Legal Affairs
space


Current Issue

 
 
 
 


printer friendly
email this article
letter to the editor


space space space
space


January|February 2006
Without a Net By Jonathan Zittrain
Digital Borders By Jack Goldsmith and Timothy Wu
Dragon Slayers or Tax Evaders? By Julian Dibbell
My Brain Made Me Do It By Nicholas Thompson
Cool Tools for Tyrants By Derek Bambauer

Cool Tools for Tyrants

The latest American technology helps the Chinese government and other repressive regimes clamp down.

By Derek Bambauer

HENG YICHUN, A MIDDLE-AGED ENGLISH PROFESSOR at Liaoning University in northeast China, has made a career of trying the government's patience. Born a member of the nation's large Korean minority in 1957, Zheng openly supported the antigovernment protests that led to the Tiananmen Square massacre in 1989. He published eight collections of poetry, and he wrote hundreds of essays, many of which were critical of the Chinese Communist Party and its harsh treatment of journalists. Virtually none of the essays could be published safely in China, so Zheng sent them abroad through the Internet, and they appeared in the New York-based Chinese newspaper Epoch Times, on the Democracy Forum website, and in other media that afforded Zheng a modest degree of fame. By late 2004, Chinese security forces had him in their sights.

Effective surveillance has long been a priority for the Chinese government, which is well-known for keeping a close eye on political dissidents, members of the spiritual group Falun Gong, and anyone else perceived as a security threat. Since the Internet came to China in 1994, though, technology has given the government unprecedented power to spy on its citizens, control the information they receive, and track anyone within the nation's borders.

The Golden Shield project, for example, is an effort to give the nation's police officers instantaneous access to a database that contains the work records, financial data, and law-enforcement histories of almost every adult Chinese citizen. The database is expected to include footage from surveillance cameras, the history of suspects' Internet use, and the ability to recognize faces. Think Big Brother with a Blackberry. A new technology called Policenet is part of Golden Shield and currently operates in all but one of China's 22 provinces. It connects officials of the Public Security Bureau—a national agency with local branches that handle security, immigration, "social order," and law enforcement—to each other and to electronic records that store a wealth of information on every citizen in China. Exactly how the police were tracking Zheng is unclear, but in December 2004, they arrested him in the city of Yingkou, about 310 miles northeast of Beijing. He was charged with "incitement to subversion," a serious but vaguely defined crime, and after a trial in July, he was sentenced in September to seven years in prison.

The news of Zheng's imprisonment traveled swiftly to human rights websites around the world, but if people in China heard about it, few probably knew who he was or what he had written. China employs the world's most rigorous system of Internet censorship—widely known as the Great Firewall of China—and the system prevents the nation's residents from reaching the sites that published Zheng's work or carried the news of his legal predicament. If an Internet user in China sought to read Zheng's articles in the online version of Epoch Times, for example, the electronic request to reach the website would travel through the network to the gateways that connect China to the wider Internet. There, a watchdog router (a computer traffic cop that directs packets of data to their destinations) would check an extensive blacklist of prohibited sites, find a match for Epoch Times, and discard the request. The Internet user would then receive an image of a generic error page—subtle confirmation that the newspaper's site was inaccessible in Chinese cyberspace.

It is not surprising that an authoritarian regime would build powerful databases and snooping equipment and Internet-censoring devices to punish dissent and limit information. But China's system is impressive for the sophistication of its technology, the precision of its reach, and the speed of its creation. More startling, the software and hardware for Golden Shield, Policenet, the Great Firewall, and other tools of this chillingly effective network were largely made in America.

THE UNITED STATES THRIVES ON A SYSTEM OF MARKET FREEDOM that encourages American companies to sell their legal products generally wherever and to whomever they choose. In China, few companies take advantage of market freedom more profitably than Cisco Systems of San Jose, Calif., one of the world's most successful Internet companies, with revenues of $25 billion in 2005. Cisco makes Policenet, as well as the watchdog router that prevents Internet users in China from gaining access to banned websites. Although the company does not specify its sales figures for China, the Chinese telecommunications research firm ChinaNex estimates that Cisco earns $500 million a year in revenues there and holds 60 percent of the Chinese market for routers, switches, and other sophisticated networking gear. The company anticipates that China will soon become its third largest market, just behind the U.S. and Japan.

