Forgot your password?
typodupeerror
Privacy The Internet

ITU Approves Deep Packet Inspection 152

Posted by Soulskill
from the inspect-my-encryption-all-you'd-like dept.
dsinc sends this quote from Techdirt about the International Telecommunications Union's ongoing conference in Dubai that will have an effect on the internet everywhere: "One of the concerns is that decisions taken there may make the Internet less a medium that can be used to enhance personal freedom than a tool for state surveillance and oppression. The new Y.2770 standard is entitled 'Requirements for deep packet inspection in Next Generation Networks', and seeks to define an international standard for deep packet inspection (DPI). As the Center for Democracy & Technology points out, it is thoroughgoing in its desire to specify technologies that can be used to spy on people. One of the big issues surrounding WCIT and the ITU has been the lack of transparency — or even understanding what real transparency might be. So it will comes as no surprise that the new DPI standard was negotiated behind closed doors, with no drafts being made available."
This discussion has been archived. No new comments can be posted.

ITU Approves Deep Packet Inspection

Comments Filter:
  • Ancient Chinese secret, huh?
  • can you say hell no (Score:5, Interesting)

    by lister king of smeg (2481612) on Tuesday December 04, 2012 @08:26PM (#42187163)

    lets assume that the governments don't say no, they would still have to overturn wiretapping laws in the US at least. but maybe we could use this to get our security complacent friends to use strong encryption.

    • by TheRealMindChild (743925) on Tuesday December 04, 2012 @09:30PM (#42187667) Homepage Journal
      No they won't. It is a matter of "national security"
    • by BlueStrat (756137) on Tuesday December 04, 2012 @09:37PM (#42187723)

      ...they would still have to overturn wiretapping laws in the US...

      Except that treaties that the US agrees to trump all domestic laws, regulations, and statutes...everything but the US Constitution, and as much as that meant to halting anything the government/politicians really wanted over the last few decades, I wouldn't put a lot of faith in that "goddamn piece of paper!"

      Treaties entered into by the Executive Branch need to be ratified by Congress, but even if Congress fails to ratify it, that would not necessarily kill it. In many instances over the last decade, Congress has been bypassed by Executive Orders and similar Executive Branch power tactics to achieve their goals and simulaneously grab more Executive Branch power despite Congressional inaction and/or opposition, Congressional and/or popular.

      There has to be a BIG push-back on this to stop it. Whether or not that push-back materializes to the strength and magnitude required to stop it is anyone's guess at this point, although I admit being pessimistic.

      Strat

      • There has to be a BIG push-back on this to stop it. Whether or not that push-back materializes to the strength and magnitude required to stop it is anyone's guess at this point, although I admit being pessimistic.

        Strangely, I am, too. This isn't like SOPA with the legislature doing the dirty work.. this is the executive that's term-limited, now. Unless the administration has some weakness, elsewhere, that could stop them signing this crap, despite the necessary congressional ratification that likely won't happen, it's gonna be as real as socialized medicine. And then there's this inkling in the back of my mind saying there's no way that the gigantic US telcoms won't find some way to convince the administration tha

        • by BlueStrat (756137)

          There has to be a BIG push-back on this to stop it. Whether or not that push-back materializes to the strength and magnitude required to stop it is anyone's guess at this point, although I admit being pessimistic.

          Strangely, I am, too. This isn't like SOPA with the legislature doing the dirty work.. this is the executive that's term-limited, now. Unless the administration has some weakness, elsewhere, that could stop them signing this crap, despite the necessary congressional ratification that likely won't happen, it's gonna be as real as socialized medicine. And then there's this inkling in the back of my mind saying there's no way that the gigantic US telcoms won't find some way to convince the administration that this 'treaty' is a terrible idea.

          I don't think the telecoms will put up much fuss as they see what's happened to the private health insurance industry, auto industry, etc. They don't want to be next, and with an already-bold Executive Order pen that now isn't worried about re-election in play, they may be justified in their fears.

