Green Dam Youth Escort

Green Dam Youth Escort (Chinese: 绿坝·花季护航; pinyin: Lǜbà·Huājì Hùháng) is content-control software for Windows developed in the People’s Republic of China (PRC). Originally under a directive from the Ministry of Industry and Information Technology (MIIT) to take effect on 1 July 2009, it was to be mandatory to have either the software pre-installed, or have the setup files on an accompanying compact disc, for all new personal computers sold in mainland China, including those imported from abroad. Subsequently, this was changed to be voluntary. End-users, however, are not under a mandate to run the software.

As of 30 June 2009, the mandatory pre-installation of the Green Dam software on new computers has been delayed to an undetermined date. However, Asian brands Sony, Acer, Asus, BenQ and Lenovo etc. are shipping the software as was originally ordered.

On 14 August 2009, Li Yizhong, minister of industry and information technology, announced that computer manufacturers and retailers were no longer obliged to ship the software with new computers for home or business use, but that schools, internet cafes and other public use computers would still be required to run the software.

Devoid of state funding since 2009, business behind the software is on the verge of collapsing by July 2010. According to Beijing Times, the project team under Beijing Dazhang, one of the two companies responsible for development and support of the software, have been disbanded with their office shut down; also in a difficult situation, the team under Zhengzhou Jinhui, the other company, are likely to suffer the same fate at any time. The 20 million users of the software will lose technical support and customer service should the project cease operation.

Designed to work with Microsoft Windows operating systems, the software was developed by Zhengzhou Jinhui Computer System Engineering Ltd. (郑州金惠计算机系统工程有限公司 – Jinhui) with input from Beijing Dazheng Human Language Technology Academy Ltd. (北京大正语言知识处理科技有限公司 -Dazheng). The software, commissioned by the Ministry of Industry and Information Technology through open tender worth 41.7 million yuan in May 2008, is at least officially aimed at restricting online pornography however, it may be used for electronic censorship and surveillance in addition to its stated purpose. Green Dam Youth Escort automatically downloads the latest updates of a list of prohibited sites from an online database, and also collects private user data. Bryan Zhang, the founder of Jinhui, said that users would not be permitted to see the list, but would have the option of unblocking sites and uninstalling the software. Additional search terms can also be blocked at the owner’s discretion.

A notice issued by the Ministry of Industry and Information Technology on 19 May stated that, as of 1 July 2009, manufacturers must ship machines to be sold in China with the software preloaded—either pre-installed or enclosed on a compact disc, and that manufacturers are required to report the number of machines shipped with the software to the government.

A separate notice on the ministry’s website required schools to install the software on every computer in their purview by the end of May. The ministry shortlisted products from two suppliers, Jinhui and Dazheng.

According to the directive, the aim is to „build a healthy and harmonious online environment that does not poison young people’s minds“. Qin Gang, spokesman for the foreign ministry, said the software would filter out pornography or violence: „The purpose of this is to effectively manage harmful material for the public and prevent it from being spread,“ adding that „[t]he Chinese government pushes forward the healthy development of the internet. But it lawfully manages the internet“.

In June 2009, state-run Chinese media announced that the installation of the Green Dam Youth Escort would not be compulsory but an optional package.

In 2008, under instructions from political leaders, the MIIT implemented a „community-oriented green open Internet filtering software project“ with the support of the Central Civilisation Office and the Ministry of Finance. Its aim was to build a „green, healthy network environment, to protect the healthy growth of young people“.

Trials commenced in Zhengzhou, Nanjing, Lanzhou, and Xi’an in October 2008 after the ministry negotiated with the software suppliers and 50 web portals to make the software publicly available without charge, and more than 2,000 installations took place. Trials rolled out to 10 more cities, including Chengdu, Shenyang, Harbin, and Qingdao. The ministry claimed that by December 2008, the software had been downloaded more than 100,000 times, and 3 million times since the end of March 2009. Five leading PC vendors in mainland China, Founder, Lenovo, Tongfang, Great Wall and HEDY, also participated in trial installations.

Professor Jonathan Zittrain, of Harvard’s Berkman Center said: „Once you’ve got government-mandated software installed on each machine, the software has the keys to the kingdom… While the justification may be pitched as protecting children and mostly concerning pornography, once the architecture is set up it can be used for broader purposes, such as the filtering of political ideas.“ Colin Maclay, another Harvard academic, said that Green Dam creates a log file of all of the pages that the user tries to access. „At the moment it’s unclear whether that is reported back, but it could be.“

In fact, the current software filter contains about 85% political keywords, and only 15% pornography-related keywords.

