Golden Shield Project
The Golden Shield Project, also named National Public Security Work Informational Project, is the Chinese nationwide network-security fundamental constructional project by the e-government of the People's Republic of China. This project includes a security management information system, a criminal information system, an exit and entry administration information system, a supervisor information system, a traffic management information system, among others.
The Golden Shield Project is one of the 12 important "golden" projects. The other "golden" projects are Golden Bridges, Golden Customs, Golden Card, Golden Finance, Golden Agriculture, Golden Taxation, Golden Water and Golden Quality.
The Golden Shield Project also manages the Bureau of Public Information and Network Security Supervision, which is a bureau that is widely believed, though not officially claimed, to operate a subproject called the Great Firewall of China which is a censorship and surveillance project that blocks politically inconvenient incoming data from foreign countries. It is operated by the Ministry of Public Security of the government of China. This subproject was initiated in 1998 and began operations in November 2003. It has also seemingly been used to attack international web sites using Man-on-the-side DDoS, for example GitHub on 2015/03/28.
History
The political and ideological background of the Golden Shield Project is considered to be one of Deng Xiaoping’s favorite sayings in the early 1980s: "If you open the window for fresh air, you have to expect some flies to blow in." The saying is related to a period of economic reform in China that became known as the "socialist market economy". Superseding the political ideologies of the Cultural Revolution, the reform led China towards a market economy and opened up the market for foreign investors. Nonetheless, despite the economic freedom, values and political ideas of the Communist Party of China have had to be protected by "swatting flies" of other unwanted ideologies.The Internet in China arrived in 1994, as the inevitable consequence of and supporting tool for the "socialist market economy". As availability of the Internet has gradually increased, it has become a common communication platform and tool for trading information.
The Ministry of Public Security took initial steps to control Internet use in 1997, when it issued comprehensive regulations governing its use. The key sections, Articles 46, are the following:
In 1998, the Communist Party of China feared that the China Democracy Party would breed a powerful new network that the party elites might not be able to control. The CDP was immediately banned, followed by arrests and imprisonment. That same year, the Golden Shield project was started. The first part of the project lasted eight years and was completed in 2006. The second part began in 2006 and ended in 2008.
On 6 December 2002, 300 people in charge of the Golden Shield project from 31 provinces and cities throughout China participated in a four-day inaugural "Comprehensive Exhibition on Chinese Information System". At the exhibition, many western high-tech products, including Internet security, video monitoring and human face recognition were purchased. It is estimated that around 30,000-50,000 police are employed in this gigantic project.
A subsystem of the Golden Shield has been nicknamed "the Great Firewall" in reference to its role as a network firewall and to the ancient Great Wall of China. This part of the project includes the ability to block content by preventing IP addresses from being routed through and consists of standard firewalls and proxy servers at the six Internet gateways. The system also selectively engages in DNS cache poisoning when particular sites are requested. The government does not appear to be systematically examining Internet content, as this appears to be technically impractical. Because of its disconnection from the larger world of IP routing protocols, the network contained within the Great Firewall has been described as "the Chinese autonomous routing domain".
During the 2008 Summer Olympics, Chinese officials told Internet providers to prepare to unblock access from certain Internet cafés, access jacks in hotel rooms and conference centers where foreigners were expected to work or stay.
Actions and purpose
The Golden Shield Project contains an integrated, multi-layered system, involving technical, administrative, public security, national security, publicity and many other departments. This project was planning to finish within five years, separated into two phases.Phase I
The first phase of the project focused on the construction of the first-level, second-level, and the third-level information communication network, application database, shared platform, etc. The period was three years.According to the Xinhua News Agency, since September 2003, the Public Security department of China has recorded 96% of the population information of mainland China into the database. In other words, the information of 1.25 billion out of 1.3 billion people has recorded in the information database of the Public Security department of China. Within three years, phase I project has finished the first-level, second-level, and the third-level backbone network and access network. This network has covered public security organs at all levels. The grass-roots teams of public security organs have accessed to the backbone network with the coverage rate 90%, that is to say, every 100 police officers have 40 computers connected to the network of the phase I project. The Ministry of Public Security of the People's Republic of China said that the phase I project had significantly enhanced the combat effectiveness of public security.
Members participated in the phase I project include Tsinghua University from China, and some high-tech companies from the United States of America, the United Kingdom, Israel, etc. Cisco Systems from the United States of America has provided massive hardware devices for this project, and therefore was criticized by some members of the United States Congress.