      • by Anonymous Coward

        Don't treaties become automatically part of domestic laws via reference or rewrite? That is the way treaties are assimilated in other countries.
          It would be almost trivial to think that a treaty could modify the constitution as well if sufficiently important issues are at stake. Some countries do have rewrites of the their constitutions occasionally for those reasons.

        • by BlueStrat (756137)

          Don't treaties become automatically part of domestic laws via reference or rewrite? That is the way treaties are assimilated in other countries.

          In the US, it is both Congress' and the Executive Branch's duty to pass legislation/regulations and to issue necessary Executive directives and orders to bring domestic law and policy into harmony with the treaty terms and conditions. The Judicial Branch also has a role in interpreting existing laws, regulations, and policies in accordance with the treaty.

          It would be almost trivial to think that a treaty could modify the constitution as well if sufficiently important issues are at stake. Some countries do have rewrites of the their constitutions occasionally for those reasons.

          The US Constitution specifically addresses this and forbids treaties from superseding the Constitution. Changes to the Constitution must be made by Consti

    • by Mashiki (184564) <mashiki @ g m a i l . com> on Tuesday December 04, 2012 @09:41PM (#42187737) Homepage

      This is Canada's response on DPI from the privacy commissioner. [priv.gc.ca] For what it's worth, this won't fly here.

    • by Xest (935314)

      Don't US ISPs use this already?

      Here in the UK ISPs have been using DPI for many years anyway to allow traffic prioritisation.

      I agree with you that it's horrible, I don't like it either, but it seems naive to assume whether this will or wont be a threat, it already is and has been for many years.

      I'm not terribly sure what the ITU's approval will mean, countries all around the world are already using it and have been for some time. It looks like they're just standardising how it should work. If it's standardi

  • by characterZer0 (138196) on Tuesday December 04, 2012 @08:27PM (#42187171)

    End-to-end encryption. Problem solved.

    • by MichaelSmith (789609) on Tuesday December 04, 2012 @08:35PM (#42187265) Homepage Journal

      You terrorist you.

    • by Albanach (527650)

      I often wonder why we don't see more take up of opportunistic encryption.

      While it's obviously not a solution to keep things secret that need to be secure, it would surely present a significant obstacle to deep packet inspection unless ISPs were to deliberately interfere with the security negotiation.

      • by Anonymous Coward

        I looked into encryption for a game I'm working on. I think that's a good example of the "opportunistic encryption" you speak of.

        The game remains unencrypted. It's been a little too long (two years ago) to remember the details, but if it were as easy as "call this function with a block of data and an encryption key" we certainly would have done it just for the hell of it. Indeed, we wouldn't have even let key distribution problems prevent us -- if necessary we would have done the equivalent of a web site

        • by Albanach (527650)

          I looked into encryption for a game I'm working on. I think that's a good example of the "opportunistic encryption" you speak of.

          IPSec Programs like FreeS/WAN whic hwas followed by Openswan and Strongswan take care of this automatically. If both endpoints have this set up, the traffic will be automatically encrypted. No further user intervention is necessary.

          http://en.wikipedia.org/wiki/Opportunistic_encryption [wikipedia.org]

          • Naw.

            We just spin up a few dozen machines at AWS, split up the crack load among the, pop your key, and move on to the next twit. /sarcasm

        • insanely complex for no apparent reason ... like trying to use libpng

          What's so hard about using libpng? I've used it before and don't recall it being difficult. It's easier than OpenGL, and that's not hard either.

          • by Anonymous Coward

            No, no, no... I agree that OpenGL is about as simple as one can imagine a graphics library being, but libpng is anything but simple. There's a hundred configurables you have to set up (because you might want to decode into 19-bit integers, even though no such platforms actually exist), then it splits the decompression process into many steps, then requires you implement some incredibly moronic and PITA setup to handle errors.

