Jump to content

Golden Shield Project

Listen to this article
From Wikipedia, the free encyclopedia

The Golden Shield Project (Chinese: 金盾工程; pinyin: jīndùn gōngchéng), also named National Public Security Work Informational Project,[a] is the Chinese nationwide network-security fundamental constructional project by the e-government of the People's Republic of China. This project includes a security management information system, a criminal information system, an exit and entry administration information system, a supervisor information system, a traffic management information system, among others.[1]

The Golden Shield Project is one of the 12 important "golden" projects. The other "golden" projects are Golden Customs (also known as Golden Gate) (for customs), Golden Tax (for taxation), Golden Macro, Golden Finance (for financial management), Golden Auditing, Golden Security, Golden Agriculture (for agricultural information), Golden Quality (for quality supervision), Golden Water (for water conservancy information), Golden Credit, and Golden Discipline projects.


The Golden Shield Project also manages the Bureau of Public Information and Network Security Supervision,[c] which is a bureau that is widely believed, though not officially claimed, to operate a subproject called the Great Firewall of China (GFW)[d][4] which is a censorship and surveillance project that blocks data from foreign countries that may be unlawful in the PRC. It is operated by the Ministry of Public Security (MPS) of the government of China. This subproject was initiated in 1998 and began operations in November 2003.[5] It has also seemingly been used to attack international web sites using Man-on-the-side DDoS, for example GitHub on 2015/03/28.[6]


The political and ideological background of the Golden Shield Project is considered to be one of Deng Xiaoping's favorite sayings in the early 1980s: "If you open the window for fresh air, you have to expect some flies to blow in."[e] The saying is related to a period of economic reform in China that became known as the "socialist market economy". Superseding the political ideologies of the Cultural Revolution, the reform led China towards a market economy and opened up the market for foreign investors. Nonetheless, despite the economic freedom, values and political ideas of the Chinese Communist Party have had to be protected by "swatting flies" of other unwanted ideologies.[7]

The Internet in China arrived in 1994,[8] as the inevitable consequence of and supporting tool for the "socialist market economy". As availability of the Internet has gradually increased, it has become a common communication platform and tool for trading information.

The Ministry of Public Security took initial steps to control Internet use in 1997, when it issued comprehensive regulations governing its use. The key sections, Articles 4–6, are the following:

Individuals are prohibited from using the Internet to: harm national security; disclose state secrets; or injure the interests of the state or society. Users are prohibited from using the Internet to create, replicate, retrieve, or transmit information that incites resistance to the PRC Constitution, laws, or administrative regulations; promotes the overthrow of the government or socialist system; undermines national unification; distorts the truth, spreads rumors, or destroys social order; or provides sexually suggestive material or encourages gambling, violence, or murder. Users are prohibited from engaging in activities that harm the security of computer information networks and from using networks or changing network resources without prior approval.[9]

In 1998, the Chinese Communist Party feared that the China Democracy Party (CDP) would breed a powerful new network that the party elites might not be able to control.[10] The CDP was immediately banned, followed by arrests and imprisonment.[11] That same year, the Golden Shield project was started. The first part of the project lasted eight years and was completed in 2006. The second part began in 2006 and ended in 2008. On 6 December 2002, 300 people in charge of the Golden Shield project from 31 provinces and cities throughout China participated in a four-day inaugural "Comprehensive Exhibition on Chinese Information System".[12] At the exhibition, many western high-tech products, including Internet security, video monitoring and human face recognition were purchased. It is estimated that around 30,000-50,000 police are employed in this gigantic project.[13]

A subsystem of the Golden Shield has been nicknamed "the Great Firewall" (防火长城) (a term that first appeared in a Wired magazine article in 1997)[14] in reference to its role as a network firewall and to the ancient Great Wall of China. This part of the project includes the ability to block content by preventing IP addresses from being routed through and consists of standard firewalls and proxy servers at the six Internet gateways.[15] The system also selectively engages in DNS cache poisoning when particular sites are requested. The government does not appear to be systematically examining Internet content, as this appears to be technically impractical.[16] Because of its disconnection from the larger world of IP routing protocols, the network contained within the Great Firewall has been described as "the Chinese autonomous routing domain".[17]

During the 2008 Summer Olympics, Chinese officials told Internet providers to prepare to unblock access from certain Internet cafés, access jacks in hotel rooms and conference centers where foreigners were expected to work or stay.[18]

Actions and purpose[edit]

The Golden Shield Project contains an integrated, multi-layered system, involving technical, administrative, public security, national security, publicity and many other departments. This project was planning to finish within five years, separated into two phases.

