Google's Bejing office. (AP)
Google's Bejing office. (AP)

Google-China debate keeps Internet security in spotlight

Google has gone quiet since its announcement last month that it was unwilling to continue censoring search results on Google.cn in China. The Washington Post reported Thursday that the company is seeking help from the U.S. government to trace hackers behind security breaches, which it said targeted its own intellectual property and individual human rights activists. A Reuters analysis said the company may also be grappling with the financial and legal implications of ceasing censorship in defiance of Chinese law.

Regardless of Google’s next step or the motivations behind it, the company’s January 12 statement has already had a positive effect: Journalists and human rights activists who have long complained about e-mail security in relation to China have a much wider audience for their concerns. 

Foreign correspondents, Tibetan activist Tensin Seldon, Beijing-based lawyer Teng Biao and Chinese blogger Wei Zhuoyun have publicized anxieties about compromised personal e-mail accounts in the wake of Google’s revelations. The Independent Chinese PEN Center told CPJ by e-mail that at least 22 of its members within China, and 18 based overseas, were concerned about the integrity of their Gmail addresses. E-mails automatically forwarding to another e-mail address without the owner’s knowledge is one hallmark of a hacked account.

There is no evidence that the Chinese government is sponsoring the attacks. The targeting of activists, however, fuels suspicion that information authorities are tolerating the unauthorized activity.

Internet users in China who worry about government access to their computers point out that Mozilla and Microsoft now accept Web sites with digital certificates signed by the state-affiliated China Internet Network Information Center (CNNIC), and issued by an intermediary certificate authority, Entrust. (A brief English-language discussion of the certificates, and how to disable them, is available here.) Critics suggest the certificates could be misused to impersonate encrypted Web sites, causing Internet users to reveal sensitive information to the government.

No one has produced evidence of the certificates being misused. But in a country where vague charges of “revealing state secrets” are frequently used to imprison journalists and online commentators—one, Shi Tao, for a private email—dissidents are concerned. And regular Internet users frustrated by the intrusive censorship in China are also unwilling to trust authorities who monitor day-to-day usage so officiously, but do little to combat illegal hackers. In a plea that explicitly links to Google’s statement, some Internet users are calling on international corporations to stop cooperating with CNNIC by accepting the certificates.

Whatever Google’s present silence means, the company has at least allowed others to voice these frustrations with more chance of being heard.