To read the coverage of China’s “Green Dam” mandate would make it seem that the world was coming to an end and the Internet would be irrevocably changed forever. Mind you, the installation of censorship technology on every computer is abhorrent in our society, and I personally disagree with the policies of the Chinese government in this regard. However, let’s look beyond the entire issue of free speech and censorship and think about the underlying architecture.

Before I get into this, let’s just state a few things for the record. This is not about censorship or free speech. The Green Dam software China is mandating is riddled with security vulnerabilities that could turn millions of PCs into zombies. And, of course, there’s still the lingering issue over whether the Green Dam code was pilfered from a U.S. company. I will not get into any of these things in this blog post.

China’s attempt to control the Internet is nothing new. The so-called “Great Firewall of China”—or, as I would call it, the “Large and Ostentatious Firewall of China” (with apologies to Christopher Moore)—has existed since the early days of the Internet. The Chinese communist government has long filtered, inspected and throttled all the traffic going to its population. It was an effective means of controlling the flow of information when there were just a few million Internet users in China. Today, there are more than 400 million Chinese online—and that number continues to grow exponentially.

Some people have drawn a correlation between the unrest in Iran and the 20th anniversary of the Tiananmen Square as Beijing’s motivation for clamping down on the flow of digital information. Yes, it’s scary (or exhilarating, depending on your perspective) to see opposition groups organize through social networks despite totalitarian attempts to quell protests. If you have agents on every PC, wouldn’t it be easier to squelch unwelcomed messaging and communications?

The reason for China wanting to have spyware on each and every client sold in their country may be more simplistic in its motivation. Perhaps it’s a reflection that China’s Great Firewall and attempts at centralized filtering cannot work to scale. The Great Firewall could never keep out all unwelcomed messaging and information.

During my trip to China last year, I had no trouble accessing any of the information I could normally get in the U.S. China says that the “Green Dam Youth Escort” software that it’s requiring on all PCs sold in China beginning July 1 will help protect young people from pornography (no, I wasn’t surfing for porn in China). Putting filtering and configuration control management software on clients would provide a much more granular level of control over how people use the Internet and what information and materials they could access.

Larry Walsh at the entrance of the Forbidden City in Beijing, February 2008.

What I wonder is whether this is a harbinger of challenges for the security of cloud computing and hosted applications of the future. As we continue to migrate more applications and data into the cloud, there’s a growing sense that security will become easier and more manageable because we’ll have centralized controls and few points of contact. But does the Chinese mandate for putting spyware on clients signal that carriers, SAAS and hosting providers have no true ability of controlling data at the peering points, access points and carrier level?

China is currently flexing its muscles over this issue, accusing Google of distributing pornography (it does, but you have to ask for it and it’s not very good) and throttling Google traffic into the country. If it can keep Google outside of its digital borders, why does it need client-based spyware? Conversely, if carriers and governments can control the flow of traffic so easily, why do we need client-based anti-virus software? Why can’t the carriers scrub traffic for malware?

I don’t know the answers, but it does make me wonder if we’re entering a new age of security architecture. As we continue to scale the applications, data flows and types of traffic traversing the Web, will we increasingly lose our ability to exercise control at a meta level?