Phase I[edit]

The first phase of the project focused on the construction of the first-level, second-level, and the third-level information communication network, application database, shared platform, etc. The period was three years.

According to the Xinhua News Agency, since September 2003, the Public Security department of China has recorded 96% of the population information of mainland China into the database. In other words, the information of 1.25 billion out of 1.3 billion people has recorded in the information database of the Public Security department of China.[19] Within three years, phase I project has finished the first-level, second-level, and the third-level backbone network and access network. This network has covered public security organs at all levels. The grass-roots teams of public security organs have accessed to the backbone network with the coverage rate 90%, that is to say, every 100 police officers have 40 computers connected to the network of the phase I project. The Ministry of Public Security of the People's Republic of China said that the phase I project had significantly enhanced the combat effectiveness of public security.

Members participated in the phase I project include Tsinghua University from China, and some high-tech companies from the United States of America, the United Kingdom, Israel, etc. Cisco Systems from the United States of America has provided massive hardware devices for this project, and therefore was criticized by some members of the United States Congress.[20] According to an internal Cisco document, Cisco viewed China's Great Firewall and its Internet censorship as an opportunity to expand its business with China.[21]

According to China Central Television, phase I cost 6.4 billion yuan. On 6 December 2002, there came the "2002 China Large Institutions Informationization Exhibition", 300 leaders from the Ministry of Public Security of the People's Republic of China and from other public security bureaus of 31 provinces or municipalities attended the exhibition. There were many western high-tech products, including network security, video surveillance and face recognition.[22] It was estimated that about 30000 police officers have been employed to maintain the system. There was a multi-level system to track netizens violating the provisions. Netizens who want to use the internet in a cybercafé are required to show their Resident Identity Cards. If some violating event happened, the owner of the cybercafé can send the personal information to the police through the internet. It is called a public security automation system, but it is actually an integrated, multi-layered, internet blocking and monitoring system, involving the technical, administrative, public security, national security, publicity, etc. The features are known as: readable, listenable, and thinkable.

Phase II[edit]

The phase II project started in 2006. The main task was to enhance the terminal construction, and the public security business application system, trying to informatize of the public security work. The period was two years.[23]

Based on the phase I project, phase II project expanded the information application types of public security business, and informationized further public security information. The key points of this project included application system construction, system integration, the expansion of information centre, and information construction in central and western provinces. The system of was planning to strengthen the integration, to share and analysis of information. It would greatly enhance the information for the public security work support.[23]

Censored content[edit]

Mainland Chinese Internet censorship programs have censored Web sites that include (among other things):

Blocked web sites are indexed to a lesser degree, if at all, by some Chinese search engines. This sometimes has considerable impact on search results.[25]

According to The New York Times, Google has set up computer systems inside China that try to access Web sites outside the country. If a site is inaccessible, then it is added to Google China's blacklist.[26] However, once unblocked, the Web sites will be reindexed. Referring to Google's first-hand experience of the great firewall, there is some hope in the international community that it will reveal some of its secrets. Simon Davies, founder of London-based pressure group Privacy International, is now challenging Google to reveal the technology it once used at China's behest. "That way, we can understand the nature of the beast and, perhaps, develop circumvention measures so there can be an opening up of communications." "That would be a dossier of extraordinary importance to human rights," Davies says. Google has yet to respond to his call.[27]

Bypass techniques[edit]

Because the Great Firewall blocks destination IP addresses and domain names and inspects the data being sent or received, a basic censorship circumvention strategy is to use proxy nodes and encrypt the data. Most circumvention tools combine these two mechanisms.[28]

  • Proxy servers outside China can be used, although using just a simple open proxy (HTTP or SOCKS) without also using an encrypted tunnel (such as HTTPS) does little to circumvent the sophisticated censors.[28]
  • Companies can establish regional Web sites within China. This prevents their content from going through the Great Firewall of China; however, it requires companies to apply for local ICP licenses.
  • Onion routing and Garlic routing, such as I2P or Tor, can be used.[28]
  • Freegate, Ultrasurf, and Psiphon are free programs that circumvent the China firewall using multiple open proxies, but still behave as though the user is in China.[28]
  • VPNs (virtual private network) and SSH (secure shell) are the powerful and stable tools for bypassing surveillance technologies. They use the same basic approaches, proxies and encrypted channels, used by other circumvention tools, but depend on a private host, a virtual host, or an account outside of China, rather than open, free proxies.[28]
  • Open application programming interface (API) used by Twitter which enables to post and retrieve tweets on sites other than Twitter. "The idea is that coders elsewhere get to Twitter, and offer up feeds at their own URLs—which the government has to chase down one by one." says Jonathan Zittrain, co-director of Harvard's Berkman Klein Center for Internet & Society.[29]
  • Reconfiguration at the end points of communication, encryption, discarding reset packets according to the TTL value (time to live) by distinguishing those resets generated by the Firewall and those made by end user, not routing any further packets to sites that have triggered blocking behavior.[30]