The computer industry advocacy organization, Computer and Communications Industry Association (CCIA), said the development was „very unfortunate“. Ed Black, CCIA president criticised the move as „clearly an escalation of attempts to limit access and the freedom of the internet, […with] economic and trade as well as cultural and social ramifications.“ Black said the Chinese were attempting to „not only control their own citizens‘ access to the internet but to force everybody into being complicit and participate in a level of censorship“.

The CCIA is reported to be taking up a test case for American tech companies wishing to present „a united front against censorship“ and it is calling on the Obama administration to intervene with Beijing over the requirement that manufacturers pre-install the software on all new computers.

On 8 June, Microsoft said that appropriate parental control tools are „an important societal consideration“. However, „[i]n this case, we agree with others in industry and around the world that important issues such as freedom of expression, privacy, system reliability and security need to be properly addressed.“

In an unusual move, an international group of business associations expressed their concern in a letter to Chinese Premier Wen Jiabao, urging the government to scrap the Green Dam directive. The letter was signed by the heads of 22 organisations representing international businesses, including the U.S. Chamber of Commerce, the European-American Business Council, the Information Technology Industry Council and other associations from North America, Europe, and Japan.

In moves which the San Francisco Chronicle suggested were politically motivated by the quest for closer ties, Taiwanese manufacturers Acer, Asus, BenQ announced they were already shipping products with Green Dam as originally ordered. They are joined by Sony and Lenovo.

Online polls conducted by leading Chinese web portals revealed poor acceptance of the software by netizens. On Sina and Netease, over 80% of poll participants said they would not consider or were not interested in using the software; on Tencent, over 70% of poll participants said it was unnecessary for new computers to be preloaded with filtering software; on Sohu, over 70% of poll participants said filtering software would not effectively prevent minors from browsing inappropriate websites. A poll conducted by the Southern Metropolis Daily showed similar results.

A report by the OpenNet Initiative project acknowledged the broad global support for measures to help parents limit exposure of their children to harmful online material and published a detailed report on the technical and political flaws of this software and its implications.

Internet citizens have created a manga-style Moe anthropomorphism named ‚Green Dam Girl‘ (simplified Chinese: 绿坝娘; traditional Chinese: 綠壩娘; pinyin: lǜbàniáng; Japanese: Green Dam Musume (グリーンダム娘 Gurīn Damu Tan?)), similar to the OS-tans. Many versions exist, but the common features are that she is dressed in green, wears a river crab hat, holding a rabbit (the Green Dam mascot) in hand, and armed with a paintbrush to wipe out online filth. She also commonly wears an armband with the word Discipline written on it.

On 11 June 2009, a team released a third-party tool aiming to provide users with options to disable the software, change the master password and perform post-uninstallation clean-up (i.e., removing files and registry entries left behind by the uninstaller).

A BBC News article reported that critics feared this new software could be used by the government to enhance the existing internet censorship system. Jinhui’s general manager, [Bryan] Zhang Chenmin, rejecting the accusation: „It’s a sheer commercial activity, having nothing to do with the government“ he said.

A Global Times article on 10 June replied to a media report viewing the software as spyware by quoting a number of officials; Liu Zhengrong, deputy chief of the Internet Affairs Bureau of the State Council Information Office said: „The software is designed to filter pornography on the Internet and that’s the only purpose of it“. Qin Gang said the internet had always been open in China and that it was the government’s will to prevent the spread of harmful information in accordance with the law. The report mentioned that the MIIT invested 41.7 million yuan ($6.1 million) in the software and is „the latest step taken by the government to clamp down on young people accessing porn and violent contents“. Zhang said: „Our software is simply not capable of spying on Internet users, it is only a filter“, and that the Wall Street Journal had „falsely claimed that our software can be used as spyware without having a clear understanding of the product“.

On 10 June, amidst massive criticism circling within the internet about the software and the MIIT’s directive, the Publicity Department of the Communist Party of China Central Committee, the agency responsible for censorship, issued an instruction attributed to „central leaders“ requiring the Chinese media to stop publishing questioning or critical opinions. Reports in defense of the official stand appeared subsequently, with a commentary by the state-run Xinhua news agency saying „support largely stems from end users, opposing opinions primarily come from a minority of media outlets and businesses“. The instruction also required online forums to block and remove „offensive speech evolved from the topic“ promptly.