            Instead we use this: http://www.nothings.org/stb_image.c Total code to load an

        • by macshit (157376)

          ... insanely complex for no apparent reason (like trying to use libpng ...)

          This is just wrong.

          libpng isn't entirely trivial, but it's actually very simple to use, and quite flexible as well—e.g., it's easy to make the library handle all the weird cases automatically itself, but the option exists for you to handle them too if desired. All in all, I'd say it nicely hits the sweet spot between ease-of-use and power.

          It's vastly better designed than many other image libraries (e.g. all the horrid examp

          • by Anonymous Coward

            libpng isn't entirely trivial, but it's actually very simple to use, and quite flexible as well—e.g., it's easy to make the library handle all the weird cases automatically itself, but the option exists for you to handle them too if desired.

            Then why is it that searching for "simple libpng example" turns up stuff like this [zarb.org]? I count four abort() in the read function and another six in the write function. That means that between each of them there are four calls to libpng in the read function and six in the write function. I'm only asking it to do two things, why do I have to call it ten times? Not to mention I have to call setjmp() all the time because for some reason the damn thing can't simply return an error code.

            It's vastly better designed than many other image libraries (e.g. all the horrid examples that only support whole-image I/O into some awful least-common-denominator image format).

            You mean the ones that ju

    • Until it's restricted for authorized use only. However, it would be nice if everybody pushed it to the limit to see how the government/corporation reacts. In some countries it's already prohibited. And it is very easy to detect.

      • The standard provides for the possibility you wish to have an encrypted connection. All you need to do is have the data transmitted both encrypted and unencrypted. That way, DPI can still effectively enable your government to know what you are doing.

    • by BitterOak (537666) on Tuesday December 04, 2012 @08:54PM (#42187413)

      End-to-end encryption. Problem solved.

      That's not quite the ultimate solution that many believe it to be. There are firewalls and routers on the market now that have man in the middle programming right in the hardware, and decryption is a basic part of the DPI system. How many people actually check that the certificates match who their supposed to, and how do we know which root authorities can be trusted? I imagine the vast majority of people don't even look at the certificate information. And how many ssh users actually check the key fingerprints and verify they match those stored on the remote host? Is that even possible in most circumstances? And if you do discover something's up, what then? If a router is doing man in the middle DPI, your choices are pretty much accept it, or don't communicate with the remote host at all. Most people just sigh and go on doing what they're doing.

      And that doesn't even take into account hacks on your computer, like browser attacks which quietly install new trusted certificate authorities, or more aggressive malware like keyloggers and such. Encryption is much harder to use properly than most people realize, and it is highly unlikely that people on BOTH ends of the connection are using it properly.

      • double public key is hard to man in the middle when you exchange public keys in meatspace

        • double public key is hard to man in the middle when you exchange public keys in meatspace

          Whoever uses the term meatspace should be slapped with a pound of raw bacon.

          Also, there should be a xkcd about it.

        • The whole point of public key encryption (RSA, for example) is that you wouldn't have to exchange keys outside of the communication channel. If you're going to meet in person, you should probably exchange data there as well. Sneakernet is always an option; It's just inconvenient.
          • No, public-key cryptography still requires some external form of authentication for the key exchange, if you want to know that the private key is held by a specific person and not some random stranger. The point of public-key cryptography is that the public key need not be secret, so you can publish it freely and the people who have your public key can't use it to impersonate you or read messages sent to you by others. To do the same with private-key cryptography would require a separate secret key for each

      • Isn't this what DNSSEC is supposed to help with? Key loggers and malware aside.... DNSSEC should, in theory, stop MITM attacks, no?

        • by whois (27479)

          DNSSEC specifically does not stop MITM attacks. It relies on you trusting your recursive DNS server, which you can't do if you are on an untrusted network.

          It's not in the protocol to do so, but you can download the root signing key and verify you're talking to a legitimate DNS server, but what it the protocol is providing is trust between a recursive DNS server and a remote authoritative DNS server. The user -> dns server piece is not addressed.

