Obama wakes up to Chinese Net-filtering demands

From today’s NYTimes

The Obama administration lodged a formal protest on Wednesday with the Chinese government over its plan to force all computers sold in China to come with software that blocks access to certain Web sites.

Commerce Secretary Gary Locke and Ron Kirk, the trade representative, sent a letter to officials in two Chinese ministries asking them to rescind a rule about the software that is set to take effect on July 1.

Chinese officials have said that the filtering software, known as Green Dam-Youth Escort, is meant to block pornography and other “unhealthy information.”

In part, the American officials’ complaint framed this as a trade issue, objecting to the burden put on computer makers to install the software with little notice. But it also raised broader questions about whether the software would lead to more censorship of the Internet in China and restrict freedom of expression.

“China is putting companies in an untenable position by requiring them, with virtually no public notice, to pre-install software that appears to have broad-based censorship implications and network security issues,” Mr. Locke said in a news release. The government did not release the text of the letter…

Hmmm… It’s good news that the US government is beginning to take a real interest in this. But I wonder how it will play out.

FOOTNOTE: The research report on Green Dam by Scott Wolchok, Randy Yao, and J. Alex Halderman is here. The Abstract reads:

We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.

According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.

We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.

We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.

In other words, this isn’t just about the Chinese government’s repressive Internet policy. It potentially affects every Internet user because Green Dam could make it possible to turn the Chinese Internet into a gigantic botnet.