Green Dam Deadline Remains Unchanged Despite U.S. Objections

The Chinese government appears to have reaffirmed its requirement that all PCs sold in the country from July onward include Web-filtering software known as Green Dam.

An unidentified official from China's Ministry of Industry and Information Technology (MIIT) said that the government has not changed its position on Green Dam, according to a report in the English-language China Daily.

This directly contradicts separate reports last week from China Daily and The Associated Press, both of which cited an unnamed MIIT official who said the Green Dam software would not be compulsory.

Dean Garfield, president of the Information Technology Industry Council, a trade group that represents PC makers like Dell and Hewlett-Packard, said he couldn't offer any clarification about the specifics of the mandate, such as whether Green Dam must be installed on computers or whether the presence of a separate installation disc in the PC's packing box is sufficient.

"The situation is still dynamic," he said. "We're working with the U.S. government to reach a reasonable resolution and we continue to urge the Chinese government to reconsider."

On Monday, a U.S. State Department spokesman said that U.S. government officials had met with Chinese government representatives to object to the Green Dam mandate.

"We are concerned about Green Dam in terms of its potential impact on trade, the free flow of information, and the serious technical issues raised by the software," he said during a press briefing. "We believe there are other commercially available software programs which provide users with a wide range of choices for shielding minors from illicit or inappropriate internet contact -- content, which is the ostensible rationale for this. We’ve also asked the Chinese to engage in a dialogue on how to address these concerns." The Green Dam mandate has drawn broad criticism both inside and outside of China since it was first made public earlier this month. Chinese authorities claim that Green Dam is necessary to limit young people's exposure to "harmful information," but University of Michigan computer scientists have identified significant vulnerabilities in the software that could lead to the installation of harmful information in the form of malware.

Although the makers of Green Dam, Jinhui Computer System Engineering and Dazheng Human Language Technology, updated the software in response to these findings, the three computer scientists who analyzed the software, Scott Wolchok, Randy Yao, and J. Alex Halderman, maintain that vulnerabilities remain. "[E]ven after the recent fix, it is still possible for any Web site a Green Dam user visits to exploit other security problems to take control of the computer," they state in their analysis.

And such concern isn't merely academic: Proof-of-concept exploit code for hacking computers that run Green Dam has been available online for more than a week on Milw0rm.com and, as of Monday, on Wikileaks.

Further fueling the controversy, Solid Oak Software in the United States has said that Green Dam includes copyrighted code from its Web-filtering program, CyberSitter, and has warned computer makers of potential legal liability if they ship computers with the allegedly infringing software. The Green Dam update appears to have removed some, if not all, of the disputed files.

Chinese Internet users, led by noted artist Ai Weiwei, are planning an Internet boycott on July 1 to protest the government's plan.

InformationWeek Analytics has published an analysis of the current state of identity management. Download the report here (registration required).