China syndromeChina uses stolen software in its new Internet censorship scheme

Published 15 June 2009

The Chinese government will impose strict Internet censorship beginning 1 July; the software the Chinese will use for filtering Web sites was stolen from California-based Solid Oak Software; the Chinese piracy was exceedingly clumsy: a file containing a 2004 Solid Oak news bulletin has been accidentally included in the Chinese filtering coding

The Chinese government has mandated that companies selling PCs in China install filtering software to prevent child pornography and other disagreeable material from reaching Chinese consumers. Now a California company claims that the Internet-filtering software China has mandated for all new personal computers sold there contains stolen programming code.

Solid Oak Software of Santa Barbara said Friday that parts of its filtering software, which is designed for parents, are being used in the Green Dam-Youth Escort filtering software that must be packaged with all computers sold in China from 1 July. Solid Oak’s founder, Brian Milburn, said he plans to seek an injunction against the Chinese developer that built the software, but acknowledged that it’s new legal terrain for his company. “I don’t know how far you can try and reach into China and try to stop stuff like this,” he said in an interview. “We’re still trying to assess what they’re doing.”

Wall Street Journal’s Ben Worthen and Loretta Chao write that China has mounted a vigorous public defense of the software, saying it wants it to block violence and pornography, but critics say it censors many more things, and does it on a deeper level than the Internet censorship China currently employs.

China has more than 250 million Internet users and employs some of the world’s tightest controls over what they see, often called the Great Firewall of China, which refers to technology designed to prevent unwanted traffic from entering or leaving a network.

Political sites and others the government deems offensive are routinely blocked, but that happens at the network level. Savvy users can get around it by bouncing through proxy servers in other countries, but it takes some sophistication. Blocked sites simply would not load in users’ Web browsers. The new software blocks sites directly from a user’s machine.

A report released Thursday by University of Michigan researchers who examined the Chinese software supports Solid Oak’s claim that the Green Dam software contains pirated code. The report also found serious security vulnerabilities that could allow hackers to hijack PCs running the Chinese software.

The report found that a number of the blacklist files that Green Dam employs were taken from Solid Oak’s CyberSitter program. Blacklists are lists of Web sites that have been flagged as violent or pornographic or malicious or otherwise offensive. Web browsers on computers where blacklists are in use are instructed to block those sites.

The report’s authors — researchers in the university’s computer science and engineering division — also said they found another clue that Solid Oak’s code was stolen: a file that contained a 2004 CyberSitter news bulletin that appeared to have been accidentally included in Green Dam’s coding.