So here’s a provocation: We can’t circumvent our way around internet censorship.

I don’t mean that internet censorship systems don’t work. They do – our research tested several popular circumvention tools in censored nations and discovered that most can retrieve blocked content from behind the Chinese firewall or a similar system. (There are problems with privacy, data leakage, the rendering of certain types of content, and particularly with usability and performance, but the systems can circumvent censorship.) What I mean is this – we couldn’t afford to scale today’s existing circumvention tools to “liberate” all of China’s internet users even if they all wanted to be liberated.

Circumvention systems share a basic mode of operation – they act as proxies to let you retrieve blocked content. A user is blocked from accessing a website by her ISP or that ISP’s ISP. She wants to read a page from Human Rights Watch’s webserver, which is accessible at IP address 70.32.76.212. But that IP address is on a national blacklist, and she’s prevented from receiving any content from it. So she points her browser to a proxy server at another address – say 123.45.67.89 – and asks a program on that server to retrieve a page from the HRW server. Assuming that 123.45.67.89 isn’t on the national blacklist, she should be able to receive the HRW page via the proxy.

During the transaction, the proxy is acting like an internet service provider. Its ability to provide reliable service to its users is constrained by bandwidth – bandwidth to access the destination site and to deliver the content to the proxy user. Bandwidth is costly in aggregate, and it costs real money to run a proxy that’s heavily used.

Some systems have tried to reduce these costs by asking volunteers to share them – Psiphon, in its first design, used home computers hosted by volunteers around the world as proxies, and used their consumer bandwidth to access the public internet. Unfortunately, in many countries, consumer internet connections are optimized to download content and are much slower when they are uploading content. These proxies could get the homepage at hrw.org pretty quickly, but they took a very long time to deliver the page to the user behind the firewall. Psiphon is no longer primarily focused on trying to make proxies hosted by volunteers work. Tor is, but Tor nodes are frequently hosted by universities and companies who have access to large pools of bandwidth. Still, available bandwidth is a major constraint to the usability of the Tor system. The most usable circumvention systems today – VPN tools like Relakks or Witopia – charge users significant sums annually to defray bandwidth costs.

Let’s assume that systems like Tor, Psiphon and Freegate receive additional funding from the State Department. How much would it cost to provide proxy internet access for… well, China? China reports 384 million internet users, meaning we’re talking about running an ISP capable of serving more than 25 times as many users as the largest US ISP. According to CNNIC, China consumes 866,367 Mbps of international internet bandwidth. It’s hard to get estimates for what ISPs pay for bandwidth, though conventional wisdom suggests prices between $0.05 and $0.10 per gigabyte. Using $0.05 as a cost per gigabyte, the cost to serve the Internet to China would be $13,608,000 per month, $163.3 million a year in pure bandwidth charges, not counting the costs of proxy servers, routers, system administrators, customer service. Faced with a bill of that magnitude, the $45 million US senators are asking Clinton to spend quickly looks pretty paltry.

There’s an additional complication – we’re not just talking about running an ISP – we’re talking about running an ISP that’s very likely to be abused by bad actors. Spammers, fraudsters and other internet criminals use proxy servers to conduct their activities, both to protect their identities and to avoid systems on free webmail providers, for instance, which prevent users from signing up for dozens of accounts by limiting an IP address to a certain number of signups in a limited time period. Wikipedia found that many users used open proxies to deface their system and now reserve the right to block proxy users from editing pages. Proxy operators have a tough balancing act – for their proxies to be useful, people need to be able to use them to access sites like Wikipedia or YouTube… but if people use those proxies to abuse those sites, the proxy will be blocked. As such, proxy operators can find themselves at war with their own users, trying to ban bad actors to keep the tool useful for the rest of the users.

I’m skeptical that the US State Department can or wants to build or fund a free ISP that can be used by millions of simultaneous users, many of whom may be using it to commit clickfraud or send spam. I know – because I’ve talked with many of them – that the people who fund blocking-resistant internet proxies don’t think of what they’re doing in these terms. Instead, they assume that proxies are used by users only in special circumstances, to access blocked content.

Here’s the problem. A nation like China is blocking a lot of content. As Donnie Dong notes in a recent blogpost, five of the ten most popular websites worldwide are blocked in China. Those sites include YouTube and Facebook, sites that eat bandwidth through large downloads and long sessions. Perhaps it would be realistic to act as an ISP to China if we were just providing access to Human Rights Watch – it’s not realistic if we’re providing access to YouTube.

