(The Web site Wikileaks reportedly has a copy of the remote-capture code, but I can’t verify this. I’m currently in Sydney, Australia, and in a lovely bit of irony, the Wikileaks site is blocked by Australia’s national censor filters.)
Updates to the Green Dam software have failed to deal with these flaws; security reviewers have noted that many of the security holes come from bad programming practices (using deprecated code, not stopping buffer overruns, and the like), so the software likely contains even more security problems than the reviewers found after a few hours of testing.
If these flaws aren’t fixed quickly, China may well have crippled its own burgeoning digital economy, and certainly will have left itself open to overwhelming “cyber-attacks” from those opposed to the Chinese government. If Beijing requires the use of Green Dam in official computers, or those used by key infrastructure systems, the impact of this gaping security hole could be shocking.
This move by China’s government has all the trappings of a social auto-immune disorder.
Back in September 2007, I wrote about this metaphor for understanding unintended consequences over at Open the Future. We see, time and again, efforts undertaken to protect the social body from some kind of feared harm instead resulting in real damage to society. It struck me that there was a strong parallel to medical auto-immune disorders, where the body’s own immune system goes on the attack against the body itself. A minor but familiar example of a social auto-immune disorder is the “security theater” in airports, such as having to remove shoes, dump liquids, and the like. Security experts such as Bruce Schneier see such measures as having dubious value in actually preventing a terrorist attack, while having a measurable, and significant, economic cost.
The problem with social auto-immune disorders is that because they’re responses to perceived systemic threats, it can be very difficult for more thoughtful leadership to scale back the reaction. Any successful attack subsequent to the scaling back of an overreaction–no matter how unrelated to the attempted defense–would be seen as evidence that the initial overreaction was correct. The more thoughtful leadership would be vilified by political rivals, whether on the pages of national newspapers or in Party meetings. Thus, bad decisions, with clearly harmful results, can become institutionalized.
If the impact of the Green Dam censorware on China’s technological backbone is as bad as it could be, China may well have just given up any pretense at global leadership this century.