Chinese Law Prof Blog

Editor: Donald C. Clarke
George Washington University Law School

A Member of the Law Professor Blogs Network

Tuesday, January 12, 2010

Google responds to suspected Chinese cyber-attack: Will uncensor Google.cn, reconsider China operations

This is pretty big news. Google has posted an announcement saying that it will uncensor Google.cn and reconsider its China operations. (Here's the New York Times story.) It recognizes that uncensoring Google.cn may mean it will have to shut down the site and its China offices. The announcement is worth reading in full, but here's the reason for this extraordinary development:

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

The reasons for Google's response are set forth in the announcement, but the import is clear: Google will probably end up leaving China, since it is hard to believe the Chinese government will accept an uncensored Google.cn. Just for the historical record, here's what censoring does now: I ran searches today for pictures with the term "Tiananmen" on Google.com and Google.cn. The results are below (Google.com first and Google.cn after; click to see full picture).

Google-TAM 

That was Google.com. Now for Google.cn's results:

Google-cn-TAM
 

Looks like there's something somebody would rather you didn't see, doesn't it?

I think Google has gotten something of a bad rap for doing this kind of censorship. They haven't censored Google.com, and Google.com is still accessible in China. I use it all the time there. It seems to me that Yahoo and Microsoft are far more deserving of opprobrium. (Microsoft, at the request of the Chinese government, shut down the blog of someone the latter didn't like even though the blog was hosted by Microsoft on a server outside of China, and now censors results from simplified-character searches on Bing; you can follow my trail of Yahoo-related posts here. See also this piece by Nick Kristof in the New York Times.)

In any case, it seems that Google has had enough. I will leave the praise and criticism of this particular move to others. But as a tangential matter, the corporate law professor in me can't help but wonder whether, assuming this move hurts Google financially, Google's management hasn't violated its fiduciary duties. It's very hard for shareholders to bring these kinds of claims in practice (it would have to be a derivative suit) because management can always claim that the move in question is in their judgment good for the company's bottom line, and a court will be very reluctant to second-guess that in the absence of some obvious conflict of interest. The interesting thing here is that management has openly stated that they are doing this for non-business-related reasons:

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. 

(I know some of you lawyer readers are already thinking, "Wait a minute; we can read a business-related justification into that!" Well, a skilled lawyer can read anything into anything, but I'm going to stick with my claim that this is reasonably interpreted as non-business-related.) Despite the tenor of this statement, though, business-judgment-rule deference plus political realities make it hard for me to imagine a court finding the directors liable for any resulting loss of business. Take a look at Shlensky v. Wrigley and Kamin v. American Express.

http://lawprofessors.typepad.com/china_law_prof_blog/2010/01/google-responds-to-suspected-chinese-cyberattack-will-uncensor-googlecn-reconsider-china-operations.html

Commentary, News - Chinese Law | Permalink

TrackBack URL for this entry:

http://www.typepad.com/services/trackback/6a00d8341bfae553ef012876cd70e4970c

Listed below are links to weblogs that reference Google responds to suspected Chinese cyber-attack: Will uncensor Google.cn, reconsider China operations:

Comments

Several years ago there were rumours that McKinsey & Co's systems in Shanghai were being hacked by SOEs. Heard it through the consultant grapevine in China at the time. If that hacking really occurred, I somehow doubt that McKinsey alerted its clients.

Google gets a gold star for displaying decency.

Posted by: Annie Nonimous | Jan 12, 2010 5:27:10 PM

Morning' Prof,

I have now been in Beijing for my 4th time and the internet situation is frustrating to some point (a high point) especially when the proxys I use to simply go on Picasa Web Gallery of my own pictures, etc..

That example of the tiananmen square search on google is not news at all, but it does state how the faces of chinese will adopt another expression when they will see new outcomes on their web researches. China is sovereign and Google knows that and can decide to fold although I am not so sure that the Government will care all that much. Personally I hope for the breach of censorship and am expcited to know if and when!! It will be a historic minute in internet history.

rb

Posted by: Riccardo | Jan 12, 2010 6:53:11 PM

Professor Clark, you might want to give this link a try:

http://images.google.cn/images?q=%E5%A4%A9%E5%AE%89%E9%97%A8%20%E5%85%AD%E5%9B%9B

The keywords used are "天安门 六四", and I see photo of Zhao on bullhorn as well as the tank man photo.

Posted by: Chas | Jan 13, 2010 1:39:41 PM

Post a comment