          I asked for some comments from technical people regarding

      • Please, can we get over the "OMG! Encryption is difficult, it is not meant for mere mortals". That mantra is completely counter productive.

        Any security solution has to be aligned to the enemy you are facing. In this case, we are up against dragnet surveillance. We are not defending against James Bond style keyloggers, nor other directed attacks, or even automated malware. The fact is that even the most basic encryption settings would have been enough to render the current dragnets cost ineffective, perhap
      • by Roman Mamedov (793802) on Wednesday December 05, 2012 @02:01AM (#42189089) Homepage

        And how many ssh users actually check the key fingerprints and verify they match those stored on the remote host? Is that even possible in most circumstances?

        Hello, have you ever used ssh? As in, at all? It raises a holy hell if the keys have been tampered with.

        $ ssh hostname.tld
        @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
        The RSA host key for hostname.tld has changed,
        and the key for the corresponding IP address xxxxxxxxxxxxxxxxxx
        is unknown. This could either mean that
        DNS SPOOFING is happening or the IP address for the host
        and its host key have changed at the same time.
        @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
        IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
        Someone could be eavesdropping on you right now (man-in-the-middle attack)!
        It is also possible that a host key has just been changed.
        The fingerprint for the RSA key sent by the remote host is
        zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.
        Please contact your system administrator.
        Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.
        Offending RSA key in /home/username/.ssh/known_hosts:76
        RSA host key for hostname.tld has changed and you have requested strict checking.
        Host key verification failed.

        • by nazsco (695026)

          Yeah, and anytime this happens you pick up the phone and raise a warning within the organization with its 300,000 machines, of which around 500 have something updated that every day that changes the host key....

          Or just press Y?

          Also, where did you got the key to begin with? ooh, right. Via a gov owned backbone in some point of the connection.

      • by cpghost (719344)

        That's not quite the ultimate solution that many believe it to be. There are firewalls and routers on the market now that have man in the middle programming right in the hardware, and decryption is a basic part of the DPI system.

        That's not really the point. Consider a Tier-1 router. That machine will NEVER be able to handle the load of MitM-ing the connections going through it. A Tier-2 router will also be overwhelmed by the sheer amount of traffic going through it. It's about selectively enabling DPIs on

  • by JustOK (667959) on Tuesday December 04, 2012 @08:30PM (#42187203) Journal

    Deep pockets fund deep packets

  • by wierd_w (1375923) on Tuesday December 04, 2012 @08:31PM (#42187215)

    Sorry for the flamebait here, but goddamn!

    They *clearly* know that these measures are against the public interest, and are only desirable for reasons that are directly counter to a free and legitimate government; that the voting publics that they represent would never willingly agree to this kind of "microscope colonoscopy" type surveylence if they knew what it really meant.

    That's why the fuckers do closed room and secret fucking "negotiations" to plan, orchestrate, and implemet bullshit like this.

    About the only way to combat this is to make closed room negotiations so undesirable from a political career standpoint that the slimeballs treat like radioactive waste.

    Something like immediate no-confidence being enacted for mere participation or something, and blacklisting from ever running for public office ever again.

    Of course, such strong measures would never make it passed the slimeballs to begin with.

    Fox fucking owns the henhouse.

    • by Anonymous Coward on Tuesday December 04, 2012 @08:45PM (#42187333)

      You should do some research on what the ITU is. It is mostly old fogy bureaucrats from state owned telcos, and not elected politicians. Or even unelected ones. And the old fogy bureaucrats that sit on ITU committees are the worst of the bunch, as they specialize in creating standards and rules. So they do nothing but create rules and standards.

      The ITU is why it costs more to call one country than another, even though sending an email to Egypt or Portugal is the same price. Why do phone calls have different rates? It is 2012.

      The ITU voted in 2011, to confirm that FAX was the only authorized way to distribute committee documents! Email was determined to be not widespread enough (?), and less reliable. That should just you some idea of the mindset you are dealing with.

