In the Valley of the Clueless

America’s Problematic Internet Strategy

I have an article up at Asia Times, US Internet Declaration Bugs China, about Secretary Clinton’s “freedom to connect” speech and its implications for China.

In this context, it is interesting to recall how middle class priorities can get repackaged as legal rights and essential human freedoms.

Back in 1996, when dinosaurs roamed the earth, AOL rolled out its $19.95 per month “all you can eat” dial-up service. It was quickly overwhelmed by users who dialed up and never hung up, tying up AOL’s modems and exposing other AOL customers to the dreaded busy signal for hours on end. For newbs out there, I feel compelled to point out that in 1996 there was no broadband; virtually all connectivity relied on copper phone lines, and connections were made at 56Kbaud by “modems”—analog chirp machine on the user's and AOL's end of the line.

America felt the agony of AOL’s 8 million subscribers (less than 4% of the population, skewed toward the better-off computer owners, for those keeping score), and lawsuits were filed in New York, Wisconsin, and other states, not only by customers but by state attorney generals, bringing the wrath down on AOL (then yclept “Always Off Line”; now “Arianna’s Overpriced Lemon”).

I wonder if state AGs were equally swift in filing lawsuits on behalf of poor neighborhoods that couldn’t get a patrol car on site an hour after a 911 call. For that matter, I wonder how quickly “freedom to connect” will translate into the provision of universal broadband to America’s poorest neighborhoods today.

Anyway, “freedom to connect” is now a universal right to be extended to Chinese citizens through the efforts of the United States.

Funding of Internet circumvention technology has turned into a political football. The Republicans apparently feel Psiphon and Tor (proxy networks that allow Chinese users to surf blocked sites and access forbidden keyword searches) are key to knocking down the evil empire(s), and they blame the State Department for excess timidity in funding and deploying the servers that enable them.

In this context, I was interested to learn that the U.S. Internet censorship circumvention portfolio is in the reliable hands of the spiritual sect i.e. religious cult Falun Gong, which received $1.5 million dollars from the State Department last year to fund its open Internet initiatives.

The Clinton speech actually had little to do with China or even Iran and a lot to do with US “freedom to connect” conundrum i.e. that it’s knocking down U.S. authoritarian allies instead of U.S. authoritarian enemies (Iran and China).

I draw on Evgeny Mozorov’s The Net Delusion to argue that the U.S. strategy is essentially flawed: it is too heavily skewed toward censorship circumvention and doesn’t pay enough attention to a major focus of authoritarian regimes in their sophisticated Internet strategies: using the Internet for surveillance, and flooding it with pro-government propaganda.

[I put a buy button for The Net Delusion at the end of the post.  The best deal is to load the free Kindle application onto your PC and buy the e-book for $9.99, instead of spending $18.45 and cluttering up your bookshelf with the hardcover of a book that, though excellent, is already teetering on the brink of events-driven obsolescence.]

Mozorov also argues that the Internet is perfectly equipped to implement a key authoritarian countermeasure—distraction through mass media.

He tells us that the seductive, corrosive effects of Western culture on the communist ethic (what Chinese communists call the West’s “sugar coated bullets”) may be overrated.

Mozorov cites the interesting case of East Germany. Under communism, most of the GDR was exposed to an incessant barrage of Dallas and Dynasty and other subversive US programming via West German TV. However, there was one part of East Germany, out by the Polish border, that was out of range of the broadcasts. It was mockingly called “Tal der Ahnunglosen”: the Valley of the Clueless.

Mozorov cites a study by two German academics that studied East German youth and concluded:

...those East German youth who could receive Western television were, overall, more satisfied and content with the regime; the ones who could not...-those in the Valley of the Clueless—were much more politicized, more critical of the regime, and, interestingly, more likely to apply for exit visas...Western television made life in the East more bearable...it was in the Valley of the Clueless that dissent began brewing; its residents were clearly more dissatisfied with life in the country than those who found a refuge in the exciting world of The Denver Clan [as Dynasty was known in Germany].

Apparently the Russian government has studied the lessons of East Germany and is big on supporting the rollout of Internet sites that offer largely apolitical entertainment for young people to keep their minds off Color Revolution-style hijinks.

The Kremlin’s youth wing is heavily involved in a well-financed media site russia.ru. According to Mozorov, it has some light political content, but its signature video offerings are gun/military/video game/movie/car guyfotainment and something called “The Tits Show” a.k.a. Сиськи Шоу.

