Google may leave China in wake of hacker attacks
In a rare corporate rebuke of Asia’s economic superpower, Google Inc. on Tuesday said it might leave China and the country’s 350 million Internet users after it was the victim of a series of cyber attacks that originated from that nation.
According to Google, a “highly sophisticated” December attack on its main corporate computers resulted in “the theft of intellectual property.”
The company said it believed that a key goal of the attackers was to access the e-mail accounts of Chinese human rights activists, raising the possibility that China’s government not only may have hacked in to Google but also may have been using the company’s network to conduct political espionage.
“These attacks and the surveillance they have uncovered -- combined with the attempts over the past year to further limit free speech on the Web -- have led us to conclude that we should review the feasibility of our business operations in China,” said Google’s chief legal officer, David Drummond, in a blog post titled “A new approach to China.”
As part of the review, Google said it planned to end its practice of censoring search results in China. For years, Google has acquiesced to Chinese officials’ wishes by blocking access to information on politically sensitive topics such as the 1989 student uprising in Tiananmen Square.
The company said that over the next several weeks it would try to find a way to operate an uncensored search engine in China, if Chinese authorities approved.
If not, Google said it might pull the plug on its operations there.
“We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” Drummond said.
Although Google has portrayed its threats to leave China as a humanitarian move, some analysts said the company might be reacting more to the damage it sustained from the security breach. One of the Internet giant’s most precious assets has been the perception that it can unfailingly protect the e-mails, documents and online habits of its hundreds of millions of users.
Chinese officials couldn’t be reached for comment, but in the past the government has defended its strict Internet policy and refuted accusations that it is responsible for cyber attacks.
Google has long had a rocky relationship with China, where censorship and marketing limitations have held it to a distant second behind China’s leading search engine, Baidu.com, which accounts for more than 60% of the market.
“If your two corporate mottoes are ‘Don’t be evil’ and ‘Organize the world’s information,’ you are bound to have trouble in China,” said Steve Weber, a political science professor at UC Berkeley. Still, he said, the choice to leave an emerging market the size of China could not be an easy one for Google.
Google officials said that the immediate financial effects would be “immaterial,” with China sales accounting for only a fraction of its $22 billion in annual revenue. But long-term prospects are considered huge for a country that may soon have a billion users of mobile phones and the Internet.
“This is the hardest decision any big global company has to make,” Weber said.
Indeed, it has taken a serious attack like the one last month to motivate Google to rethink its position in China, analysts said.
“For [Google] to really come to the conclusion that they needed to pull up stakes in China, this attack must have gone to the core,” said James Mulvenon, an expert on Chinese cyber warfare with Defense Group Inc.
The company said it was still investigating the breach and would not provide details on the nature of the intellectual property that was stolen.
Public interest groups lauded Google’s move to stop censoring search results.
China tightened its grip on the Internet last year, launching a war on pornography and illegal downloading that produced thousands of arrests and closed hundreds of websites. Many popular foreign sites such as Facebook and YouTube have been blocked by the so-called Great Firewall for months.
“While Google should never have agreed to censor search results in China in the first place, it is doing the right thing by ending the practice now,” said John Simpson of Consumer Watchdog.
But some security experts said they were skeptical that Google’s motives were purely altruistic.
“This comes off as very disingenuous,” said analyst John Pescatore of technology research firm Gartner Inc. He said Chinese-sponsored Internet attacks have been going on for years, and Google shouldn’t have been surprised by either industrial or political spying.
Instead, Pescatore said, the company may be more concerned that the attacks have compromised its image of having impermeable security. The company stores nearly all the data entrusted to it on a global network of servers referred to as “the cloud.”
“Should we trust Google to carry our e-mail in the cloud when they’ve had problems protecting their own infrastructure?” he said.
In the blog post, Google emphasized that it was not the only target of such attacks and that at least 20 other large companies from various industries had also been victimized. The company said it was notifying those firms and working with U.S. authorities on the issue.
Rep. Anna G. Eshoo (D-Palo Alto) commended Google for its cooperation with U.S. law enforcement officials and urged other companies with information on cyber criminals to come forward.
“These kind of attacks are unacceptable and undermine confidence in the global economy,” she said in a statement.
For its part, Google said it had stepped up security to reduce risks of similar breaches.
“We have taken significant steps since the attack to protect our system and our users,” a Google spokesman said. But he added, “No system is 100% secure.”
Times staff writer David Pierson in Beijing contributed to this report.