(1) Take a leadership position in promoting a global, multilateral agenda around arms control in cyberspace. The present state-based cyber security agenda is almost entirely absent of voices or forums dedicated to creating norms of mutual restraint, confidence building and information sharing.

(2) Take a more active interest in the role played by Canadian companies which support China’s vast censorship and surveillance regime.

(3) Lead by example in domestic policy areas, including addressing loose laws on wiretaps, ambiguous oversight of intelligence agencies, shoddy content filtering mechanisms around access to pornography and hate speech, questionable deep packet inspection and data retention practices by internet service providers, and other areas in which Canadian practices provide justification for China’s own domestic censorship and surveillance regime.

Dr. Ronald Deibert is Associate Professor of Political Science and Director of the Citizen Lab at the Munk Centre for International Studies at the University of Toronto. China’s Cyberspace Control Strategy: An Overview and Consideration of Issues for Canadian Policy is part of the CIC’s 2010 China Paper series.

For more information on China’s Cyberspace Control Strategy: An Overview and Consideration of Issues for Canadian Policy or the CIC, please visit: www.canadianinternationalcouncil.org.

The Canadian International Council (CIC) is a non-partisan, nationwide council established to strengthen Canada’s role and capacity in international affairs, which builds on the proud histories of the Canadian Institute of International Affairs and the Canadian Institute of Strategic Studies. The CIC aims to advance research, discussion and debate on international issues by fostering a Canadian foreign policy network that crosses academic disciplines, policy areas, and economic sectors. CIC’s research program is managed by the national office in Toronto. The CIC’s 15 branches across Canada present a variety of activities to CIC members, including speakers programs, conferences and seminars, and study groups.

Contacts:
MEDIA CONTACT:
Media Profile
Susan Reisler
416 342-1843
susan.reisler@mediaprofile.com

But the most interesting result was due to the combination of attacks, surveillance and censorship Google has decided to reassess their operations in China:

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Wow.

The connection between censorship, surveillance and attacks is the key. Censorship, such as the blocking of web sites, is fairly crude but effective when combined with targeted surveillance and attacks. While many, especially the technically savvy, can circumvent China’s filtering system, the “GFW”, using tools such as Psiphon and Tor most Chinese citizens do not. The GFW doesn’t have to be 100% technically effective, it just has to serve as a reminder to those in China about what content is acceptable and that which should be avoided. The objective is to influence behaviour toward self-censorship, so that most will not actively seek out banned information of the means to bypass controls and access it.

The nexus of censorship, surveillance and malware attacks allows China is the key to China’s information control policies. It is not just about the GFW. Internet users in China face complex threats that are heavily dependent on additional factors, such as involvement in political activities, that involve targeted attacks and surveillance. China chooses when, where and how to exercise this granular control.

The InfoWar Monitor — which is a partnership between the Citizen Lab, Munk Centre for International Studies, University of Toronto and The SecDev Group (and SecDev.cyber which focuses on Internet threats) — has been focusing on these threats. For example, in a report “Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform” we documented how Tom-Skype (the Chinese version of Skype) was censoring and capturing politically sensitive content. In “Tracking GhostNet: Investigating a Cyber Espionage Network” we documented targeted malware attacks that compromised over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

Google’s decision to re-asses their operations in China is courageous. I strongly hope that Microsoft, Yahoo! and others follow Google’s lead — as, to their credit, they have done in the past. In “Search Monitor Project: Toward a Measure of Transparency” I compared the censorship practices of Google, Yahoo! and Microsoft as well as the domestic Chinese search engine Baidu and found that all followed Google’s lead to some extent by at least disclosing their censorship practices to their users. I hope that they stand by Google.

China, the ball is in your court.

For a time the utopians were right. Oppressors were — and continue to be — outwitted by the tech-smart young. Corrupt officials in China are now more often called to account; Iran’s regime lost face — although not power — when its rigged election and the ensuing crackdown were Twittered and YouTubed to the world; and “flash mobs” — sudden demonstrations organised on mobile phones — rocked Belarus, once described by Condoleezza Rice, the former US secretary of state, as “the last outpost of tyranny in Europe”.

The utopian flame still burns. A recent high-level conference in Washington held a session entitled Twitter Against Tyrants: New Media in Authoritarian Regimes. “Tear down the walls of the 21st century,” urged Sam Brownback, the Republican senator, “the cyberwalls and electronic censorship technology used by tyrants.”

