August 2015

In an earlier post I talked about how the Chinese government has used its “Great Firewall” censorship machinery on an expanded list of targets – from its own citizens to ordinary Americans who happen to visit Internet sites in China.  By intercepting the ad and analytics scripts that Americans downloaded from Chinese sites, the Chinese government was able to infect the Americans’ machines with malware.  Then the government used that malware to create a “Great Cannon” that aimed a massive number of packets at the US company GitHub.  The goal was to force the company to stop making news sites like the New York Times and Greatfire.org available to Chinese citizens.  The Great Cannon violated a host of US criminal laws, from computer fraud to extortion. The victims included hundreds of thousands of Americans.  And to judge from a persuasive Citizen Lab report, China’s responsibility was undeniable.  Yet the US government has so far done nothing about it.

US inaction is thus setting a new norm for cyberspace.  In the future, it means that many more Americans can expect to be attacked in their homes and offices by foreign governments who don’t like their views.

The US government should be ashamed of its acquiescence.  Especially because the Great Cannon is surprisingly vulnerable. After all, it only works if foreigners continue to visit Chinese sites and continue to download scripts from Chinese ad networks.  They supply the ammunition that the Great Cannon fires.  If no one from outside China visits Chinese search sites or loads Chinese ads, the Cannon can’t shoot.
Continue Reading The GitHub Attack and Internet Self-defense

Over the past few years, the US government has invested heavily in trying to create international norms for cyberspace. We’ve endlessly cajoled other nations to agree on broad principles about internet freedom and how the law of war applies to cyberconflicts. Progress has been slow, especially with countries that might actually face us in a

Bonus Episode 78:  Dmitri Alperovitch, Harvey Rishikof, Stewart Baker, and Melanie Teplinsky debate whether the United States should start doing commercial espionage

I know, I know, we promised that the Cyberlaw Podcast would go on hiatus for the month of August.  But we also hinted that there might be a bonus episode.