Сиськи Шоу is an interesting window on that mysterious commodity, the Russian soul. It follows fitness-challenged host, Dennis Ch., on an alcohol-soaked stumble through Moscow’s skank-rich nightclubs in search of girls who will show him their Сиськи. It plays more like a Dostoevskian howl into the existential void of sweaty desperation, self-loathing, and exhaustion than sexy romp.

Unlike the Kremlin, China’s Internet masters are still loath to unleash the unimaginable power of the female nipple through state-approved media. However, they have done the next best thing—lax and uneven blocking of overseas porn websites. Chinese in search of the full range of distracting content can also turn to Falun Gong’s proxy servers.

Given that the vast majority of Chinese users are getting the vast majority of content they want, scaling up “freedom to connect” or “all you can eat” initiatives may not be the best use of our tax dollars.

On the “freedom to connect” issue, beyond the hypocrisy of the US government on the issue (see Wikileaks) and the overall trend toward Internet monitoring and control by democratic as well as authoritarian regimes, I’m not a big fan of the U.S. habit of clothing its foreign policy priorities in the dazzling raiment of universal values, core principles, and global norms.

The Chinese have been trying without success to switch the terms of US-China debate away from unilaterally declared “universal core principles” to potentially conflicting but practically sustainable “national core interests” (a framing that allows for compromise in consideration of Chinese priorities).

However, US rollout of “freedom to connect” reinforces the “US arbiter of orthodoxy vs. Chinese pariah” narrative that makes negotiation unnecessarily difficult (unless you feel that “freedom to connect” is a magic bullet for regime change that renders engagement irrelevant, which Mozorov argues is unrealistic).

One topic I didn’t go into in the Asia Times article was the slippery slope from “freedom to connect” to US government funding of Internet circumvention technology to cyberwar.

On a range of cyberissues from employing Stuxnet to sabotage the Iranian centrifuge array at Natanz to using Falun Gong to pierce the Great Firewall, the U.S. attitude seems to be Fair Game: it’s “good guys vs. bad guys”, “freedom vs. oppression”, “core principles trumping core interests” and a studied obliviousness to the issues of sovereignty, international law, national interest, and blowback.

I don’t think it’s prudent to in effect establish unrestricted cyberwar against China’s Internet infrastructure as an American right, instead of trying to establish some mutually-agreed ground rules.

Laura Rozen linked to an interesting article at Financial Times by Roula Khalaf and James Blitz , The Sabotaging of Iran, that addresses the same concern in the context of the Western campaign against the Iranian nuclear program.

It’s a good article, though it includes some rather asinine speculation that the Iranian govenment might have murdered its own top nuclear scientists (using bombs delivered by motorcycle riders!) in order to remove security threats. I’m assuming this charade is meant to innoculate the Financial Times from the dangerous charge of humanizing the Iranian bogeyman.

Indeed, when you read about scientists being blow up in their cars next to their wives, or a country’s infrastructure being subjected to an undeclared, extralegal sabotage, one might feel a twinge of sympathy.

Also, the FT article raises an issue I’ve thought about: cyberwar blowback.

I would think there is a good possibility that Iran is allowing Chinese scientists to participate in the Stuxnet forensics, which means that China is familiarizing itself with the characteristics and capabilities of this kind of weapon for offensive as well as defensive purposes.

The article concludes:



For some experts, moreover, the sabotage campaign comes at a cost. Stuxnet may have concentrated its efforts on Natanz but it has also proved expensive for many industrial companies. And should Iran choose to respond, it could prove just the beginning of a dangerous cyberwar, to which neither the US nor Israel are immune. US civilian and military officials have noted that America’s key infrastructure – such as power and water plants – is frighteningly vulnerable to cyberattack. “It’s a dangerous technology,” says Frantz, the expert on the CIA’s sabotage efforts, referring to Stuxnet. “Releasing it does two things: it spreads the danger but it also opens the door for retaliation. And I think that cyberwarfare is the next big front.”


The new type of covert war that has ensnared scientists, unleashed dangerous viruses and sought novel ways of exporting faulty equipment takes the nuclear stand-off into uncharted territory. If effective, it buys the US and its partners time, postponing the day when they might have to decide between a conventional strike against Iranian nuclear facilities, with all the risks that it engenders for the Middle East, or acceptance of Iran becoming a nuclear-capable state. But every war has a cost, and in this mysterious world of intrigue and sabotage, no one knows yet what the real price will be. “There’s too much happening behind the scenes with black programmes, assassinations, sabotage of equipment, cyberattacks,” says Albright of Isis. “There’s a loss of accountability … There’s a sense that a green light has been given on hitting the Iranian nuclear programme. But who is going to take the lead on establishing ground rules on what is too much? Where does it end?”

