Posted by: Bruce Einhorn on June 15, 2009
As if it weren’t already clear Chinese bureaucrats didn’t do their homework before mandating new censorship software for all Chinese PCs, over the past few days comes more news that the policy isn’t quite ready for prime time. First, the OpenNet Initiative, a partnership of academics from Cambridge, Harvard, Oxford and the University of Toronto, issued a report calling into question the basic quality of the “Green Dam” software: “As a policy decision, mandating the installation of a specific software product is both unprecedented and poorly conceived. In this specific instance, the mistake is compounded by requiring the use of a substandard software product that interferes with the performance of personal computers in an unpredictable way, killing browsers and applications without warning while opening up users to numerous serious security vulnerabilities. The level of parental control over the software is poor such that this software does not well serve parents that wish to the limit exposure of their children to Internet content.”
Other analysts agree with ONI folks that Green Dam is bad software. Rebecca MacKinnon’s RConversation blog (which is all over this story) flags this report from Scott Wolchok, Randy Yao and J. Alex Halderman at the University of Michigan. “Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer,” they write. “This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.”
The Michigan report again raises the question of just who was overseeing the Chinese bureaucrats who decided this policy made any sense. Never mind the question about whether the government should be promoting censorship. What about whether the government should be analyzing proposed policy changes thoroughly? “We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg,” the Michigan three write. “Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.”
Then there’s the threat of the issue morphing into a U.S.-China trade dispute, one that centers on Achilles heel of Chinese law enforcement: intellectual property rights. As Reuters reports here, Solid Oak Software, from Santa Barbara, California, alleges Green Dam contains parts of Solid Oak’s own software. Jinhui Computer System Engineering, the Chinese company that makes Green Dam, denies any wrongdoing.
Jinhui is also threatening legal action of its own, with today’s China Daily reporting company general manager Zhang Chenmin saying of the actions of the Michigan three, “it is not responsible to crack somebody’s software and publish the details, which are commercial secrets, on the Internet. They (the professors) have infringed the copyright of our product. I think the negative comments and attacks on Green Dam are intentional.” According to the government newspaper, Jinhui is working “non-stop” to come up with free patches to address the security problems.