Golden Shield Project
The Golden Shield Project (Chinese: 金盾工程; pinyin: jīndùn gōngchéng), also named National Public Security Work Informational Project,[a] is the Chinese nationwide network-security fundamental constructional project by the e-government of the People's Republic of China. This project includes a security management information system, a criminal information system, an exit and entry administration information system, a supervisor information system, a traffic management information system, among others.
The Golden Shield Project is one of the 12 important "golden" projects. The other "golden" projects are Golden Bridges (for public economic information),[b] Golden Customs (for foreign trades),[c] Golden Card (for electronic currencies),[d] Golden Finance (for financial management),[e] Golden Agriculture (for agricultural information),[f] Golden Taxation (for taxation),[g] Golden Water (for water conservancy information)[h] and Golden Quality (for quality supervision).[i]
The Golden Shield Project also manages the Bureau of Public Information and Network Security Supervision,[j] which is a bureau that is widely believed, though not officially claimed, to operate a subproject called the Great Firewall of China (GFW)[k] which is a censorship and surveillance project that blocks data from foreign countries that may be unlawful in the PRC. It is operated by the Ministry of Public Security (MPS) of the government of China. This subproject was initiated in 1998 and began operations in November 2003. It has also seemingly been used to attack international web sites using Man-on-the-side DDoS, for example GitHub on 2015/03/28.
The political and ideological background of the Golden Shield Project is considered to be one of Deng Xiaoping's favorite sayings in the early 1980s: "If you open the window for fresh air, you have to expect some flies to blow in."[l] The saying is related to a period of economic reform in China that became known as the "socialist market economy". Superseding the political ideologies of the Cultural Revolution, the reform led China towards a market economy and opened up the market for foreign investors. Nonetheless, despite the economic freedom, values and political ideas of the Communist Party of China have had to be protected by "swatting flies" of other unwanted ideologies.
The Internet in China arrived in 1994, as the inevitable consequence of and supporting tool for the "socialist market economy". As availability of the Internet has gradually increased, it has become a common communication platform and tool for trading information.
The Ministry of Public Security took initial steps to control Internet use in 1997, when it issued comprehensive regulations governing its use. The key sections, Articles 4–6, are the following:
Individuals are prohibited from using the Internet to: harm national security; disclose state secrets; or injure the interests of the state or society. Users are prohibited from using the Internet to create, replicate, retrieve, or transmit information that incites resistance to the PRC Constitution, laws, or administrative regulations; promotes the overthrow of the government or socialist system; undermines national unification; distorts the truth, spreads rumors, or destroys social order; or provides sexually suggestive material or encourages gambling, violence, or murder. Users are prohibited from engaging in activities that harm the security of computer information networks and from using networks or changing network resources without prior approval.
In 1998, the Communist Party of China feared that the China Democracy Party (CDP) would breed a powerful new network that the party elites might not be able to control. The CDP was immediately banned, followed by arrests and imprisonment. That same year, the Golden Shield project was started. The first part of the project lasted eight years and was completed in 2006. The second part began in 2006 and ended in 2008. On 6 December 2002, 300 people in charge of the Golden Shield project from 31 provinces and cities throughout China participated in a four-day inaugural "Comprehensive Exhibition on Chinese Information System". At the exhibition, many western high-tech products, including Internet security, video monitoring and human face recognition were purchased. It is estimated that around 30,000-50,000 police are employed in this gigantic project.
A subsystem of the Golden Shield has been nicknamed "the Great Firewall" (防火长城) (a term that first appeared in a Wired magazine article in 1997) in reference to its role as a network firewall and to the ancient Great Wall of China. This part of the project includes the ability to block content by preventing IP addresses from being routed through and consists of standard firewalls and proxy servers at the six Internet gateways. The system also selectively engages in DNS cache poisoning when particular sites are requested. The government does not appear to be systematically examining Internet content, as this appears to be technically impractical. Because of its disconnection from the larger world of IP routing protocols, the network contained within the Great Firewall has been described as "the Chinese autonomous routing domain".