Sorry, Sam, it ain’t going to happen. And here’s why. Evgeny Morozov, an expert on the internet’s political effects, points out in an article in this month’s Prospect magazine that events in Belarus weren’t quite what they seemed. The tyrants quickly smartened up. They hacked sites and turned up at flash-mob locations before the mob itself. Dissidents were questioned by the country’s security service, which still uses the name KGB — Belarus is sentimental about old forms of communist nastiness — and intimidation rapidly cut the numbers of protesters.

The utopians had missed something about cyberspace. So do we all. Twitter, Facebook and the other social networking sites do half the oppressors’ job for them, providing traces, networks and contacts — pure gold to the goons. Furthermore, the advent of cloud computing — in which information that would once have been stored on your computer is now kept on servers around the world — means yet more of your life is out there and hackable.

“There’s a lot of talk about privacy and we’re all very concerned about it,” says Jo Glanville, the editor of Index on Censorship magazine, “but we keep surrendering our privacy in a very naive fashion.”

There have been three phases of state control of the internet. First came the “great firewall” of China. You simply block access to sites regarded as sensitive. But everybody knows you’re doing it.

So phase two involves selective blocking — known as “just in time attacks”. A site may go down as a protest is being organised. It’s a network problem, claim your goons. Also in phase two are vague regulations that allow your police to press charges no one quite understands. And there’s the blackmailing of internet companies — basically you push them out of business unless they block sites or hand over information. More crudely, as in Uzbekistan or Kyrgyzstan, there is the threat of prison.

Now, it’s phase three, which is much more sinister. In China this phase is represented by the so-called 50 cent army — people who, for a tiny sum of money, go out and “astroturf” blogs or Twitter.

Astroturfing means placing comments while concealing who is behind them. So pro-Chinese comments and posts are frequently placed by government proxies. The freedom of the internet is used against itself. Even in liberal democracies this means internet content may turn out to be pure propaganda. It cannot be a replacement for old-fashioned politics.

“I am deeply sceptical of the idea that Twitter can be the new democracy,” says Paul Staines, author of the hugely successful Guido Fawkes political blog. “You’ve still got to organise on the ground; you’ve still got to storm the palace.”

Good old mailshots work better. Staines says the Tories have taken a strategic decision not to use Twitter for precisely this reason. In fact, Twitter in this country is an overwhelmingly left-wing system. A Prospect/YouGov poll shows that Britain’s 5.5m Twitterers are “a youthful metropolitan elite”, far more liberal than the population as a whole and, indeed, Labour voters.

However, the most active users of new media are often real nasties, Morozov says — Hezbollah in Lebanon, criminal gangs in Mexico, anti-immigration groups in Russia and the Revolutionary Guard in Iran.

Deibert is not optimistic either: “This is no longer a network connecting researchers and hobbyists; it’s one through which all communication is taking place, and it’s being played for enormously high stakes. Those of us who want to keep this as a public commons face an uphill struggle … cyberspace has been rapidly degraded.”

His Citizen Lab group has fought back with software — Psiphon — that allows users to circumvent state controls. What he wants most is a cyberspace arms treaty committing all its users to freedom and openness. Sadly, it’s hard to imagine this working. Cyberspace has lost its innocence and become all too human. And that seldom means free.

bryanappleyard.com

Police don’t need intrusive powers to tackle modern Internet crime – there’s a new paradigm

I’m at the Citizen Lab, an interdisciplinary research facility at the Munk Centre for International Studies, University of Toronto. I am reviewing reports on cyber security. With me is Nart Villeneuve, senior research fellow and chief research officer for our partner company, SecDev.Cyber.

Nart is busy doing what he usually can be found doing: following hunches, deeply engaged in cyber forensic investigations. In his latest work, he has gained backdoor access to track a very large, Russian-operated botnet – a collection of infected computers under the control of an attacker.

No doubt about it, the perpetrators of this botnet are into criminal behaviour. Although it is Russian in origin, the botnet uses control servers in China and manipulates thousands of compromised computers in the United States and Germany (so-called “zombies [http://en.wikipedia.org/wiki/zombie_computer]“) to launch computer network attacks. Russian criminal organizations are known to contract out such attacks to anyone who will pay. We witness a real-time attack against an obscure Russian website, lasting a few minutes.

This botnet also appears to be connected to a massive spam operation that sends out bogus links to gambling, pornography, pharmaceuticals and fake anti-virus software. Nart’s probes uncover directories containing four million recipient e-mail addresses. They are also engaged in widespread “click fraud,” redirecting browsers of infected computers to online ads without the users’ knowledge in order to generate microincome on a massive scale.

In fact, botnets like this one are at the heart of just about every imaginable menacing and serious act of Internet crime, from espionage to child pornography. They are so vexing for law enforcement and intelligence, we are often told, because of the so-called “attribution” problem – the challenge of identifying the perpetrators.

