Print Friendly and PDF
only search openDemocracy.net

The Great Firewall of China

China’s authorities maintain a tight grip on the web. But with increasing numbers of tech-savvy users, how long can this control last? Index’s China correspondent investigates

.

Protesters march against China's censorship of the internet at the Doo Dah Parade on January 18, 2009 in Pasadena. Shutterstock/Jose Gil. All rights reserved.

You may not actually be able to see the Great Wall of China from space but you can certainly see the Great Firewall of China in action anywhere in the country. 
With the largest population of web users in the world, China also has one of the most restricted internets, with a host of measures employed to make sure that netizens cannot read about sensitive issues nor themselves post - or at least for very long - information the government deems threatening.



“China’s censorship system is complex and multi-layered,” writes Rebecca MacKinnon in her Consent of the Networked: The Worldwide Struggle For Internet Freedom, published last year. Even so, for simplicity’s sake we can split the machinery involved into three main types: technical - the Great Firewall; human-powered (a workforce that deletes posts and another that adds posts to spin the debate); and self-censorship (from Netizens and online companies themselves).



Index asked Jon Penney, a Fellow at Harvard's Berkman Center for Internet & Society and Toronto's Citizen Lab, to explain the technical side of China’s formidable internet machinery. He began by explaining that while we have a basic understanding there’s a lot about how China controls the web that we don’t know.



“China's ‘Great Firewall’ (GFC) is among the most technically sophisticated internet filtering/censorship systems in the world… Its depth, scope, and capacity is certainly impressive.



“Basically, access to the internet in China is provided by eight Internet Service Providers, which are licensed and controlled by the Ministry of Industry and Information Technology.

“These ISPs are important, because we're learning that they do a lot of the heavy lifting in terms of content filtering and censorship.”



Penney explains how there are three main ways to block access to websites or online content:


(1) IP blocking;


(2) DNS hijacking; and


(3) keyword content inspection/filtering.  



“IP blocking is the most primitive of the three methods, and it’s the easiest to implement simply because IP blocking is a standard feature of most routers - the hardware devices that route traffic on the Internet, both inside and outside China. “All Internet traffic contains data packets, with information about its source and its destination, its ‘IP address’.



“A router configured to block a list of IPs would inspect a packet and drop any that are destined to one of the blocked IP list.  So, if a Chinese internet user tries to access a website with their browser, and the website's IP address is blacklisted, then they won't be able to connect to it.”



“DNS hijacking involves the Domain Name System, that is, the internet's system for translating or matching textual hostnames, like websites, to their physical addresses on the Internet - the IP address.



“Think of the DNS as a digital phone book, matching names with numbers.  Here, when our Chinese internet user puts a url for a website into their browser, her computer sends a request to Domain Name servers to translate the url into an IP address.



“Along the way, a router so configured (like those on CHINANET, a major Chinese ISP) will attempt to "hijack" any URL DNS requests that contain banned keywords (such as ‘Dalai Lama’), by providing a fake DNS response.



“Keyword content inspection and filtering is the most sophisticated of the three methods. 



“Here, China uses what are called ‘IDS’ or intrusion detection systems, that inspect all Internet traffic passing by (or, say, through its associated router). 



“If that traffic contains any matches with a list of pre-defined banned keywords, then it suppresses the traffic with a ‘TCP connection reset’; in simple terms - it prevents the traffic from reaching its destination.



“So, again, the Chinese Internet user's computer is unable to connect to a website located outside China that its computer's browser is trying to communicate with.”



Penney continued:


“Though we are still learning about where these IDS are located on China's internal internet infrastructure, they are most likely located at the ISP level, that is, on edge routers deployed by major ISPs like CHINANET and CNCGROUP, that handle a lot of China's incoming/outgoing internet traffic.



“However, it seems that keyword filtering also happens further along, so, again, there are layers of filtering and not just a single ‘wall’ that you need to get past.”



All this can make surfing websites located outside China from inside China frustratingly slow, while “healthy” and “harmonious” websites located inside China load with ease. For the vast majority of Chinese web users, that’s just fine.



From MacKinnon again: “There are plenty of social networking platforms and other delightfully entertaining and useful services on the Chinese Internet to keep people occupied, without much need to access sites and services based overseas - assuming they have no interest in politics, religion or human rights issues.



