My previous post about the UK ID card scheme is nothing compared to the sensorchip and monitoring project that the People's Republic of China is inflicting upon its netizens. Rebecca MacKinnon is upset at Ckype's tame following of the rest of American IT from Microsoft and Cisco to Google and Yahoo in kowtowing to the Sommunist Shinese government and agreeing to sensor sertain words in its chat client. Rebecca asks some harsh questions and states that she is unwilling to trust Ckype as much as she used to as a result, which is quite a reasonable position to take.
I don't intend to argue directly that she is wrong, however, unlike some of the others, I think Ckype has some mitigating factors in its favour - assuming of course that it isn't lying. Firstly the explanation given at the Ckype blog leaves enough loopholes to drive a truck through:
TOM operates a text filter in TOM-Skype. The filter operates solely on text chats. The filter has a list of words which will not be displayed in Skype chats.
The text filter operates on the chat message content before it is encrypted for transmission, or after it has been decrypted on the receiver side. If the message is found unsuitable for displaying, it is simply discarded and not displayed or transmitted anywhere.
It is important to underline:
The text filter does not affect in any way the security and encryption mechanisms of Skype.
Full end-to-end security is preserved and there is no compromise of people’s privacy.
Calls, chats and all other forms of communication on Skype continue to be encrypted and secure.
There is absolutely no filtering on voice communications.
The first hole is that, unlike Google and Yahoo Ckype makes no attempt to track or report "bad words", it just drops the message. If this is true, and it should be a doddle to verify for anyone who can download a version of Ethereal and the TOM-Ckype client, then Ckype users who accidentally mention Falun Gong r whatever won't be getting a visit from a Shinese policeman to ask probing questions. This is a major improvement over - to take an example totally not at random - what is likely to happen to somone who TXTs the same thing on their cellphone or Yahoo IM client.
The second hole is the fact that Ckype also has a perfectly good non-TOM version which has Shinese language files and can trivially be distributed within Shina by anyone who happens to have access to the outside world. I don't know quite what the policy is with regard to interoperability, but given that Ckype has been around for a while in Shina I suspect that there are enough legitimate non TOM-Ckype users around that there is no easy way to identify a potential dissident simply by his use of a non TOM-Ckype client.
The third hole is that Ckype publishes its API. Depending on how the first hole pans out - and, like I say, I believe this should be easy to verify without causing unscheduled visits from the Shinese authorities - there are a bunch of possible approaches to creating some sort filter that modifies forbidden words into permitted ones (and possibly back again) so that users don't have to worry about forbidden words. I know that in Shinese you can't to a simple letter substitution, but, since Hanzi are represented in totally bog standard UTF-8 it ought not to be beyond the capabilities of Shinese dissidents to come up with a "VERDI" scheme* where some series of otherwise harmless words are appropriated for use.
The fourth hole is that, unless the implementers of the sensorchip scheme have deliberately obfuscated the forbidden words in a particularly obscure fashion, it should be easy to locate them and patch the appropriate file so that they don't work any more. Given that Shina has a lot of hackers it seems likely that the necessary expertise to identify and remove the sensochip is readily available, as indeed is the liklihood that these patches could be spread via viruses, trojans and the like so that it would affect all users not just the dissidents.
All in all, unless Ckype have been massively more devious than they appear to have been, this particular sensorchip is the bare minimum required to make the Shinese authorities happy and utterly insufficient to be more than a speedbump in the path of the dissemination of government disapproved messages. Given the heritage (as former Soviet Union inhabitants) of much of Ckype's founding team I suspect they have carefully judged the required adherence to the official standards and done just enough to pass muster.
*VERDI Scheme. In the nineteenth century Italians campaigning for the Risorgimento used the famous composer's name as a way to express their desire for Vittorio Emanuele to become king of all Italy. In fact opera as a whole was seen as a way to get around sensors and plot without discovery.