Picture of Iranian nuclear scientist Majid Shahriyari's car after he was assassinated in November 2010.  Photograph by Morteza Yarahmady.

Ghost in the Machine

A report from the Front Line in the Cyberwar

The Information Warfare Monitor (a joint venture of Toronto University’s Citizen Lab at the Munke Centre for International Studies and a Canadian think-tank called SecDev) teamed up with the Tibetan Government in Exile for a nine-month multi-continent investigation to develop a remarkable report on cyberwarfare operations targeting areas of concern to the People’s Republic of China, including Taiwan and Tibet.

The report was solicited by the TGIE; the significant resources devoted to preparing the report leads me to suspect that an impetus for the investigation was the possibility that Chinese security had learned how to exploit a dangerous vulnerability inside the Internet censorship and monitoring circumvention software developed by Citizen Lab and, presumably, running on many computers in the Tibetan emigre community.

IWM dubbed the Chinese operation “GhostNet”.

The mechanism was remarkably simple, exploiting the remote monitoring utilities available to IT geeks and hackers to monitor and modify the contents of computers over the Internet.

Computers of interest were targeted with a Trojan program (either through malware in e-mail attachments or as applets downloaded from seeded webpages), Once installed, it secretly established communications with a server that downloaded a piece of open-source Chinese malware called gh0st RAT, which allowed the bad guys (or gals) not only to monitor the contents of the computer, but to secretly upload files, log keystrokes, and even activate audio and video acquisition from the web cams and microphones on the computers.

Yikes!

The clever folk at IWM set up a “honey pot” computer that acquired the Trojan; then they were able to go in through the out door and find out what was happening on the server.

Turns out there were apparently four servers monitoring almost 1300 computers, including a slew of computers in the offices of the Tibetan Government in Exile around the world, various Taiwanese organizations, and a raft of government foreign affairs ministries throughout Europe and Asia.

The IWM team observed documents uploading from the Tibetan computers to the server. Reportedly, the Dalai Lama’s secret negotiating strategy and e-mail lists were acquired through this nefarious channel as well as who knows what else.

The report rather charitably declines to openly accuse the Chinese government as the operators of this scheme, acknowledging that one of the servers were in the United States while pointedly stating the other three were apparently on Hainan Island, “where the Lingshui signals intelligence facility and the Third Technical Department of the People’s Liberation Army” are located.

According to Global Security, Lingshui is pretty much spook central for China, analogous to a major U.S. Defense Intelligence Agency facility:

“A large SIGINT facility at Hainan Island is principally concerned with monitoring U.S. naval activities in the South China Sea. One of the first major projects reflecting growing Chinese interest in activities in the South China Sea was the major upgrading of SIGINT collection capacity. The large SIGINT complex on Hainan Island was significantly expanded by 1995. Established in 1968 at the Lingshui military air base, the Lingshui intelligence facility is said to be home to more than 1,000 intelligence analysts of the Third Technical Department. The complex is used to monitor downlinks from commercial communications satellites.”

Of course, the broad attack on a large number of targets whose common denominator is the Chinese government (Tibet, Taiwan) leads one to believe that the PRC is behind all this.

However, a risky, extremely political, and counter-intelligency operation like “GhostNet” –and one that requires only a few computers, geeks, and a taste for malicious mischief—is perhaps not the kind of thing that one slots into a large, highly disciplined operation whose main job is to monitor with intense interest what the United States is up to in the South China Sea.

The casual, scattershot approach and disregard for countermeasures (like dealing exclusively through third-country servers that would provide deniability to the Chinese government in case of exposure) implies to me that “GhostNet” was an initiative of some computer-savvy group inside Chinese intelligence who were given a license to go phishing and see what they could catch.

Anyway, that’s a distinction without much of a difference.

The report included this anecdote about the Drewla group, an organization ostensibly promoting harmless web-based chat between émigrés and youth inside Tibet:

“A member of Drewla…decided to return to her family village in Tibet after working two years for Drewla. She was arrested at the Nepalese-Tibetan border and taken to a detention facility, where she was held incommunicado for a period of two months. She was interrogated by Chinese intelligence personnel about her employment in Dharmsala. She denied having been politically active and insisted that she had gone to Dharmsala for studies. In response to this, the intelligence officers pulled out a dossier on her activities and presented her with full transcripts of her Internet chats over the years. They indicated that they were fully aware of, and were monitoring, the Drewla outreach initiative and that her colleagues were not welcome to return to Tibet.”