“Baidu, the homegrown search engine, enables people to locate all the content on the Chinese-language Internet that their government permits.



“The social networking platforms RenRen and Kaixinwang substitute for Facebook.



“People can blog on platforms run by Chinese companies like Sohu and Sina, which also runs a wildly popular Twitter-like microblogging service, Weibo.”



But how to make sure sites inside CGF stay “harmonious”? For that China needs human input.



One group - the 50-cent party, so-called because their members were rumoured to be paid 50 cents (5 mao) for each pro-government post - is not used to censor the internet but rather to tweak the online debate in the preferred direction.



Penney describes the origins of the 50-cent party.



“My understanding is that the idea for the ‘50-Cent Party’ originated as a response to anti-CCP (China’s Communist Party) content on various online university discussion forums in the mid 2000's.



“Nanjing University was the testing grounds, where students were hired under a ‘Work Study’ programme to influence discussions in the University's newly established bulletin board system with a pro-CCP perspective. 



“I suppose the success of that project led to a more permanent governmental programme to recruit, train, and deploy teams of pro-CCP commentators throughout the internet.



“China's Ministry of Culture is rumoured to train and certify new recruits, like providing effective means to of online persuasion, or how to best influence the direction of online discussion or content. 



“Today, the 50 Cent Party is likely close to 300,000 strong.”



Dissident artist Ai Weiwei recently paid a member of this group with an iPad in exchange for an interview about his work, published in an edition of Britain’s New Statesman magazine, which the editors attempted to make available to download in China. The respondent said that he received an email every morning from a branch of the local government on what issues to cover that day. He described his work as to “stabilise the emotions of Netizens and divert public attention”. There is a separate group of people that are also employed to delete unwanted posts.



“The 50-cent party are different from the internet police or human censors,” Penney explains,  “which are much smaller in number (probably closer to 20,000), that are employed by the Chinese state to simply monitor online content and order websites/content hosts/service providers, etc, to delete or remove content. 



“Some sites give these human censors pre-set access to content, so they can delete offending content themselves. These censors are employed by the Public Security Bureau and paid monthly.”



MacKinnon also explains that many of the big internet companies also hire their own censors, knowing that they will be held responsible for “illegal” content unless they take proactive measures themselves.



“The government requires companies operating inside China to use a combination of computer algorithms as well as human editors to identify objectionable material and remove it from the internet completely.



“Companies that fail to obey government orders face different grades of punishment: from warnings or stiff fines to temporary shutdowns or revocation of the company’s business license.



“Many thousands of Chinese websites and dozens of companies have been shuttered because they failed to control their content adequately.”



Many foreigners and a small percentage - some statistics say about 1 per cent - of Chinese people use “tools” to bypass censorship. One of the more popular is VPN (virtual private network) but last year China began to develop means to disrupt these.



Here’s Penney again:



“This is something new. VPNs had become a popular way to ‘tunnel’ through China's GFW, by encrypting traffic and effectively ‘hiding’ content from key word content filters.



“Late last year, it seems the government installed new software that appears able to, as quoted in a December 14 Guardian story, ‘learn, discover, and block’ encrypted VPN traffic. 



“Though, again, we still don't know the whole story, the most common theory is that this new software uses a machine-learning algorithm to analyze internet traffic, and block any suspicious traffic as related to VPN protocols. 



“Basically, the software is able to spot features unique to VPN encrypted internet traffic - VPNs typically have high numbers of connections to IP addresses outside of China - it then classifies the traffic as VPN, and blocks it.”



The chase between Chinese censorship and the means to get around it have often been likened to a game of cat and mouse. Penney thinks that’s not going to change any time soon.



“I suspect that China's internet censorship systems will continue to evolve, and gain in both scope and sophistication. 



“The new leadership may feign easing restrictions here and there, but the CCP is deeply committed to internet censorship and surveillance, in order to control information, stifle dissent, and shape public opinion. 



“The scale and penetration of internet use among Chinese citizens is extraordinary, and there are only so many internet police and web commentators you can hire to contain ‘problematic’ internet content.  It also means that more Chinese citizens will gain the technical knowledge to find more means to circumvent filtering methods.  These are definitely interesting times.”


About the author

China Correspondent is a Chinese-based journalist who reports on free speech for Index’s UNCUT blog.


We encourage anyone to comment, please consult the
oD commenting guidelines if you have any questions.