Proxy operators have dealt with this question by putting constraints on the use of their tools. Some proxy operators block access to YouTube because it’s such a bandwidth hog. Others block access to pornography, both because it uses bandwidth and to protect the sensibilities of their sponsors. Others constrain who can use their tools, limiting access to the tools to people coming from Iranian or Chinese IPs, trying to reduce bandwidth use by American high school kids who’ve got YouTube blocked by their school. In deciding who or what to block, proxy operators are offering their personal answers to a complicated question: What parts of the internet are we trying to open up to people in closed societies? As we’ll address in a moment, that’s not such an easy question to answer.

Let’s imagine for a moment that we could afford to proxy China, Iran, Myanmar and others’ international traffic. We figure out how to keep these proxies unblocked and accessible (it’s not easy – the operators of heavily used proxy systems are engaged in a fast-moving cat and mouse game) and we determine how to mitigate the abuse challenges presented by open proxies. We’ve still got problems.

Most internet traffic is domestic. In China, we estimate (Hal’s got a paper coming out shortly) that roughly 95% of total traffic is within the country. Domestic censorship matters a great deal, and perhaps a great deal more than censorship at national borders. As Rebecca MacKinnon documented in “China’s Censorship 2.0“, Chinese companies censor user-generated content in a complex, decentralized way. As a result, a good deal of controversial material is never published in the first place, either because it’s blocked from publication or because authors decline to publish it for fear of having their blog account locked or cancelled. We might assume that if Chinese users had unfettered access to Blogger, they’d publish there. Perhaps not – people use the tools that are easiest to use and that their friends use. A seasoned Chinese dissident might use Blogger, knowing she’s likely to be censored – an average user, posting photos of his cat, would more likely use a domestic platform and not consider the possibility of censorship until he found himself posting controversial content.

In promoting internet freedom, we need to consider strategies to overcome censorship inside closed societies. We also need to address “soft censorship”, the co-opting of online public spaces by authoritarian regimes, who sponsor pro-government bloggers, seed sympathetic message board threads, and pay for sympathetic comments. (Evgeny Morozov offers a thoroughly dark view of authoritarian use of social media in How Dictators Watch Us On The Web.)

We also need to address a growing menace to online speech – attacks on sites that host controversial speech. When Turkey blocks YouTube to prevent Turkish citizens from seeing videos that defame Ataturk, they prevent 20 million Turkish internet users from seeing the content. When someone – the Myanmar government, patriotic Burmese, mischievous hackers – mount a distributed denial of service attack on Irrawaddy (an online newspaper highly critical of the Myanmar government), they (temporarily) prevent everyone from seeing it.

Circumvention tools help Turks who want to see YouTube get around a government block. But they don’t help Americans, Chinese or Burmese see Irrawaddy if the site has been taken down by DDoS or hacking attacks. Publishers of controversial online content have begun to realize that they’re not just going to face censorship by national filtering systems – they’re going to face a variety of technical and legal attacks that seek to make their servers inaccessible.

There’s quite a bit publishers can do to increase the resilience of their sites to DDoS attack and to make their sites more difficult to filter. To avoid blockage in Turkey, YouTube could increase the number of IP addresses that lead to the webserver and use a technique called “fast-flux DNS” to give the Turkish government more IP addresses to block. They could maintain a mailing list to alert users to unblocked IP addresses where they could access YouTube, or create a custom application which disseminates unblocked IPs to YouTube users who download the ap. These are all techniques employed by content sites that are frequently blocked in closed societies.

YouTube doesn’t take these anti-blocking measures for at least two reasons. One, they’ve generally preferred to negotiate with nations who filter the internet to try to make their sites reachable again than to work against them by fighting filtering. (This attitude may be changing now that Google has announced their intention not to cooperate with Chinese censorship.) Second, YouTube doesn’t really have an economic incentive to be unblocked in Turkey. If anything, being blocked in Turkey (and perhaps even in China) may be to their economic advantage.

Sites that enable user-created content are supported by advertising traffic. Advertisers are generally more excited about reaching users in the US (who’ve got credit cards, more disposable income and are inclined to buy online) than users in China or Turkey. Some suspect that the introduction of “lite” versions of services like Facebook are designed to serve users in the developing world at lower cost, since those users rarely create income. In economic terms, it may be hard to convince Facebook, YouTube and others to continue providing services to closed societies, where they have a tough time selling ads. And we may need to ask more of them – to take steps to ensure that they remain accessible and useful in censorious countries.

