Every blog needs its Google China post - here it is

[Update: German Version of this available at Kooptech ]

Everybody is talking about cyber attacks and Google and Don't be Evil and Censorship and Internet Imperialism. It is more than difficult to decide which position to dislike more. But I don't need to decide, fortunately, I just need to opinionate on what's going on.

In general terms, the US has replaced China as the main originator of malware (phishing, viruses, botnets...), as the latest report by security company Sophos has indicated (summary here http://www.sophos.com/pressoffice/news/articles/2009/07/threat-report.html, full report here http://www.sophos.com/sophos/docs/eng/papers/sophos-security-threat-report-jul-2009-na-wpus.pdf). Back in 2007, more than 50 per cent of malware was from China, now almost 40 from the US. The recent attack against Google that was directed at selected Gmail accounts and that exploited a weakness in the Adobe Acrobat Reader, on the other side, was apparently clearly originating in China, from what I hear in the news media.

You may remember that in March 2009 there was a furor about the Chinese "Ghostnet". Files from foreign embassies, ministries and computers of the tibtan exile leaders were stolen or corrupted. Computers were hijacked and the microphones and cameras used to spy on its owners. The immediate source of this ghostnet seemed to be China, but there was a tendency to word this in a careful way in order not to stir up what now has bee stirred up: while the attacks came from China, there was of course the possibility that these Chinese computers were themselves only a botnet, hijacked and directed from another location.

The U.S.-China Economic and Security Review Commission has actually published a report on this. Summary on this page http://www.uscc.gov/researchpapers/papers.php ("CHINESE CYBER WARFARE & ESPIONAGE").

In 2007, after the German security services had published a report revealing that spy programmes (hidden as PPT and .doc files) found on ministry computers could be traced back to China, the Chinese government reject all those assertion rigidly and created some bad mood before a meeting between the Chinese and German governments. In general, the Chinese government strongly denies all allegations of being involved in such campaigns. And at the moment it is actually turning around, with all the English language papers claiming that it is China that is primary victim of cyber crime and cyber warfare. (Global Times and China Daily of today and yesterday I think).

The overall assessment is ... well: No doubt that in a highly competitive world economy, many players will pull all stops and use all means available. In the case of China there are some tricky bits about this. There is great ambivalence of the Chinese government towards the Internet (a source of wealth and development vs a source of unrest and uncontrollability). As in many governments, there are some people in place with a very deep ignorance with respect to all things information society (in terms of technology and social impact). The deep entanglement of the government in the whole economy, and in all the relevant businesses, makes it appear highly likely that a concerted attack originating from China will have run through government one way or the other. Some attacks, it was alleged, could even be traced back to PLA computers. And given the apparent deep level of intervention into net affairs, it strikes as a strange case of leadership insecurity that nobody has the guts to just say "We protect our society by censoring the web. Full Stop." Instead, oddly nonsensical statements frequently come out (http://news.cnet.com/2100-1028_3-6130970.html " In China, we don't have software blocking Internet sites. Sometimes we have trouble accessing them. But that's a different problem.") that put in doubt the ability to really deal with that strange beast called information society.

The sad side to all this, of course, is that nobody who knows anything about it talks about it, and that a lot of people who know nothing about it talk an awful lot (yes, of course, I am guilty as charged by myself…). Has Google used this as a semi-elegant exit strategy? Maybe. Or did it behave the way you learn it on the Chinese silk markets, haggling by threat of exit ("I am going now, really, I am going if you do not give this away cheaper, now, I am going, really! Now, soon I am away, see me going away...?"). It certainly feels like it (low market share, lower revenues and all, plus some nice political backing and a return to "don't be evil" reputation - where's the peril...). And when will the Chinese government ever produce transparent laws that clearly state what is legal and illegal to distribute through media networks? That can be a reliable foundation for any commercial or non-commercial business and challenged at court? Without these transparent regulations, the internet is easier to control. With them, China would have a more useful net and would be a more credible international player in politcis at-large.

As in real life, so also in information society: all short answers are wrong...