New Deep Packet Inspection Standards

Started by CrackSmokeRepublican, December 04, 2012, 10:05:29 PM

Previous topic - Next topic

CrackSmokeRepublican

QuoteITU Approves Deep Packet Inspection Standard Behind Closed Doors, Ignores Huge Privacy Implications

from the and-they-want-us-to-trust-them? dept

Techdirt has run a number of articles about the ITU's World Conference on International Telecommunications (WCIT) currently taking place in Dubai. One of the concerns is that decisions taken there may make the Internet less a medium that can be used to enhance personal freedom than a tool for state surveillance and oppression.

Against that background, a story published by the Center for Democracy & Technology about the ITU's work in the area of standards takes on an extra significance:
QuoteThe telecommunications standards arm of the U.N. has quietly endorsed the standardization of technologies that could give governments and companies the ability to sift through all of an Internet user's traffic -- including emails, banking transactions, and voice calls -- without adequate privacy safeguards. The move suggests that some governments hope for a world where even encrypted communications may not be safe from prying eyes.

The new Y.2770 standard is entitled "Requirements for deep packet inspection in Next Generation Networks", and seeks to define an international standard for deep packet inspection (DPI). As the Center for Democracy & Technology points out, it is thoroughgoing in its desire to specify technologies that can be used to spy on people:

QuoteThe ITU-T DPI standard holds very little in reserve when it comes to privacy invasion. For example, the document optionally requires DPI systems to support inspection of encrypted traffic "in case of a local availability of the used encryption key(s)." It's not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users' traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications.

One of the big issues surrounding WCIT and the ITU has been the lack of transparency -- or even understanding what real transparency might be. So it will comes as no surprise that the new DPI standard was negotiated behind closed doors, with no drafts being made available.

But probably most worrying is the following aspect:
QuoteSeveral global standards bodies, including the IETF and W3C, have launched initiatives to incorporate privacy considerations into their work. In fact, the IETF has long had a policy of not considering technical requirements for wiretapping in its work, taking the seemingly opposite approach to the ITU-T DPI document, as Germany pointed out [doc] in voicing its opposition to the ITU-T standard earlier this year. The ITU-T standard barely acknowledges that DPI has privacy implications, let alone does it provide a thorough analysis of how the potential privacy threats associated with the technology might be mitigated.
<$>

This apparent indifference to the wider implications of its work is yet another reason why the ITU is unfit to determine any aspect of something with as much power to affect people's lives as the Internet.

http://www.techdirt.com/articles/201212 ... ions.shtml
After the Revolution of 1905, the Czar had prudently prepared for further outbreaks by transferring some $400 million in cash to the New York banks, Chase, National City, Guaranty Trust, J.P.Morgan Co., and Hanover Trust. In 1914, these same banks bought the controlling number of shares in the newly organized Federal Reserve Bank of New York, paying for the stock with the Czar\'s sequestered funds. In November 1917,  Red Guards drove a truck to the Imperial Bank and removed the Romanoff gold and jewels. The gold was later shipped directly to Kuhn, Loeb Co. in New York.-- Curse of Canaan