In short:
- Internet circumvention is hard. It’s expensive. It can make it easier for people to send spam and steal identities.
- Circumventing censorship through proxies just gives people access to international content – it doesn’t address domestic censorship, which likely affects the majority of people’s internet behavior.
- Circumventing censorship doesn’t offer a defense against DDoS or other attacks that target a publisher.

To figure out how to promote internet freedom, I believe we need to start addressing the question: “How do we think the Internet changes closed societies?” In other words, do we have a “theory of change” behind our desire to ensure people in Iran, Burma, China, etc. can access the internet? Why do we believe this is a priority for the State Department or for public diplomacy as a whole?

I think much work on internet censorship isn’t motivated by a theory of change – it’s motivated by a deeply-held conviction (one I share) that the ability to share information is a basic human right. Article 19 of the Universal Declaration of Human Rights states that “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.” The internet is the most efficient system we’ve ever built to allow people to seek, receive and impart information and ideas, and therefore we need to ensure everyone has unfettered internet access. The problem with the Article 19 approach to censorship circumvention is that it doesn’t help us prioritize. It simply makes it imperative that we solve what may be an unsolvable problem.

If we believe that access to the internet will change closed societies in a particular way, we can prioritize access to those aspects of the internet. Our theory of change helps us figure out what we must provide access to. The four theories I list below are rarely explicitly stated, but I believe they underly much of the work behind censorship circumvention.

The suppressed information theory: if we can provide certain suppressed information to people in closed societies, they’ll rise up and challenge their leaders and usher in a different government. We might choose to call this the “Hungary ‘56 theory” – reports of struggles against communist governments around the world, reported into Hungary via Radio Free Europe, encouraged Hungarians to rebel against their leaders. (Unfortunately, the US didn’t support the revolutionaries militarily – as many in Hungary had expected – and the revolution was brutally quashed by a Soviet invasion.)

I generally term this the “North Korea theory”, because I think a state as closed as North Korea might be a place where un-suppressed information – about the fiscal success of South Korea, for instance – could provoke revolution. (Barbara Demick’s beautiful piece in the New Yorker, “The Good Cook“, gives a sense for how little information most North Koreans have about the outside world and how different the world looks from Seoul.) But even North Korea is less informationally isolated than we think – Dong-A Ilbo reports an “information belt” along the North Korea/China border where calls on smuggled mobile phones are possible from North to South Korea. Other nations are far more open – my friends in China tend to be extremely well informed about both domestic and international politics, both through using circumvention tools and because Chinese media reports a great deal of domestic and international news.

It’s possible that access to information is a necessary, though not sufficient, condition for political revolution. It’s also possible that we overestimate the power and potency of suppressed information, especially as information is so difficult to suppress in a connected age.

The Twitter revolution theory: if citizens in closed societies can use the powerful communications tools made possible by the Internet, they can unite and overthrow their oppressors. This is the theory that led the State Department to urge Twitter to put off a period of scheduled downtime during the Iran elections protests. While it’s hard to make the case that technologies of connection are going to bring down the Iranian government (see Cameron Abadi’s piece in FP on the limitations of using Facebook to organize in Iran), good counterexamples exist, like the role of the mobile phone in helping to topple President Estrada in the Philippines.

There’s been a great deal of enthusiasm in the popular press for the Twitter revolution theory, but careful analysis reveals some limitations. The communications channels opened online tend to be compromised quickly, used for disinformation and for monitoring activists. And when protests get out of hand, governments of closed societies don’t hesitate to pull the plug on networks – China has blocked internet access in Xinjiang for months, and Ethiopia turned off SMS on mobile phone networks for years after they were used to organize street protests.

The public sphere theory: Communication tools may not lead to revolution immediately, but they provide a new rhetorical space where a new generation of leaders can think and speak freely. In the long run, this ability to create a new public sphere, parallel to the one controlled by the state, will empower a new generation of social actors, though perhaps not for many years.

Marc Lynch made a pretty persuasive case for this theory in a talk last year about online activism in the Middle East. It’s possible to make this case by looking at samizdat (self-published, clandestine media) in the former Soviet Union, which was probably more important as a space for free expression than it was as a channel for disseminating suppressed information. The emergence of leader like Vaclav Havel, whose authority was rooted in cultural expression as well as political power, makes the case that simply speaking out is powerful. But the long timescale of this theory makes it hard to test.

