DOCSLIB.ORG

PISA Journal Issue 10

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
PISA Journal Issue 10 Professional Informatio Page 1 of 36 Best Practicesfor Information Security intheWeb2.0Era A ReflectionofChina’sClean InternetInitiative China - Basic Standardfor Enterprise InternalControl P I S A J o u r n a l PISA Journal PISA Journal Domain NameSystemAmplification Attack n Security Association Reversing GreenDam 綠壩 An OrganizationAnfor Information Security Professionals AES-256 vs AES-128 AES-256 vs — 過濾功能的剖析 www.pisa.org.hk Issue SEP-2009 Issue Issue SEP-2009 10 10 Professional Information Security Association SEP-2009 Editor: [email protected] l l Issue 10 a a n n r r Copyright 2009 u u Professional Information Security Association o o J J Licensed under a Creative Commons Attribution-Noncommercial-Share Alike A A S S I I 4 綠壩— 過濾功能的剖析 P P 7 Reversing Green Dam – Uncover the Darkness and Truth 12 Green Dam - A Reflection of China’s Clean Internet Initiative 16 Cryptography AES-256 vs. AES-128: which provides more security control 19 Internet Security A Look at Domain Name System Amplification Attack 23 IT Governance and Compliance China - Basic Standard for Enterprise Internal Control 27 Websense Best Practices for Information Security in the Web 2.0 Era 30 SCWC2009 SC World Congress 2009 3 Message from the Chair 31 Program Snapshot 35 Active in External Affairs 36 Membership Benefits Page 2 of 36 SoftcopyAn availableOrganization at http://www.pisa.org.hk/publication/journal/ for Information Security Professionals Professional Information Security Association SEP-2009 l l Issue 10 a a n n r r u u o o Message from the Chair of PISA J J A A S S I I P P Antony Ma CISA, CISSP Chairperson ISA has been organizing Information From day one, PISA was built on the continuous PPsecurity events, technical research studies and unconditional contributions from our members. and policy comments since 2002. This basic theme We will continue this spirit in the coming years. has not been changed through the years while we When I meet members in our gathering, many new ideas were proposed. With the contribution from have more members and program committees members, I believe we are able to implement some joining us. In 2008, we had a change of the web sit of them and make PISA a more open, responsive led by our EXCO member George Chung. The and professional security association. current web site will be further enhanced to make PISA more responsive to the community. Let us work together to bring PISA a successful year in 2009/10! PISA had very prominent contribution to WiFi security of Hong Kong and school security management. A recently project we are putting in a lot of effort is the Honeynet project which we are cooperating with City University and IVE (Hacking Wong). This project is led by Program Antony Committee members Peter Cheung and Roland September 2009 Cheung. The newly elected PISA EXCO 2009/10 Jim Shek (left), Antony Ma, Raymond Tang, Frank Chow, Alan Ho, George Chung & James Chan Page 3 of 36 An Organization for Information Security Professionals Professional Information Security Association SEP-2009 l l Issue 10 Dissecting Green Dam a a n n r r u u o o 綠壩— 過濾功能的剖析 J J A A S S I I P P 楊和生 (Sang Young) CISSP CISA CEI ECSA CHFI CIFI CEH Program Committee 壩-花季護航(Green Dam Youth Escort)是中國一間位於杭洲的軟件公司所開發。