lambda 5.01

February 1st 1999

+ Inside China's Firewall: Lambda interview with Richard Long, director of the pro-democracy electronic journal Dacankao, which has been the main argument for a Chinese court to condemn to 2 yers of jail a software businessman, Lin Hai.

+ Crypto-reversal: France unlocks its encryption policy

LA LOUPE : search the archives


Lin Hai's Case

INSIDE CHINA'S BIG FIREWALL

 

The two years of jail sentence pronounced January 20 in the trial of Lin Hai (picture below), a Shanghai-based software entrepreneur accused of "subversion" for supplying e-mail addresses to dissidents abroad, gave the world another bad sign for China's digital revolution. The verdict in Shanghai came amid a recent crackdown on dissidents' attempts to form an opposition party, and confirms the way China's iron rule wants to deal with the "inappropriate" use of the Internet.

Lin Hai, 30, stood a closed-door trial Dec. 4, charged with "inciting the overthrow of state power." He was arrested in March 1998 after giving e-mail addresses of 30,000 Chinese computer users to Dacankao (DCK, or "Chinese VIP Reference"), a pro-democracy electronic publication edited from Washington, DC, by Chinese dissidents who furnish their Mainland's compatriots with non-censored political news with a strong accent on human-rights issues.

According to the Hong Kong-based Information Center of Human Rights and Democratic Movement in China, Lin argued during his trial that he was trying to develop business contacts and had no political motives.

"Lin Hai was sending out mass email to tens of thousands of accounts to promote his business, that might have attracted internet policemen's attention, and his phone tapped", Richard Long, a former Chinese dissident who is now the publisher of DCK, explains the Lambda in an interview (see as follow).

The main edition (Dacankao means "big reference") is weekly and is sent to 1/4 million addresses, but the news dispatch has also a daily edition, Xiaocankao ("mini reference"), which is sent to about 40,000 accounts.

To reach the biggest audience, DCK had to collect massive databases of Chinese email addresses -- a kind of political spam, in a sense. Email addresses located in China became a valuable resource for Long's Dacankao, and a poisoned temptation for Lin Hai (see other details here).

 

Lambda -- What are your tricks to collect email addresses from Chinese accounts?

Richard Long -- We developed quite a few ways to collect Chinese email addresses. For example we have a special software that would be running 24 hours a day to collect all email addresses on Chinese language encoded homepages. We also trade with "net bugs" of China, and we also have supporters to collect addresses for us. Everybody knows that VIP have the largest Chinese email database, thus entrepreneurs like Lin Hai would like to swap database with us.

 

-- Did you and Lin Hai himself knew that sending the addresses to you in the US could have been so risky?

-- No. We thought the exchange was purely confidential and technically safe. As for exactly how Lin Hai was targeted, we still don't know. His wife complained that their phone lines were tapped a month before the arrest. And obviously, Lin Hai talked a lot about VIP (as something new and fancy) with at least one of his close friends, Mr. Yu Xingqi from Beijing University. In the only two accounts of charge, his another crime was to help Yu Xingqi to subscribe my publication online. This was written in the court documents as "evidence". I contacted with Mr. Yu. He suspected that the police got it via phone tapping. The communists are extremely good at doing this, although I doubt they can do as good in tapping emails.

But somehow, the policemen in Shanghai targeted Mr. Lin Hai and confiscated his hard drives. If not all emails were properly deleted, the policemen could find out a lot of stuff. This may [have helped the police to] dug out some "evidence" to connect Lin Hai to VIP. But the truth is he is not a member of VIP, nor he got paid from VIP.

 

-- Do you know if and how Chinese police are trying to stop or censor your emails bulletins?

-- Yes, they are trying very hard to filter email of our originations. But we use many different ISPs and change it randomly. Technically it's almost impossible to stop mass emails. The West is having a hard time to fight "spam". In China, people feel sampthetic to what we do, and welcome our messages. It's already 10 years after Tiananmen.

 

-- Do you think Beijing can at the same time encourage the growth of Internet and censor it?

-- It's really painful for the government. They are used to control and monopoly on communications, media and people's life, in China they even control how many children you can have. Now we have a new technology, which by essence is freedom. The true spirit of internet is anti-censorship by design. Everybody knows that China can't afford not to develop the Net ... . New statistics showed 2 million accounts were registered. Since it's popular in China that many people share one account, we guess around 4-5 millions Chinese have direct internet access already.

