3 min read

China Tries Again To Control Internet

The Great Firewall of China is increasingly effective in stopping anonymous VPN-based access in and out of the country after a recent upgrade, and now the government is considering another attempt to strengthen authentication of users before obtaining Internet connections. The proposed law is being cynically framed as a privacy protection measure. As offended as I am at the ideas behind these proposals, I'm confident that they can't be implemented practically.

The rubber-stamp legislature of China, a.k.a. the National People's Congress, is considering a bill that would require users to provide their real names to Internet service providers, according to the state-run news agency Xinhua.

The law is cast, ironically, as a measure to protect the privacy of users. Xinhua cites Li Fei, deputy director of the Commission for Legislative Affairs of the NPC Standing Committee, as telling legislators that the user identification to telecommunications operators "could be conducted backstage, allowing users to use different names when publicizing information." The story also quotes Li Yuxiao, an expert on Internet management and law studies at the Beijing University of Post and Telecommunication, supporting identification as necessary for privacy protection.

Only the government and government utilities would know the names.

Legislation in China doesn't always become law exactly as proposed, but it's a good indicator that some legislation along these lines is on the way. Other signals include the recent elevation to the Communist Party's Politburo Standing Committee of China's former propaganda chief, Liu Yunshan. The Wall Street Journal says Liu " widely believed to have played a key role in China's Internet management in recent years."

At the same time, the Sydney (Australia) Morning Herald reports that recent changes to the Great Firewall, a system designed to block unauthorized communications in and out of China, has been upgraded and strengthened and is causing greater difficulty, not only for users attempting anonymous communications for privacy purposes, but for businesses that use VPN protocols to protect commercial transactions.

A real name requirement could never be enforceable at the level of individual communications on the Internet, but it could be used to hold one person or entity responsible for use of the connection. Of course, there are many ways to subvert and co-opt user control of their connection so that use of the connection can happen without the responsible user's intent.

An earlier attempt to impose a real name requirement on China's popular microblogs was not fully-implemented after technical problems developed. The microblogs — the most popular are Sina, Sohu, NetEase and Tencent — have been used often to criticize the government and expose corruption of officials. As the WSJ says, a number of lower-level officials have been brought down after being caught in compromising positions and exposed by China's online community.

It's difficult to imagine a true identification scheme for the Internet that could work with any reasonable degree of accuracy, and still work with the most important Internet protocols, such as TCP/IP, SMTP and HTTP. Many of these protocols and the software which uses them were designed not to require authentication. At the same time, China's Internet usage is so vast already that forcing changes that might break everyone's computers and phones would be a tall order even for the Communist Party.

As offended as I am at the ideas behind these proposals, I'm confident that they can't be implemented practically.