With New Software, Iranians and Others Outwit Net Censors

The Iranian government, more than almost any other, censors what citizens can read online, using elaborate technology to block millions of Web sites offering news, commentary, videos, music and, until recently, Facebook and YouTube. Search for “women” in Persian and you’re told, “Dear Subscriber, access to this site is not possible.”

Last July, on popular sites that offer free downloads of various software, an escape hatch appeared. The computer program allowed Iranian Internet users to evade government censorship.

College students discovered the key first, then spread it through e-mail messages and file-sharing. By late autumn more than 400,000 Iranians were surfing the uncensored Web.

The software was created not by Iranians, but by Chinese computer experts volunteering for the Falun Gong, a spiritual movement that has beem suppressed by the Chinese government since 1999. They maintain a series of computers in data centers around the world to route Web users’ requests around censors’ firewalls.

The Internet is no longer just an essential channel for commerce, entertainment and information. It has also become a stage for state control — and rebellion against it. Computers are becoming more crucial in global conflicts, not only in spying and military action, but also in determining what information reaches people around the globe.

More than 20 countries now use increasingly sophisticated blocking and filtering systems for Internet content, according to Reporters Without Borders, a Paris-based group that encourages freedom of the press.

Although the most aggressive filtering systems have been erected by authoritarian governments like those in Iran, China, Pakistan, Saudi Arabia and Syria, some Western democracies are also beginning to filter some content, including child pornography and other sexually oriented material.

In response, a disparate alliance of political and religious activists, civil libertarians, Internet entrepreneurs, diplomats and even military officers and intelligence agents are now challenging growing Internet censorship.

The creators of the software seized upon by Iranians are members of the Global Internet Freedom Consortium, based largely in the United States and closely affiliated with Falun Gong. The consortium is one of many small groups developing systems to make it possible for anyone to reach the open Internet. It is the modern equivalent of efforts by organizations like the Voice of America to reach the citizens of closed countries.

Separately, the Tor Project, a nonprofit group of anticensorship activists, freely offers software that can be used to send messages secretly or to reach blocked Web sites. Its software, first developed at the United States Naval Research Laboratories, is now used by more than 300,000 people globally, from the police to criminals, as well as diplomats and spies.

Political scientists at the University of Toronto have built yet another system, called Psiphon, that allows anyone to evade national Internet firewalls using only a Web browser. Sensing a business opportunity, they have created a company to profit by making it possible for media companies to deliver digital content to Web users behind national firewalls.

The danger in this quiet electronic war is driven home by a stark warning on the group’s Web site: “Bypassing censorship may violate law. Serious thought should be given to the risks involved and potential consequences.”

In this cat-and-mouse game, the cat is fighting back. The Chinese system, which opponents call the Great Firewall of China, is built in part with Western technologies. A study published in February by Rebecca MacKinnon, who teaches journalism at the University of Hong Kong, determined that much blog censorship is performed not by the government but by private Internet service providers, including companies like Yahoo China, Microsoft and MySpace. One-third to more than half of all postings made to three Chinese Internet service providers were not published or were censored, she reported.

When the Falun Gong tried to support its service with advertising several years ago, American companies backed out under pressure from the Chinese government, members said.

In addition, the Chinese government now employs more than 40,000 people as censors at dozens of regional centers, and hundreds of thousands of students are paid to flood the Internet with government messages and crowd out dissenters.

This is not to say that China blocks access to most Internet sites; most of the material on the global Internet is available to Chinese without censorship. The government’s censors mostly censor groups deemed to be state enemies, like the Falun Gong, making it harder for them to reach potential members.

Blocking such groups has become more insidious as Internet filtering technology has grown more sophisticated. As with George Orwell’s “Newspeak,” the language in “1984” that got smaller each year, governments can block particular words or phrases without users realizing their Internet searches are being censored.

Those who back the ragtag opponents of censorship criticize the government-run systems as the digital equivalent of the Berlin Wall.

They also see the anticensorship efforts as a powerful political lever. “What is our leverage toward a country like Iran? Very little,” said Michael Horowitz, a fellow at the Hudson Institute who advises the Global Internet Freedom Consortium. “Suppose we have the capacity to make it possible for the president of the United States at will to communicate with hundreds of thousands of Iranians at no risk or limited risk? It just changes the world.”

