US/China: Up Against the Firewall

January 2001: Network Associates Technology, Symantec, and Trend Micro gain entry to the Chinese market by donating 300 live computer viruses to the Public Security Bureau -- China's state police -- raising Pentagon concerns about China's information warfare capabilities.

December 2001: A human rights activist accuses Nortel Networks of coperating with China's police by enhancing digital surveillance networks and transferring to the Chinese Ministry of State Security technology developed for the FBI.

February 2002: A former Yahoo China executive confirms that the company routinely censors its chat rooms and search functions. Several Chinese engineers claim that, in the late '90s, Cisco Systems fashioned a "special firewall box" for Chinese authorities to block Web sites.

Why are American corporations, which have labored hard to present positive global images, providing censorship and surveillance technologies to what many see as China's Big Brother Internet? The short answer: money. Building China's Internet means making lots of it, and companies that want access to this new market often must give the Chinese leadership what it demands.

Their willingness, however, to placate the leadership has begun to attract the attention of journalists, dissidents, and hacktivists, as well as, most ominously, for U.S. business interests, shareholders, and Congress. On May 30, Cisco Systems and the U.S. Securities and Exchange Commission received a proposed shareholder resolution (a method shareholders use to change corporate policy). The shareholder, who prefers not to be named, attacked the morality of Cisco's China operations and proposed that the company report annually to shareholders on all its products sold to state-owned entities in countries, like China, that employ national firewalls or monitor Internet traffic. Seven weeks later, Cisco's lawyers responded with an 18-page document (with narrow margins) rejecting the shareholder's proposal as unfeasible and inflammatory. Client confidentiality would be damaged on a global scale, according to Cisco. Plus, the company added, the shareholder's accusations were misleading: China's public security standards are equivalent to U.S. government standards, and Cisco has not "specially designed any products whatsoever for the government of the PRC to block or filter content."

While it may be technically correct that Cisco also sold its "special firewall box" to countries other than China (even though it may have first developed it for China), the company's portrayal of business-as-usual in China is disingenuous: it's unlikely Cisco was able to capture 75 percent of the Chinese router market without making major concessions to the Chinese government.

The underlying dilemma -- adhering to American democratic ideals while placating Chinese autocratic demands -- explains why Cisco's lawyers were tied up for weeks refuting a shareholder proposal that by most accounts likely won't amount to much.

But Cisco should not expect the same outcome in Washington. Think tanks like the American Enterprise Institute and Rand have supplied research and witnesses for congressional committees concerned with human rights in China. And the U.S.-China Security Review Commission, a bipartisan committee that reports to Congress on the national security implications of U.S.-China trade, privately questioned Cisco and Nortel Networks on their China operations. Nortel claimed that it didn't make the technologies it is accused of transferring, and Cisco replied with an abbreviated version of its shareholder resolution response. The commission's July 15 report to Congress explicitly mentions AOL Time Warner and Yahoo as possibly complying with the demands of Chinese authorities, but lets off Cisco, Nortel, and others with a nonspecific reference to assisting "the Chinese Government in sensitive areas such as remote surveillance, online censorship, and virus acquisition."

Two weeks later, the House of Representatives Policy Committee, a forum for discussing specific legislative initiatives, stated the official position of the Republican majority in a report dramatically entitled "Tear Down This Firewall." The committee advocates massive government intervention to free the global Internet. The report, however, stops short of calling for sanctions on the transfer of U.S. firewall and surveillance technologies to China.

Despite the subdued language, Washington's mood should not be misread. The prominence of the Internet in China in two major reports, both of which invoke national security, suggests that preliminary export controls or, more likely, a corporate code of conduct, may be waiting in the wings. As one influential government official told me confidentially, "This is more than a PR problem for U.S. Internet companies. This is potentially the downfall of corporate appeasement to the PRC."

Meanwhile, concerned by the heat on U.S. companies and protective of their "New China" image, Chinese authorities have implemented excellent damage control. Chinese ISPs recently lifted blocks on most U.S. news Web sites (while continuing the comprehensive blocking of Chinese democracy and labor sites). Simultaneously, a state-affiliated shill for Beijing's Internet objectives, the Internet Society of China, rolled out a "voluntary" pledge of corporate responsibility for the industry, emphasizing "self-discipline," "trustworthiness," and a commitment to "state security" and "social stability." In other words, don't block the entire CNN Web site, but anything potentially offensive to Beijing should mysteriously experience technical trouble. But, as experienced by AltaVista and Google in early fall, Chinese authorities haven't sworn off completely blocking access to Web sites. Three hundred Chinese firms signed the pledge -- as did Yahoo. Human Rights Watch, a nonprofit watchdog group, attacked Yahoo, whose actions now seem particularly irksome given the larger context: Beijing is shutting down most of its Internet cafs, cracking down on proxy servers, which allow people to surf the Web anonymously, and has sentenced a man to 11 years in prison simply for downloading political content.

The Chinese policy of "voluntary" hair-trigger censorship, combined with the appearance of liberalization (in short, a public relations coup), could ultimately backfire on Western corporations (see "Restricted Area"). The Communist Party is a notoriously unreliable partner: What if China's state police end the next worker uprising using guns and Motorola location-tracking technology? Or what if Chinese officials move beyond the discussion phase to implement a national identification system developed by Xerox or Nortel -- both of which, sources say, are interested in supplying such technology -- and then use it to track the movements of and round up Chinese Christian groups? How will U.S. corporations handle these scenarios? "Just good business" in Beijing might mean a congressional crackdown in Washington.

Technology companies should avoid the Chinese Internet pledge and the national ID contract, and should take credit for their restraint. Corporations like Microsoft, which fought China on encryption and won, should guard their U.S. flank by spearheading a collective statement expressing concern over China's Internet censorship and surveillance. There's safety in numbers -- no single corporation should bear the brunt of the Chinese leadership's anger.

"Voluntary," "corporate responsibility," "trust" -- these are our words, not theirs. The Chinese leadership just pirated them. There's still time to drop the denials, adopt a unified strategy, and do business as if our words had meaning.

Ethan Gutmann, a visiting fellow at the Project for the New American Century, is finishing a book, Beijing Boot Camp (Encounter Books, 2003).

• 116 Human Rights
• 192 Technology & Telecommunications