根據中國工業及信 息化部的指令,原本會在2009年7月1日開始,必須在每一部新電腦上安裝才可出售。可是,由於軟 綠綠 件的質量、推行時間和國內海外的企業和網民的強烈反應,工業及信息化部在2009年6月底把這項 指令推遲執行,直到另行通知。官方把綠壩定位為保護未成年人上網之軟件,可以識別網站的色情圖片和文 章,從而作出過濾。我們嘗測試綠壩的各項功能和「其他功能」。 功能測試 我們是使用家用版版本3.17,打開綠壩系統,它顯示內建綠 的幾個過濾功能,其中較主要的有: • URL過濾 • 關鍵字過濾 • 圖像過濾 • 屏幕文字 以下是綠壩的技術方法的測試結果: URL過濾 綠壩有一個可定期更新的URL資料庫,假如使用者到訪一些網站的URL,而該URL是被列在資料庫時,便會出 現「DNS錯誤」的信息,而不能探訪。 在我們的測試中,成功被過濾的URL有 http://www.playboy.com 等,但是,基於URL資料庫的缺點,有很多色 情網站的URL還是不能過濾。更且,有很多正當的網站卻被錯誤過濾,例如微軟 SysInternals 保安工具 http://www.sysinternals.com 也被綠壩定為不能探訪的網址) ,造成URL過濾的效能低兼誤多。 關鍵字過濾 綠壩也會基於網頁出現的關鍵字作出過濾,該關鍵字庫也有能力定期更新。 經過我們的測試,如果關鍵字出現的話,Web Browser 也同樣會出現「DNS 錯誤」的信息。例如 http://www.sex141.com,這網址不在URL資料庫中,但是因為網頁上有一些色情有關的關鍵字,綠壩也會把這 網站過濾。 很可惜,關鍵字庫同樣地有嚴重的的缺點,使很多正當的網站被錯誤過濾,例如,香港家計會 (http://www.famplan.org.hk) 的網站因為有一些類似的關鍵字而成了陪葬品。關鍵字過濾還有其他的的缺點,例 如不懂辨別非中文字及英文字,初步的測試是網頁出現有關日文的色情字時,綠壩便不能過濾。 Page 4 of 36 An Organization for Information Security Professionals Professional Information Security Association SEP-2009 l l Issue Dissecting Green Dam 10 a a n n 綠壩 — 過濾功能的剖析 r r u u o o J J A A 圖像過濾 S S I I 另一個綠壩號稱功能強大的為智能過濾色情圖像,其技術 是基於膚色辨認 (Skin Tone Detection)。該技術早在10年前 P P 已經有廠家應用互聯網過濾方面,可是Skin Tone Detection技術限制很多,例如只可以識別白及黃皮膚等, 因此而沒有大行其道。 在預設的情況下,綠壩的過濾圖像功能是關閉的,我們把 這功能啟動並進行測試,結果是白人和黃種人的色情照片 成功過濾,不成功的主要是較暗或黑人照片。 成功過濾的有: http://www.wsyoung.com/f/123.bmp,但是亦有不少照未被過濾,計有: http://www.wsyoung.com/f/456.bmp 及 http://gdghdshadh1.blog116.fc2.com/blog-entry-244.html。 不但如此,綠壩也錯誤過濾了大量的非色情照片,例如:嬰兒頭部、胡錦濤面部和中國國旗、黨徽等。 Page 5 of 36 An Organization for Information Security Professionals Professional Information Security Association SEP-2009 l l Issue Dissecting Green Dam 10 a a n n 綠壩 — 過濾功能的剖析 r r u u o o J J A A 屏幕文字過濾 S S 屏幕文字過濾是指綠壩會過濾出現關鍵字的 I I 應用程式如Microsoft Office, Notepad等。 P P 我們嘗試把”sex”、”fuck”、「愛」、「屠 殺」等字輸入Notepad 當中,發覺可以成功輸 入;可是當我們輸入「六四屠殺」、 「六四 屠城」、「陷害法輪功」等字時,綠壩會立 即把Notepad關閉,同時顯示「此信息不良! 將被過濾掉!」 ,因為用戶的文件尚未貯 存,會導致未儲存的數據損失。經過測試, 會被關閉的應用程式還包括Wordpad 、 Editpro、Internet Explorer 和 Firefox。 有趣的是,我們衹要把 notepad 的程式改名,便可以把綠壩屏幕文字過濾這個覇道的功能繞過了。 其他測試結果 綠壩的其他功能,包括可以定期擷取用戶的電腦畫面 (screen capture),預設是 每3分鐘一次,最密的設定為1分鐘 ,畫面以時序儲存。其保安威脅是可能錄下敏感的 畫面,例如網上銀行帳戶處理情形、經解密後的文件的內容、私人的通訊等,無論由 綠壩上傳到伺服器,或電腦遭非法存取,擷取的畫面都是敏感的用戶行為的資料庫 過濾圖像方面,不同的敏感度可供設定。 當我們使用Firefox時,過濾功能大打折扣,有時發現不能成功過濾,如果成功過濾, 在Firefox的環境下,並沒有任何錯誤或提示信息,只有網頁是空白一片。 綠壩的語言只設定在中文簡體字的工作環境之下,如果要安裝或更改相關設定,必須 使用簡體字版的Windows或把系統預設語言設定為簡中。在測試期間,綠壩還出現了校 園版本和伺服器版本,據稱校園版跟我們測試的家用版是相同的,而伺服器版本是一 個Microsoft IIS的 plug-in,原意是供網絡內容供應商使用。 Copyright & 總結 Disclaimer 我們使用的綠壩版本為家用3.17版,它能過濾網站色情內容,同時亦會把非色情內容網站過濾。當有一些政治敏 Copyright owned by the 感內容時,綠壩會把應用程式殺掉,不會把用戶輸入的資料儲存。綠壩亦有紀錄功能,能把用戶瀏覽的網址和屏 author. This article is the 幕畫面儲存。綠壩也有對外通訊的功能,可以用作更新資料庫的用途。 views of the author and does not necessarily 楊和生, 2009 ■ reflect the opinion of PISA. Page 6 of 36 An Organization for Information Security Professionals Professional Information Security Association SEP-2009 l l Issue 10 a Dissecting Green Dam a n n r r u u Reversing Green Dam o o J J – Uncover the Darkness and Truth A Photo A S S I I Anthony Lai CISSP, CSSLP, CEH P P Program Committee, PISA Founder and Security Researcher, Valkyrie-X Security Research Group ou may already study the dynamic behavior of the Green Dam Software from Sang Young’s article. I have