Cisco has a lot of company from American firms that profit handsomely off Big Brother in China and dozens of other countries. The San Jose technology company Secure Computing, for example, supplies an Internet-filtering program called SmartFilter to Saudi Arabia and Tunisia, whose officials use the program to block websites offering pornography, articles promoting political dissent, and other material that the officials find objectionable. Similarly, firewall software made by Fortinet, a security company based in Sunnyvale, Calif., helps Burma monitor its citizens' e-mail by preventing them from using services like Microsoft's Hotmail.

By taking advantage of market freedom and selling products to repressive regimes, however, these companies undermine another fundamental freedom: the ability of individuals to speak and think without fearing government retribution. Cisco, Secure Computing, and others put the U.S. in the untenable position of advocating for human rights abroad while allowing these companies to supply products that help China and other nations violate human rights. The failure to balance market freedom with individual freedom in these cases has made the U.S. a target for harsh criticism at home and around the world. Although federal laws have, for example, prohibited sales of "crime control and detection equipment" to China since 1990, these prohibitions were enacted before the Internet and networked computers were generally available, and they have been interpreted not to apply to Cisco-like sales. Fortunately, the law—both public and private—can be changed to address the problem.

IMAGINE THAT A COMPANY CONTRACTS TO SELL STEEL TO BURMA, by any measure an authoritarian state with a poor human rights record. The company doesn't know what Burma intends to do with the steel, but the raw material could be fashioned into anything from stairway railings for a house to prison bars for a re-education camp. Should the law restrict the company's ability to sell the steel?

Probably not. Morally speaking, steel is neutral, and it would have to be transformed, with significant effort by the purchaser, to become something that anyone could view as improper. In the case of neutral products like steel, lumber, and other raw materials, the U.S. focuses on the customer's behavior rather than the producer's. If a particular nation is suspected of using neutral products for illicit ends, Congress tends to prohibit any trade with that country. There has been an embargo against Cuba since 1963, for example, because of concerns about the Castro regime's human rights record, and virtually no products, including software and other technology, can be exported from the U.S. to Iran. That's why Sun Microsystems prevents users in Iran from downloading its Java Runtime Environment tool from the Internet. Companies generally comply with embargoes, because violations can result in up to 10 years in prison for culpable executives. So long as the U.S. allows trade with a nation, though, sales of neutral products to that nation are generally permitted and market freedom is preserved.

At the other legal extreme are products that have virtually no legitimate use. It's hard to imagine medieval-style thumbscrews, for example, serving any purpose other than torture. Not surprisingly, the U.S. focuses on the companies that make and supply these products, and the Department of Commerce tends to ban the products' sale to keep them out of the hands of ill-intentioned customers. In these cases, protecting individual freedom is more important than preserving market freedom.

Neutral products and those without a legitimate purpose are easy for the law to deal with. Much tougher are products that can be used for good or evil without modification, the so-called dual-use items whose sale requires the law to strike a balance between individual and market freedoms.

IN THE 1980S, SIEMENS PLESSEY, A BRITISH ELECTRONICS FIRM, sold closed-circuit television cameras to China. The cameras were stock items for the company, the type of security devices that you might find at a mall in Florida or in thousands of other public spaces throughout the world. Yet the Siemens Plessey cameras would play a central role in the Tiananmen Square crackdown. In 1989, thousands of Chinese students and other activists gathered at the square to protest the ruling regime's oppressive policies. On June 4, the military ousted the protestors, killing hundreds as thousands more fled to apparent safety. Over the following weeks, though, Chinese police reviewed videotapes that had been taken with Siemens Plessey cameras installed throughout the square. The tapes captured the faces of many of the protestors and led to their arrest and punishment. Siemens Plessey was criticized for supplying the police with the means to suppress dissent. The company insisted that it could not have known how its products would ultimately be used.