During the 2008 Summer Olympics, Chinese officials told Internet providers to prepare to unblock access from certain Internet cafés, access jacks in hotel rooms and conference centers where foreigners were expected to work or stay.
Actions and purpose
The Golden Shield Project contains an integrated, multi-layered system, involving technical, administrative, public security, national security, publicity and many other departments. This project was planning to finish within five years, separated into two phases.
The first phase of the project focused on the construction of the first-level, second-level, and the third-level information communication network, application database, shared platform, etc. The period was three years.
According to the Xinhua News Agency, since September 2003, the Public Security department of China has recorded 96% of the population information of mainland China into the database. In other words, the information of 1.25 billion out of 1.3 billion people has recorded in the information database of the Public Security department of China. Within three years, phase I project has finished the first-level, second-level, and the third-level backbone network and access network. This network has covered public security organs at all levels. The grass-roots teams of public security organs have accessed to the backbone network with the coverage rate 90%, that is to say, every 100 police officers have 40 computers connected to the network of the phase I project. The Ministry of Public Security of the People's Republic of China said that the phase I project had significantly enhanced the combat effectiveness of public security.
Members participated in the phase I project include Tsinghua University from China, and some high-tech companies from the United States of America, the United Kingdom, Israel, etc. Cisco Systems from the United States of America has provided massive hardware devices for this project, and therefore was criticized by some members of the United States Congress.
According to China Central Television, phase I cost 6.4 billion yuan. On 6 December 2002, there came the "2002 China Large Institutions Informationization Exhibition", 300 leaders from the Ministry of Public Security of the People's Republic of China and from other public security bureaus of 31 provinces or municipalities attended the exhibition. There were many western high-tech products, including network security, video surveillance and face recognition. It was estimated that about 30000 police officers have been employed to maintain the system. There was a multi-level system to track netizens violating the provisions. Netizens who want to use the internet in a cybercafé are required to show their Resident Identity Cards. If some violating event happened, the owner of the cybercafé can send the personal information to the police through the internet. It is called a public security automation system, but it is actually an integrated, multi-layered, internet blocking and monitoring system, involving the technical, administrative, public security, national security, publicity, etc. The features are known as: readable, listenable, and thinkable.
The phase II project started in 2006. The main task was to enhance the terminal construction, and the public security business application system, trying to informatize of the public security work. The period was two years.
Based on the phase I project, phase II project expanded the information application types of public security business, and informationized further public security information. The key points of this project included application system construction, system integration, the expansion of information centre, and information construction in central and western provinces. The system of was planning to strengthen the integration, to share and analysis of information. It would greatly enhance the information for the public security work support.
Mainland Chinese Internet censorship programs have censored Web sites that include (among other things):
- Web sites belonging to "outlawed" or suppressed groups, such as pro-democracy activists and Falun Gong.
- News sources that often cover topics that are considered defamatory against China, such as police brutality, Tiananmen Square protests of 1989, freedom of speech, democracy sites. These sites include Voice of America and the Chinese edition of BBC News.
- Sites related to the Taiwanese government, media, or other organizations, including sites dedicated to religious content, and most large Taiwanese community websites or blogs.
- Web sites that contain anything the Chinese authorities regard as obscenity or pornography.
- Web sites relating to criminal activity.
- Sites linked with the Dalai Lama, his teachings or the International Tibet Independence Movement.
- Most blogging sites experience frequent or permanent outages.
- Web sites deemed as subversive.
According to The New York Times, Google has set up computer systems inside China that try to access Web sites outside the country. If a site is inaccessible, then it is added to Google China's blacklist. However, once unblocked, the Web sites will be reindexed. Referring to Google's first-hand experience of the great firewall, there is some hope in the international community that it will reveal some of its secrets. Simon Davies, founder of London-based pressure group Privacy International, is now challenging Google to reveal the technology it once used at China's behest. "That way, we can understand the nature of the beast and, perhaps, develop circumvention measures so there can be an opening up of communications." "That would be a dossier of extraordinary importance to human rights," Davies says. Google has yet to respond to his call.
