Google doesn't trust China - should Mozilla?

Should Mozilla accept a CA (certification authority) from China's Network Information Centre (CNNIC)?

As Ed Felten on the Freedom to Tinker blog explains, the trusted CA authenticates the identity of the server the browser is going to.

But what if you don't trust the CA itself?

As Ed delicately puts it:

"[L]et's suppose, just for the sake of argument, [his italics] that CNNIC were a puppet of the Chinese government. Then CNNIC's status as a trusted CA would give it the technical power to let the Chinese government spy on its citizens' 'secure' web connections."

It is technically true: CNNIC is an NGO. But in China all NGOs belong to a government agency (so they are all in fact GONGOs). To put the matter beyond doubt, CNNIC even announces on its home page that it "takes orders from the Ministry of Information Industry (MII) [sic] to conduct daily business."

So it is much more than an academic debate. Felten points out that it highlights the fragility of the technical design of the net. He might have added that it also requires trust - yet there is no trust in Communist Party's relationship with Chinese people and the rest of the world.

Google taps NSA and the whole world knows

Google has called on the NSA to help it ward off cyber-attacks, the Washington Post has reported.

Google has cited sophisticated attacks on its servers, originating from China and aimed at stealing its corporate secrets, as one of the prime reasons for its departure from the PRC.

This story says it is probably seeking help from the NSA to defend against future threats rather than investigate the earlier breaches.

Nothing says privacy alert more than the biggest holder of personal internet data hooking up with the world's biggest electronics surveillance agency. As you'd expect, Google says it won't share personal search information or access to email accounts. As you'd expect, EPIC has filed an FOI request with NSA.

But I'm more struck by the story itself. One of Google's quaint ironies is that it's intense secrecy. And the NSA is hardly known for issuing press releases. I'm guessing the leak is from Google. The only explanation is the obvious one - it's a warning to would-be hackers, including (especially?) the Chinese.

But a line in a John Markoff story in the New York Times also caught my attention.

A number of computer security consultants who worked with other companies that experienced attacks similar to those of Google have stated that the surveillance system was controlled from a series of compromised server computers based in Taiwan. It is not clear how Google determined that the attacks originated in China.

Good question. What did Google know about the attacks and when did they know them?

EFF's Gang of Seven

Electronic Freedom Foundation fingers seven US companies for selling surveillance gear to China.

Cisco, which is the most overt supporter of China's "Golden Shield" system of internet censorship, tops the list.

Others include Nortel, Oracle and Motorola.

More adventures in China's open internet

Seven months on from the Urumqi riots, Xinjiang is still effectively without internet access.


All email is blocked, and only government websites such as Xinhua are accessible, according to RSF.

Official media claimed on January 12 that internet access was "returning".

Cold War II, Now Playing

It all reminds me of a Garrison Keilor sketch from the early 90s about listless American men missing the Cold War.

Hanker no longer. It's breaking out all over the place.

From the blue corner:
Financial Times
China fumes after US arms sales to Taiwan
Sydney Morning Herald
Honeymoon over for US and China
New York Times
U.S. Arms for Taiwan Send Beijing a Message
The Times
China says US arms sales to Taiwan could threaten wider relations


From the red corner:
Global Times
China halts military ties with US
China Daily
Beijing furious at arms sales to Taiwan

The furore over a watered-down arms package that won't alter the military balance ($$) is a classic piece of Chinese political theatre. A timely distraction from the Google debacle, hugely appreciated by the home audience and even the anti-China foreign media is right on message. Beijing must be loving it.

Service resumes

I started this blog because I thought the intersection of technology, telecom and free speech in China was worth writing about. Thanks to Google I now don't have to explain why.

After a number of distractions and a much-needed break from the PC it's time to resume.