YY highlighted some important findings after carrying out reverse engineering over a few critical modules in Green Dam to understand what it functions as well as its architecture. Finally, we have provided summary and recommendation as well as the room of further research on Green Dam. 1. Commander of Installation and Process We have found that XNet2.exe is the major Green Dam service. It is for installation and register software key to the system and responsible for password check and reset. Meanwhile, it acts as a commander of XDaemon.exe and gn.exe and Kick start a number of processes with the following executables: Xdaemon, gn, HTAnalyzer, MPSVCC, HNCENG, HH, Looklog and LookPic Figure 1.1: Creating the process Page 7 of 36 An Organization for Information Security Professionals Professional Informatio Page 8 of 36 P I S A J o u r n a l You could be amazed it is architected lik is architected it amazed be could You process/thread any received tomonitor messages fro finding that,from acritical It is 2. Application executablemonitoring – Uncover theDarknessandTruth Reversing GreenDam Dissecting n Security Association Figure 2.1: The relationship between injlib32.dll andHandle.dll betweeninjlib32.dll relationship The Figure 2.1: executable names loaded before for monitoring. before for executable namesloaded Figure 2.2: Following into memory addre memory into Following Figure 2.2: Green An OrganizationAnfor Information Security Professionals Dam injlib32.dll e a Malware. This is our proposed mode This isour e aMalware. ss of loc_100008918, we could have list of havelist loc_100008918, wecould ss of , it is injected to every critical process. process. critical every to injected is it , m injectedDLL.(Asit m l how they interact with each other. each with interact l howthey supports string). transmit Handle.dll Issue Issue is to create create to is SEP-2009 10 Professional Informatio Page 9 of 36 P I S A J o u r n a l and Technology) in UnitedStates States. The use of timeserver is to synchronize the the synchronize to is timeserver of use The States. network several setup to Damtrying Green We foundout 3. Connecting to remotetimeserverfr – Uncover theDarknessandTruth Reversing GreenDam Dissecting computer n Security Association Figure 3.1: Setting up and openingnetworksocket Settingupand Figure 3.1: Green Figure 2.3a & 2.3b: Display of monitored existe &2.3b:Displayof monitored Figure 2.3a An OrganizationAnfor Information Security Professionals Dam (a) time across the time zone for logging and downloading. and logging time zonefor the time across om NIST(NationalIn sockets and connect ISP and NIST's time server in United in United time server ISP andNIST's connect and sockets nt running service at the Green Dam installed Green Daminstalled at the runningservice nt (b) stitute ofScience Issue Issue SEP-2009 10 Professional Informatio Page 10 of 36 P I S A J o u r n a l Figure 3.2: List of IPaddresse List Figure 3.2: I decrypted the word list file with theinformat with word listfile the I decrypted violation4. Suspicious piracy an – Uncover theDarknessandTruth Reversing GreenDam Dissecting copyright
Load more

Recommended publications
  • Nation-State Cyber Surveillance Options: the Role of Suppliers