The United States government and the Voice of America have financed some circumvention technology efforts. But until now the Falun Gong has devoted the most resources, experts said, erecting a system that allows the largest number of Internet users open, uncensored access.

Each week, Chinese Internet users receive 10 million e-mail messages and 70 million instant messages from the consortium. But unlike spam that takes you to Nigerian banking scams or offers deals on drugs like Viagra, these messages offer software to bypass the elaborate government system that blocks access to the Web sites of opposition groups like the Falun Gong.

Shiyu Zhou, a computer scientist, is a founder of the Falun Gong’s consortium. His cyber-war with China began in Tiananmen Square in 1989. A college student and the son of a former general in the intelligence section of the People’s Liberation Army, he said he first understood the power of government-controlled media when overnight the nation’s student protesters were transformed from heroes to killers.

“I was so disappointed,” he said. “People believed the government, they didn’t believe us.”

He decided to leave China and study computer science in graduate school in the United States. In the late 1990s he turned to the study of Falun Gong and then joined with a small group of technically sophisticated members of the spiritual group intent on transmitting millions of e-mail messages to Chinese.

Both he and Peter Yuan Li, another early consortium volunteer, had attended Tsinghua University — China’s Massachusetts Institute of Technology. Mr. Li, the son of farmers, also came to the United States to study computer science, then joined Bell Laboratories before becoming a full-time volunteer.

The risks of building circumvention tools became clear in April 2006 when, Mr. Li later told law enforcement officials, four men invaded his home in suburban Atlanta, covered his head, beat him, searched his files and stole two laptop computers. The F.B.I. has made no arrests in the case and declined to comment. But Mr. Li thinks China sent the invaders.

Early on, the group of dissidents here had some financial backing from the International Broadcasting Bureau of the Voice of America for sending e-mail messages, but the group insists that most of its effort has been based on volunteer labor and contributions.

The consortium’s circumvention system works this way: Government censorship systems like the Great Firewall can block access to certain Internet Protocol addresses. The equivalent of phone numbers, these addresses are quartets of numbers like 209.85.171.100 that identify a Web site, in this case, google.com. By clicking on a link provided in the consortium’s e-mail message, someone in China or Iran trying to reach a forbidden Web site can download software that connects to a computer abroad that then redirects the request to the site’s forbidden address.

The technique works like a basketball bank shot — with the remote computer as the backboard and the desired Web site as the basket. But government systems hunt for and then shut off such alternative routes using a variety of increasingly sophisticated techniques. So the software keeps changing the Internet address of the remote computer — more than once a second. By the time the censors identify an address, the system has already changed it.

China acknowledges that it monitors content on the Internet, but claims to have an agenda much like that of any other country: policing for harmful material, pornography, treasonous propaganda, criminal activity, fraud. The government says Falun Gong is a dangerous cult that has ruined the lives of thousands of people.

Hoping to step up its circumvention efforts, the Falun Gong last year organized extensive lobbying in Congress, which approved $15 million for circumvention services.

But the money was awarded not to the Falun Gong consortium but to Internews, an international organization that supports local media groups.

This year, a broader coalition is organizing to push for more Congressional financing of anti-filtering efforts. Negotiations are under way to bring together dissidents of Vietnam, Iran, the Uighur minority of China, Tibet, Myanmar, Cuba, Cambodia, Laos, as well as the Falun Gong, to lobby Congress for the financing.

Mr. Horowitz argues that $25 million could expand peak usage to as many as 45 million daily Internet users, allowing the systems to reach as many as 10 percent of the Web users in both China and Iran.

Mr. Zhou says his group’s financing is money well spent. “The entire battle over the Internet has boiled down to a battle over resources,” he said. “For every dollar we spend, China has to spend a hundred, maybe hundreds of dollars.”

As for the Falun Gong software, it proved a little too popular among Iranians. By the end of last year the consortium’s computers were overwhelmed. On Jan. 1, the consortium had to do some blocking of its own: It shut down the service for all countries except China.