In response to the „public concern, anger and protest“ triggered by the government edict, China Daily put forward the case for free choice, saying: „Respect for an individual’s right to choice is an important indicator of a free society, depriving them of which is gross transgression.“ On 15 June, an official of the Department of Software Service under the MIIT downplayed the compulsory aspect of the software: „The PC makers only need to save the setup files of the program on the hard drives of the computers, or provide CD-ROMs containing the program with their PC packages“ he said. Users will have the final say on whether or not to install the software, he continued, „so it is misleading to say the government compels PC users to use the software … The government’s role is limited to having the software developed and providing it free“.

Further critical articles appeared in both the state-run Peoples‘ Daily and the relatively liberal China Youth Daily, a paper run by the China Youth League of which Chinese President Hu Jintao was a member and current patron. This leads to the belief that support for the MIIT’s directive was divided within the Chinese government itself.

On the eve of the introduction of the mandatory pre-installation of the Green Dam software on new computers, it was postponed. The MIIT said it would „keep on soliciting opinions to perfect the pre-installation plan.“ Ministry sources confirmed that the software had been patched, and that the government procurement procedure of the software „had complied with China’s Government Procurement Law, which was open, fair, transparent, non-exclusive, […] under strict supervision“ and „in line with regulations of the World Trade Organization“

On meeting with officials of the MIIT and the ministry of commerce about Green Dam, American diplomats in China issued a statement:

The U.S. is concerned about actions that seek to restrict access to the Internet as well as restrictions on the internationally recognized right to freedom of expression. The U.S. Government is concerned about Green Dam both in terms of its potential impact on trade and the serious technical issues raised by use of the software,“ it said. „We have asked the Chinese to engage in a dialogue on how to address these concerns.

Jinhui claimed that Green Dam recognizes pornographic images by analyzing skin-coloured regions, complemented by human face recognition. However, according to a Southern Weekly article, the software is incapable of recognizing pictures of nudity featuring black- or red-skinned characters but sensitive enough to images with large patches of yellow that it censors promotional images of the film Garfield: A Tail of Two Kitties. The article also cited an expert saying that the software’s misrecognition of „inappropriate contents“ in applications including Microsoft Word can lead it to forcefully close those applications without notifying the user, and so cause data losses. On 21 June 2009, Ming Pao reported that the software detected and censored pictures of Chinese political leaders as pornography.

On 11 June 2009, a BBC News article reported that potential faults in the software could lead to a large-scale disaster. The report included comments by Isaac Mao, who said that there were „a series of software flaws“, including the unencrypted communications between the software and the company’s servers, which could allow hackers access to people’s private data or place malicious script on machines on the network to „affect [a] large scale disaster“. The software runs only on Microsoft Windows x86, so Microsoft Windows x86-64, Mac OS X, Linux and users of other operating systems are ignored. Even on Microsoft Windows, the software is known to interfere with Internet Explorer and Google Chrome, and is incompatible with Mozilla Firefox.

Also on 11 June 2009, a Netease article reported that the master password of the software can be easily cracked. The software stores the MD5 checksum of the password in a text file disguised as a DLL (C:\Windows\System32\kwpwf.dll), thus the password can be arbitrarily set by changing the contents of the file. This was ridiculed by some netizens as the software being crackable by „elementary school students“.

Researchers from University of Michigan found the uninstaller „appears to effectively remove Green Dam from the computer,“ whereas some sources state that part of the software (e.g. executables loaded on startup) cannot be removed by its own uninstaller, but that most of it (per either blogs or media reports) was removed according to the PRC government’s request.

On 11 June 2009, Scott Wolchok, Randy Yao, and J. Alex Halderman from the University of Michigan published an analysis of Green Dam Youth Escort. They located various security vulnerabilities that can allow „malicious sites to steal private data, send spam, or enlist the computer in a botnet“ and „the software makers or others to install malicious code during the update process“. They recommended that users uninstall the software immediately for protection. Jinhui’s general manager, [Bryan] Zhang Chenmin attacked the Wolchok et al. report as irresponsible action and breach of his company’s copyright, and said that Jinhui had been ordered to patch the weaknesses.

