CASE STUDY

Hardly a week goes by without reports that a massive protest has occurred in the streets of a big city somewhere in the world. Invariably, the Internet, social media, and mobile phones are either blamed or praised for enabling these popular expressions of discontent with political regimes, corrupt officials, unemployment, or wealth inequality. Such events encourage us to think of the Internet and the Web as an extraordinary technology unleashing torrents of human creativity, innovation, expression, popular rebellion, and sometimes, even democracy. How ironic then that the same Internet has also spawned an explosion in government control and surveillance of individuals on the Internet. Totalitarian dictators of the mid-twentieth century would have given their eyeteeth for a technology such as this, that can track what millions of people do, say, think, and search for in billions of e-mails, searches, blogs, and Facebook posts every day. In the early years of the Internet and the Web, many people assumed that because the Internet is so widely dispersed, it must be difficult to control or monitor. But the reality is quite different. We now know that just about all governments assert some kind of control and surveillance over Internet content and messages, and in many nations this control over the Internet and the people who use it is very extensive. While the Internet is a decentralized network, Internet traffic in all countries runs through large fiber-optic trunk lines that are controlled by national authorities or private firms. In China, there are three such lines, and China requires the companies that own these lines to configure their routers for both internal and external service requests. When a request originates in China for a web page in Chicago, Chinese routers examine the request to see if the site is on a blacklist, and then examine words in the requested web page to

see if it contains blacklisted terms. The system is often referred to as The Great Firewall of China (but formally by China as the Golden Shield) and was implemented with the assistance of Cisco Systems (the U.S. firm that is the largest manufacturer of routers in the world), Juniper Networks, and California-based Blue Coat (now owned by Symantec), which provides deep packet inspection software. A number of other U.S. Internet firms have also been involved in Chinas censorship and surveillance efforts. Over the past several years, China has strengthened and extended its regulation of the Internet in the name of social stability. Recently passed legislation allows web users to be jailed for up to three years if they post defamatory rumors that are read by more than 5,000 people. China has also issued rules to restrict the dissemination of political news and opinions on instant messaging applications such as WeChat, a text messaging app similar to Twitter and WhatsApp. Users are required to post political opinions and news only to state-authorized media outlets and are required to use their own names when establishing accounts. In 2016, China issued new rules barring foreign companies or their affiliates from publishing online content without government approval. It also began to subject online programs to the same censorship regulations as regular TV shows. In July 2016, it said it would punish websites that publish unverified social media content as news, and ordered several of the most popular Chinese portals, such as Sinu, Sohu, and NetEase, to cease original news reporting.

While China is often criticized for its extensive Internet controls, other countries are not far behind. Irans Internet surveillance of its citizens is considered by security experts to be one of the worlds most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale. The Iranian system goes beyond merely preventing access to specific sites such as Google, Twitter, and Facebook and reportedly also utilizes deep packet inspection. Deep packet inspection allows governments to read messages, alter their contents for disinformation purposes, and identify senders and recipients. It is accomplished by installing computers in the line between users and ISPs, opening up every digitized packet, inspecting for keywords and images, reconstructing the message, and sending it on. This is done for all Internet traffic including Skype, Facebook, e-mail, tweets, and messages sent to proxy servers. In 2016, Iran announced that it had completed the first stage of establishing an isolated, domestic version of the

Internet, purportedly one that will be faster and less costly, but which subjects its users to even more heightened surveillance. In Russia, a 2014 law allows the government to close websites without a court decision if the General Prosecutors office declares the material on a site to be extremist. Russia also regulates the blogosphere, requiring bloggers with more than 3,000 daily readers to register their real names and contact information with Russias communications regulator. In 2015, Russia passed laws requiring domestic Internet companies to store their data on Russian soil, allowing the government to control it and limit access, and in July 2016, passed additional laws that provide for mandatory data retention by ISPs and telecommunications providers for between 6 months and three years, require those companies to provide access to all such data without a warrant, and also require a government backdoor that will enable it to access all encrypted communications. Turkey is another country that has increasingly attempted to control and censor Internet content. These efforts have increased after the terrorist attack on Istanbuls Ataturk Airport and the failed coup against President Recep Tayyip Erdogan. But it is not just totalitarian nations that have sought to regulate and surveil the Internet. Both Europe and the United States have, at various times, also taken steps to control access to certain websites, censor web content, and engage in extensive surveillance of communications. For instance, Great Britain has a list of blocked sites, as do Germany, France, and Australia. The United States and European countries generally ban the sale, distribution, and/or possession of online child pornography. France, Germany, and Austria all bar the online sale of Nazi memorabilia. Even in South Korea, one of the worlds most wired countries, there are restrictions on content that is deemed subversive and harmful to the public order. In response to terrorism threats and other crimes, European governments and the U.S. government also perform deep packet inspection on e-mail and text communications of terrorist suspects. This surveillance is not limited to crossborder international data flows and includes large-scale domestic surveillance and analysis of routine e-mail, tweets, and other messages. In 2013, National Security Agency (NSA) contractor Edward Snowden made headlines by leaking classified NSA documents shedding light on the NSAs PRISM program, which allowed the agency access to the servers of major Internet companies such as Facebook, Google, Apple, Microsoft, and many others. Additionally, the documents revealed the existence of the NSAs XKeyscore program, which allows analysts to search databases of e-mails, chats, and browsing histories of individual citizens without any authorization. Warrants, court clearance, or other forms of legal documentation are not required for analysts to use the technology. Snowdens documents also showed spy agencies were tapping data from smartphone apps like Candy Crush, and most others, and that the NSA was tapping the flow of personal user information between Google and Yahoo. The NSA claimed that the program was only used to monitor foreign intelligence targets and that the information it collects has assisted in apprehending terrorists. The FBI also has an Internet surveillance unit, the National Domestic Communications Assistance Center. The NDCACs mission is to assist in the development of new surveillance technologies that will allow authorities to increase the interception of Internet, wireless, and VoIP communications. In 2016, many European powers moved ahead with plans to fortify their online surveillance with new start-of-the-art networks. In England, potential new laws would force Internet service companies to maintain Internet connection records that would be subject to review by law enforcement at any time. In response to multiple terror attacks on French soils in 2015, the French government passed very similar rules that force ISPs to maintain browsing data, as well as additional provisions for surveillance of phone calls, e-mails, and all mobile phone communications. And De-Cix, the worlds largest IXP, pushed back against the German government regarding requests to allow surveillance of all communications passing through its Frankfurt hub. De-Cix sued the German intelligence service for what it views as illegal overreach, but the German government hopes to pass new laws that would legitimize the practice, just as England, France, and other nations have done.

However, in the United States, efforts are underway to curb domestic and international counter- terrorist agencies like the NSA from conducting dragnet surveillance of the entire American population, strengthen court oversight of surveillance, limit surveillance to specific individuals, and ease disclosure rules for Internet firms who receive requests from government agencies. In 2015, Congress passed the USA Freedom Act, which limits the bulk collection of Americans phone records. However, equally concerted efforts are underway to expand these types of spying powers. For instance, the Obama administration has expanded the NSAs ability to perform warrantless wiretaps on suspected malicious hackers, allowing them to monitor international Internet traffic from these suspects as well as domestic traffic. Concerns about the use of the Internet and other methods of encrypted communications by the Islamic State to recruit new members and engage in terrorism have heightened the tension.

Questions:

1.How is it possible for any government to control or censor the Web?

2.Does the Chinese government, or the U.S. government, have the right to censor content on the Web?

3.How should U.S. companies deal with governments that want to censor content?

4.What would happen to e-commerce if the existing Web split into a different Web for each country?