    Nation-State Cyber Surveillance Options: The role of suppliers Eirik Bae Master’s Thesis Master of Science in Information Security 30 ECTS Department of Computer Science and Media Technology Gjøvik University College, 2014 Avdeling for informatikk og medieteknikk Høgskolen i Gjøvik Postboks 191 2802 Gjøvik Department of Computer Science and Media Technology Gjøvik University College Box 191 N-2802 Gjøvik Norway Nation-State Cyber Surveillance Options: The role of suppliers Abstract When Edward Snowden in 2013 leaked documents about U.S. surveillance, the focus shifted to how nation-states perform surveillance of Internet and telecom communications, and it was then a need for educated information about the topic. In this master thesis we investigate how nation-states can perform their cyber surveillance, how suppliers of products or services can sup- port the nation-states’ cyber surveillance, and how we can protect ourselves against it. We found that the most prominent way consists of collecting data from central points of communication, e.g. Internet and telecom providers. In some cases, it is necessary for the nation-state to perform targeted surveillance by installing surveillance software onto their suspects’ devices. The infor- mation they collect from centralized and targeted surveillance can lead to big data issues that relate to collecting, storing, and processing the massive amounts of data. A supplier can decide to help nation-states in their cyber surveillance, and by exploiting the trust we lay in the supplier it would result in that we would face a completely different threat landscape, where we find it difficult to protect our privacy and security.
    [Show full text]
  • New Media in New China
    NEW MEDIA IN NEW CHINA: AN ANALYSIS OF THE DEMOCRATIZING EFFECT OF THE INTERNET __________________ A University Thesis Presented to the Faculty of California State University, East Bay __________________ In Partial Fulfillment of the Requirements for the Degree Master of Arts in Communication __________________ By Chaoya Sun June 2013 Copyright © 2013 by Chaoya Sun ii NEW MEOlA IN NEW CHINA: AN ANALYSIS OF THE DEMOCRATIlING EFFECT OF THE INTERNET By Chaoya Sun III Table of Contents INTRODUCTION ............................................................................................................. 1 PART 1 NEW MEDIA PROMOTE DEMOCRACY ................................................... 9 INTRODUCTION ........................................................................................................... 9 THE COMMUNICATION THEORY OF HAROLD INNIS ........................................ 10 NEW MEDIA PUSH ON DEMOCRACY .................................................................... 13 Offering users the right to choose information freely ............................................... 13 Making free-thinking and free-speech available ....................................................... 14 Providing users more participatory rights ................................................................. 15 THE FUTURE OF DEMOCRACY IN THE CONTEXT OF NEW MEDIA ................ 16 PART 2 2008 IN RETROSPECT: FRAGILE CHINESE MEDIA UNDER THE SHADOW OF CHINA’S POLITICS ...........................................................................
