Jan 17 2010
When I first heard of Google’s threat to withdraw its online services from China over censorship and intellectual property theft, my response was “what took them so long?” It’s not like these complaints are anything new. The company’s slogan, “Don’t Be Evil”, has been a favored target of critics since the Internet giant first went along with Chinese online censorship efforts in 2002.
So why is it only now that Google is considering this move? It turns out the “intellectual property” at risk from the latest attack is not financial data or proprietary Google code. According to Google, it’s something a bit more damning:
We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.
Now, email accounts get broken into all the time. I’ve worked for an IT consulting firm that specializes in security, so I know a thing or two about how easy it is to hack email, blogs, corporate websites and such. Sad to say, but most of us are vulnerable. The scale of the problem is typically underestimated because many of the hacking victims worldwide don’t know yet that their accounts have been compromised — often for months or even years.
Hackers can cover their tracks and even make it appear that the person conducting the attack is from another country. In the case of the email accounts of the human rights activists, it would be perverse (and make bad business sense) for Google to withdraw services from hundreds of millions of Chinese just because the accounts were broken into. After all, human rights activists get hacked just like everyone else. Google’s stance just wouldn’t make much sense, particularly after putting up with China’s abusive rules for eight years.
It would be perverse, unless Google had definitive proof that these accounts had been hacked directly by employees of the Chinese state.
That could be a good reason to cease doing business in China. After all, cooperating with a censorship regime can be argued to an extent as at least doing the lesser evil. But remaining silent while you know that your infrastructure is hijacked by a totalitarian government to target human rights activists? That is evil, pure and simple.
It’s no longer enough to not be evil. It’s time to be good.