Foreign Relations and an expert on cyber-espionage, hypothesizes that the Chinese hackers made substantial inroads in obtaining some of Google’s core technologies, namely “how it collects information on users and how it uses it to exploit its [Google’s] market advantage.”  This is information that is core to Google’s success and not something that it wants hackers to be able to access.  Any gains from protecting this information far outweighs the losses of shutting down its Chinese search engine.

Cyber-attacking or Playing the Art of Warcraft?

Cyber-attacking or Playing the Art of Warcraft?

Why then the censorship angle?  First, companies don’t really like to announce their vulnerabilities to cyber-attacks.  It’s not surprising that not a single company out of the other 30 that were attacked has stepped forward.  But second, and perhaps slightly cynically, the censorship angle is a marketing bonanza for Google.  Google is the West’s white knight, and although its share price has dropped significantly since it first threatened to leave China, it could have fallen lower absent the positive press surrounding its departure.

And if this was really just about the censorship, why did it take over two months for Google to leave the mainland?  The Chinese government is not about to give up on censorship, as Google executives must be keenly aware of.  So why prolong it?  And if censorship is so abhorrent to Google’s mission, why continue to promote your Android technology on Chinese mobile networks?  Censorship in China is not limited to computers.  A tremendous amount of censorship and surveillance also occurs on mobile devices.

Google’s principle stance against censorship likely has merit and its belief in “don’t be evil” isn’t idle chatter.  But in regards to Google’s withdrawal from China, censorship was neither the only nor the primary reason for its departure.

What’s the Big Deal if Google wants to Say it Left because of the Censorship?

First, by relegating the cyber-attack aspect of the Google-China incident to the background, the press, U.S. government and corporate America avoid confronting what some call the greatest threat to U.S. prosperity.  Adam Segal – in an interview on Digital Age – offered a sobering account of cyber-espionage and the U.S.’ lack of preparation to deal with this increasingly sophisticated threat.  Although previously focused on military secrets, Mr. Segal argued that the threat is increasingly on corporate secrets.  One of the last vestiges of the U.S.’ success lies in its intellectual property.  But cyber-espionage, especially by the Chinese, puts this very much at risk.  Before, companies avoided intellectual property theft by not doing business in China or setting up an office there.  But now, with increasingly sophisticated hacking, companies can no longer avoid the risk that their research and development is vulnerable – the physical location of a company’s R&D does not matter.  According to Rahm Emanuel, “never let a serious crisis go to waste.”  But that is exactly what happened here.  Every discussion about Google – from the press to Capitol Hill to the Administration –  has been about censorship, not about the more serious threat to the U.S.’ national security, cyber-espionage.  Google should certainly be commended for being so open about the Chinese cyber-attack.  Such frankness and cooperation with the U.S. government is important in battling cyber-espionage.  But the U.S. government appears to have largely ignored this opportunity to create a structure or a defense to deal with this issue.

But perhaps more importantly, should we rely on Google, a publicly traded company, to serve as our proxy on issues

Human Rights Attorney, Gao Zhisheng

Human Rights Attorney, Gao Zhisheng

of human rights?  Google was not created to promote human rights; Google’s dual aims are technology innovation and profits.  And there is nothing wrong with that; it’s what corporations do.  But by focusing so much on Google’s decision to leave China and cloaking it in this narrative of a principled stance against censorship, are we excusing our own behavior and inaction?  While the press has focused on Google’s departure from China, a real human rights defender, GAO Zhisheng, has “disappeared” in China.  Detained by the Chinese police last year, Mr. Gao went missing a few months ago with Chinese officials stating that he was “where he should be.”  Only yesterday was he found, alive.  But this story has received little attention from mainstream press and scant consideration from the Administration (the Google incident inspired a speech from the Secretary of State).  What kind of emerging superpower says that one of its citizens is where he belongs?  And what kind of society that is considered a bastion of human rights allows this power to get away with it?

Google & China: Full of Sound & Fury, Signifying Nothing?

By , March 24, 2010

Google ChinaGoogle’s prolonged departure from China was finally completed on Monday with Google moving both its Chinese servers and search engine to Hong Kong.  Since first announcing that Chinese hackers attacked its computer systems and stole some of its source code back in January, Google has left the world in suspense, avowing to leave mainland China unless the Chinese government allowed it to operate an unfiltered search engine.