      And even with their so called "stewardship" of the public switched telephone network, it is still riddled with fraud and scams. In fact, there has been accusations that some of the ITU members benefit from these scams, and are creating a regulatory framework to allow them to continue.

      • by wierd_w (1375923) on Tuesday December 04, 2012 @09:14PM (#42187569)

        Then their little good-ol-boys club should be shuttered in place of an organization with some fucking public oversight, that CAN be policed against this bullshit!

        A room of wrinkled old penises whacking off to violating the public trust should never be accepted. Ever!

    • Hard to argue with one letter from all of the above. The next killer app, an easy to use seamless end to end encryption tool. I may just encrypt all my BS communication for the fun of knowing that they can't read it but think they should. Think of the countless hours that are going to be wasted by the watchers trying to decrypt shopping list and sexting between married couples. The mind boggles...
    • by Anonymous Coward

      While I basically agree with you, I think existing political and governmental systems are so compromised, and the elites who operate them are so out of touch, that it is going to keep getting worse and worse until blood literally runs in the streets. I don't want to see that as the future, because it's horrible and depressing, but I find I cannot believe that the current global crop of politicians, bureaucrats, multi-billionaires and their tools have enough empathy or awareness to realize when they've gone

      • On the one hand I agree with you, on the other I have to think that punishing corrupt politicians doesn't automatically creates honest ones (I don't even like the distinction between "politician" and "citizen" a lot -- all adults are equally responsible for what goes on in the state that derives its authority from them), and killing greedy people doesn't automatically feed, clothe and shelter the poor.

        There is lots of stuff to be built, to be constructed, to be found out, for oneself and collectively, to be

    • Unfortunately, far too many stupid people are allowed to vote.

      Look at the recent US election. How many politicians who approved NDAA were re-elected? Here's one for example: the President.

    • by ghostdoc (1235612) on Wednesday December 05, 2012 @01:51AM (#42189023)

      Except this is not politicians making these deals. It's unelected bureaucrats, effectively outside the control of the politicians because a senior bureaucrat can do a lot more damage to a politician's career than the other way around.

      You don't vote for these people, so they don't care about your opinion.

      The treaty they come up with will need to be ratified by each country's politicians, but it'll either go through unannounced and unremarked, or there'll be a convincing 'If you've done nothing wrong you've got nothing to fear' campaign to lull the moron majority into complacence.

      I hate to sound defeatist on this, but we are going to have to start building darknets if we want truly free communication in the future.

  • by Anonymous Coward

    Over My Cold Dead Body will the ITU introspect anything of mine.

    The ITU, previously known as the CCITT is a body known for promulgating overcomplex incomprehensible standards that no one in their right mind uses.

    Now, without sanction, these blowhards are trying to capture regulation and management of the WORKING internet.

    Both Corporations and country blocks have found it far too easy to pack/suborn these institutions and then claim control of really important issues like exergy (Climat Change).

    As a Swiss,

  • by WaffleMonster (969671) on Tuesday December 04, 2012 @08:34PM (#42187255)

    Props to Bellovin et al for arranging the numbering coincidence.

  • So,
    Stop SOPA! Done.
    Stop ACTA! Done.
    Stop ITU...? Oups.

    We missed a letter-combo. Well played.

  • DPI != spying (Score:4, Insightful)

    by sgt scrub (869860) <<moc.oohay> <ta> <muitnias>> on Tuesday December 04, 2012 @08:40PM (#42187297)

