Policy wonks, like most people, tend to think of IT as a magical black box which takes requests, does something, and makes their computers do what they want, or at least somewhat close to it. And so it’s not really surprising to see Ronan Farrow and Shamila Chaudhary rail against major cybersecurity companies for enabling dictators to block internet content at Foreign Policy, with allegations that show how poorly they understand what these companies do and how virtually all of the products they make work. You see, blaming a tech company for censorship is kind of like blaming a car manufacturer for drunk drivers. Certainly their tools are intended to block content but they’re not designed to filter all undesirables from a centralized location to which a dictator can submit a request. They’re meant to analyze and block traffic coming from malicious sources to prevent malware and any time you can analyze and stop traffic, you can abuse the ability and start blocking legitimate sites just because you don’t like them or the people who run them.
Most of the software they cited is meant to secure corporate networks and if they no longer get to stop or scan data, they’re pretty much useless because they can’t do threat identification or mitigation. WebSense does filter content and uses a centralized database cluster to push how it classifies sites to its customers so, as Farrow and Chaudhary noted, it was able to change up a few things to help mitigate its abuse by authoritarians. But McAffee and others are in a tougher spot because they’ve simply sold a software license to network admins. Other than virus and bot net definitions, there’s not much they can control from a central location, and trying to shame a company for selling tools made for something entirely different puts them in a position in which it would be very hard to defend their actions to someone convinced that they can just flip a switch and end the digital reign of tyranny across the world. And its even worse when the first reactions to articles about the abuse of their wares blame them for just being greedy.
On top of that, it’s not exactly hard to write your own filters and deep packet inspection tools. It’s just difficult to scale them for millions of users but it’s nothing out of the authoritarians reach. As they spend billions on security and control, surely they could divert a couple of million to build a capable system of their own. In fact, the Great Firewall of China is mostly home-grown and uses the country’s ISPs to scan incoming and outgoing traffic on a daily basis to find what to block. It sounds like a powerful indictment to point out that the Chinese use Cisco routers in their system, but it’s not as if they outsourced the task of pinging and blocking Tor nodes to the company. To be perfectly fair in charging tech companies in aiding and abetting censorship, you’d have to be talking about search engines that agree to modify their functionality to get a toehold in markets ruled over by authoritarians who will get someone to censor searches if not the company which was trying to expand. Bottom line: dictators will find a way to censor what they want to censor. If they use network monitoring security tools to do it, the blame still rests with them.