I expect that the government finally would have to give in to people's demands of freedom of expression in the information age. Chinese VIP Reference is prepared to promote towards that direction."

 

CHINA'S BLOODY CRACKDOWN
ON ELECTRONIC CRIME

As the world press reported, Lin's case coincides with a crackdown on attempts to set up an opposition party, the China Democratic Party (CDP), which was launched last July when President Clinton visited China.

Judy M. Chen, Program Officer of the New York-based organization Human Rights in China, believes that "the sentencing of Lin Hai is part of the Chinese government's ongoing attempt to control the circulation of information through all channels." "Lin Hai's sentence comes amidst a heightening wave of political persecution, which has also brought harsh sentences to labor rights activists and members of the China Democracy Party (CDP). Wang Youcai, an initiator of the CDP was sentenced to 11 years' imprisonment for "conspiring to subvert the government" and using e-mail to send CDP materials abroad, among other charges."

In a report last July about Xu Wenli, one of the leaders of the Tiananmen square revolution, the Washington Post remarked that:

"Dissidents gathered at Xu's Beijing apartment could be heard making urgent phone calls and talking in excited tones about information that had just arrived by E-mail. They were organizing efforts to aid five dissidents arrested in connection with their public effort to register the China Democratic party in eastern Zhejiang province on the day Clinton arrived in China."

Other reports revealed how China was to deal with electronic crime. The Information Center of Human Rights and Democratic Movement in China reported in January that the government plans to set up computer crime investigation units in all of China's cities.

The most prominent example of electronic crime repression came last December when two young Chinese crackers were condemned to the death penalty for hacking into a bank computer network and stealing 260,000 yuan (US$31,400).

Reuters reported:

"The two men ­ Hao Jinglong and his brother Hao Jingwen ­ were sentenced to death Monday by the Yangzhou Intermediate Court in Jiangsu province. ... The pair were accused of breaking into and installing a controlling device in a bank computer terminal in a branch of the Industrial and Commercial Bank of China, the report said. Hao Jinglong was previously an accountant at the Zhenjiang branch of the bank. Earlier this month", the report added, "two men were executed in China for allegedly smuggling PCs and electronics worth $6.7 million into the Mainland."

 

Other news from the Los Angeles Times on January 20 confirmed the trend:

"A disgruntled computer programmer has reportedly confessed to planting a virus in thousands of copies of educational software in the Chinese capital's first apparent case of serious hacker sabotage. ... The programmer, Zhang Wenming, faces a possible jail term of up to five years for bugging software sold to schools. ... Zhang is the first Beijing resident to be prosecuted under laws, passed last year, governing crimes relating to information technology. His case comes as Chinese authorities are increasingly turning their attention to tracking down hackers suspected of committing technological and even political crimes, often through the Internet."

 

Another recent report makes all the things clear : Internet cafes are now under strict control (private Internet users must already register to the police).

From The Associated Press, January 21, 1999:

"China has tightened restrictions on Internet use, ordering bars that offer access to register users with the police, according to state media. ... Under the rules, bars that rent time to customers on Internet-linked computer terminals will have to be licensed by police, the Workers Daily newspaper said today. Such bars and cafes, increasingly common in major Chinese cities, had been one of the
few ways Chinese could receive e-mail or look at web sites anonymously."
 
"Managers and customers of 'Internet bars' cannot be allowed to endanger national security," the newspaper said. ... The state-run China News Service said bar managers would have to be licensed and register their customers. The reports said the rules were issued Tuesday by public security and culture officials, but didn't say when they would take effect. ... "Some managers offer gambling and computer games with lewd content," it said in a report Tuesday. "Officials believe this already has endangered social stability and the mental and physical health of young people.""
 

HOW US TECHNOLOGY HELPS CHINA TO CONTROL AND FILTER INTERNET-BASED COMMUNICATIONS

China is a big dilemma for Western information technology companies. It is well known that firms such as Netscape Communications, Oracle and Sun Microsystems have furnished network servers and software to Chinese administrations. But the most implicated company in this dual-use business is Cisco Systems, the world leader for IP routers and hardware.

The firm was proud to announce on November 24 a joint-venture agreement with the Beijing City Information Office and China Information Highway Corp. to construct the Capital Public Information Platform (CPIP), China's first Internet exchange.