__________

Slipping Through the Net

Computers, indispensable in peace, are becoming ever more important in political conflicts and open warfare. This is the second article in a New York Times series on the growing use of computer power as a weapon.

___________
Full article: http://www.nytimes.com/2009/05/01/technology/01filter.html?hpw

Panel Advises Clarifying U.S. Plans on Cyberwar

The United States has no clear military policy about how the nation might respond to a cyberattack on its communications, financial or power networks, a panel of scientists and policy advisers warned Wednesday, and the country needs to clarify both its offensive capabilities and how it would respond to such attacks.

The report, based on a three-year study by a panel assembled by the National Academy of Sciences, is the first major effort to look at the military use of computer technologies as weapons. The potential use of such technologies offensively has been widely discussed in recent years, and disruptions of communications systems and Web sites have become a standard occurrence in both political and military conflicts since 2000.

The report, titled “Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities,” concludes that the veil of secrecy that has surrounded cyberwar planning is detrimental to the country’s military policy.

The report’s authors include Adm. William A. Owens, a former vice chairman of the joint chiefs of staff; William O. Studeman, former deputy director of the Central Intelligence Agency; and Walter B. Slocombe, former under secretary of defense for policy. Scientists and cyberspecialists on the panel included Richard L. Garwin, an I.B.M. physicist.

Admiral Owens said at a news conference Wednesday in Washington that the notion of “enduring unilateral dominance in cyberspace” by the United States was not realistic in part because of the low cost of the technologies required to mount attacks. He also said the idea that offensive attacks were “nonrisky” military options was not correct.

In the United States, the offensive use of cyberweapons is a highly classified military secret. There have been reports going back to the 1990s that American intelligence agencies have mounted operations in which electronic gear was systematically modified to disrupt the activities of an opponent or for surveillance purposes. But these activities have not been publicly acknowledged by the government.

The report concludes that the United States should create a public national policy regarding cyberattacks based on an open debate on the issues. The authors also call on the United States to find common ground with other nations on cyberattacks to avoid future military crises.

The authors point to a 2004 Pentagon statement on military doctrine, indicating that the United States might respond to a cyberattack with the military use of nuclear weapons in certain cases. “For example,” the Pentagon National Military Strategy statement says, “cyberattacks on U.S. commercial information systems or attacks against transportation networks may have a greater economic or psychological effect than a relatively small release of a lethal agent.”

Pentagon and military officials confirmed that the United States reserved the option to respond in any way it chooses to punish an adversary responsible for a catastrophic cyberattack. While the options could include the use of nuclear weapons, officials said, such an extreme counterattack was hardly the most likely response.

“The United States reserves the right to respond to intrusions into government, military and national infrastructure information systems and networks by nations, terrorist groups or other adversaries in a manner it deems appropriate,” said one senior Pentagon official.

Another senior Pentagon official added, “While the United States would always reserve the right to respond appropriately to defend the nation and its citizens, this kind of scenario is extremely speculative and requires an enormously vivid imagination.”

The two officials spoke on the condition of anonymity because of the highly classified nature of planning for cyberwarfare and nuclear warfare. Both officials emphasized that in American military planning, there are only rare instances when any specific option would be declared off-limits in advance.

This effort to specifically project a lack of clarity is viewed as important to keeping an adversary uncertain of the severity of an American counterattack. Introducing that uncertainty into the thinking of an adversary’s government and military has historically been an essential element of deterrence, whether traditional nuclear deterrence or today’s cyberwar planning.

For example, during the cold war, when the Soviet Union and its Warsaw Pact allies stationed an overwhelming conventional force in Central Europe, American planners were never certain that NATO’s tanks and artillery could hold back the Soviet-led armor if an offensive was begun across the Fulda Gap in Germany.

Thus, the United States never declared that it would be bound to respond to a Soviet and Warsaw Pact conventional invasion with only American and NATO conventional forces. The fear of escalating to a nuclear conflict was viewed as a pillar of stability and is credited with helping deter the larger Soviet-led conventional force throughout the cold war.

Introducing the possibility of a nuclear response to a catastrophic cyberattack would be expected to serve the same purpose.

__________

Full article: http://www.nytimes.com/2009/04/30/science/30cyber.html?hpw