Google is encrypting search globally. That’s bad for the NSA and China’s censors.
BY CRAIG TIMBERG AND JIA LYNN YANG
March 12 at 12:51 pm
China’s Great Firewall, as the world’s most sophisticated Internet censorship system is known, is facing a new challenge as Google begins to automatically encrypt searches there as part of its global expansion of privacy technology.
The development is the latest — and perhaps most unexpected — consequence of Edward Snowden’s release last year of National Security Agency documents detailing the extent of government surveillance of the Internet. Google and other technology companies responded with major new investments in encryption worldwide, complicating relations between the companies and governments long accustomed to having the ability to quietly monitor the Web.
Googling the words “Dalai Lama” or “Tiananmen Square” from China long has produced the computer equivalent of a blank stare, as that nation’s government has blocked Web sites that it deemed politically sensitive. But censors spying on Google’s search queries in China increasingly are seeing only gibberish, undermining the government’s ability to screen them.
China — and other nations, such as Saudi Arabia and Vietnam, that censor the Internet on a national level — will still have the option of blocking Google search services altogether. But routine, granular filtering of content will become more difficult, experts say. It also will become more difficult for authorities to monitor search queries for signs that an individual Internet user may be a government opponent, experts say.
Chinese officials did not immediately respond to questions about Google’s decision to automatically encrypt searches there, but the move threatens to ratchet up long-standing tensions between the American tech powerhouse and the world’s most populous nation.
“No matter what the cause is, this will help Chinese netizens to access information they’ve never seen before,” said Percy Alpha, the co-founder of GreatFire.org, an activist group that monitors China’s Great Firewall. “It will be a huge headache for Chinese censorship authorities. We hope other companies will follow Google to make encryption by default.”
Alpha, who like other members of the group uses a pseudonym to evade Chinese authorities, noted that Google began encrypting searches in the country more than two months after GreatFire publicly challenged the company to do so in an opinion piece published in Britain’s Guardian newspaper in November.
Google denied that there was any connection, saying that the global rollout of automatic encryption for search began in February for unrelated reasons. All searches made from most modern browsers will be encrypted in the coming months. The completion date for the worldwide rollout is not yet clear, the company said.
“The revelations of this past summer underscored our need to strengthen our networks. Among the many improvements we’ve made in recent months is to encrypt Google Search by default around the world,” spokeswoman Niki Christoff said in an e-mailed statement. “This builds on our work over the past few years to increase the number of our services that are encrypted by default and encourage the industry to adopt stronger security standards. ”
Google largely pulled out of mainland China in 2010, moving its operations to the quasi-autonomous base of Hong Kong after refusing to comply with orders to censor searches — something that competitors who remained behind still do.
Google began offering encrypted search as an option for some users that same year and made the protection automatic for many users in the United States in 2012. The company began encrypting traffic between its data centers last year, after The Washington Post and the Guardian, relying on documents provided by Snowden, reported on the massive extent of Internet spying by the National Security Agency and its allies. Microsoft and Yahoo soon followed with similar initiatives.
The rising use of encryption on a range of services has made it harder for intelligence services to spy on Internet traffic, including e-mails, search queries and video chats, experts say.
Encrypted search has come more slowly in other parts of the world, and especially to those using older browsers. Firefox, Safari and Google’s own Chrome browser support automatic encryption, but older generations of Microsoft’s Internet Explorer — still popular in China and much of the world — do not. Internet Explorer 6, which was first released in 2001 and does not support encrypted Google searches, still is used for 16 percent of Chinese Internet traffic, according to NetMarketShare.com, which tracks usage.
The move to automatic encryption could spark backlash from Chinese authorities, who constantly tweak their Great Firewall to block the flow of unwanted content and also to maintain the ability to monitor Internet users in China, Western analysts say.
“The Great Firewall is entirely a moving target,” said Richard Clayton, a computer security researcher for the University of Cambridge, in England, who has studied Chinese Internet filtering. “They are tweaking it all the time.”
The censorship poses an obstacle to Chinese businesses that are trying to go global since they don’t have reliable access to sites like Facebook. And there’s no telling on a given day what the government is choosing to block.
“In China, a lot of things are like this,” said Jiang Tao, founder of CSDN, a Chinese software developer community. “You don’t know what you can do, what you can’t do. No one tells you.”
Google’s move toward encryption could prompt China to block Google searches altogether or even all services offered by the company. Google has a much lower market share in China than elsewhere in the world but still is widely used by international firms and some others, meaning there could be economic consequences to an outright block.
Another option would be what experts call a “man-in-the-middle attack” that would allow Chinese censors to intercept encrypted traffic and decode it before it reaches Google servers. For many users, such an attack would be obvious because their browsers would warn that the encrypted communication had not reached its intended recipient. Users would be free to proceed with the query, even in the face of a man-in-the-middle attack, but the protection offered by Google’s encryption would be lost.
Alpha, the co-founder of GreatFire, said that Chinese authorities will be reluctant to block Google entirely for the long-term, though they have on occasion slowed access to the company’s services. The economic costs of a major showdown with Google, he said, could be profound.
Privacy advocates, who long have criticized Google, said its expanded use of encryption will do nothing to curb the company’s own tracking of the Web site visits, e-mails and search queries of its users. Such information helps the company target advertising, the key source of revenue for the company.
“It’s a good move to encrypt as much as possible, but I really think Google is grandstanding here,” said Jeff Chester, executive director of the Center for Digital Democracy, an advocacy group based in Washington.
William Wan and Li Qi contributed to this report from Beijing.