How China’s Huawei technology is being used to censor news halfway across the world
When a staffer at the independent media website Iwacu in the
central African state of Burundi tried to visit the outlet online in late
October, they received an error message instead. “Hum. Nous ne parvenons pas à
trouver ce site;” the site could not be found
– even though the local media regulator had promised to unblock it in
February.
A report published in August found Burundian networks using
technology from Chinese company Huawei to block Iwacu and other news sites. The
report was funded and published by PrivacyCo, the parent company of privacy
research and advice website Top10VPN.com. Co-authors Valentin Weber and Vasilis
Ververis, PhD candidates at the University of Oxford and Humboldt University of
Berlin respectively, told CPJ in a recent video call about their research
tracking Huawei equipment known as middleboxes to internet networks in 72
countries, 18 of which were using the devices to block news or other websites.
(Weber has since joined the German Council on Foreign Relations as a cyber
research fellow.)
In Cuba, the report found the sole state-controlled internet
service provider ETECSA using Huawei technology to block independent news
website Cubanet, among others; authorities in Cuba have subjected Cubanet and
its journalists to frequent restrictions. Readers can bypass blocks using
virtual private networks (VPN), but many news outlets must shift their work to
other sites or social media. In Egypt, a number of outlets have gone out of
business after being blocked.
Middlebox devices can examine the packets of data that
facilitate browsing and communication using a process called deep packet
inspection. DPI has benign, even essential functions, like making connections
faster or caching content for future access, but it can also be used to
manipulate or filter information, the authors said. In the wrong hands, a
middlebox could divert visitors to a rogue website designed to steal passwords
or install malware, for example.
Such intrusions are hard to detect, but the 18 countries in
the report acknowledge blocking – notifying users via their browsers that the
content they are trying to access is restricted – making censorship a starting
point for researchers to assess whether countries are using middleboxes to
undermine human rights, according to Weber and Ververis.
Glenn Schloss and Rob Manfredo of Huawei’s U.S. corporate
communications team acknowledged CPJ’s request for an interview when the report
was initially published, but did not subsequently respond to emailed
questions.
The interview with Weber and Ververis has been edited for
length and clarity.
You describe Huawei’s middleboxes performing “online
behavior management” – where does that term come from?
Weber: It comes from Huawei marketing material relating to a
specific middlebox, the ASG5000 series. We found it in a Chinese language
source, so it’s our translation, but I think it matches the capabilities well –
it can detect traffic and act on it, managing the behavior of [internet] users
in various contexts and venues.
Why are you concerned about the security implications of
middleboxes on national networks?
Weber: Important traffic is flowing through these devices
but the policies [for the data Huawei receives from them] sometimes weren’t
clear – what happens to the data, or whether it can be transferred further. For
different continents or territories, we found a database location – in Mexico
for Latin America for example – but you wouldn’t know what happens once the
data is transferred there.
Ververis: An analogy for a consumer would be a cleaning
robot that sends data to the vendor about the dimensions of your house.
Hopefully it’s in good faith, but I would not be surprised if that data was
being sold or analyzed [for other purposes].
Should individuals on a network be concerned that a
middlebox could access private information, or passwords, for example?
Ververis: Usually you should not be worried when you’re
visiting websites, especially websites that use some kind of encryption or
secure layer [like HTTPS, which prevents others from reading or intercepting
information exchanged between a reader and the websites that they visit]. We
all know that you shouldn’t connect to open WiFi, [but instead] use a VPN or
Tor [on untrusted networks], and [log in to accounts with] two-factor
authentication.
But it’s difficult to protect against a strong adversary.
Let’s say you’re a journalist on a network that you don’t trust. The network
can gain a lot of information from your connectivity, and middleboxes can [be
used to facilitate a cyberattack].
How did you detect that these middleboxes were being used to
block websites?
Ververis: We use open data from the Open Observatory of
Network Interference, which collects network measurements from volunteers all
over the world. When you’re sending and receiving a request from a web server
you get back some metadata, and we were able to find the specific Huawei tag
added to these responses. That might reveal the device, the model, sometimes
the version. The middlebox we found had already been found in 2017 OONI
research on Cuba.
It’s only possible to do this research if the data is
provided openly, the way OONI does. Other entities like Cloudflare and Google,
or the transparency reports from social media companies, don’t help researchers
and journalists find out what’s going on.
You found 18 countries blocking content with middleboxes, up
from seven in an earlier study you did in 2019. What does that suggest?
Ververis: We have more data from OONI now than before, but
censorship has [also] been increasing. It’s actually quite surprising that [so
many countries] use the same device, so there may be more to unpack there –
whether it’s cheap, or easy to deploy, we don’t know.
Is Huawei providing maintenance on these devices or
facilitating how they are used?
Ververis: In general, infrastructure [used by internet
service providers] should be maintained by the vendor. You usually pay for a
license to keep using it [for a specified period].
Weber: The devices report back to the vendor, sending error
notices and other information, so the manufacturer might be incentivized to act
on that, for example to provide software updates. We also expect that Huawei is
likely to provide keyword lists or broad categories for blocking to the
customers.
Your report found websites in the news and media category
were among those most subject to blocking – what do you take that to mean?
Ververis: News and political advocacy were among the higher
categories, though in some countries we have much more data than in others.
There are [also] other [blocking] methodologies. In Cuba, they still use the
Huawei middlebox, but they’re also deploying something else. Either it doesn’t
have a tag or it’s the same equipment that’s been changed, or, most probably,
other devices.
The research is not conclusive, but our goal was to raise
awareness. If one vendor and one device can do so much damage, what happens
with the other dozens or even hundreds that are also out there?
Weber: We uncovered the tip of the iceberg. If there has
been some political censorship in a country, even if it’s just a few websites,
we can expect there to be more.
Would you argue Huawei is more likely to facilitate
censorship because of its origins in China, one of the most censored countries
in the world?
Weber: Like all other companies, Huawei is profit driven,
which means they will sell anywhere they can make money. We’ve seen that Blue
Coat Systems, a company based in the U.S., was selling to regimes that were
questionable. There are very few international regulations that would inhibit
any of these companies [from] selling wherever there is an opportunity.
[Editor’s note: Researchers at the University of Toronto’s
Citizen Lab have reported products sold by Blue Coat Systems being used to
censor and surveil internet traffic around the world in the past, including in Syria in 2011, despite a U.S.
trade embargo. The company – which has since been acquired and restructured,
according to Forbes – told the Wall Street Journal that the technology had been
transferred without its knowledge.]
What is a company’s responsibility if it supplies a
middlebox to a customer that uses it to censor news under local law?
Weber: There are best practices to engage customers abroad
and do risk assessments. I haven’t seen much evidence that Huawei does this.
If you’re a manufacturer selling to law enforcement or
government entities, you have to assess their human rights record. It’s too
easy to say, “We don’t know how it’s going to be used.” We were able to find
questionable use of the technology, a multi-million or multi-billion-dollar
company should be able to as well.
Comments
Post a Comment