But asking the Chinese government to stop censoring the internet is like asking the human race to give up oxygen.  Internet censorship is the Chinese Communist Party’s (CCP) lifeline.  Spending vast amounts of resources on policing the internet, China has one of the world’s largest and most sophisticated internet filtering systems and has no intention of weakening this system.  If anything, 2009 – with its many politically-charged anniversaries including the 50th anniversary of the Dalai Lama’s departure from Tibet, the 20th anniversary of the Tiananmen Square crackdown, and the 60th anniversary of the founding of the People’s Republic of China (PRC) – has only seen increased internet censorship. For the CCP, an uncensored internet could undermine its control and disrupt the fragile social stability that it works so hard to maintain.

Given the CCP’s fear and its desire to maintain its monopoly on power, it should come as no surprise that Google was not able to negotiate any kind of compromise on internet censorship.  On Monday, Google issued a statement saying that over the past two and a half months, in its discussion with the Chinese government, it has come to realize that “self-censorship is a non-negotiable legal requirement” for the Chinese government.

Google’s Move Changes Nothing in Terms of Internet Censorship

So with its announcement on Monday, Google moved its Chinese search engine operations to Hong Kong.  Its Chinese

David vs. Goliath

David vs. Goliath

search engine, google.cn, now directs users to its new Chinese website, google.com.hk; additionally, Google moved its servers from the mainland to Hong Kong.[1]

So given all the hoopla surrounding Google’s departure from the mainland, the constant news reports and the heralding of Google as the David to China’s Goliath, Google now offers  uncensored search results on the mainland, right?

Wrong.  Little has changed in terms of censorship.

In order to understand how little Google’s move changes anything, it’s important to understand the two levels of censorship in China. A 2006 New York Times Magazine report on this issue gives a good background and is summarized below.

Chinese Law & Required Self-Censorship

Under Chinese law, any private company offering internet services in China must sign a licensing agreement that it will not circulate content on certain taboo subjects.  While the list of these subjects changes on a regular basis, usually included is information on the 1989 Tiananmen Square protests, the banned religious group Falun Gong, and any positive discussions of the Dalai Lama (negative ones are usually okay).

Restricting access to these sensitive subjects is the responsibility of the internet company, and often, to make sure that it is capturing everything and is not in violation of the Chinese government’s vague directives, the companies’ filtering is usually more inclusive than it needs to be.  Through this system, the Chinese government basically outsources its censorship responsibilities to entities that are doing a better job than they likely ever could.

In January 2006, Google, by setting up its Chinese search engine google.cn within China’s borders, became subject to Chinese law and thus signed a licensing agreement agreeing to self-censor.  Any searches performed on google.cn led to censored results.  For example, a search of “Tiananmen” on google.cn only pulled up tourist pictures of the Tiananmen Square; a search on google.com (the U.S.-based search engine) and conducted in the U.S. pulled up multiple images from the 1989 crackdown (see Prof. Don Clarke’s China Law Prof blog for a visual comparison).  This censorship was performed by Google.

The Great Firewall

But self-censoring only works on those companies that set up a server within China.  What about search engines with servers located outside of mainland China and thus not subject to its laws?

That’s where the Great Firewall comes into play.  The Great Firewall is essentially a protective shield that filters search results before they enter China.  Let’s say a Chinese citizen sitting in front of his computer in Beijing wants to read an article in the L.A. Times about the Academy Awards.  His computer reaches out to a server in L.A. to pull this information, but before it can show up on his computer screen in Beijing, it first must be filtered through the Chinese routers that control all information coming into China over the internet.

These routers are like custom officials – only websites permissible under Chinese law will be allowed entry into China and will show up on our Chinese friend’s computer screen.  The router goes through a series of steps.  First, it reads the address of the website – is this website a blacked out site that Chinese citizens can have no access to?  If yes, then the router does not allow our Chinese friend to access any portion of the L.A. Times and it is completely blocked.  Overtly political websites like Human Rights in China, Amnesty International, are completely blocked sites in China; type in the web address and nothing appears.  Also completely blocked are many social networking sites like Facebook and Twitter.

But if the site isn’t completely blacked out (and I don’t think the L.A. Times is a completely blocked site in China), then

Sandy-B, likely not a threat to Chinese social stability

Sandy-B, likely not a threat to Chinese social stability

the router reviews the article that our Chinese friend wants to read to see if it contains any blacklisted words.  If it does, the article will not be displayed on our friend’s computer in Beijing.  If it doesn’t contain any no-no terms, it will finally appear on his screen and our friend will be able to read the article.  For example, an article about Sandra Bullock winning the Academy Award will likely make it through the Great Firewall (no matter how offensive that might be to fans of Meryl Streep), but an article about the Academy nomination of the Chinese documentary about the Sichuan earthquake, China’s Unnatural Disaster: The Tears of Sichuan Province, will be blocked.

