Doubts On Yahoo's Human Rights Code of Conduct

Ian Lamont writes "The US Senate has been pushing American technology companies to work with rights groups to develop a human rights code of conduct, which would help to guide their overseas activities. Yahoo now claims that it has established the 'core components' of a global code of conduct, and a more complete version will be ready this fall. However, the Industry Standard notes that there's a fundamental flaw with such efforts: US law is not world law. Following the local laws is a requirement of doing business in any country, and conflicts between corporate ethics and the law of the land in which these corporations do business are inevitable. The US Senate's push for such a code was prompted by a number of incidents, including Yahoo's complicity in the arrest of Chinese dissidents and a Chinese journalist."

Re:Silver Lining

[Hal_Porter]

In the end, I suspect this will mostly be hot air. As long as their are profits to be made in China, US companies will be there regardless of how they have to "bend" their values to operate.

Actually if the US embargoed China US companies would not do business. And a sort of 'embargo lite' like making it illegal for companies to shop dissidents and thus comply with Chinese law will hopefully make them do use Taiwan companies as a proxy. Which is a good thing - the money goes to a small democracy, rather than a large dictatorship which in the long run will be a potent competitor to the US.

And I mean competitor in the sense of Japan in WWII, not Japan now. It's short sighted to give crypto fascist dictatorships enough money and industrial capacity to challenge you.

Google/Gmail also compromised in China?

[Anonymous Bullard]

A few days ago I came across a story about one Taiwanese-born american's recent trip to Chinese-occupied Tibet [phayul.com] (using her Taiwanese passport, meaning no consular protection).

"It was scary because they (at the American embassy in Chengdu) warned me if I was low profile now, I will be high-profile, and I will be followed once I enter Tibetan regions. They told me to watch out for guys who look too comfortable smoking a cigarette. They told me to not trust anyone. They advised me to memorize the angle of my computer and cell phone when I leave my hotel room, so I can tell if they've been moved when I return. They said to be especially careful with my camera. The tech specialist at the Embassy said that she strongly suspects that Chinese intelligence has some kind of deal with Google because gmail appears not to be safe in China. They said, 'It's safe to assume that everything you do is being watched.'"

She later quotes a couple of totally weird "Gmail notifications" (written in broken english), purportedly coming from "The Gmail team".

It'd be interesting to see the full email headers, but there seems to be increasing evidence that despite Google has publically resisted the Chinese Communist Party's demands of cooperation (unlike Microsoft and Yahoo who both collaborated) the CCP regime is indeed able to intercept Gmail traffic.

Under CCP's rule, all personal encryption to which the CCP doesn't have keys has been declared illegal. This presumably includes the easily available HTTPS encryption used in browsers and which Google also uses for Gmail.

Whether the CCP has struck a deal with Google (or someone inside Google), they can read HTTPS traffic or it is simply a case of CCP keyloggers in all internet cafes, the issue should be thoroughly studied and the public be warned accordingly, if necessary. Especially when in China, and in particular in Tibet, the most innocuous messages can easily result in imprisonment, serious bodily harm or even death.

Some people will still be willing to take that risk in order get information out of China or Tibet, but all email users there should be prominently warned if there is any suspicion that the service may be compromised.

Re:Google/Gmail also compromised in China?

[Antique Geekmeister]

Of _course_ they can intercept Gmail traffic! Much of it is over HTTP, not HTTPS, and communicating among the mail servers it's SMTP. Unless you're encrypting end-to-end, expect your email to be trivially monitored. Even if it were encrypted, passwords are trivial to steal in most environments.

Given that Google's servers are deployed worldwide in various data centers and portable data centers, it would be relatively inexpensive to hire an unappreciated Google employee to plant fiber optic taps in various of their data centers, intercepting the traffic there. And the Chinese have doubtless themselves pulled the stunt that AT&T did for the NSA, permitting backbone Internet taps on their core routers.