Because the Great Firewall blocks destination IP addresses and domain names and inspects the data being sent or received, a basic censorship circumvention strategy is to use proxy nodes and encrypt the data. Most circumvention tools combine these two mechanisms.
- Proxy servers outside China can be used, although using just a simple open proxy (HTTP or SOCKS) without also using an encrypted tunnel (such as HTTPS) does little to circumvent the sophisticated censors.
- Companies can establish regional Web sites within China. This prevents their content from going through the Great Firewall of China; however, it requires companies to apply for local ICP licenses.
- Onion routing and Garlic routing, such as I2P or Tor, can be used.
- Freegate, Ultrasurf, and Psiphon are free programs that circumvent the China firewall using multiple open proxies, but still behave as though the user is in China.
- VPNs (virtual private network) and SSH (secure shell) are the powerful and stable tools for bypassing surveillance technologies. They use the same basic approaches, proxies and encrypted channels, used by other circumvention tools, but depend on a private host, a virtual host, or an account outside of China, rather than open, free proxies.
- Open application programming interface (API) used by Twitter which enables to post and retrieve tweets on sites other than Twitter. "The idea is that coders elsewhere get to Twitter, and offer up feeds at their own URLs—which the government has to chase down one by one." says Jonathan Zittrain, co-director of Harvard's Berkman Klein Center for Internet & Society.
- Reconfiguration at the end points of communication, encryption, discarding reset packets according to the TTL value (time to live) by distinguishing those resets generated by the Firewall and those made by end user, not routing any further packets to sites that have triggered blocking behavior.
Reporters Without Borders suspects that countries such as Cuba, Vietnam, Zimbabwe and Belarus have obtained surveillance technology from China although the censorships in these countries are not much in comparison to China.
Differences from the Great Firewall
The Golden Shield Project is distinct from the Great Firewall (GFW), which has a different mission. The differences are listed below:
- The GFW is a tool for the propaganda system, whereas the Golden Shield Project is a tool for the public security system.
- The original requirements of the GFW are from the 610 office, whereas the original requirements of the Golden Shield Project are from the public security department.
- The GFW is a national gateway for filtering foreign websites, whereas the Golden Shield Project is for monitoring the domestic internet.
- The GFW is attached to the three national internet exchange centres, and then spread to some of the ISPs to implement the blocking effect, whereas the Golden Shield Project stations in the most exchange centres and data centres.
- The GFW is very powerful in scientific research, including many information security scientists, such as people from Harbin Institute of Technology, Chinese Academy of Sciences, and Beijing University of Posts and Telecommunications, whereas the Golden Shield Project is less powerful in scientific research.
- The GFW is built by Fang Binxing, whereas the Golden Shield Project is built by Shen Changxiang.
- Blocking of Wikipedia by China
- Censorship in China
- Green Dam Youth Escort
- Human rights in China
- International Freedom of Expression Exchange – monitors Internet censorship in China
- Internet censorship in the People's Republic of China
- Internet in China
- List of government surveillance projects
- Media of China
- Politics of China
- Who Controls the Internet?
- 公共信息网络安全监察局, or 网监局 for short
- Chinese: 防火 长城; pinyin: fánghuǒ chángchéng
- Chinese: 打开窗户，新鲜空气和苍蝇就会一起进来。; pinyin: Dǎkāi chuānghù, xīnxiān kōngqì hé cāngying jiù huì yìqǐ jìnlái.
There are several variants of this saying in Chinese, including "如果你打开窗户换新鲜空气，就得想到苍蝇也会飞进来。" and "打开窗户，新鲜空气进来了，苍蝇也飞进来了。". Their meanings are the same.
- "金盾工程". 中国网--网上中国.
- "何谓"两网一站四库十二金"？". 中国网--网上中国.
- Norris, Pippa; World Bank Staff (2009). Public Sentinel: News Media and Governance Reform. World Bank Publications. p. 360. ISBN 978-0-8213-8200-4. Retrieved 11 January 2011.
- "How China's Internet Police Control Speech on the Internet". Radio Free Asia. Retrieved 11 June 2013.