The cameras are just one example of how otherwise legitimate devices can, without substantial modification, be used for no good. Cattle prods can be used to control dissidents as well as livestock. Fermentation equipment can be used to produce biological weapons as well as wine. And technology, because of its complexity and capacity for use in unpredictable ways, is especially difficult to evaluate. Consider Cisco's Policenet. Author Ethan Gutmann, a former entrepreneur and consultant for a public relations firm in China, notes in his book Losing the New China that Cisco marketed Policenet at China's 2002 Information Infrastructure Expo (a trade show for potential suppliers to the Golden Shield project) by touting how the technology helped police in California match the faces of criminal suspects with images captured through surveillance cameras in department stores. It's hard to get upset about devices that help law enforcement officials lock up shoplifters. Yet the technology itself seems to change when, rather than being operated by police who are subject to the constraints of search warrants and evidence rules, it is used by security forces concerned primarily with suppressing dissent. Policenet may be effective against crime in California, but it also lets China's Public Security Bureau obtain information about the political beliefs and Internet use of innocent people and their family members.

That the same product can with equal ease serve ends that are either legitimate or improper in the view of American society poses big problems for U.S. law, and specifically for the Department of Commerce, which decides whether to block certain nations from buying dual-use items. Countries can plausibly argue, for example, that American equipment is being purchased to produce yeast rather than anthrax. The U. S. encountered this problem when it tried to determine whether trucks containing mobile laboratories in Iraq were being used to treat sewage, as Saddam Hussein claimed, or to create chemical weapons. A company like Cisco can correctly maintain that the router it sells to block the "Code Red" Internet virus, which attacks computers that serve up websites, is the same one that China uses to block access to sites about the Dalai Lama.

The law's task becomes particularly sticky when the U.S. government requires a product to have features that serve American security, because those features could also serve the repressive ambitions of other nations. The Communications Assistance for Law Enforcement Act requires telecommunications carriers to assist the police in conducting electronic surveillance by modifying their networks to allow eavesdropping. If an al-Qaeda cell makes a phone call in the U.S., American security officials want to be sure they can listen in. But those features can also be used to snoop on dissidents' conversations in countries with weaker protections for privacy. Sometimes, the market demands that a device have certain functions that can turn it into an effective tool for repression. Gutmann accused Cisco of customizing its router and firewall products in the 1990s to serve China's censorship requirements. Cisco countered that it built certain features into the products because the market demanded those features, and that the company sold the same products worldwide, including China. Cisco could be right: Features like the ability to detect the term "Falun Gong" in the address of a requested web page were once special-order items, but they are now standard equipment.

WHEN THE LAW STEPS INTO ANY OF THESE CASES, it must balance the market's demand for a legitimate product with the product's possible use to suppress personal freedoms. Current laws, like export restrictions, handle this balance poorly, focusing primarily on weapons and a few importers like Libya and Iran. In the Internet age, though, information can be as powerful as an automatic rifle. A new approach needs to account for the power and potential dangers of information technology connected in a network. The law can do this in three ways.

First, export licenses from the U.S. government should be required for all dual-use items and denied when companies know or should know that the items will be used to violate human rights, as defined in the Universal Declaration of Human Rights or in U.S. foreign policy. For example, selling software that enables the Burmese government to monitor and censor e-mail and web traffic should be illegal, given Burma's appalling human rights record. The law could require that a company demonstrate through the licensing process that it has made a good faith effort to determine who will ultimately employ a dual-use item and for what purpose. Violations of these requirements would carry substantial penalties, perhaps including criminal liability for the executives who authorized an offending sale.

Next, criminal penalties should apply to a seller of dual-use goods who makes it easier for the buyer to use them for illicit purposes. If Saudi Arabia's Internet Services Unit, which censors information offered online in the country, adds its own list of political opposition websites to the "block list" included with SmartFilter software, this may be difficult for the manufacturer, Secure Computing, to control. But the company should not be allowed to make the Saudi unit's task easier by, say, including in the software a "Saudi Arabian political dissent" category that would automatically block any website that promoted opposition to the Saudi government. (To be clear, Secure Computing has done no such thing.) If companies intentionally modify, or assist buyers in modifying, products to make repression easier, U.S. law should punish them.

