BEIJING — Filtering software that the government has mandated for all new computers in China is so technically flawed that outsiders can easily infiltrate a user’s machine to monitor Internet activity, steal personal data or plant destructive viruses, experts who have studied the program say.
“It contains serious vulnerabilities, which is especially worrisome given how widely the software will be adopted,” said J. Alex Halderman, a computer science professor at the University of Michigan who examined the program. “What we found was only the tip of the iceberg.”
Known as Green Dam-Youth Escort, the software must be preinstalled on all personal computers sold in China by July 1. The government has said it will pay for the software for at least a year as part of its campaign against “unhealthy and vulgar” material on the Internet.
Foreign computer makers, which learned of the directive just three weeks ago, have been asking Chinese officials to reconsider the rules, which were formulated without their consultation. They say there are too many unanswered questions about the software, including whether it has the potential to damage operating systems.
Human rights advocates and the ranks of China’s Internet users have been especially critical, saying Green Dam, promoted by the government as a tool allowing users to protect themselves or their children against pornography on the Web, is really a thinly concealed attempt by the government to expand censorship.
“Their goal is to limit the access of information, not just pornography,” said Li Fangping, a rights lawyer in Beijing who is challenging the government directive. “I feel like as a citizen, my right to know has been violated.”
Software engineers who have examined Green Dam in recent days say it is designed to do more than filter out adult content. Deep inside the program, they say, are data files with the sorts of search terms and key words the authorities use to block certain topics, including Falun Gong, the banned spiritual movement, and the 1989 crackdown on pro-democracy protesters in Tiananmen Square.
“To us, it shows that the government fears it is losing control over the flood of information on the Internet,” said Isaac Mao, a fellow at Harvard University’s Berkman Center for Internet and Society, who has studied Green Dam’s coding.
Gay and lesbian rights advocates in China say they are worried because the software appears to block all manner of Web sites that discuss homosexuality. If widely installed, they say, it has the potential to restrict access to social networking sites, going-out guides and sites that provide information about H.I.V. and AIDS. “It really is far more intrusive than is necessary,” said Zhou Dan, a lawyer and gay rights advocate who has petitioned the government to reconsider the directive.
Bryan Zhang, the general manager of Jinhui Computer System Engineering, which helped design the software, has insisted that Green Dam is devised simply to weed out pornographic images and text. “All these criticisms are not accurate,” he said this week in an interview. By Friday, however, he declined to answer more questions about Green Dam, saying he was exhausted from the news media’s attention.
The anger among Chinese Web users has been mounting since the new rules became public on Monday. Some bloggers have taken to calling Green Dam “filter tyrant” or “green damn.” Others have ridiculed its failure to stop some sexually explicit imagery while blocking pictures of cuddly farm animals or the cartoon character Garfield.
Even China Daily, China’s official English-language daily newspaper, published an editorial on Thursday suggesting that the directive was misguided. “Who is supposed to decide what is pornographic, violent or undesirable and deserves to be blocked?” it asked, adding, “How is citizens’ freedom of expression or right to know to be balanced against the need to filter ‘unhealthy content’?”
By the end of the week, the government decided to push back. On Friday, a document found its way on to the Internet that purported to be from the country’s head propaganda office. Although impossible to verify, the memorandum directed media outlets to counter the negative commentary. “Do not publish speech that is critical of or casts doubts upon the measure,” it read. “At the same time, would the media please increase management of their Web sites and block and delete comments that use the occasion for aggressive speech.”
In the end, opponents of Green Dam hope that its technical troubles will delay efforts to put it in place or that they will doom it altogether. According to Mr. Halderman, the University of Michigan professor, the program is so poorly designed that it is almost laughable.
He said that in just a few hours, he and his students had infiltrated a Green Dam-loaded computer and forced it to crash. With little effort, he explained, any decent hacker could take over the user’s computer to mine personal data or harness it to other infected machines in a malevolent network known as a botnet.
“Whoever designed this program wasn’t very good,” he said. “And clearly the government never did its due diligence.”
David Barboza contributed reporting, and Chen Yang and Xiyun Yang contributed research.