    [Show full text]
  • China Human Rights Report 2009
    臺灣民主基金會 Taiwan Foundation for Democracy 本出版品係由財團法人臺灣民主基金會負責出版。臺灣民主基金會是 一個獨立、非營利的機構,其宗旨在促進臺灣以及全球民主、人權的 研究與發展。臺灣民主基金會成立於二○○三年,是亞洲第一個國家 級民主基金會,未來基金會志在與其他民主國家合作,促進全球新一 波的民主化。 This is a publication of the Taiwan Foundation for Democracy (TFD). The TFD is an independent, non-profit foundation dedicated to the study and promotion of democracy and human rights in Taiwan and abroad. Founded in 2003, the TFD is the first democracy assistance foundation established in Asia. The Foundation is committed to the vision of working together with other democracies, to advance a new wave of democratization worldwide. 本報告由臺灣民主基金會負責出版,報告內容不代表本會意見。 版權所有,非經本會事先書面同意,不得翻印、轉載及翻譯。 This report is published by the Taiwan Foundation for Democracy. Statements of fact or opinion appearing in this report do not imply endorsement by the publisher. All rights reserved. No portion of the contents may be reproduced in any form or by any means without prior written permission of the publisher. Taiwan Foundation for Democracy China Human Rights Report 2009 CONTENTS Foreword ....................................................................................................................i Chapter I: Preface ............................................................................................. 1 Chapter II: Social Rights .......................................................................... 25 Chapter III: Political Rights ................................................................... 39 Chapter IV: Judicial Rights ...................................................................
    [Show full text]
  • China's Green
    China’s Green Dam The Implications of Government Control Encroaching on the Home PC Executive Summary A recent directive by the Chinese government requires the installation of a specific filtering software product, Green Dam, with the publicly stated intent of protecting children from harmful Internet content. The proposed implementation of software as reviewed in this report would in fact have an influence that extends beyond helping parents protect their children from age inappropriate material; the filtering options include blocking of political and religious content normally associated with the Great Firewall of China, China’s sophisticated national-level filtering system. If implemented as proposed, the effect would be to increase the reach of Internet censorship to the edges of the network, adding a new and powerful control mechanism to the existing filtering system. As a policy decision, mandating the installation of a specific software product is both unprecedented and poorly conceived. In this specific instance, the mistake is compounded by requiring the use of a substandard software product that interferes with the performance of personal computers in an unpredictable way, killing browsers and applications without warning while opening up users to numerous serious security vulnerabilities. The level of parental control over the software is poor such that this software does not well serve parents that wish to the limit exposure of their children to Internet content. The mandate requiring the installation of a specific product serves no useful purpose apart from extending the reach of government authorities. Given the resulting poor quality of the product, the large negative security and stability effects on the Chinese computing infrastructure and the intense backlash against the product mandate, the mandate may result in less government control.
    [Show full text]
  • Protecting Human Rights in the Digital Age
    Protecting Human Rights in the Digital Age Understanding Evolving Freedom of Expression and Privacy Risks in the Information and Communications Technology Industry Dunstan Allison Hope, BSR February 2011 www.bsr.org Commissioned by the Global Network Initiative About This Report This report was commissioned and funded by the Global Network Initiative (GNI) and written by Dunstan Allison Hope at BSR. The report is based on literature review as well as interviews with individuals in the Information and Communications Technology industry. The author would like to thank the interviewees for their perspectives. Any errors are those of the author. Please direct comments or questions to Dunstan Allison Hope at [email protected]. Dunstan Allison Hope is a Managing Director at BSR and co-author (with Andy Wales and Matthew Gorman) of Big Business, Big Responsibilities (Palgrave Macmillan, 2010). DISCLAIMER BSR publishes occasional papers as a contribution to the understanding of the role of business in society and the trends related to corporate social responsibility and responsible business practices. BSR maintains a policy of not acting as a representative of its membership, nor does it endorse specific policies or standards. The views expressed in this publication are those of its author and do not necessarily reflect those of BSR members or the Global Network Initiative. ABOUT BSR A leader in corporate responsibility since 1992, BSR works with its global network of more than 250 member companies to develop sustainable business strategies and solutions through consulting, research, and cross-sector collaboration. With offices in Asia, Europe, and North America, BSR uses its expertise in the environment, human rights, economic development, and governance and accountability to guide global companies toward creating a just and sustainable world.