This is the situation that currently exists for google.com (the U.S.-based search engine) in China.  Google.com is an accessible site in China and can be used to run searches.  However, the searches, which access information on the servers located outside of China, must go through the Great Firewall.  Depending on the web addresses and the content of the web pages requested, some information will make it through the Great Firewall and some will not.  For example, a search of “Tiananmen” on google.com within China, will not produce the same results as a search of Tiananmen on google.com within the U.S.  The China search will pull up little to no information on the 1989 Tiananmen Square protests.  To the extent that websites discussing the Tiananmen Square protests appears in the search results, these sites are usually not accessible, and clicking on the result will likely produce an error message.

The Great Firewall is not perfect and sometimes information can sneak in.  To the extent that the Chinese government can have private internet companies conduct self-censorship, that is usually a more effective method as well as cheaper (for the Chinese government at least).

Is Google.com.hk Subject to the Great Firewall?

Courtsey of ChinaDigital Times

Courtsey of ChinaDigital Times

The Great Firewall applies to information coming from Hong Kong.  By directing people in China to its new website google.com.hk, with servers located in Hong Kong, all information attempting to come into China will be subject to the Great Firewall.  The results will still be censored.  It’s just that Google is no longer performing the censorship, instead the Great Firewall is.

Articles heralding that “google goes uncensored” are just plain inaccurate.  Google is uncensored to the extent that a search is performed outside of China; but that was the case before Google had its tiff with Beijing.  Any searches conducted on google.com.hk within China, will be filtered and it will likely produce the same filtered results that a search on google.com would produce if performed in China.  Anecdotal information currently coming from China confirms this.

So basically, the situation is the same; nothing has changed.  Perhaps Google’s culpability is less, but censored results in China are still par for the course.  And don’t expect that to change anytime soon.


[1] While a part of China, Hong Kong is not subject to PRC laws, at least in terms of political freedoms.  Instead, Hong Kong, under the arrangement of “One Country, Two Systems,” is governed by its own Basic Law which affords greater protection to freedom of speech

VIDEO: Panel Discussions in Honor of Prof. Jerome A. Cohen

By , March 9, 2010
Prof. Jerome A. Cohen - Photo by George Washington Law School

Prof. Jerome A. Cohen - Photo by George Washington Law School

On February 19, 2010, George Washington School of Law and Georgetown University Law Center hosted an academic conference in honor of noted Chinese legal scholar Prof. Jerome A. Cohen.  Consisting of four separate panel discussions on current legal issues in China, the afternoon conference, and it’s participants (all of whom were students of Prof. Cohen’s) was a testament to the continued importance of Prof. Cohen’s work in the field.

Panel 1 – Google & Freedom of Online Information
(7:20 start) Rebecca MacKinnon, Visiting Fellow, Center for Information Tech. Policy, Princeton
(19:35 start) Lawrence Liu, Senior Counsel, Congressional-Executive Commission on China
(28:49 start) Sharon Hom, Executive Director, Human Rights in China
Click here for video of this panel.

Panel 2 – Business Law
(1:43 start)Donald Clarke, Professor of Law, George Washington University Law School
(10:25 start) Nicholas C. Howson, Assistant Professor of Law, University of Michigan Law School
(19:22start) James Feinerman, Co-Director/Prof. of Law, Law-Asia Leadership, Georgetown Law
Click here for video of this panel.

Panel 3 – Human Rights, Civil Society & Criminal Law
(1:07 start) Xiaorong Li, Research Scholar, School of Public Policy, University of Maryland
(9:18 start)Karla Simon, Professor of Law, Columbus School of Law, Catholic University of America
(21:25 start)Eva Pils, Associate Professor, Faculty of Law, The Chinese University of Hong Kong
(33:38 start) Scot Tanner, China Security Analyst, The CNA Corporation
Click here for video of this panel.

Panel 4 – International Law
(1:32 start) Julia Qin, Associate Professor of Law, Wayne State University Law School
(10:35 start) Michael Schlesinger, Of Counsel, Greenberg Traurig, LLP
(20:00 start) Timothy Stratford, Former Assistant U.S. Trade Rep. for China Affairs, USTR
(28:15 start) Alex Wang, Senior Attorney & Director, China Environmental Law Project, NRDC
Click here for video of this panel.