According to China Central Television, phase I cost 6.4 billion yuan. On, there came the "2002 China Large Institutions Informationization Exhibition", 300 leaders from the Ministry of Public Security of the People's Republic of China and from other public security bureaus of 31 provinces or municipalities attended the exhibition. There were many western high-tech products, including network security, video surveillance and face recognition. It was estimated that about 30000 police officers have been employed to maintain the system. There was a multi-level system to track netizens violating the provisions. Netizens who want to use the internet in a cybercafé are required to show their Resident Identity Cards. If some violating event happened, the owner of the cybercafé can send the personal information to the police through the internet. It is called a public security automation system, but it is actually an integrated, multi-layered, internet blocking and monitoring system, involving the technical, administrative, public security, national security, publicity, etc. The features are known as: readable, listenable, and thinkable.
Phase II
The phase II project started in 2006. The main task was to enhance the terminal construction, and the public security business application system, trying to informatize of the public security work. The period was two years.Based on the phase I project, phase II project expanded the information application types of public security business, and informationized further public security information. The key points of this project included application system construction, system integration, the expansion of information centre, and information construction in central and western provinces. The system of was planning to strengthen the integration, to share and analysis of information. It would greatly enhance the information for the public security work support.
Censored content
Mainland Chinese Internet censorship programs have censored Web sites that include :- Web sites belonging to "outlawed" or suppressed groups, such as pro-democracy activists and Falun Gong.
- News sources that often cover topics that are considered defamatory against China, such as police brutality, Tiananmen Square protests of 1989, freedom of speech, democracy sites. These sites include Voice of America and the Chinese edition of BBC News.
- Sites related to the Taiwanese government, media, or other organizations, including sites dedicated to religious content, and most large Taiwanese community websites or blogs.
- Web sites that contain anything the Chinese authorities regard as obscenity or pornography.
- Web sites relating to criminal activity.
- Sites linked with the Dalai Lama, his teachings or the International Tibet Independence Movement.
- Most blogging sites experience frequent or permanent outages.
- Web sites deemed as subversive.
According to The New York Times, Google has set up computer systems inside China that try to access Web sites outside the country. If a site is inaccessible, then it is added to Google China's blacklist. However, once unblocked, the Web sites will be reindexed.
Referring to Google's first-hand experience of the great firewall, there is some hope in the international community that it will reveal some of its secrets. Simon Davies, founder of London-based pressure group Privacy International, is now challenging Google to reveal the technology it once used at China's behest. "That way, we can understand the nature of the beast and, perhaps, develop circumvention measures so there can be an opening up of communications." "That would be a dossier of extraordinary importance to human rights," Davies says. Google has yet to respond to his call.
Bypassing
Because the Great Firewall blocks destination IP addresses and domain names and inspects the data being sent or received, a basic censorship circumvention strategy is to use proxy nodes and encrypt the data. Most circumvention tools combine these two mechanisms.- Proxy servers outside China can be used, although using just a simple open proxy without also using an encrypted tunnel does little to circumvent the sophisticated censors.
- Companies can establish regional Web sites within China. This prevents their content from going through the Great Firewall of China; however, it requires companies to apply for local ICP licenses.
- Onion routing and Garlic routing, such as I2P or Tor, can be used.
- Freegate, Ultrasurf, and Psiphon are free programs that circumvent the China firewall using multiple open proxies, but still behave as though the user is in China.
- VPNs and SSH are the powerful and stable tools for bypassing surveillance technologies. They use the same basic approaches, proxies and encrypted channels, used by other circumvention tools, but depend on a private host, a virtual host, or an account outside of China, rather than open, free proxies.
- Open application programming interface used by Twitter which enables to post and retrieve tweets on sites other than Twitter. "The idea is that coders elsewhere get to Twitter, and offer up feeds at their own URLs—which the government has to chase down one by one." says Jonathan Zittrain, co-director of Harvard's Berkman Klein Center for Internet & Society.
- Reconfiguration at the end points of communication, encryption, discarding reset packets according to the TTL value by distinguishing those resets generated by the Firewall and those made by end user, not routing any further packets to sites that have triggered blocking behavior.
Exporting technology
Differences from the Great Firewall
The Golden Shield Project is distinct from the Great Firewall, which has a different mission. The differences are listed below:Politically,
- The GFW is a tool for the propaganda system, whereas the Golden Shield Project is a tool for the public security system.
- The original requirements of the GFW are from the 610 office, whereas the original requirements of the Golden Shield Project are from the public security department.
- The GFW is a national gateway for filtering foreign websites, whereas the Golden Shield Project is for monitoring the domestic internet.
- The GFW is attached to the three national internet exchange centres, and then spread to some of the ISPs to implement the blocking effect, whereas the Golden Shield Project stations in the most exchange centres and data centres.
- The GFW is very powerful in scientific research, including many information security scientists, such as people from Harbin Institute of Technology, Chinese Academy of Sciences, and Beijing University of Posts and Telecommunications, whereas the Golden Shield Project is less powerful in scientific research.
- The GFW is built by Fang Binxing, whereas the Golden Shield Project is built by Shen Changxiang.