    [Show full text]
  • Cybersecurity and Development Nir Kshetri University of North Carolina at Greensboro
    Markets, Globalization & Development Review Volume 1 | Number 2 Article 3 2016 Cybersecurity and Development Nir Kshetri University of North Carolina at Greensboro Follow this and additional works at: http://digitalcommons.uri.edu/mgdr Part of the Anthropology Commons, Economics Commons, International Business Commons, Management Information Systems Commons, Marketing Commons, Other Business Commons, and the Sociology Commons Recommended Citation Kshetri, Nir (2016) "Cybersecurity and Development," Markets, Globalization & Development Review: Vol. 1: No. 2, Article 3. DOI: 10.23860/MGDR-2016-01-02-03 Available at: http://digitalcommons.uri.edu/mgdr/vol1/iss2/3http://digitalcommons.uri.edu/mgdr/vol1/iss2/3 This Article is brought to you for free and open access by DigitalCommons@URI. It has been accepted for inclusion in Markets, Globalization & Development Review by an authorized editor of DigitalCommons@URI. For more information, please contact [email protected]. This article is available in Markets, Globalization & Development Review: http://digitalcommons.uri.edu/mgdr/vol1/iss2/3 Cybersecurity and Development Nir Kshetri Abstract While scholars and policymakers have realized the importance of information and communication technologies in economic development, relatively less attention has been given to the role of cybersecurity. This research sheds light on issues associated with the "dark side" of digitization in the Global South. We examine the hollowness in the Global South’s digitization initiatives that is associated with a poor cybersecurity. The ra ticle also advances our understanding of how institutional and structural characteristics of the Global South influence cybersecurity. Keywords cyber-control, cybercrime, cybersecurity, development, hollowness, institutional bottlenecks, “slow- moving” and “fast moving” institutions, Global South Nir Kshetri is Professor at The nivU ersity of North Carolina-Greensboro.
    [Show full text]
  • Freedom of Expression, Association, and Religion; Government Surveillance and Censoring of Internet Communications Is Far Reaching
    January 2010 country summary China In 2009 the Chinese government continued to impose restrictions put in place for the 2008 Olympics, fearing unrest around a series of “sensitive” anniversaries including the 20th anniversary of the Tiananmen massacre and the 60th anniversary of the founding of the People’s Republic of China. Officials obstructed civil society organizations, including groups and individuals working with victims of the May 2008 Sichuan earthquake, broadened controls on Uighurs and Tibetans, and tightened restrictions on lawyers and human rights defenders. The Chinese Communist Party continues its monopoly on political power and, despite legal system reforms, requires judicial institutions to toe the party line. Citizens face significant limits on freedom of expression, association, and religion; government surveillance and censoring of internet communications is far reaching. While China’s international profile and economic clout continue to grow, it is also drawing increasing international scrutiny for a foreign policy that fails to prioritize civil and political rights. Freedom of Expression China’s journalists, bloggers, and estimated 338 million Internet users are subject to the arbitrary dictates of state censors. Proponents of freedom of expression in China scored a rare victory on June 30, 2009, when the Chinese government indefinitely delayed a plan to compel computer manufacturers to pre-install the Internet filtering software Green Dam Youth Escort on all personal computers sold in China. That decision followed weeks of scathing criticism from some of China’s more than 300 million netizens, unprecedented opposition by foreign computer manufacturers and international business associations, and a threat from both the United States trade representative and secretary of commerce that Green Dam might prompt a World Trade Organization challenge.