Of course, chat is presumably monitored by the Great Firewall of China and it wouldn’t seem necessary to rummage through Drewla’s computers—which apparently are contaminated with the gh0st RAT malware--to obtain the transcripts.

Interestingly, the University of Toronto Citizen Lab is also in the hacking business, having spun off a corporation to promote a software called “Psiphon”, designed expressly to evade Internet censorship in countries like China.

Interested parties install the Psiphon software on computers outside the targeted countries, get an IP address from the Psiphon mothership (the Psiphon manual uses “https://84.202.55.330:443jane4freedom” as an example; my advice: ix-nay on the eedom-fray) and relies on “social networks of trust” to distribute the URL together with log-ins and passwords inside the censoring country so people can message to the Psiphon server using the encrypted https protocol and get unfettered access to the Internet.

The assumption is that, since a host of financial and webmail processes use https, the censoring government can never shut down https communications wholesale.

That would imply that a censoring government would have to go after the servers one by one—judging from Wikipedia there are myriad ways of compromising https communications—and Psiphon’s protection would be safety in numbers i.e. signing up a lot of nodes to overwhelm the censors.

Last year, Citizen Lab put the word out that it had 150,000 nodes and was “reaching out to locals” to blog and broadcast about Tibet during the Beijing Olympics, which undoubtedly endeared it to the Chinese government.

The Psiphon servers are not anonymizers, which means that a hack into a PC set up as a Psiphon server would presumably yield a treasure trove of information both on users and the web pages they are visiting.

As Psiphon’s entry on Wikipedia notes, with just a hint of anxiety:

“Through the psiphon control panel, psiphonode administrators have access to a log of sites that their psiphonites access, which makes the psiphon user subject to the consequences of any lack of good security practices, ill will, or possible censorship by the psiphonenode administrator. The authors of psiphon stress that these issues are "trust" issues, with exception of poor security practices, and should not present a problem because of the positive social relationship(s) between psiphon user(s) and psiphonode administrator(s). The theory being that if there is a good enough relationship to establish a psiphon user to psiphonode administrator tie, issues such as psiphonode censorship and ill will are not likely to arise, hence the term "social networks of trust" used in psiphon literature."

If the Chinese government discovers a “psiphonode”, hacks into it, collects the IP addresses of the visitors and a list of the sites they visited, I imagine that the “positive social relationship” between the psiphonode administrator and his or her hapless psiphonsite buddy will be little consolation.

So, maybe the “GhostNet” report was an attempt to identify dangerous vulnerabilities of the Psiphon system as well as a piece of pro-bono do-goodery on behalf of the Tibetan émigrés.

Fact is, given the close ties between Citizen Lab and the Tibetan emigre movement, I would speculate that Dharmsala is a hive of Psiphon servers; and I wonder one result of the "GhostNet" hack was to infect the psiphonodes and send a trove of information about users inside Tibet back to Chinese security forces.

Doh!

That might cause potential psiphonode operators to think twice about participating in the program.

Tibet has apparently become the world’s hottest cyber-warfare battlefield. The Tibetan émigré movement has struggled to get unfiltered information (and, perhaps, instructions) into the Tibetan areas of the PRC.

The Chinese government has played whack-a-mole in response, monitoring Internet traffic and chat, blocking sites, jamming webpages with DNS attacks, shutting down Youtube last year and text messaging this year, confiscating satellite dishes and apparently even taking down cellphone towers.

It looks like the Chinese have given up, perhaps for good, on the whole hearts and minds thing in the Tibetan occupation.

Instead, the PRC hopes that it can keep the lid on in the Tibetan areas until mortality catches up with the Dalai Lama, the émigré movement fractures permanently between disheartened moderates and disgruntled activists, and Han migration permanently dilutes the Tibetan character of China’s southwest.

However, I wonder if the iron law of unintended consequences may soon be at work here and the focus of Tibetan dissent will shift away from the impotent émigrés to the angry and disaffected residents of Tibet, who will be much more difficult for China to handle.

What China should be worried about is exactly what it is working to achieve: the rise of a Tibetan generation that is not inspired by occasional contact with the remote and esteemed figure of the Dalai Lama in India, but one that instead creates its lasting identity from its isolation inside the PRC—and draws its bitterness and resentment from the shared memory of the Chinese occupation.

And that’s a lot more powerful than the Internet.