    You do not have to do deep packet inspection to spy on traffic. In fact, you have to spy on traffic to do deep packet inspection. The vast majority of information gleaned about people has absolutely nothing to do with traffic filtering. Things like redirecting DNS queries, logging x-forwared-for headers, persistent HTTP connections, are vastly more popular for garnishing user information. It is easier, and much less expensive, to drop information gathering warez on a large number of machines than implementing DPI. DPI is best used to protect networks from stupid people. Yes it is used to filter access. Only a really stupid network engineer would use it for spying.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Seriously. DPI means the forwarding router being able to check against protocol signatures at more or less line rate, so that you can have forwarding/firewall/QoS rules that say things like "from application-group [VOICE | GAMING | PEER-TO-PEER | ETC]" instead of dumb rules based on tcp/udp and port. Yes, as an ISP, you want to be able to give preferential treatment to voip and gaming packets over filesharing, since everything is always oversubscribed, by necessity. The government has your packets if the

    • by Anonymous Coward

      You have to do DPI to block hidden traffic you don't want to occur. It is how oppressive regimes stop the flow of information via Tor or I2P.

      The people using these technologies are doing so that they can communicate with the outside world without being killed.

      It is not hard to see why the UN ( which has a lot of member states which would benefit from not having the outside world privy to their actions ) would enact this measure.

      Countries like China routinely block this kind of traffic using DPI. Saying that

      • by sgt scrub (869860)

        You don't need to inspect the deep end of the packet for that kind of traffic. The shallow end (4 bits in) is all you need to do that. TCP over HTTP, HTTP over ICMP, et al all are all easily recognizable by the 4th bit. China doesn't use a great firewall. They use spyware on machines tied into what people think is a great firewall. You need to have something on the end user's machines to filter encrypted traffic or have the keys. China has the keys but prefer spyware.

  • Fragmentation (Score:4, Interesting)

    by XeLiTuS (2787743) on Tuesday December 04, 2012 @08:45PM (#42187331)
    This type of all of your data are belong to us mentality is simply going to drive fragmentation of the Internet as well as a rush to spawn unrouted networks and darknets. These governments and agencies pushing for this would be better served leaving things as is since everything is on one network at this point. They're just going to make it more difficult for themselves since people will simply encrypt data and adapt.
    • by Desler (1608317)

      This type of all of your data are belong to us mentality is simply going to drive fragmentation of the Internet as well as a rush to spawn unrouted networks and darknets.

      And? You think that isn't the goal? The average user isn't going to use unrouted networks and darknets. The content will effectively be inaccessibly the the vast majority of average users and that's all these governments care about. The 1 in 10000 person who is using some obscure darknet really doesn't register on their radar.

  • by Bluecobra (906623) on Tuesday December 04, 2012 @08:48PM (#42187363)

    ... I'm gonna go build my own Internet! With blackjack and hookers! In fact, forget the Internet!

  • DPI isn't a problem. (Score:2, Interesting)

    by AK Marc (707885)
    What's the issue? DPI is done today by most carriers. Most DPI I've seen doesn't do much more than look at headers, anyway, unless it's a firewall or other security device.

    It's not a bad thing to prioritize HTTP above or below FTP or bittorrent, and that's not even a violation of net neutrality, unless the ISP sells FTP or BT services at additional cost. When everyone has their BT client set to run on port 80, how do you prioritize traffic? Does it matter if you are a large corporation and it's at your
    • DPI is never a good thing. Period. You should not be able to prioritize any type of package on your network if you are a ISP, that goes against net neutrality even if you do not charge extra for it. Net neutrality has no exceptions, it means that it doesn't matter what flows, it will all be treated the same.
    • by smellotron (1039250) on Tuesday December 04, 2012 @11:30PM (#42188301)

      But if someone sets up BT on 80, how do you verify the protocol without looking at the payload? Even then, there are "tricks" where P2P protocols can use HTTP GET and PUT in the payload to be able to manipulate inspection.

      Ugh. I had to do some research on SOAP as a part of an internship at an "Enterprisey" software shop. Many SOAP software stacks advertised themselves as firewall-friendly because they would "punch through the firewall on port 80". That is, the SOAP service was encapsulated in HTTP, with the implication that this was superior to getting permission from your network admins. Of course, these same service providers also provided "SOAP firewalls" so they could profit off of your company's internal dysfunction. What a pile of garbage, all of it.

