Google's decision comes after it detected a highly sophisticated cyber attack on its corporate infrastructure last month that resulted in the theft of Google's intellectual property. Details about the theft were not disclosed.
David Drummond, SVP of corporate development at Google and the company's chief legal officer, said in a blog post that Google's internal investigation revealed at least twenty other large companies had also been attacked.
"[W]e have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists," said Drummond. "Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of e-mails themselves."
As a result of its investigation, Drummond said, Google also discovered that "the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties." He emphasized that this was not due to a security failure on Google's part. Rather, these users appear to have had their passwords compromised through phishing scams or malware on their computers.
As a consequence of these attacks, Google has come to believe that it can no longer continue censoring Google.cn, as directed by the Chinese government.
"These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the Web--have led us to conclude that we should review the feasibility of our business operations in China," Drummond said. "We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."
Financially, Google's revenue from China is not material to its overall revenue.
Google's decision was immediately hailed by rights groups, many of which have questioned whether the company's decision in 2006 to cooperate with Chinese censors violated its "Don't be evil" motto.
"Google has taken a bold and difficult step for Internet freedom in support of fundamental human rights," said Leslie Harris, president of the Center for Democracy & Technology, in an e-mailed statement. "No company should be forced to operate under government threat to its core values or to the rights and safety of its users. We support Google for being willing to engage in this very difficult process."
Google's decision recalls the stand it took against the U.S. government, which sought the company's search data in 2005 and 2006 to support its ultimately failed effort to uphold the Child Online Protection Act.
"This is a very big step that Google is taking, that is to make public these kinds of cyber attacks," said Sharon Hom, executive director of Human Rights In China. Such attacks, she said, are not news to the the human rights communities and NGOs, which have long been targeted with phishing, malware, and denial of service attacks. "For Google to make public what they have discovered is highly significant," she added. "It's a wake up call to the international business community about the real risks of operating in China."
Hom said that how China reacts to Google's decision will send a very strong message to the business community about their future prospects in China.
Dave Girouard, president of Google's Enterprise group, in a separate blog post stressed that these attacks should not shake faith in cloud computing.
"At Google, we invest massive amounts of time and money in security," he said. "Nothing is more important to us. Our response to this attack shows that we are dedicated to protecting the businesses and users who have entrusted us with their sensitive email and document information. We are telling you this because we are committed to transparency, accountability, and maintaining your trust."