I’m going to digress into Internet Geek land for this post, apologies to those who aren’t interested, but I do have some friends that I think will be keen to read about my experiences, and I tried to keep it pretty non-technical, so it may appeal to others as well.
As you’re no doubt aware, PRC has a love-hate relationship with the Internet. They want to embrace the technology and the connectedness it represents, but they view it as a threat because it is a means for people to undermine the sovereignty of the State by exposing its citizens to “propaganda” in the form of ideas that run counter to the official State view of the world. Access to many things that the censors deem unacceptable is blocked via the “Great FireWall of China” which is in the path of nearly all Internet traffic entering or leaving the country. Things that are blocked include most social media sites, sites considered to be injurious or dissident to the Chinese government (see also my experience when researching Tian’anmen Square on Wikipedia), obscenity, etc. Further, traffic is usually logged and sniffed, so that they know who is trying to reach things that they ought not be looking at. In the past, I had heard that common VPN tunneling techniques were blocked, because this encrypted and therefore obfuscated the traffic, allowing the end user to bypass these controls. However, until the conference started, I’ve been using the hotel network, which allows VPN, so I can connect back via my company’s network in the US and use the Internet as if I was sitting in my office. Obviously, latency to go from Beijing to Kansas and back out to my destination is high but manageable. Probably won’t be streaming any Netflix, but VoIP works passably – called home via my company's MS Unified Communications and only noticed the occasional artifact. Now, I’m not sure if they started allowing VPN in the more international tourist-friendly hotels because it was becoming so commonplace for international travelers to need to use a VPN to reach things at work, or if they simply don’t care anymore because they have devices capable of breaking the crypto. I’d like to hope that it’s the former, because the latter gives me the heebie-jeebies. I’m still changing passwords on the sites I accessed while I’m here when I get back, just to be on the safe side.
Along those same lines, IETF has had to do things a bit differently in the way that they set up their networks for the conference. In most locations, the IETF brings in dedicated access, sets up open wireless in all of the common areas, and often takes over the conference hotel’s in-room connectivity, because well, you can’t have 1000+ Internet geeks descend on your average hotel with its average assumptions about how much bandwidth is enough and have it end in anything but tears. Our average usage is somewhere north of 50mbps now. They’ve been making a secured (WPA2) network available for those who don’t use a VPN and would like to not have their wireless in the clear, but it’s not used as extensively as the open AP. This time, there is not exactly an open network. There is a network that you can connect to without authentication, but it redirects you to an authentication page where you have to enter your credentials from the conference to gain access, sort of like when you have to sign into a paywall on a non-free wireless network. There is also an 802.1x authenticated network in both the hotel rooms and the conference area. This is because one of IETF’s requirements is that their network be allowed unfettered access to the internet – i.e. no firewalls allowed. I’m not convinced that this translates to no sniffing or logging, but there’s at least no blocked content. Therefore, the Chinese government is requiring IETF to limit access to attendees only. While there are a lot of Chinese nationals attending the conference (over 1/3 of the attendees), I guess that the assumption is that they would have the same level of access if this was being held elsewhere, and therefore there is no additional risk. Plus, I remember seeing news items that the Chinese government was requiring its citizens to run filtering software locally on their computers, so perhaps they’re simply controlling it that way.
Additionally, the conference is having to be much more strict than usual in controlling access to the meeting itself. Normally, people don’t much care if you aren’t always wearing your badge, especially if you are well-known as a regular attendee at IETF meetings – you won’t be challenged as to your registration when you walk into a meeting. Here, there are hotel staffers posted at the entrances to the conference areas that are checking badges to ensure that only registered attendees may enter. I’m thinking that this may have had something to do with an early contract scuffle that the IETF had with the conference hotel.
Originally, the hotel had a line in the contract saying something to the effect of, “if any attendee says anything prohibited by law, we reserve the right to terminate the contract and kick you out.” IETF obviously balked at this, and did a survey of its members to find out if they would attend a meeting held in China with that condition. The overwhelming response was no, because IETF is very much a meeting where open discussion is important, and that would have a serious chilling effect on the tone of the meeting. This gave them the leverage that they needed to tell the hotel in no uncertain terms that they could either have that line in the contract and have no conference, or they could remove that from the contract. Since the proceedings of the meetings are very much on the record (posted on the internet), I can see why they would want to ensure that no one outside of the conference be given open access.
Memo to all of the people who are quick to accuse members of our government of being socialists, fascists, or Nazis simply because they support an agenda you disagree with: Go to visit an actual socialist country with a truly repressive regime for a little while, and stop taking your freedom to complain about the government for granted, especially when you use that freedom to say things that are chosen for their hyperbolic impact without much thought to their veracity or their ability to advance rational debate on the matter.
As it is, part of me wonders if this blog won’t eventually lead to me showing up on some dissident watch list and being denied a visa renewal should I ever want to return to China.