Infowar – A Case Study

[This weekend’s Opinion column in the Daily Post]

The recent decision by the Mubarak regime in Egypt to cut off all Internet access for its citizens is a textbook example of using a silver bullet to shoot oneself in the foot.

The whys and wherefores of how they’ve gone about doing so provide a useful opportunity to understand the paradox of control over the Internet and the costs involved when governments and other actors indulge their desire to dam the torrent of information that flows across their networks.

In order to do that, we need to dispel a rather pesky myth.

Perhaps the most dangerous misconception of the Internet is its survivability. It’s true that, as one information activist put it, the Internet treats censorship as damage and routes around it. But that statement is predicated on the actual presence of an Internet in the first place.

That may sound like a silly statement, but the Internet might not be as enduring as many assume it to be.

While many of the software and communications protocols that define the Internet are, by design, remarkably resistant to outside control, the physical networks through which our data passes are not nearly so robust.

James Cowie, a network analyst from Renesys Corporation, has written excellent analyses of state intervention in national communications both during the post-election strife in Iran and more recently in Egypt. Using forensic evidence gathered in real time, he constructs a vivid scenario: In contrast to Iranian authorities, who elected to use physical choke-points in the communications infrastructure to reduce the flow of information to a trickle, Egyptian authorities appear to have instructed all national Internet Service Providers simply to cut all communications with the outside world.

Starting at midnight (Egyptian time) on the 27th of January 2011, Egypt’s largest ISPs began disappearing from the Internet. Within a period of about 13 minutes, they simply stopped delivering data to and from their customers.

Cowie writes:

“[T]his sequencing looks like people getting phone calls, one at a time, telling them to take themselves off the air. Not an automated system that takes all providers down at once; instead, the incumbent leads and other providers follow meekly one by one until Egypt is silenced.”

How did this happen? Every large ISP participates in a cooperative system called the Border Gateway Protocol, or BGP. BGP allows them to discover how traffic destined to a remote network should be directed. Simply put, each ISP announces which address blocks it supports. These blocks can represent tens or even hundreds of thousands of individual machine addresses.

Designed for simpler times, BGP is a trust-based protocol. It relies implicitly of the good faith of all participants to continue working. This makes it remarkably vulnerable to the machinations of states or organisations whose interests don’t align with others’. Back in 2008, Pakistan Telecom caused a furore when, for a little over 2 hours, their bungled attempt to use BGP to block YouTube domestically resulted in the site disappearing from much of the Internet.

Just last year, a change to BGP traffic announcements resulted in about 15% of all Internet traffic being routed through networks in China for a brief period. This resulted in breathless speculation that the disruption was not accidental. Some claimed that it amounted to a reconnaissance in force, as it were, a probing of the global Internet to determine its resilience in the face of attack.

Intentional or not, these disruptions to the BGP apparatus make it abundantly clear that choke points exist on the Internet and that they are remarkably easy to subvert.

Debate continues to rage in technical circles about what can be done to mitigate BGP’s innate deficiencies. Changes will doubtless be necessary. But the liability wouldn’t be so grave if our physical communications networks weren’t so hopelessly centralised.

Egypt offers us a particularly vivid example of this. A country of over 80 million people, it has only a half a dozen or so large Internet providers. Only one of them, the Noor Group, initially resisted the demand to drop services. Some have speculated that its continued online presence was due to its extensive list of blue chip clients, including many banks and the Egyptian Stock Exchange.

Ultimately, though, it was a limited victory. Noor advertised only 83 of the roughly 3500 data routes in and out of Egypt. They were eventually forced off the air a week after their IT confrères.

In Iran, population 72 million, there are only 5 significant international links, all of which flow through a single Government-run office. Such centralisation makes it easy for the state to exert its influence.

(One European-owned company, Vodaphone, washed its hands of the decision to cut service to its Egyptian customers, claiming that the Mubarak regime had the legal right to issue the order. This rhetorical line apes the rationale provided by Nokia-Siemens when it was discovered that their equipment enabled Iranian authorities to block most traffic and eavesdrop on the rest.)

