14 DAY TRIAL // Solid Oak Software, the developer of an Internet filtering application called CYBERsitter, claims that the developers of the new censorship application set to be bundled with all new PCs sold in China beginning next month are illegally using its proprietary code. Researchers from the University of Michigan confirm the claims.
The Beijing government has mandated that all new PCs being sold in China starting with July 1st are required to have an application called Green Dam Youth Escort installed. The purpose of this software is to filter Internet content, which the government feels is inappropriate for its citizens to access.
Scott Wolchok, Randy Yao, and J. Alex Halderman, from the Computer Science and Engineering Division at the University of Michigan, have already reverse-engineered part of the software code and uncovered critical vulnerabilities and design flaws that would allow attackers to hijack computers. This could potentially lead to the creation of a massive botnet.
However, during their research, the computer experts also discovered that some of the blacklists were stolen from CYBERsitter. "In particular, we found an encrypted configuration file, wfileu.dat, that references these blacklists with download URLs at CyberSitter's site. We also found a setup file, xstring.s2g, that appears to date these blacklists to 2006. Finally, csnews.dat is an encrypted 2004 news bulletin by CyberSitter," they write.
Based in Santa Barbara, California, Solid Oak Software is unsure how to proceed about this case of copyright infringement. It might not be able to file suit against the Green Dam developers, but it does plan to file for injunctions against US-based OEMs such as HP or Dell, if they agree to distribute the offending software with computers sold in China.
In addition to having its property stolen, the company also faces a serious problem – a huge number of Chinese computers querying its servers for Green Dam blacklist updates. This could easily exceed its current bandwidth allowance and generate a denial of service condition, unless the company acquires a more expensive plan from its ISP in order to cover the excess traffic.
The situation puts PC OEMs in a very difficult position. On the one hand, they could refuse to bundle the software with computers sold to China, which would eventually lead to them being banned from the country for not complying with the government's requirement, and on the other hand, they could face lawsuits in the U.S., if they do go ahead with the plan.