Danny O’brien | EFF
The maintainer of GoAgent, one of China’s more popular censorship circumvention tools emptied out the project’s main source code repositories on Tuesday. Phus Lu, the developer, renamed the repository’s description to “Everything that has a beginning has an end”. Phus Lu’s Twitter account’s historywas also deleted, except for a single tweet that linked to a Chinese translation of Alexander Solzhenitsyn’s “Live Not By Lies”. That essay was originally published in 1974 on the day of the Russian dissident’s arrest for treason.
We can guess what caused Phus Lu to erase over four years’ work on an extremely popular program from the brief comments of another Chinese anti-censorship programmer, Clowwindy. Clowwindy was the chief developer of ShadowSocks, another tool that circumvented the Great Firewall of China by creating an encrypted tunnel between a simple server and a portable client. Clowwindy also deleted his or her Github repositories last week. In a comment on the now empty Github archive Clowwindy wrote in English:
Two days ago the police came to me and wanted me to stop working on this. Today they asked me to delete all the code from Github. I have no choice but to obey.
The author deleted that comment too shortly afterwards.
Github, the host for both repositories, reported a DDoS attack on the days between these two incidents. While Github has not commented on the source of the current attack, the evidence strongly suggests that a previous DDoS against Github in March was conducted by the Chinese government to pressure the company to remove the repositories of two other anti-censorship programs.
The Chinese government’s control of the Internet passes through regular waves of enhanced repression, often tied to a significant political event or protest. Many commentators have connected a current wave of media and Internet crackdowns to a forthcoming military parade commemorating World War II in Beijing on September 3.
But even as a peak moment in a temporary spate of repression, the intimidation of GoAgent and ShadowSock’s creators represents a continuing escalation by the authorities against technologists.
Chinese law has long forbidden the selling of telecommunication services that bypass the Great Firewall of China, as well as the creation or distribution of “harmful information”. Until recently, however, the authorities have not targeted the authors of non-commercial circumvention software, nor its users. Human Rights in China, a Chinese rights advocacy and research organization, told EFF that, based on its preliminary review, VPNs and circumvention software is not specifically prohibited under Chinese law. While the state interferes with people’s ability to use such software, it has not outlawed the software itself.
In November, Phus Lu wrote a public declaration to clarify this point. In the statement, he stated that he has received no money to develop GoAgent, provided no circumvention service, nor asserted any political view.
Phus Lu’s caution at that time was prompted by the police questioning of another technologist, Xu Dong, a supporter of the Hong Kong opposition Umbrella Movement who was detained in the same month for “picking quarrels and creating disturbances”. According to the Washington-based blog China Change, Xu Dong, who goes by the nym Onionhacker online, had also been working on censorship circumvention code. During his detention he was told by the police that he had committed “crimes of developing software to help Chinese Internet users scale the Great Fire Wall of China.”
Even if it’s unclear what law Xu Dong had broken, if any, in November, the legal and political climate has grown even more aggressively anti-Internet since then. A new National Security Law came into effect on July 1 , which provides the authorities with a wide remit to oversee “internet information technology produces and services” that impact national security (Art. 59), as well as maintain “network sovereignty” (Art. 25). It seems that is already being interpreted to include the creators of circumvention software. A sweeping bill on cyber-security is also in the works.
The targeting of software developers by China is a new and worrying trend, but one that we’re seeing occur around the world. Authorities everywhere are realising that one way to sabotage free expression is to intimidate those who build the tools that enable that speech.
Technologists like Phus Lu, Clowwindy and Xu Dong are now facing the same political scrutiny and intimidation in authoritarian regimes as independent writers, publishers, poets or journalists did in Solzhenitsyn’s time. Code is speech: and using police intimidation to compel these creators to delete their code repositories is as serious a violation of human rights law as compelling a writer to burn his or her own books.
It’s also as ultimately futile: while the Chinese authorities have chosen to target and disrupt two centralised stores of code, thousand of forked copies of the same software exist—both on other accounts on Github and in private copies around the Net. ShadowSocks and GoAgent represent hours of creative work for their authors, but the principle behind them is reproducible by many other coders. The Great Firewall may be growing more sophisticated in detecting and blocking new circumvention systems, but even as it does so, so new code blossoms.
Meanwhile the intimidation of programmers remains a violation of the human rights of the coder—and a blow to the rights of everyone who relies on their creativity to exercise their own rights.