CLOSING REMARKS BY PROF. JEROME COHEN – Click Here

Thank you to Prof. Don Clarke of George Washington School of Law for making the videos of the conference available.


The NY Times Overreacts to U.S. Arms Sales to Taiwan

By , February 2, 2010

In yesterday’s New York Times, Helene Cooper argued that the Obama Administration’s recent announcement of over $6 billion in arms sales to Taiwan shows a “new toughness” toward Beijing and perhaps even a “fundamentally new direction” in the Administration’s China policy.  But, by focusing on the arms sales, Ms. Cooper overemphasizes the event.  U.S. arms sales to Taiwan are far from novel or tough, and some may argue, periodically required under U.S. law.

Similarly, Beijing’s angry reaction was predictable.  In fact, for each prior Administration’s arms sales to Taiwan, the Chinese government has responded in much the same way: postponement of military-to-military meetings, issue formal protests with U.S. officials, and saber-rattling for the domestic consumption.  However, Beijing’s recent threat of sanctions against U.S. companies involved with the arms sales is new and serious.  But this is more a reflection of China’s growing confidence and less a reflection of a changed or “tough” U.S. policy toward China.

Why Does China Care so Much about Taiwan?  Isn’t it a Separate Country?

Nope, scrap that vision from your mind.  Taiwan is not a separate country, at least not in the eyes of the Chinese, Taiwanese or U.S. governments.   The People’s Republic of China (a.k.a. the mainland) views Taiwan (a.k.a. “The Republic of China”) as a renegade province and any relations between Taiwan and other countries is viewed as interference in the mainland’s domestic affairs.  While Taiwan has largely developed as an independent society, it agrees with the mainland’s assessment that there is only “one China.”  The Taiwanese government has never called for independence and the Kuo Min Tang party (pronounced Gwo min-dang and a.k.a. “the Nationalists” or KMT), which has ruled Taiwan for most of Taiwan’s separate existence, also espouses the view of “one China” and that eventually, the mainland and Taiwan will reunite.  The difference is who rules this reunited China.  For Taiwan, it’s the KMT; for the mainland, the Chinese Communist Party (CCP).

All of this stems from World War II.  After the War ended in 1945, the KMT and the CCP resumed their civil war, a civil war that was put on hold to fight the Japanese invasion from 1937 to 1945.  By 1949, the CCP’s victory was certain and the KMT government fled to the province of Taiwan to continue the Republic of China.

China DailyThus began the baffling existence of two Chinas – the communist People’s Republic of China on the mainland and the KMT’s Republic of China on Taiwan.  Each China claimed that it was the “official” and “rightful” China and the other a mere province; each forced the international community to recognize only one China – either China on the mainland or China on Taiwan – hence the birth of the “one China” policy.

The U.S. continued to ally itself with the KMT and the Republic of China, recognizing Taiwan as the official China and all but denying the existence of the mainland.  But starting in 1972, with President Richard Nixon’s historic visit to the mainland, relations between the U.S. and the PRC began to improve and in 1979, the U.S. switched recognition of China from Taiwan to the mainland.

Obama’s Arms Sales to Taiwan Is Par for the Course in U.S.-China Relations

The Obama Administration’s recent announcement of arms sales to Taiwan follows a long line of arms sales by the U.S.  Almost every president since 1978 has sold arms to Taiwan.  In fact, the U.S., under the 1979 Taiwan Relations Act (TRA), is required to sell defensive arms to Taiwan.  In 1979, after changing recognition to mainland China, the U.S. did not want to leave its former ally completely open to attack or takeover.  As a result, Congress passed the TRA.

The TRA authorizes quasi-diplomatic relations between the U.S. and Taiwan.  For example, instead of having an official embassy on Taiwan, the TRA allows for the “American Institute in Taiwan.”  Additionally, and more importantly, the TRA established the U.S.’ responsibility toward Taiwan if it is threatened.  At issue here is the TRA’s requirement that the U.S. periodically sell defensive arms to Taiwan.

In announcing arms sales to Taiwan, the Obama Administration is merely following its obligations under the TRA.  green peopleAdditionally, the Obama Administration has not acquiesced to Taiwan’s request for F-16s.  During the George W. Bush Administration, Taiwan repeatedly requested the purchase of F-16s.  Similarly, Taiwan put out feelers with the Obama Administration to see if there was a possibility that they could purchase F-16s.  Again, Taiwan was told not to put in a formal request for F-16s.