Wolchok et al. indicated the existence of buffer overflow vulnerabilities which they ascribed to programming errors. Buffer overflow may occur when the software performs URL filtering or updates its blacklist filter files due to the use of fixed-length buffers, and can corrupt the execution stack and potentially allow execution of malicious code. Furthermore, the feature of automatic filter update opens door to the computer being remotely controlled by the software’s makers and possibly third parties who manage to impersonate the update server because the updates are delivered via unencrypted HTTP.

The report included an example page that exploits the buffer overflow vulnerability to crash the software. On 12 June 2009, an exploit that takes advantage of the same defect to practically deploy shellcode was published on the website The author of the exploit claimed that the exploit is able to bypass the DEP and ASLR protection mechanisms on Windows Vista.

In addition to security vulnerabilities, Wolchok, Yao and Halderman also found that a number of blacklist files used by Green Dam Youth Escort were taken from the censorship program CyberSitter, from Solid Oak Software Inc. The decrypted configuration file references blacklists with download URLs at CyberSitter’s website. They also discovered in the software a news bulletin published by CyberSitter in 2004, whose inclusion was conjectured by them to be accidental. A post on the Chinese IT website Solidot published details of the taken files and claimed that the files were outdated.

Both the Wolchok et al. report and a technical analysis released on Wikileaks indicated that software contains code libraries and a configuration file from the BSD-licensed computer vision library OpenCV. The Wikileaks document said the software violated the BSD license.

According to The Wall Street Journal, Solid Oak, which had been apprised of the infringement, announced it would file injunctions on US manufacturers to stop them shipping machines with Green Dam. The report included a response by Jinhui Computer System Engineering Co. denying that they stole anything, quoting Bryan Zhang as saying „That’s impossible“. Internet lawyer Jonathan Zittrain said that if the computers are only sold in China it would not be a violation of U.S. copyright and the issue „would have to be resolved in a Chinese court under Chinese law“. Solid Oak’s Mr Milburn was reported by BBC News as saying that he is not sure legal action will be worth the effort, but would also file a complaint with the Federal Bureau of Investigation’s Computer Crime Task Force.

Hewlett-Packard and Dell were sent cease and desist letters by Solid Oak Software, asking them to respond by 24 June, having determined „without a doubt that Green Dam is indeed pirated, and using 100 percent of our code“.

In January 2010, Cybersitter filed a $2.2 billion lawsuit against the PRC government and Jinhui Computer System Engineering charging that Green Dam Youth’s developers had stolen more than 5,000 lines of code from Cybersitter.

In December 2010, a California court denied a motion to have the suit dropped. The motion was filed by Sony, Acer, BenQ and Asustek, who were named as defendants in a list that also includes Chinese PC makers Lenovo and Haier.

According to an addendum to the Wolchok et al. report published on 18 June 2009, makers of Green Dam Youth Escort silently patched the software on 13 June, addressing at least the one particular buffer overflow vulnerability showcased in the original report. In spite of the patch, the software nevertheless remained vulnerable to more sophisticated attacks, as demonstrated by a new example attack page included in the addendum, leading the authors to stand by their previous recommendation that users uninstall the software immediately.

According to the same addendum, an update was released on 12 June 2009 to reconfigure the software’s filtering blacklists files, which modifies one blacklist and disables the rest. However, files taken from CyberSitter continue to be present on the computer even after the update, and are still used in a pre-update version of the software available from its makers‘ website. Another update was released on 17 June 2009 to include OpenCV’s BSD license into the software’s help file to address the license violation issue.

The project was reportedly dead because the ministry refused to continue funding the project.

The Beijing Times reported that Beijing Dazheng Human Language Technology Academy had closed the office for the Green Dam project and up to 30 IT engineers were made redundant, and that co-developer Zhengzhou Jinhui Computer System Engineering, would soon run into financial difficulties through lack of funding. However, Dazheng said it had been forced to down-size (and not shut) the Green Dam unit due to financial constraints.

Dazheng’s general manager said his company received 19.9 million yuan in the first year and had not received payment since, and that its commitment to providing support and updates for the product was costing 7 million yuan annually. Critics said the lack of transparency in the funding cut cast the Ministry in a bad light. Other commentators, whilst noting no change in the government’s policy towards policing the Internet, said the de facto abandonment of the project was an admission of error.