The Great Firewall of China is increasingly effective in stopping anonymous VPN-based access in and out of the country after a recent upgrade, and now the government is considering another attempt to strengthen authentication of users before obtaining Internet connections. The proposed law is being cynically framed as a privacy protection measure. As offended as I am at the ideas behind these proposals, I'm confident that they can't be implemented practically.
The law is cast, ironically, as a measure to protect the privacy of users. Xinhua cites Li Fei, deputy director of the Commission for Legislative Affairs of the NPC Standing Committee, as telling legislators that the user identification to telecommunications operators "could be conducted backstage, allowing users to use different names when publicizing information." The story also quotes Li Yuxiao, an expert on Internet management and law studies at the Beijing University of Post and Telecommunication, supporting identification as necessary for privacy protection.
Only the government and government utilities would know the names.
Legislation in China doesn't always become law exactly as proposed, but it's a good indicator that some legislation along these lines is on the way. Other signals include the recent elevation to the Communist Party's Politburo Standing Committee of China's former propaganda chief, Liu Yunshan. The Wall Street Journal says Liu "...is widely believed to have played a key role in China's Internet management in recent years."
At the same time, the Sydney (Australia) Morning Herald reports that recent changes to the Great Firewall, a system designed to block unauthorized communications in and out of China, has been upgraded and strengthened and is causing greater difficulty, not only for users attempting anonymous communications for privacy purposes, but for businesses that use VPN protocols to protect commercial transactions.
A real name requirement could never be enforceable at the level of individual communications on the Internet, but it could be used to hold one person or entity responsible for use of the connection. Of course, there are many ways to subvert and co-opt user control of their connection so that use of the connection can happen without the responsible user's intent.
An earlier attempt to impose a real name requirement on China's popular microblogs was not fully-implemented after technical problems developed. The microblogs the most popular are Sina, Sohu, NetEase and Tencent have been used often to criticize the government and expose corruption of officials. As the WSJ says, a number of lower-level officials have been brought down after being caught in compromising positions and exposed by China's online community.
It's difficult to imagine a true identification scheme for the Internet that could work with any reasonable degree of accuracy, and still work with the most important Internet protocols, such as TCP/IP, SMTP and HTTP. Many of these protocols and the software which uses them were designed not to require authentication. At the same time, China's Internet usage is so vast already that forcing changes that might break everyone's computers and phones would be a tall order even for the Communist Party.
As offended as I am at the ideas behind these proposals, I'm confident that they can't be implemented practically.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.