The theory we accept shapes our policy decisions. If we believe that disseminating suppressed information is critical – either to the public at large or to a small group of influencers – we might focus our efforts on spreading content from Voice of America or Radio Free Europe. Indeed, this is how many government forays into censorship circumvention began – national news services began supporting circumvention tools so their content (painstakingly created in languages like Burmese or Farsi) would be accessible in closed societies. This is a very efficient approach to anticensorship – we can ignore many of the problems associated with abusing proxies and focus on prioritizing news over other high-bandwidth uses, like the video of the cat flushing the toilet. Unfortunately, we’ve got a long track record that shows that this form of anticensorship doesn’t magically open closed regimes, which suggests that increasing our bet on this strategy might be a poor idea.

If we adopt the Twitter Revolution theory, we should focus on systems that allow for rapid communication within trusted networks. This might mean tools like Twitter or Facebook, but probably means tools like LiveJournal and Yahoo! Groups which gain their utility through exclusivity, allowing small groups to organize outside the gaze of the authorities. If we adopt the public sphere approach, we want to open any technologies that allow public communication and debate – blogs, Twitter, YouTube, and virtually anything else that fits under the banner of Web 2.0.

What does all this mean in terms of how the State Department should allocate their money to promote Internet Freedom? My goal was primarily to outline the questions they should be considering, rather than offering specific prescriptions. But here are some possible implications of these questions:

- We need to continue supporting circumvention efforts, at least in the short term. But we need to disabuse ourselves of the idea that we can “solve” censorship through circumvention. We should support circumvention until we find better technical and policy solutions to censorship, not because we can tear down the Great Firewall by spending more.

- If we want more people using circumvention tools, we need to find ways to make them fiscally sustainable. Sustainable circumvention is becoming an attractive business for some companies – it needs to be part of a comprehensive internet freedom strategy, and we need to develop strategies that are sustainable and provide low/zero cost access to users in closed societies.

- As we continue to fund circumvention, we need to address usage of these tools to send spam, commit fraud and steal personal data. We might do this by relying less on IP addresses as an extensive, fundamental means of regulating bad behavior… but we’ve got to find a solution that protects networks against abuse while maintaining the possibility of anonymity, a difficult balancing act.

- We need to shift our thinking from helping users in closed societies access blocked content to helping publishers reach all audiences. In doing so, we may gain those publishers as a valuable new set of allies as well as opening a new class of technical solutions.

- If our goal is to allow people in closed societies to access an online public sphere, or to use online tools to organize protests, we need to bring the administrators of these tools into the dialog. Secretary Clinton suggests that we make free speech part of the American brand identity – let’s find ways to challenge companies to build blocking resistance into their platforms and to consider internet freedom to be a central part of their business mission. We need to address the fact that making their platforms unblockable has a cost for content hosts and that their business models currently don’t reward them for providing service to these users.

- The US government should treat internet filtering – and more aggressive hacking and DDoS attacks – as a barrier to trade. The US should strongly pressure governments in open societies like Australia and France to resist the temptation to restrict internet access, as their behavior helps China and Iran make the case that their censorship is in line with international norms. And we need to fix US treasury regulations make it difficult and legally ambiguous for companies like Microsoft and projects like SourceForge to operate in closed societies. If we believe in Internet Freedom, a first step needs to be rethinking these policies so they don’t hurt ordinary internet users.

The danger in heeding Secretary Clinton’s call is that we increase our speed, marching in the wrong direction. As we embrace the goal of Internet Freedom, now is the time to ask what we’re hoping to accomplish and to shape our strategy accordingly.

Thanks to Hal Roberts, Janet Haven and Rebecca MacKinnon for help editing and improving this post. They’re responsible for the good parts – you can blame the rest on me.

CDT’s further online investigation has found that, according to the school’s own website, the School of Information Security Engineering of Shanghai Jiaotong University is one of the main research units of the China’s “National Information Security Application Demonstration Project” “国家信息安全应用示范工程” – (code name S219) , and the Information Security Project* within the “National 863 Program**.” The school is “a training base for high-level Information Security experts in the national 863 production (east) base” (“国家863产业化（东部）基地信息安全高级专业人才培养基地”).

