US Security Firm Defends Partnership with Censorship-Happy Chinese Giant Baidu

The American tech company CloudFlare, known for its no-compromise stance on internet freedom and freedom of expression, announced nearly two weeks ago that it had finally entered—sort of—a territory where those principles are often compromised: China.

Technically, CloudFlare didn't really enter China. The company agreed to an unprecedented partnership with the Chinese internet giant Baidu, creating something like a fast lane for websites both inside and outside of the communist country, through a service owned by Baidu and called Yunjiasu, or "Fast Cloud."

Some, given CloudFlare's history of defending websites against censorship, and its public goal of making the internet better, saw this as sort of a deal with the devil. Richard Bejtlich, a well-known security expert who works for another security firm, FireEye, wrote in a Motherboard op-ed that the deal was dangerous for two reasons: intellectual property, and censorship.

"Now that CloudFlare has handed its IP to Baidu, the Chinese government has easier access to the code, techniques, and procedures CloudFlare uses to combat [Distributed Denial of Service] attacks," Bejtlich wrote. "Great Firewall and Great Cannon engineers can now devise improved DDoS attacks to support Chinese censorship."

By deploying Richard BejtlichSeptember 14, 2015

But Matthew Prince, the CEO and co-founder of CloudFlare, dismissed the criticism and defended the deal in an interview with Motherboard last week.

The deal "doesn't change China's ability to censor and control the internet, either for the better nor the worse," Prince told me in a phone interview. "Nothing that we've done makes it so that China is better able to control how content is distributed inside China, and nothing that we've done keeps them from controlling content that is distributed inside China."

Prince explained that, in essence, the partnership means both companies can use each others' network. So, if a CloudFlare customer wants to be faster in China, they can get access to Baidu's network, and if a Baidu customer wants to be faster in the rest of the world, they can access CloudFlare's network outside of China.

Such a deal was the best way for CloudFlare to get into China, without technically getting into China.

"That allows us each to deal with regulatory regime of our respective government," Prince said.

CloudFlare didn't want to deal with China's regulations for various reasons, as Prince explained when he announced the partnership. And he doesn't see partnering with Baidu as contrary to the company's ethos of not wanting to "act as an internet censor."

"Whether you agree with it or disagree with it, we think that China has a right to run their network how they run their network," Prince said. "And we don't think that it is our role to tell China, or any other country what their internet policy should be."

That's bad news for some CloudFlare customers, but Prince estimated that only less than 1 percent of CloudFlare customers are currently blocked in China.

Prince is not worried about a potential loss of intellectual property either, given that the majority of CoudFlare's tech is based on open source code, he said.

"It's somewhat ironic that some of the kind of gray hairs of the security industry are basically lobbying for security through obscurity, which is normally the anathema for the security industry," Prince told me, referring to Bejtlich's warnings that Baidu and the Chinese government could now create a CloudFlare, or use CloudFlare's technology to build a better Great Firewall.

CloudFlare's strength, Prince added, lies in the data it collects and its sprawling network of data centers, not necessarily its code.