Exporting technology[edit]

Reporters Without Borders suspects that countries such as Australia,[31][32][33] Cuba, Vietnam, Zimbabwe and Belarus have obtained surveillance technology from China although the censorships in these countries are not much in comparison to China.[34]

Since at least 2015, the Russian Roskomnadzor agency collaborates with Chinese Great Firewall security officials in implementing its data retention and filtering infrastructure.[35][36][37] Since the 2022 Russian invasion of Ukraine, in order to combat disinformation and enforce the war censorship law, Russia authorities began improving and widening the capabilities of this system.[38]

Differences from the Great Firewall[edit]

The Golden Shield Project is distinct from the Great Firewall (GFW), which has a different mission. The differences are listed below:


  1. The GFW is a tool for the propaganda system, whereas the Golden Shield Project is a tool for the public security system.
  2. The original requirements of the GFW are from the 610 office, whereas the original requirements of the Golden Shield Project are from the public security department.
  3. The GFW is a national gateway for filtering foreign websites, whereas the Golden Shield Project is for monitoring the domestic internet.


  1. The GFW is attached to the three national internet exchange centres, and then spread to some of the ISPs to implement the blocking effect, whereas the Golden Shield Project stations in the most exchange centres and data centres.
  2. The GFW is very powerful in scientific research, including many information security scientists, such as people from Harbin Institute of Technology, Chinese Academy of Sciences, and Beijing University of Posts and Telecommunications, whereas the Golden Shield Project is less powerful in scientific research.
  3. The GFW is built by Fang Binxing, whereas the Golden Shield Project is built by Shen Changxiang.[39]

See also[edit]


  1. ^ 全国公安工作信息化工程
  2. ^ 金质
  3. ^ 公共信息网络安全监察局, or 网监局 for short
  4. ^ Chinese: 防火 长城; pinyin: fánghuǒ chángchéng
  5. ^ Chinese: 打开窗户,新鲜空气和苍蝇就会一起进来。; pinyin: Dǎkāi chuānghù, xīnxiān kōngqì hé cāngying jiù huì yìqǐ jìnlái.
    There are several variants of this saying in Chinese, including "如果你打开窗户换新鲜空气,就得想到苍蝇也会飞进来。" and "打开窗户,新鲜空气进来了,苍蝇也飞进来了。". Their meanings are the same.