It has become a truism to say the Web facilitates anonymity. “On the Internet, no one knows you are a dog,” went the famous New Yorker cartoon [http://weblogs.mozillazine.org/gerv/archives/2007/images/internet_dog.jpg] – or in this case, a fraudster, terrorist or gangster. Perpetrators can mask their real identities through proxy computers located in foreign jurisdictions, or contract out to third parties who carry out their criminal deeds.

Some have advocated radical solutions to this problem, including the end of anonymity, the requirement for Internet users to have permanent IDs, even the wholesale scrapping of the Internet as we know it. Bills C-46 [http://www2.parl.gc.ca/housepublications/publication.aspx?docid=4008179&language=e&mode=1] and C-47 [http://www2.parl.gc.ca/housepublications/publication.aspx?pub=bill&doc=c-47&parl=&ses=〈uage=e], currently working their way through Canadian parliamentary committees, would require Internet service providers to install new surveillance equipment, collect personal data, retain it for longer periods of time and allow law enforcement and intelligence to see that personal information, in some circumstances without a court warrant. The Privacy Commissioner of Canada and others have raised serious concerns about this.

Although attribution, anonymity, and investigation of Internet crime remain very real challenges, I believe they are not insurmountable and do not require radical infringements on privacy or wholesale alterations to the Internet as we know it. In fact, the Internet itself, and the mass of data it contains, points to the solution.

Shortly after our observations, Nart uncovered a lead to the possible botnet operator: a Russian student registered at Moscow State University. There was no magical sniffing tool or lawful access provisions clearing his way. He simply pieced together bits of seemingly disparate information – a name here, a string of code there, a domain registration, a recurring handle, an e-mail address, all pieced together by searching Google results.

It’s not the first time Nart has done this. In 2008, he uncovered a massive spy network being run through the Chinese version of Skype, and was able to locate, access and archive the control servers behind them using creative Google searches.

Earlier this year, the Information Warfare Monitor (one of our projects with SecDev.Cyber) tracked down Ghostnet [http://www.theglobeandmail.com/news/technology/meet-the-canadians-who-busted-ghostnet/article732409], a massive cyber espionage network infecting 1,295 computers in a 103 countries. Nart provided a critical break in the investigation by Googling a 22-character string collected during field research. It led to one of the poorly secured command server interfaces.

The Information Warfare Monitor is now working on a report about attacks against the websites of prominent Burmese human-rights groups. Many people suspect the attacks are connected to Myanmar’s military regime, but our investigation leads conclusively to a single individual. We even have his picture from his social networking pages.

The reason for such successes are twofold: our methods and the nature of superabundant information in the cyber age.

As university-based researchers and private sector researchers without access to warrants and private information, we have been forced to do more with less. We rely on qualitative, as opposed to quantitative, approaches. We engage in multidisciplinary analysis of data, as opposed to its automated mining. We search for connections between disparate sources of open information, instead of digging through that which is private.

The problem for law enforcement and intelligence today is not the lack of information; it is the deluge of it. The U.S. National Security Agency reportedly sucks up the equivalent of the contents of the Library of Congress every six to eight hours, every single day.

This is an old paradigm, based on methods where information is easy to hide and hard to find. It’s ill-suited to our modern hypermedia environment, which includes more than four billion cellphones around the world, according to the International Telecommunication Union. Many of them are equipped to snap pictures and videos, and upload them instantly to YouTube or Twitter. These images can be geotagged through Google Maps, which now includes street-level images of many major cities.

In other words, who needs more surveillance powers when people willingly monitor themselves? Social networking has brought us the Age of Auto-Surveillance. These are my friends, here is my house, this is the bus I take, here is my dog, this is my e-mail address, here is my phone number, this is my place of work, this is what I like to eat for lunch.

Criminals and terrorists rarely tweet about their crimes, true. But they cannot escape the digital traces and electronic signatures that everyone, even the most determined criminal, now leaves. In the case of the Russian student, it was a user name posted on a hacker forum that was also used as part of a website domain, which then showed up as a prefix on an e-mail address of an innocuous undergraduate essay that was posted online, along with the student’s name.

In a time when every person’s digital life is now turned inside out and electronically dispersed and disaggregated, does it really make sense to think solutions lie in adding to that flood? Law enforcement and intelligence don’t need to sidestep court protections and civil liberties to meet the challenges of cyber crime – they need a new investigatory paradigm.

Ron Deibert is director of the Citizen Lab and a principal with the SecDev Group. He is a cofounder of and principal investigator for the Information Warfare Monitor.