China’s police authorities spent the three years between 2003 and 2006 completing the massive "Golden Shield Project". Not only did over 50 percent of China’s policing agencies get on the Internet, there is also an agency called the Public Information Network Security and Monitoring Bureau, which oversees a large number network police. These are all the direct products of the Golden Shield Project.
- "China's Man-on-the-Side Attack on GitHub".
- R. MacKinnon "Flatter world and thicker walls? Blogs, censorship and civic discourse in China" Public Choice (2008) 134: p. 31–46, Springer
- "中国接入互联网". Chinanews.com. Retrieved 28 August 2013.
- "China and the Internet.", International Debates, 15420345, Apr2010, Vol. 8, Issue 4
- Goldman, Merle Goldman. Gu, Edward X.  (2004). Chinese Intellectuals between State and Market. Routledge publishing. ISBN 0415325978
- Goldsmith, Jack L.; Wu, Tim (2006). Who Controls the Internet?: Illusions of a Borderless World. New York: Oxford University Press. p. 91. ISBN 0-19-515266-2.
- 首屆「2002年中國大型機構信息化展覽會」全國31省市金盾工程領導雲集 (in Chinese)
- "What is internet censorship?". Amnesty International Australia. 28 March 2008. Archived from the original on 27 April 2015. Retrieved 21 February 2011.
- "The art of concealment". The Economist. Retrieved 3 September 2018.
- "Archived copy". Archived from the original on 23 January 2014. Retrieved 23 January 2014.CS1 maint: archived copy as title (link)
- Watts, Jonathan (20 February 2006). "War of the words". The Guardian. Retrieved 3 May 2010.
- "Costs and Benefits of Running a National ARD" (PDF). Archived from the original (PDF) on 6 July 2006.
- Fallows, James (March 2008). "The Connection Has Been Reset". The Atlantic. Retrieved 22 May 2011.
- 金盾工程数据库包括12亿多中国人的信息. 博讯 (in Chinese). 9 April 2006. Archived from the original on 5 March 2016.
- 中国“金盾工程”一期工程通过国家验收. Radio Free Asia (in Chinese).[permanent dead link]
- "首屆「2002年中國大型機構信息化展覽會」全國31省市金盾工程領導雲集". The Adsale Group. 19 December 2002. Archived from the original on 4 March 2010.
- 金盾二期工程将以信息整合应用为建设重点. 计世资讯 (in Chinese). Archived from the original on 31 May 2009.
- Marquand, Robert (24 February 2006). "China's media censorship rattling world image". The Christian Science Monitor. Retrieved 22 May 2011.
- "controlling information: you can't get there from here -- filtering searches". Pbs.org.
- Thompson, Clive (23 April 2006). "Google's China Problem (and China's Google Problem)". The New York Times. p. 8. Retrieved 22 May 2011.
- Will Google's help breach the great firewall of China? By: Marks, Paul, New Scientist, 02624079, 4/3/2010, Vol. 205, Issue 2754
- "Splinternet Behind the Great Firewall of China: The Fight Against GFW", Daniel Anderson, Queue, Association for Computing Machinery (ACM), Vol. 10, No. 11 (29 November 2012), doi:10.1145/2390756.2405036. Retrieved 11 October 2013.
- "Leaping the Great Firewall of China ", Emily Parker, Wall Street Journal, 24 March 2010. Retrieved 11 October 2013.
- "Ignoring the Great Firewall of China", Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson, PET'06: Proceedings of the 6th international conference on Privacy Enhancing Technologies, Springer-Verlag (2006), pages 20-35, ISBN 3-540-68790-4, doi:10.1007/11957454_2. Retrieved 11 October 2013.
- "Going online in Cuba: Internet under surveillance" (PDF). Reporters Without Borders. 2006. Archived from the original (PDF) on 3 March 2009.
- 自曲主编 (30 August 2009). "阅后即焚：GFW". 自曲新闻 (in Chinese). Archived from the original on 4 January 2010. Retrieved 30 August 2009.
|Wikibooks has a book on the topic of: Transwiki:Bypassing the Great Firewall of China|