From a Nikkei's AsiaBizTech report:

"The networking company is responsible for the design of the entire network architecture. It also will provide a wide range of hardware and software as well as technical training and support. The CPIP ... will be operated by Beijing Information Development Co., Ltd., a venture encompassing the Ministry of Information Industry, the People's Government of Beijing City and the People's Bank of China."
 
"It will link the largely separate networks that comprise China's Internet ... [including] the Ministry of Information Industry's ChinaNet. ... Prior to March 1997, these Chinese networks had no interconnectivity. All Internet traffic had to be routed via the United States. Also, the CPIP will act as a channel for communications with government. It will enable the national government and Beijing city administration to provide the public with service-related information."

The Lambda must recall its readers that the Ministry of Information Industry is the promoter of the so-called China Wide Web project, that aims to create a nationwide Intranet system. The Ministry has already taken steps to control the flow of information by blocking a bunch of foreign news Web sites that are considered as "subversive".

The question to filter incoming and outgoing email messages from this Chinese Intranet is more complex. But the Lin Hai case proved that it was not impossible. New IP gigabits routers from Cisco or other Western firms can include filtering technology very easily.

In early January Cisco Systems announced new business deals to furnish gigabit routers to four prominent service providers in China. These providers are Dalian CATV and Guangdong CATV (two cable networks that plan to offer soon Internet access), Shanghai Online and China Telecom. China Telecom is the industrial arm of the Ministry of Information Industry, and its main affiliate venture is ChinaNet, which covers 30 cities and remains the leading Internet access provider in China.


CRYPTO (OUF!)


Fin de règne...

Last January 19 Prime Minister Jospin announced the end of the French exception regarding encryption policy. It allows French users to use freely all crypto software up to 128-bit (the limit is 40-bit right now), until a new law will drop all key limit restrictions for domestic use. Jospin also said that the mandatory key escrow scheme of Trusted Third Parties, enforced since last year, will be dropped for domestic use and promoted for business purposes. Individuals users thus could use software like PGP freely, at last. Like any other European Union citizens.

For EPIC's Dave Banisar, "Jospin's announcement appears to have put the final nail in the coffin of key escrow (Key escrow est mort!). The UK has lost its only real support in the EU for its proposed escrow system and will probably have to drop their e-commerce bill now."

Commissaire Daniel Padoin, a leading police officer in charge of a computer and network crime unit, told the Lambda that the mandatory key escrow scheme would never have been accepted by criminals. He acknowledged that during his 4 years experience, he has never been confronted with encrypted material he could not break by "classical ways". But he claims that it's crucial that law enforcement officers rely on new means to deal with encrypted materials.

This new policy is a serious blow for General Desvignes (picture), head of the State-run SCSSI agency, one of the main advocate of a controled key escrow scheme (see our last interview in Lambda 4.03)

A detailed article by Andy Oram in The American Reporter, "DRAMATIC CRACK IN A BASTION OF CRYPTOGRAPHY REGULATION" resumes all the consequences of the new French plan. The Lambda, which has always been on alert about France's restrictive approach, invites you to read this excellent reference.

Major abstracts:

The Prime Minister's new announcement is an unambiguous change of policy. His rhetoric adheres fully to the principles that have united proponents of strong encryption, declaring that encryption is "an essential means for protecting the confidentiality of communications and private life."
 
Offering a "first step toward liberalization," Jospin declares that the length of computer users' secret keys can immediately be raised from the current inadequate 40-bit limit to 128 bits, which is quite secure (unless the spy agencies know something we don't). As a set of changes that will require "several months" to implement, he recommends that:
- the use of cryptography be completely liberalized;
- TTPs no longer be required;
- instead, courts be allowed to make users decrypt documents and to prosecute those who refuse.
 
With Jospin's announcement, key escrow evaporates from the palette of French technology policies -- and probably will fade from those of other countries as well. France has switched from the most restrictive regulator of encryption among technologically advanced nations to a proponent of complete openness.
 
Impressive as the reversal is, its timing is even more dramatic, as it comes just six weeks after France joined with 32 other countries to sign an update of a document called the Wassenaar Agreement that promised to tighten restrictions on encryption. The cryptography section of this document now appears to be moot. Several countries' governments have been distancing themselves from it implicitly or explicitly. ... "

Et maintenant, place aux actes.

 

RESOURCES

- Details in French about the actual law

- Lambda 4.02 about an English translation of the 1998 decrees

- See also a valuable resource about recent encryption policy moves, especially after the Wassenaar arrangements

 


lambda / arQuemuse
janvier-février 1999
Réactions I Home