Finally, shareholders, directors, and executives should take responsibility for ensuring that a company minimizes the risk of its dual-use products being used to violate human rights. The U.S. government required Cisco, for example, to build the capacity for "lawful interception"—eavesdropping—into its routers and networking products. It is unclear exactly how Cisco is complying with the requirement, but the company could do so in a way that would minimize the amount of data that law enforcement officials intercept. Cisco could limit eavesdropping to specific computer addresses or communications protocols. As a result, countries would have a much more limited ability to spy on their citizens through Cisco routers. The company could act on its own to, in effect, balance its freedom to sell products with the personal freedom of individuals. If a giant like Cisco did that, it would encourage responsible behavior from smaller companies, which otherwise could not stand up to China and expect to do business there.

Public law—the criminal and civil statutes and case law that shape corporate conduct—would be clumsy and probably ineffective in trying to enforce this last proposal. Far more promising would be private law, the articles of incorporation, by-laws, and other rules of governance that apply to a particular company and can be enforced through shareholder pressure and lawsuits. Though no law required it to do so, Nike adopted a code of conduct to improve working conditions at its sneaker factories abroad. It succumbed to pressure from labor rights groups and from lawsuits that claimed the company had committed false advertising by misrepresenting working conditions. Boston Common Asset Management, which holds 67,000 of the billions of Cisco shares outstanding, filed a shareholder resolution with the Securities and Exchange Commission in May 2004 demanding that Cisco consider human rights issues when choosing wholesalers for its products. The investment firm said it worried that "corporations doing business with repressive governments face serious risks to their reputation and share value." Cisco argued that the human rights policies set forth in its code of business conduct were enough to ensure proper behavior and asked the SEC to exclude the resolution. The SEC refused, allowing shareholders to decide in effect whether Cisco should balance individual freedoms with the goal of earning profits.

NONE OF THESE PROPOSALS WOULD COMPLETELY STOP TECHNOLOGY and other dual-use products from becoming tools for government intrusion. The market for sophisticated devices that monitor citizens and censor information is too strong, and not just in authoritarian nations. France requires Google not to list search results for sites containing hate speech. The U.S. requires communications providers to include in their networks technology that helps law enforcement engage in wiretapping. Countries with authoritarian governments can also develop technology without the help of American companies. China creates Filter King and Net Police 110 Internet-blocking programs, and it developed software to monitor and block messages with prohibited keywords in Short Message Service transmissions between cell phones.

The proposals would also come at a price. Curbing market freedom to protect human rights inevitably limits profits, an unappealing prospect in the best of circumstances. With this no doubt in mind, companies argue that merely doing business with repressive nations helps open the nations to democracy, free trade, and human rights. Cisco CEO John Chambers said recently, "Anytime you've got a good exchange of information, citizens benefit as a whole." And Microsoft has argued that a censored Internet is better than no Internet: Although the company's Chinese MSN Spaces web-log software prevents users from writing words like "democracy" and "human rights" in the titles to their postings, it encourages a central value of democracy by promoting self-expression.

But there is little evidence to support these views. Despite China's five million bloggers, the Communist Party remains firmly in control of the nation and, for the most part, the Internet within its borders. Iran's blogging community is perhaps the country's liveliest political arena, yet the authoritarian Iranian government is stronger than ever, especially after a resounding victory in February 2004 elections. Contrary to the utopian view that the Internet evades local control, governments are proving adept at controlling the information that their citizens receive and share. Market freedom does not necessarily lead to personal freedom. We must at times limit the first to safeguard the second; the right to sell must sometimes yield to protect the right to speak.

Derek Bambauer is a fellow at the Berkman Center for Internet & Society at Harvard Law School and a researcher for the OpenNet Initiative, which studies Internet filtering and censorship.

printer friendly email this article letter to the editor reprint premissions
space space space












space
Contact Us