The Internet as a principle –that is, the idea of an open network allowing free communication regardless of source or sender– is not as popular as some might believe. It made its way into the commercial world more by stealth than by deliberation. Telcos didn’t really understand the Internet as a service; they just knew they had to offer it in order to compete.

One thing was clear to them: The sum of all services across a global network was clearly more valuable than those offered by a single provider. Equally attractive was the perception that these services came more or less for free with the connection.

But the seductive power of the Net hasn’t changed attitudes entirely.

Telecommunications companies, with a long legacy of market-controlling behaviour, still build and deploy their infrastructure using centralised models. Recently, some of them have begun lobbying for the right to exert control over the data that passes over their networks, potentially penalising services that compete with their own. Comcast, one of the largest ISPs in the US, recently got approval to acquire NBC Universal and its content-creation ecosystem, giving rise to fears that they might leverage their control over the information pipeline to dictate what passes through it.

Put simply, carriers would love nothing better than to go back to the telephone service model, where fees are based on where you are and who you talk to, with no conversation possible unless you’ve paid your toll.

The principle of an end-to-end network –that is, one that allows direct, unmediated connections between two parties– militates strongly in the opposite direction. Its appeal is remarkably seductive, leading most Internet users to view with displeasure the telcos’ (or governments’) desire to mediate communications.

Renesys quite rightly remarks that if cuts to Egypt’s Internet had lasted much longer, the reduction in commercial activity could have been catastrophic for the nation.

Furthermore, Cowie remarks, it wasn’t only Egypt’s pipelines that were at risk:

“[T]he majority of Internet connectivity between Europe and Asia actually passes through Egypt. The Gulf States, in particular, depend critically on the Egyptian fiber-optic corridor for their connectivity to world markets.

“Are the folks at Davos thinking about this? They should be.”

In a perfect world, consumer choice and basic business commonsense would always win. But the problem is that centralised networks not only cost a lot of money (placing their design and construction into the hands of the most powerful), they make a lot of money, too.

In monetary and political terms, the wealth of the network itself tends to pool rather than to flow.

A fundamental change has already overtaken the public’s perception about the value and nature of digital communications. Passive consumption of news through the television is considered passé, or at least diminished in relation to the sharing of photos, videos and words across the Internet.

As individual control over the flow of information rises, central control wanes. And this, obviously, is the crux of the dilemma facing businesses and governments across North Africa and throughout the world. They are belatedly coming to realise that they are fighting a many-headed hydra. As they cut off one avenue of communication, another rears its head.

But that hydra has a body, and the body is the network itself.

As this column goes to press, it appears that Egypt’s decision to cut off the Internet failed in every important regard. One protester is reported to have said, “F*** the internet! I have not seen it since Thursday and I am not missing it.… Go tell Mubarak that the people’s revolution does not need his damn internet!

I would be amazed, however, if this fact led other governments to act differently, should they find themselves in a similar situation. Indeed, the US Congress is currently considering legislation that would provide the President with an ‘Internet Kill Switch’ for use in case of emergency.

Likewise, I see no evidence that the ultimate futility of attempting to control the flow of information will change attitudes in the board rooms and offices where our increasingly centralised networks are planned. For telcos, the challenge is merely technical.

For the Internet –as it was originally intended– to become fully realised and fully resistant to coercion, the devices and infrastructure through which our data travels will need to reflect the same principle of decentralisation as the software and protocols we use today. That implies the construction of communications devices that are very different from the locked-in, network-centric phones, tablets and computers we’re familiar with. I can think of no short-term scenario in which the development of such products will take place in any significant way.

For some time to come, we will continue to live in a world in which the powerful continue to load silver bullets and take aim squarely at their own feet.

The China Market

On Saturday, the Guardian revealed fears by US officials that China was using its privileged access to the Microsoft Windows source code in order to prepare and launch attacks against certain targets. This fear appears to be justified, in light of the tactics used in the highly publicised attacks that led to Google’s withdrawal from China. The attacks, we are told, were initiated by the Chinese Politburo when one of its senior members googled himself (naughty!) and found material that was critical of him.