  1. ^ "金盾工程". 中国网--网上中国.
  2. ^ "CIECC E-government". en.ciecc.com.cn. Retrieved 4 May 2022.
  3. ^ "何谓"两网一站四库十二金"?". 中国网--网上中国.
  4. ^ Norris, Pippa; World Bank Staff (2009). Public Sentinel: News Media and Governance Reform. World Bank Publications. p. 360. ISBN 978-0-8213-8200-4. Retrieved 11 January 2011.
  5. ^ "How China's Internet Police Control Speech on the Internet". Radio Free Asia. Retrieved 11 June 2013. China's police authorities spent the three years between 2003 and 2006 completing the massive "Golden Shield Project". Not only did over 50 percent of China's policing agencies get on the Internet, there is also an agency called the Public Information Network Security and Monitoring Bureau, which oversees a large number network police. These are all the direct products of the Golden Shield Project.
  6. ^ "China's Man-on-the-Side Attack on GitHub".
  7. ^ R. MacKinnon "Flatter world and thicker walls? Blogs, censorship and civic discourse in China" Public Choice (2008) 134: p. 31–46, Springer
  8. ^ "中国接入互联网". Chinanews.com. Retrieved 28 August 2013.
  9. ^ "China and the Internet.", International Debates, 15420345, Apr2010, Vol. 8, Issue 4
  10. ^ Goldman, Merle Goldman. Gu, Edward X. [2004] (2004). Chinese Intellectuals between State and Market. Routledge. ISBN 0415325978
  11. ^ Goldsmith, Jack L.; Wu, Tim (2006). Who Controls the Internet?: Illusions of a Borderless World. New York: Oxford University Press. p. 91. ISBN 0-19-515266-2.
  12. ^ 首屆「2002年中國大型機構信息化展覽會」全國31省市金盾工程領導雲集 (in Chinese)
  13. ^ "What is internet censorship?". Amnesty International Australia. 28 March 2008. Archived from the original on 27 April 2015. Retrieved 21 February 2011.
  14. ^ "The art of concealment". The Economist. 6 April 2013. Retrieved 3 September 2018.
  15. ^ "Web mystery: China Internet traffic winds up in Wyoming - NBC News.com". NBC News. Archived from the original on 23 January 2014. Retrieved 23 January 2014.
  16. ^ Watts, Jonathan (20 February 2006). "War of the words". The Guardian. Retrieved 3 May 2010.
  17. ^ "Costs and Benefits of Running a National ARD" (PDF). Archived from the original (PDF) on 6 July 2006.
  18. ^ Fallows, James (March 2008). "The Connection Has Been Reset". The Atlantic. Retrieved 22 May 2011.
  19. ^ 金盾工程数据库包括12亿多中国人的信息. 博讯 (in Chinese (China)). 9 April 2006. Archived from the original on 5 March 2016.
  20. ^ 中国“金盾工程”一期工程通过国家验收. Radio Free Asia (in Chinese (China)).[permanent dead link]
  21. ^ Stirland, Sarah Lai. "Cisco Leak: 'Great Firewall' of China Was a Chance to Sell More Routers". Wired. ISSN 1059-1028. Retrieved 28 December 2023.
  22. ^ "首屆「2002年中國大型機構信息化展覽會」全國31省市金盾工程領導雲集". The Adsale Group. 19 December 2002. Archived from the original on 4 March 2010.
  23. ^ a b 金盾二期工程将以信息整合应用为建设重点. 计世资讯 (in Chinese (China)). Archived from the original on 31 May 2009.
  24. ^ Marquand, Robert (24 February 2006). "China's media censorship rattling world image". The Christian Science Monitor. Retrieved 22 May 2011.
  25. ^ "controlling information: you can't get there from here -- filtering searches". Pbs.org.
  26. ^ Thompson, Clive (23 April 2006). "Google's China Problem (and China's Google Problem)". The New York Times. p. 8. Retrieved 22 May 2011.
  27. ^ Will Google's help breach the great firewall of China? By: Marks, Paul, New Scientist, 02624079, 4/3/2010, Vol. 205, Issue 2754
  28. ^ a b c d e "Splinternet Behind the Great Firewall of China: The Fight Against GFW", Daniel Anderson, Queue, Association for Computing Machinery (ACM), Vol. 10, No. 11 (29 November 2012), doi:10.1145/2390756.2405036. Retrieved 11 October 2013.
  29. ^ "Leaping the Great Firewall of China ", Emily Parker, Wall Street Journal, 24 March 2010. Retrieved 11 October 2013.
  30. ^ "Ignoring the Great Firewall of China", Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson, PET'06: Proceedings of the 6th international conference on Privacy Enhancing Technologies, Springer-Verlag (2006), pages 20-35, ISBN 3-540-68790-4, doi:10.1007/11957454_2. Retrieved 11 October 2013.
  31. ^ Kamenev, Marina (16 June 2010). "First, China. Next: the Great Firewall of... Australia?". Time. Retrieved 22 September 2022.
  32. ^ "Critics blast 'great firewall of Australia'". ABC News. 15 December 2009. Retrieved 22 September 2022.
  33. ^ "The company with Aussie roots that's helping build China's surveillance state". 26 August 2019. Retrieved 22 September 2022.
  34. ^ "Going online in Cuba: Internet under surveillance" (PDF). Reporters Without Borders. 2006. Archived from the original (PDF) on 3 March 2009.
  35. ^ Soldatov, Andrei; Borogan, Irina (29 November 2016). "Putin brings China's Great Firewall to Russia in cybersecurity pact". The Guardian. ISSN 0261-3077. Retrieved 4 July 2017.
  36. ^ "China: The architect of Putin's firewall". Eurozine. 21 February 2017. Retrieved 10 December 2019.
  37. ^ "Russia's chief internet censor enlists China's know-how". Financial Times. 29 April 2016. Archived from the original on 11 December 2022. Retrieved 10 December 2019.
  38. ^ "War censorship exposes Putin's leaky internet controls". Associated Press. 14 March 2022.
  39. ^ 自曲主编 (30 August 2009). "阅后即焚:GFW". 自曲新闻 (in Chinese (China)). Archived from the original on 4 January 2010. Retrieved 30 August 2009.

External links[edit]

Listen to this article (10 minutes)
Spoken Wikipedia icon
This audio file was created from a revision of this article dated 13 July 2010 (2010-07-13), and does not reflect subsequent edits.