By Danny O’Brien

Those outside the People’s Republic of China (PRC) are accustomed to thinking of the Internet censorship practices of the Chinese state as primarily domestic, enacted through the so-called “Great Firewall”—a system of surveillance and blocking technology that prevents Chinese citizens from viewing websites outside the country. The Chinese government’s justification for that firewall is based on the concept of “Internet sovereignty.” The PRC has long declared that “within Chinese territory, the internet is under the jurisdiction of Chinese sovereignty.”

Hong Kong, as part of the “one country, two systems” agreement, has largely lived outside that firewall: foreign services like Twitter, Google, and Facebook are available there, and local ISPs have made clear that they will oppose direct state censorship of its open Internet.

But the ongoing Hong Kong protests, and mainland China’s pervasive attempts to disrupt and discredit the movement globally, have highlighted that China is not above trying to extend its reach beyond the Great Firewall, and beyond its own borders. In attempting to silence protests that lie outside the Firewall, in full view of the rest of the world, China is showing its hand, and revealing the tools it can use to silence dissent or criticism worldwide.

Some of those tools—such as pressure on private entities, including American corporations NBA and Blizzard—have caught U.S. headlines and outraged customers and employees of those companies. Others have been more technical, and less obvious to the Western observers.

The “Great Cannon” takes aim at sites outside the Firewall

The Great Cannon is a large-scale technology deployed by ISPs based in China to inject javascript code into customers’ insecure (HTTP) requests. This code weaponizes the millions of mainland Chinese Internet connections that pass through these ISPs. When users visit insecure websites, their browsers will also download and run the government’s malicious javascript—which will cause them to send additional traffic to sites outside the Great Firewall, potentially slowing these websites down for other users, or overloading them entirely.

The Great Cannon’s debut in 2015 took down Github, where Chinese users were hosting anti-censorship software and mirrors of otherwise-banned news outlets like the New York Times. Following widespread international backlash, this attack was halted.

Last month, the Great Cannon was activated once again, aiming this time at Hong Kong protestors. It briefly took down LIHKG, a Hong Kong social media platform central to organizing this summer’s protests.

Targeting the global Chinese community through malware

Pervasive online surveillance is a fact of life within the Chinese mainland. But if the communities the Chinese government wants to surveill aren’t at home, it is increasingly willing to invest in expensive zero-days to watch them abroad, or otherwise hold their families at home hostage.

Last month, security researchers uncovered several expensive and involved mobile malware campaigns targeting the Uyghur and Tibetan diasporas. One constituted a broad “watering hole” attack using several zero-days to target visitors of Uyghur-language websites.

As we’ve noted previously, this represents a sea-change in how zero-days are being used; while China continues to target specific high-profile individuals in spear-phishing campaigns, they are now unafraid to cast a much wider net, in order to place their surveillance software on entire ethnic and political groups outside China’s border.

Censoring Chinese Apps Abroad

At home, China doesn’t need to use zero-days to install its own code on individuals’ personal devices. Chinese messaging and browser app makers are required to include government filtering on their client, too. That means that when you use an app created by a mainland Chinese company, it likely contains code intended to scan and block prohibited websites or language.

Until now, China has been largely content to keep the activation of this device-side censorship concentrated within its borders. The keyword filtering embedded in WeChat only occurs for users with a mainland Chinese phone number. Chinese-language versions of domestic browsers censor and surveill significantly more than the English-language versions. But as Hong Kong and domestic human rights abuses draw international interest, the temptation to enforce Chinese policy abroad has grown.

TikTok is one of the largest and fastest-growing global social media platforms spun out of Beijing. It heavily moderates its content, and supposedly has localized censors for different jurisdictions. But following a government crackdown on “short video” platforms at the beginning of this year, news outlets began reporting on the lack of Hong Kong-related content on the platform. TikTok’s leaked general moderation guidelines expressly forbid any content criticizing the Chinese government, like content related to the Chinese persecution of ethnic minorities, or about Tiananmen Square.

Internet users outside the United States may recognise the dynamic of a foreign service exporting its domestic decision-making abroad. For many years, America’s social media companies have been accused of exporting U.S. culture and policy to the rest of the world: Facebook imposes worldwide censorship of nudity and sexual language, even in countries that are more culturally permissive on these topics than the U.S. Most services obey DMCA takedown procedures of allegedly copyright-infringing content, even in countries that have had alternative resolution laws. The influence that the United States has on its domestic tech industries has led to an outsized influence on those companies’ international user base.

That said, U.S. companies have, as with developers in most countries, resisted the inclusion of state-mandated filters or government-imposed code within their own applications. In China, domestic and foreign companies have been explicitly mandated to comply with Chinese censorship under the national Cybersecurity Law passed in 2017, which provides aggressive yet vague guidelines for content moderation. China imposing its rules on global Chinese tech companies differs from the United States’ influence on the global Internet in more than just degree.

Money Talks: But Critics Can’t

This brings us to the most visible arm of the China’s new worldwide censorship toolkit: economic pressure on global companies. The Chinese domestic market is increasingly important to companies like Blizzard and the National Basketball Association (NBA). This means that China can use threats of boycotts or the denial of access to Chinese markets to silence these companies when they, or people affiliated with them, express support for the Hong Kong protestors.

Already, people are fighting back against the imposition of Chinese censorship on global companies. Blizzard employees staged a walk-out in protest, NBA fans continue to voice their support for the demonstrations in Hong Kong, and fans are rallying to boycott the two companies. But multi-national companies who can control their users’ speech can expect to see more pressure from China as its economic clout grows.

Is China setting the Standard for Global Enforcement of Local Law?

Parochial “Internet sovereignty’ has proven insufficient to China’s needs: Domestic policy objectives now require it to control the Internet outside and inside its borders.

To be clear, China’s government is not alone in this: rather than forcefully opposing and protesting their actions, other states—including the United States and the European Union—have been too busy making their own justifications for the extra-territorial exercise of their own surveillance and censorship capabilities.

China now projects its Internet power abroad through the pervasive and unabashed use of malware and state-supported DDoS attacks; mandated client-side filtering and surveillance; economic sanctions to limit cross-border free speech; and pressure on private entities to act as a global cultural police.

Unless lawmakers, corporations, and individual users are as brave in standing up to authoritarian acts as the people of Hong Kong, we can expect to see these tactics adopted by every state, against every user of the Internet.

Danny O’Brien has been an activist for online free speech and privacy for over 20 years. In his home country of the UK, he fought against repressive anti-encryption law, and helped found the Open Rights Group, Britain’s own digital rights organization. He was EFF’s activist from 2005 to 2007, its international outreach coordinator from 2007-2009, and international director from 2013-2019. He now supervises EFF’s medium and long-term strategy, with an eye to maintaining the organization’s global impact and reputation.

This article was sourced from EFF.org

Subscribe to Activist Post for truth, peace, and freedom news. Follow us on Minds, Twitter, Steemit, and SoMee. Become an Activist Post Patron for as little as $1 per month.

Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.