I confess feeling a bit of smug satisfaction when I say I Told You So. Microsoft’s drive to secure the co-called China market at any cost demonstrates perfectly the complete imbalance in power that most businesses face when attempting to gain a foothold in China.

Back in 2007, when reviewing the purported victory, I wrote:

With trademark deftness, China has largely de-fanged one of the most effective and brutal corporate negotiating teams in the world. This is the corporation that managed to buy off the US government and avoid any real punishment following its conviction for abuse of monopoly powers. It’s the company that has consistently and rather successfully thumbed its nose at the European Union, the largest economic entity in the world today. It has controlled standards processes, locked in countless corporations and ruthlessly dominated the supply chain world-wide.

Yet Chinese negotiators got everything they asked for. Price reductions? They pay about 10% of what other governments do per seat. Control? They not only have access to the source code, they have to right to alter it to suit their purposes.

Think about what that means to the Chinese. In economic, political and strategic terms, they’ve negotiated unprecedented access to an invaluable resource, and they’ve done it in a way that costs them next to nothing. Truth be told, Microsoft got almost nothing out of this deal. China still uses Linux whenever and wherever it wants.

It still astounds me that anyone thinks that the so-called China Market is anything other than what the Chinese regime decides it is at any given moment.

Sure, there’s a lot to be said for the beneficial effects of market forces. I won’t dispute that. The one thing people tend to forget is that, if push comes to shove -and it has in the past- the Chinese are capable of enduring unimaginable suffering to achieve a strategic goal. (Well, capable of allowing their citizens to endure unimaginable suffering, at any rate.) That willingness gives them the capability to impose any number of arbitrary conditions onto the economic environment.

Western governments don’t think of themselves as the owners of their respective economies. The Chinese do.

So when the likes of Cisco, Yahoo! and Microsoft betray every iota of principle (and expose a callously cavalier attitude toward strategic security issues) in pursuit of economic gain in China, I can only caution them that things only look manageable now because they’re not happening to you.

Yet.

Google, China and Anti-Features

Yet again, people are seeking technological solutions to problems that are social in nature.
So far, Internet activist Perry Barlow’s affirmation that ‘the Internet treats censorship as damage and routes around it’ remains true. But with the increasingly evident willingness of corporate and government agents to create and use what MIT researcher Benjamin Hill terms ‘anti-features’, we may soon find that there’s nowhere else to route to.

[Originally published in the Vanuatu Daily Post.]

On the 12th of January, David Drummond, Google’s Chief Legal Officer, made a startling announcement: Google – and dozens of other companies operating in China – had been the target of concerted online attacks originating from China. Google also claimed that the attackers, targeting human rights activists inside China and around the world, used the activists’ own PCs to take over numerous GMail accounts.

These attacks used ‘0-day’ exploits, hitherto-unknown vulnerabilities in common software applications. In a Wired Magazine interview, security analyst Ryan Olson stated that the code itself was unremarkable, but that ‘the sophistication here is all about the fact they were able to target the right people using a previously unknown vulnerability.

Businesses and governments face online acts of vandalism and attempts at corporate espionage all the time. Even this attack, which exploited flaws in Microsoft’s Internet Explorer and Adobe’s Acrobat reader software, was ‘not ground-breaking’, according to security expert Mikko Hypponen.

We see this fairly regularly,’ he told the BBC, but ‘most companies just never go public.

Running against tide of companies flooding into China, Google has retaliated against these intrusions by stating that they will no longer censor google.cn, their Chinese search site. If that can’t be done within Chinese law, wrote Drummond, it ‘may well mean having to shut down google.cn, and potentially our offices in China.

Read more “Google, China and Anti-Features”

Because It's Today

An entire society has adapted itself to living in an environment wherein they can go about their daily lives normally, as long as they do not make themselves or their opinions known to the authorities.

One is inclined to wonder whether Fijians will become similarly inured to the censorship regime imposed by Commodore Frank Bainimarama. Recent reports indicate that the state of emergency will be extended until August at least.

Perhaps the greatest danger of State censorship is its ability to integrate itself into daily life. Provided that its exercise doesn’t affect too many of the people too much of the time, it quickly becomes an environmental factor like mosquitoes, bad weather or the common cold. Just something to be taken in stride.

