{"id":18048,"date":"2012-12-04T10:59:54","date_gmt":"2012-12-04T15:59:54","guid":{"rendered":"http:\/\/quotulatiousness.ca\/blog\/?p=18048"},"modified":"2012-12-04T10:59:54","modified_gmt":"2012-12-04T15:59:54","slug":"itu-approves-deep-packet-inspection-requirement-to-enable-government-snooping-of-internet-traffic","status":"publish","type":"post","link":"https:\/\/quotulatiousness.ca\/blog\/2012\/12\/04\/itu-approves-deep-packet-inspection-requirement-to-enable-government-snooping-of-internet-traffic\/","title":{"rendered":"ITU approves Deep Packet Inspection requirement to enable government snooping of internet traffic"},"content":{"rendered":"<p>The UN&#8217;s International Telecommunications Union continues its in-camera campaign to wrest control of the internet from all other organizations with a new policy designed to please <a href=\"https:\/\/www.cdt.org\/blogs\/cdt\/2811adoption-traffic-sniffing-standard-fans-wcit-flames\" target=\"_blank\">intrusive and authoritarian governments<\/a> worldwide:<\/p>\n<blockquote><p>The telecommunications standards arm of the U.N. has quietly endorsed the standardization of technologies that could give governments and companies the ability to sift through all of an Internet user\u2019s traffic \u2013 including emails, banking transactions, and voice calls \u2013 without adequate privacy safeguards. The move suggests that some governments hope for a world where even encrypted communications may not be safe from prying eyes.<\/p>\n<p>At the core of this development is the adoption of a proposed international standard that outlines requirements for a technology known as &#8220;Deep Packet Inspection&#8221; (DPI). As we\u2019ve noted several times before, depending on how it is used, DPI has the potential to be extremely privacy-invasive, to defy user expectations, and to facilitate wiretapping.<\/p>\n<p>[. . .]<\/p>\n<p>The ITU-T DPI standard holds very little in reserve when it comes to privacy invasion. For example, the document optionally requires DPI systems to support inspection of encrypted traffic \u201cin case of a local availability of the used encryption key(s).\u201d It\u2019s not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users\u2019 traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications. In discussing IPSec, an end-to-end encryption technology that obscures all traffic content, the document notes that \u201caspects related to application identification are for further study\u201d \u2013 as if some future work may be dedicated to somehow breaking or circumventing IPSec.<\/p>\n<p>Several global standards bodies, including the IETF and W3C, have launched initiatives to incorporate privacy considerations into their work. In fact, the IETF has long had a policy of not considering technical requirements for wiretapping in its work, taking the seemingly opposite approach to the ITU-T DPI document, as Germany pointed out in voicing its opposition to the ITU-T standard earlier this year. The ITU-T standard barely acknowledges that DPI has privacy implications, let alone does it provide a thorough analysis of how the potential privacy threats associated with the technology might be mitigated.<\/p>\n<p>These aspects of the ITU-T Recommendation are troubling in light of calls from Russia and a number of Middle Eastern countries to make ITU-T Recommendations mandatory for Internet technology companies and network operators to build into their products. Mandatory standards are a bad idea even when they are well designed. Forcing the world\u2019s technology companies to adopt standards developed in a body that fails to conduct rigorous privacy analysis could have dire global consequences for online trust and users\u2019 rights.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>The UN&#8217;s International Telecommunications Union continues its in-camera campaign to wrest control of the internet from all other organizations with a new policy designed to please intrusive and authoritarian governments worldwide: The telecommunications standards arm of the U.N. has quietly endorsed the standardization of technologies that could give governments and companies the ability to sift [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[8,10,28,15],"tags":[58,154,661,691],"class_list":["post-18048","post","type-post","status-publish","format-standard","hentry","category-bureaucracy","category-liberty","category-media","category-technology","tag-internet","tag-privacy","tag-regulation","tag-unitednations"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2hpV6-4H6","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/18048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/comments?post=18048"}],"version-history":[{"count":1,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/18048\/revisions"}],"predecessor-version":[{"id":18049,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/18048\/revisions\/18049"}],"wp:attachment":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media?parent=18048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/categories?post=18048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/tags?post=18048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}