And who are the trainers of these high-level information security experts? Here is just one example:

Two Chinese Schools Tied to Google Attacks Linked to the Great Firewall and PLA Professor Li Jianhua (李建华), Deputy Dean of the School of Information Security Engineering. Research area：Information Security, Computer Communication Network , Information/Signal Processing, Artificial Intelligence. His titles include: Chief Expert of the Expert Group of Information Security Project of National 863 Program; Expert Committee of National 863 Program Anti-Computer-Invasion and Anti-Virus Technology Research Center (Ministry Public Security) 公安部国家863计划反计算机入侵和防病毒技术研究中心专家委员会成员（公安部）国家863计划信息安全主题专家组首席/管理专家 (科技部)

Together with Shanghai Jiaotong University, the Lanxiang Vocational School is also one of the five colleges which are known to have associated with the national “information security” research program, including the Great Firewall of China. The other three schools known to have participated are Harbin Institute of Technology, Beijing University of Post and Telecommunications, and National University of Defense Technology.

Two Chinese Schools Tied to Google Attacks Linked to the Great Firewall and PLA From information available online, it is not difficult to find connections linking these university research units to the government’s “Information Security” technology research network. For example, from this already deleted list of “Second Term of (National) Internet and Information Security Working Committee (2007),” professor Li Jianhua is listed as a “Member of the Standing Committee”. And the Head of this Committee is none other than Dr. Fang Binxing (方滨兴), a computer scientist, widely known as the the father of the Great Firewall of China. Fang Binxing is the honorary director of the National Computer network Emergency Responses technical Team/Coordination Center of China (CNCERT), a.k.a. the Great Firewall. In Dr. Fang’s public resume, he is the current president of the Beijing University of Post and Telecommunications, and he taught and conducted research from 1984-1999 at the School of Computer and Electronic Engineering at the Harbin Institute of Technology. Since 2005, he has also been a Specially Hired Professor (“特聘教授”) at the National University of Defense Technology. Among many other titles held by Dr. Fang, he has been the Ministry of Public Security’s Specially Hired Expert on Information Security since 2007; a member of the Informationalization Expert Consulting Committee of the People’s Liberation Army General Logistics Department; and in 2001 he was awarded the title of “Outstanding Individual”, jointly given by the Chinese Communist Party Central Organizational Department, Chinese Communist Party Central Propaganda Department, Chinese Communist Party Political and Legal Committee, Ministry of Public Security, Ministry of Civil Affairs and Ministry of Human Resources and Social Security.

What is this mysterious “Lanxiang Vocational School” then? How could a obscure “Vocational School” be listed among China’s top research universities in “information security” research? The answer is that this school includes a special training program for future PLA technology officers. According to the Lanxiang Vocational School website, translated by CDT, “Deputy Chief of Staff of the Jinan Military District, General Zeng Qingzhu came to Shandong Lanxiang to review the national defense education work. In March 2006, the Lanxiang Vocational School established the first military department among the private schools in Shandong, specializing in educating and training high quality technology officers for the military. In the last two years, a large number of excellent graduates have enlisted in the PLA and become the important technology backbone of the military.”

(济南军区副参谋长曾庆祝少将来到山东蓝翔视察国防教育工作。06年3月，蓝翔技校成立山东首家民办学校武装部，专门为部队培养高素质的高级技术士官。两年来，大批优秀学员应征入伍，成为军队的重要技术骨干)

But the most interesting result was due to the combination of attacks, surveillance and censorship Google has decided to reassess their operations in China:

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Wow.

The connection between censorship, surveillance and attacks is the key. Censorship, such as the blocking of web sites, is fairly crude but effective when combined with targeted surveillance and attacks. While many, especially the technically savvy, can circumvent China’s filtering system, the “GFW”, using tools such as Psiphon and Tor most Chinese citizens do not. The GFW doesn’t have to be 100% technically effective, it just has to serve as a reminder to those in China about what content is acceptable and that which should be avoided. The objective is to influence behaviour toward self-censorship, so that most will not actively seek out banned information of the means to bypass controls and access it.

The nexus of censorship, surveillance and malware attacks allows China is the key to China’s information control policies. It is not just about the GFW. Internet users in China face complex threats that are heavily dependent on additional factors, such as involvement in political activities, that involve targeted attacks and surveillance. China chooses when, where and how to exercise this granular control.