[This week’s Communications column for the Vanuatu Independent.]

I came across the following exchange (translated from the original Chinese language) on a technical news site today. This series of comments come from Xiaonei, a Chinese blog site, following a post about the recent global economic meltdown. (The writers’ names have been obscured for reasons that will become obvious):

AAA: Well written!! But why can’t I share it [i.e. link it to social media sites like Facebook or LiveJournal]?

BBB: Yeah, I can’t share it either. Must be because it’s today!

000[the author]: Well, I can post it, you guys should be able to share it….

CCC: [a few comments about the actual content of the article]

DDD: I guess Xiaonei is having problems recently. Anything with numbers seems to run into problems.

AAA: Anything with certain numbers runs into problems around this time of year….

EEE: I’m sure this maintenance is perfectly normal, as it is for all other Chinese websites right now. [sarcasm]

BBB: There is no spoon~~! [this in English]

FFF: Wow, nice word choice guys.

Mystified? You wouldn’t be if you had to deal with state censorship on a day to day basis. Today – the day the comments were being posted – marked the beginning of a worldwide observance of the 20th anniversary of the disruption by the Chinese People’s Liberation Army of the pro-Democracy demonstrations in Beijing’s Tiananmen Square.

Read more “Because It's Today”

Elephants

In recent years, Vanuatu has been learning to manoeuvre in this demanding and rather tricky role. To further complicate things, there is more than one elephant in this particular bed. Between the EU, the WTO, China and our other regional neighbours, trade and aid negotiators in Vanuatu have had their hands full.

Happily, 3000 years of practice in patient negotiation and peace-making have so far paid off. To mix metaphors, Vanuatu has of late consistently punched well above its weight when it comes to negotiating this sometimes parlous state of affairs.

But our work isn’t finished yet, and if anything, the stakes are higher now than they’ve been in years. Time is not on our side and the elephants are encroaching once again.

[Originally published in the Vanuatu Daily Post’s Weekender Edition.]

Living next to you is in some ways like sleeping with an elephant. No matter how friendly and even-tempered is the beast, if I can call it that, one is affected by every twitch and grunt.

Canadian Prime Minister Pierre Trudeau offered this wry description of relations between Canada and the US at the Washington Press Club back in 1969. Had he been a ni-Vanuatu politician addressing the press in Canberra, he might have used an aquatic simile, but the message would have been the same.

In recent years, Vanuatu has been learning to manoeuvre in this demanding and rather tricky role. To further complicate things, there is more than one elephant in this particular bed. Between the EU, the WTO, China and our other regional neighbours, trade and aid negotiators in Vanuatu have had their hands full.

Happily, 3000 years of practice in patient negotiation and peace-making have so far paid off. To mix metaphors, Vanuatu has of late consistently punched well above its weight when it comes to negotiating this sometimes parlous state of affairs.

But our work isn’t finished yet, and if anything, the stakes are higher now than they’ve been in years. Time is not on our side and the elephants are encroaching once again.

Read more “Elephants”

Reality Check

Jason Hiner at Tech Republic has written an article entitled “How Microsoft beat Linux in China and what it means for freedom, justice, and the price of software.” He contends that Microsoft’s ‘victory’ over Linux in China is total.

But what kind of a victory are we talking about here? Well, they gave away access to their crown jewels, the source code:

“In 2003, Microsoft began a program that allowed select partners to view the source code of Windows, and even make some modifications. China was one of 60 countries invited to join the program.”

They cut prices drastically:

“Microsoft got serious about competing on price by offering the Chinese government its Windows and Office software for an estimated $7-$10 per seat (in comparison to $100-$200 per seat in the U.S., Europe, and other countries).”

And they caved completely on piracy and so-called Intellectual Property enforcement:

“Microsoft’s initial strategy was to work to get intellectual property laws enforced in China, but that was an unmitigated disaster. Microsoft realized that it was powerless to stop widespread piracy in China, so it simply threw up the white flag.”

So what exactly did Microsoft win, again? This article is rife with untested assumptions. Let’s establish a bit of context here before going too far.

Read more “Reality Check”