    [Show full text]
  • The Big List of Anti CENSORSHIP SITES and SOFTWARE
    The Big List of Anti-Censorship/Anonymous Web Browsing Software First off, why might you need to surf the web anonymously or through a proxy? There are several reasons: • You live in a country that censors the web . Moreover, you might get arrested if you try to access the wrong site. • You live in the wrong country. Websites censor or block content based on where they think you live based on your IP address. A mundane example is content restricted to the US like full streaming episodes of TV shows . • You don't want your web traffic to be tied to you. You don't websites keeping track of what you read or search for. As several online privacy debacles have shown, major sites and search engines are remarkably careless with their users' privacy. • Your ISP decides to act as moral guardian and blocks access to sites it deems immoral. For these reasons and more, I've compiled a list of free resources below that you can use to bypass or defeat censorship and protect your privacy . The list will be continually updated. Software Email SYMPA : Send anonymous email with this application Web Browsing Psiphon : Anonymous browsing based on networks of trust . Users need a username and password to logon to a unique web address before being allowed to use the proxy. Psiphon users don't need to install software , but users who want to run a psiphonode do. Tor : This well-regarded application, recommended for use in conjunction with Firefox, routes your traffic through several other computers to increase your online safety and privacy.
    [Show full text]
  • The Regulatory Framework Concerning Online Protection of Minors in China
    THE REGULATORY FRAMEWORK CONCERNING ONLINE PROTECTION OF MINORS IN CHINA Perspectives from the Green Dam Case University of Oslo Faculty of Law Candidate number: 8009 Supervisor: Lee A. Bygrave Deadline for submission: 02/01/2011(month/date/year): Number of words: 17,339 (max. 18.000) 31.01.2011 Content 1 INTRODUCTION 1 1.1 Background 1 1.2 Resources 6 2 REGULATORY FRAMEWORK CONCERNING INTERNET CONTENT IN CHINA TODAY 8 2.1 Regulatory Authorities (Governments) 8 2.2 Private Sector (Industry) 14 2.3 Civil Society 16 2.4 Specific Bodies on Online Protection of Minors in China 17 3 CONCERNS ABOUT CHINA’S REGULATORY SCHEME OF INTERNET CONTENT IN LIGHT OF GREEN DAM CASE 20 3.1 Overview of Green Dam Case 20 3.1.1 Context 20 3.1.2 Contentions 22 3.1.3 Ending 26 3.2 Relevant Concerns Raised in Green Dam Case 27 3.2.1 Tension in China is different from the Western assumption 27 3.2.2 Coordination between government and industry is deficient 28 3.2.3 Interaction between government and civil society is poor 30 4 EUROPEAN REGULATORY FRAMEWORK FOR ONLINE PROTECTION OF MINORS 32 I 4.1 Rationale 32 4.2 Approaches at the EU Level 33 4.2.1 Restricted Internet Content to minors in the EU 33 4.2.2 Regulatory Mechanisms 35 4.3 Case Study of EU Member States: Practice in UK 39 4.3.1 UK Legislation on Online Protection of Children 39 4.3.2 UK Regulatory Bodies 41 4.4 Inspirations of European Regulatory Scheme for China 42 5 ALTERNATIVES FOR CHINA CONCERNING ONLINE PROTECTION OF MINORS 44 5.1 Role-switch of Chinese Regulatory Authorities 44 5.2 Promoting Coordination between Government and Private Sector 47 5.3 Facilitating Dialogues between Government and Civil society 50 5.4 Other Possible Propositions 53 6 CONCLUSION 54 REFERENCES 57 II 1 Introduction 1.1 Background The emergence of the internet has dramatically and profoundly influenced the world.