The F-16s are a big issue since they are not “defensive” arms; Beijing would very much view a sale of F-16s to Taiwan as going a bit too far.  But Obama’s package to Taiwan merely includes the usual: Patriot missiles, Black Hawk helicopters, mine-hunting ships and information technology.

If the Obama Administration wanted to use the Taiwan arms sales requirement to “toughen” its stance to Beijing as the New York Times claims it has, the Administration would have acquiesced to Taiwan’s request for F-16s.  Instead, it merely sold similar arms to Taiwan that President George W. Bush sold in 2008.

This is not to say that the Obama Administration does not have a strong China policy.  Secretary of State Hillary Clinton’s recent policy speech on internet freedom was a robust critique of countries like China that censor their internet and partake in cyberhacking.  This follows President Obama’s strong and public criticism of internet censorship while in China this past November.  The New York Times would have done better to focus its argument on the Administration’s novel and forceful rhetoric on internet freedom vis-à-vis China.

Don’t Take Financial Advice from Tom Friedman

By , January 24, 2010
Thomas Friedman, Shorting the CCP

Thomas Friedman

It is dangerous to use financial analogies to describe a non-financial event; the comparison usually misses the mark and often overly simplifies a complex issue.  Thomas Friedman fell into this trap last week when he recommended short selling the Chinese Communist Party (CCP) in his op-ed.  In attempting to predict the CCP’s fall, Friedman failed to do his due diligence and realize that like most things in China, it’s not all black and white.

First, the metaphor of “shorting” non-financial products has to stop.  Or at the very least be explained.   For readers of this blog and Friedman’s column who are not day-traders, “shorting” is a specific financial term.  When you “short” a stock, you borrow shares of the stock from a third party and sell these borrowed shares on the assumption that the price will decline in the near future.  When the stock is trading lower, you purchase it and return the shares borrowed, thus making a profit.   In essence, “shorting” implies that the product is presently overvalued and the value will decrease in the near future.

While you can’t actually “short” a country or a ruling party, Friedman uses the analogy to imply that the CCP is currently overvalued and its value, or in this case its power, will eventually decline.  According to Friedman, the CCP’s power will decrease because of its insistence on suppressing the Chinese public’s freedom to information, specifically over the internet.  For Friedman, this pits two different segments of Chinese society against each other: “Command China” which he defines as “traditional state-owned enterprises” and other extensions of the CCP and “Network China” which is made up of “highly entrepreneurial” companies that feed off of the creative energy of a free internet.

In drawing this distinction, Friedman paints with too wide a brush.  If the Chinese business world could easily be divided into decrepit, state-owned industries run by the Party and vibrant, Silicon Valley-like companies that are independent of the Party, the CCP’s demise likely would have already occurred.

Network China is not as independent of the CCP as Friedman makes it out to be.  A company’s success in China, even a

Shorting the CCP?

Shorting the CCP?

small technology company, is often dependent on the owners’ connections with government officials.  The companies of Network China are not outsiders to the system; they are very much insiders and largely profit from good relations with the CCP.  Take for example Baidu, China’s homegrown search engine.  Although Google’s search engine is at least as good as, if not better than Baidu’s, due to Baidu’s close relations with the government, it has a much larger share of the Chinese market.  Government and Party connections are important assets on a company’s balance sheet and, at times, are instrumental to a company’s success.  The companies of Network China continue to profit from their connections; it is unlikely that they will be the ones to seek change.

Furthermore, Command China and Network China are inextricably linked.  The Chinese banks that provide loans to the start-up companies of Network China are state-run and members of Friedman’s Command China.  When it comes to loaning money, the Chinese leadership has more than a bully pulpit; it can out right force its banks to provide these loans, as it did for much of 2009 while banks in other parts of the world constricted their lending.  In many ways, the government’s control of the state-run banks has been a boon for Network China.  Why change it?

The Chinese government’s increasing censorship of the internet is troubling, and not just for those of us abroad.  The Chinese people themselves have been in an uproar about Google’s threat to leave China and realize the damage that a censored internet can have on their development.  Just don’t expect change to come from Friedman’s Network China; these companies are already co-opted by the system.  If change is to come, expect it to come from average Chinese netizens and expect it to be a long process; not exactly ideal for short selling.

Panorama Theme by Themocracy