By Eva Dou
BEIJING -- A Chinese Internet agency criticized Google Inc. on
Thursday for rejecting its website safety verification process, in
the latest sign of mistrust between China and foreign technology
companies.
Google said Wednesday it would no longer trust websites vetted
by the China Internet Network Information Center, which administers
Chinese Internet addresses. Specifically, it said it would no
longer recognize security certificates issued by the agency that
verify that the site serves a legitimate business. Such
certificates, which are kept by the server hosting the website and
read by web browsers, are meant to protect Internet users from
scams such as identity theft and what's known as phishing.
Google's decision means that for users of Google's Chrome
browser, any new sites authenticated by the Chinese agency will
likely be flagged with warnings that say Google can't verify the
website's security and that users shouldn't open the page.
The Chinese agency, known as CNNIC, said in a statement on its
website that Google's decision was "difficult to understand and
accept" and urged Google to fully consider the rights of users.
CNNIC also said it would guarantee that its existing users wouldn't
be affected.
A Google spokesman declined to elaborate on U.S. Internet search
giant's statement.
Chinese suspicions over the security of U.S. technology products
has been on the rise, particularly after former U.S. National
Security Agency contractor Edward Snowden said U.S. intelligence
agencies use such equipment when gathering information. Chinese
regulators have unveiled plans to roll out a slate of new
cybersecurity measures this year that would require U.S. companies
to hand over source code and other proprietary information.
Google said on its official security blog post Wednesday that it
decided to stop accepting CNNIC certificates after a joint
investigation with CNNIC into a security breach at an Egyptian
company MCS Holdings. While Google determined MCS's misuse of
certificates wasn't malicious, it said CNNIC gave too much
authority to a company not fit to hold it. MSC said its creation of
unauthorized certificates was a mistake that it quickly
corrected.
Google said CNNIC could apply for its certificates to be
accepted again after improving its verification process. Meanwhile,
sites that already hold CNNIC certificates will still be marked as
trusted in Chrome "for a limited time," Google said, without
elaborating.
The change will affect encrypted Chinese websites, which begin
in "https" and end in ".cn". These types of websites encompass
email, online shopping services and other sites where users enter
personal information or passwords.
Google has long had a complicated relationship with China. In
2010 it moved some of its services outside of China to protest
Beijing's censorship efforts. Its services has since become
difficult or impossible to access within the mainland. Still,
Google maintains a significant presence in China, especially in
online advertising.
Write to Eva Dou at eva.dou@wsj.com
Access Investor Kit for Google, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P5089
Access Investor Kit for Google, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P7069
Subscribe to WSJ: http://online.wsj.com?mod=djnwires