    [Show full text]
  • Security Hazards When Law Is Code
    Security Hazards when Law is Code by Eric Wustrow A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science and Engineering) in the University of Michigan 2016 Doctoral Committee: Associate Professor J. Alex Halderman, Chair Research Professor Peter Honeyman Associate Professor Z. Morley Mao Professor Paul Resnick ACKNOWLEDGEMENTS I would not have been able to complete this dissertation or the work contained herein without the immense support I have been lucky enough to receive from my friends, colleagues, and family. I want to express my gratitude to my advisor J. Alex Halderman for his unending inspiration, patient guidence, and comradery throughout my graduate studies. Alex has been an outstanding mentor and friend, and I have learned a great deal from him. I would like to thank the people closest to me over the years: Mary Lin, Jenn Roloff, Jess Ouyang, Meghan Clark, and Courtney Poles for their helping me through the most difficult parts, as well as Dana Wilson for giving me the best advice I didn’t know I needed. I also thank my many labmates for keeping me company: Scott Wolchok, James Kasten, Zakir Durumeric, David Adrian, Drew Springall, Travis Finkenauer, Ben Burgess (thanks for not social engineering me out of anything important), Colleen Swanson, Allison McDonald, Ariana Mirian, Benjamin VanderSloot, and Matt Bernhard. I’d like to thank David Devecsery for distracting me with rock climbing, and for the many research discussions we have had. I also thank my thesis committee members Peter Honeyman, Z. Morley Mao, and Paul Resnick for their detailed feedback on my dissertation, as well as Blake Reid for his discussions on computable policy and law.
    [Show full text]
  • Testimony to the U.S.-China Economic and Security Review Commission Robert Guerra, Project Director for Internet Freedom, Freedom House September 10, 2009
    “China’s Media and Information Controls—The Impact in China and the United States” Testimony to the U.S.-China Economic and Security Review Commission Robert Guerra, Project Director for Internet Freedom, Freedom House September 10, 2009 Chairman Bartholomew and members of the Commission, thank you for the opportunity to speak to you today about the status of China’s information control activities and the implications for U.S.-China relations. The internet has become an important tool globally for the exchange of information and ideas, yet internet surveillance and censorship greatly limit its impact and hinder the development of accountable and democratic politics. China is home to the largest number of internet users globally, with more than with 338 million as of June 2009.1 As in many other repressive countries, the internet provides a space for discussion in China that is more open than other more traditional forms of media. Indeed, the sheer number of bloggers and online discussion forums suggests that the internet is offering Chinese citizens an unprecedented opportunity to exchange information and express ideas. Nevertheless, the Chinese apparatus for censoring, monitoring, and controlling the internet is one of the most advanced in the world. The Commission’s hearing is important and timely given recent developments in China pertaining to the internet, including the government’s attempt to mandate the installation of filtering software on all personal computers, as well as the recent arrest of several bloggers amid a larger crackdown on human rights defenders. The Chinese government also exerts pressure on U.S. and other Western companies to obtain sensitive technology and information, which is then used to track internet users and limit free expression.
    [Show full text]
  • Session 4.Qxd
    East-West Center/US Asia Pacific Council 7th Annual Washington Conference U.S.-Asia Pacific Relations: Transitions In a New Era May 6, 2010 “Democracy, Activism, and Information Flows” Moderator: to not only find the news Dr. Kenneth Lieberthal, Director, John L. Thornton and make sure that I cov- China Center, The Brookings Institution ered it in an objective Speakers: way, but also protect the Ms. Audra Ang, International Nieman Fellow, safety of the people I Harvard University and Correspondent, The Associated interviewed. Press (China) So what I’m going to Dr. James Lewis, Director and Senior Fellow, do is give you a simple Technology and Public Policy Program, Center for overview of the Internet Strategic and International Studies in China, how the govern- Dr. Irene S. Wu, Director of Research, International ment censors things, and Bureau, Federal Communications Commission how citizens are reacting. Ms. Audra Ang, International Nieman This information is Fellow, Harvard University, and LIEBERTHAL: This panel takes up a subject that is compiled from research Correspondent, The Associated Press of rapidly growing importance. That is the digital trans- done by people far more (China) mission of information, which affects everything from the knowledgeable about the nature of political organization to human rights, personal subject that I am. privacy, commercial security, and national security. [Audra Ang’s Power Point presentation is available at I am delighted this afternoon to have a panel that will http://www.eastwestcenter.org/fileadmin/resources/wash- explore substantial chunks of that broad continuum. Our ington/usapc/uap_panel.ppt] first speaker is Audra Ang.
    [Show full text]