The InfoWar Monitor — which is a partnership between the Citizen Lab, Munk Centre for International Studies, University of Toronto and The SecDev Group (and SecDev.cyber which focuses on Internet threats) — has been focusing on these threats. For example, in a report “Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform” we documented how Tom-Skype (the Chinese version of Skype) was censoring and capturing politically sensitive content. In “Tracking GhostNet: Investigating a Cyber Espionage Network” we documented targeted malware attacks that compromised over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

Google’s decision to re-asses their operations in China is courageous. I strongly hope that Microsoft, Yahoo! and others follow Google’s lead — as, to their credit, they have done in the past. In “Search Monitor Project: Toward a Measure of Transparency” I compared the censorship practices of Google, Yahoo! and Microsoft as well as the domestic Chinese search engine Baidu and found that all followed Google’s lead to some extent by at least disclosing their censorship practices to their users. I hope that they stand by Google.

China, the ball is in your court.

[OpEd from Friday's Globe and Mail Published on Thursday, Jan. 14, 2010 3:50PM EST Last updated on Saturday, Jan. 16, 2010 3:49AM EST]:

Google’s announcement that it had been hit by cyberattacks from China and that it’s reconsidering its services in that country has smacked the world like a thunderclap: Why the drastic move? How will China respond? Will other companies with interests in China, such as Microsoft and Yahoo, follow suit? What does it mean for the future of cyberspace?

Some may be puzzled. How does Google’s decision to end censored search services in China relate to the attacks on its infrastructure, the theft of intellectual property and access to private e-mail accounts? Well, there are connections. Censorship, surveillance and information warfare are part of an emerging storm in cyberspace in which countries, corporations and individuals are vying for control.

China sees cyberspace as a strategic domain to further its ambitions as a superpower, and as an environment to be controlled in order to preserve domestic stability. It has invested heavily in a variety of tools and strategies to achieve this end – from the Great Firewall of China to stifling regulations that prohibit free speech online, and to tolerating and even encouraging attacks on foreign sources of information emanating from its sovereign jurisdiction.

Beijing has shown a willingness to take drastic measures. For the past six months, for example, the inhabitants of the Xinjiang region have been cut off from the Internet as part of China’s attempt to stifle civic unrest.

China has also been bold in projecting cyberpower. For years, cyberespionage activities that target groups and countries of strategic interest to Beijing, such as the GhostNet network we uncovered, have been tracked back to mainland China. The fact that these activities have not been proved to have been carried out by the Chinese government speaks to the success of strategies that rely on privateering and outsourcing to criminal hacker groups, thereby shielding authorities from any direct blame. Similar strategies are said to be carried out in Russia, Iran and elsewhere.

Google has faced the brunt of China’s aggressive cyberpolicy – and, apparently, has had enough. But Google’s response needs to be seen from a broader perspective.

The tectonic plates of cyberspace are shifting. The debate around cybersecurity, and calls for greater content controls globally, have dire consequences that go well beyond the curtailment of freedom of expression and access to information. Google’s mission may well be to make all the world’s information “universally accessible and useful,” but its business model depends on an open global Internet.

How China responds to Google will have far-reaching implications for the future of cyberspace. It could enter into talks with Google that would lead to a gradual opening of Chinese cyberspace. Or it could call Google’s bluff and shut down Google.cn, thus depriving the company of its 30-per-cent market share on the mainland. Or it could block Google from indexing Chinese domain or IP space altogether, shutting Chinese information space off to users of Google. Should that happen, the once unified global Internet space will begin a process of disintegration as countries define their own sovereign clouds.

Whatever path China takes will have immense repercussions for the future of cyberspace – and for the advances in access to knowledge, democratization, basic freedoms and human rights that cyberspace has helped to generate over the past 20 years.

So what’s the next step for Google? Will it lead a global coalition of governments, corporations and citizens to protect cyberspace as an open, global space? Will it shake the remainder of the IT industry from their obsession on the bottom line into realizing that the very future of their industry depends on the position they take in defending the global information commons?

How our leaders respond is equally important. While Washington and other capitals realize the importance of cyberspace for the projection of military and intelligence power, they’ve been slow to recognize its importance to the advance of democratic values worldwide and as a global asset to be protected in its own right. Action is needed at the global level to ensure that cyberspace doesn’t slip into a new dark age, torn by territorial divisions and segmented into privatized spaces.

Google’s principled policy may be a wake-up call for those concerned with Internet business and security – but it should be a call to the barricades for the rest of us.

Ron Deibert is associate professor of political science and director of the Citizen Lab at the University of Toronto’s Munk Centre for International Studies. Rafal Rohozinski is CEO of the Ottawa-based SecDev Group. They are co-authors of the GhostNet study detailing alleged Chinese cyberespionage.