      Anyhow, I can see why BT would want to encapsulate itself in HTTP, but it stinks of an arms race.

    • Most DPI I've seen doesn't do much more than look at headers

      DPI - The 'D' stands for deep, if you're just looking at headers then it's "Shallow Packet Inspection".

      • by AK Marc (707885)
        Anything past the destination IP is deeper than necessary. Why use an ambiguous and subjective word like "deep" when "payload" is the proper technical term? Because many DPI *don't* look into the payload, and confusion allows the liars to advertise port-based DPI as DPI.
  • by Attila Dimedici (1036002) on Tuesday December 04, 2012 @09:10PM (#42187523)

    One of the big issues surrounding WCIT and the ITU has been the lack of transparency — or even understanding what real transparency might be.

    I am confused. Why would you say that the WCIT and the ITU have lacked transparency? Something that is transparent can be seen through. I don't know about you, but I saw right through them when they said they were doing this to "enhance freedom".

  • by manu0601 (2221348) on Tuesday December 04, 2012 @09:57PM (#42187799)
    If we were looking for good reasons to not give Internet governance to ITU, here we are. Of course one could argue that the current Internet steward, USA, is also a spying big player, but at least it does not openly brag about it.
  • by fufufang (2603203) on Tuesday December 04, 2012 @10:02PM (#42187825)

    I think ITU's action shows the true colour of the United Nation. I think it is simply too dangerous to pass on the control of the Internet to the United Nation.

    • by fyi101 (2715891) on Wednesday December 05, 2012 @08:36AM (#42190805)
      This might surprise you, but the United Nations is a big organization, and different parts of it act and think in different ways, sometimes with great disagreements. In fact, that's the whole purpose of the UN: to gather all this people together in one place and make them lob disagreements at each other instead of grenades. Just because one organization associated to the UN misbehaves doesn't mean the World Government is out to get you. Your comment about the UN's "true colours" betrays somewhat of a misconception of the way things work there. It's messy like all human things, but if you don't like the UN, just wait until the world drops any pretense of working together for a unified civilization, and the dictators participating in the Human Rights Commission leave it and drop any pretense of caring for them, then things will get really fun (at least now they admit Human Rights exist and pay lip service to them, that alone is already an ideological victory, which is more important that you might think).
  • Motivation

    Packet forwarding and DPI (deep packet inspection) are essential for multi-service delivery in packet-based networks and NGN environment. It is particularly true when handling multi-service (e.g. IPTV/VoIP) traffic because these applications have strict requirements on jitter, delay and packet loss rate. The functionalities of DPI and packet forwarding enhancement can properly identify different type of traffic so as to provide performance guarantees to allow for time-sensitive applications.

    Yep. That sounds deeply sinister. They want to improve your Skype call quality. Those sick people.

  • Apparently the ITU, in its bid to take over the Internet, has decided to adhere to the worst totalitarians it can find as allies. Fortunately what they don't appear realize is that this alienates them with their natural allies inside the US, left-wing anti-DoD (if not outright anti-US) intellectuals.

    And there's always the risk that Vint Cerf [venturebeat.com] will take his Internet and go home.

  • by Anonymous Coward

    The ITU doesn't want to spy on your or disable your internet connection. The companies that are asking you to stand up and stop the ebil UN do - Google watches everything you do, all day, every day, and will delete everything you post and remove your account on a robotic whim. Just like every other large internet company.

    You say you don't want decisions made behind closed doors? They already are. Google doesn't give a crap what you think. Neither does Apple, or Facebook, or Twitter.

    You say you're opposed to

    • by Altrag (195300)

      There's a pretty big difference between a state-enforced censorship affecting everybody all the time and a private censorship only affecting their customers and only when those customers are using the service.

      If Google decides to censor something that I disagree with I can just not use Google and take my business to Bing (harhar.)

      If my government does it, I have to move to a whole other country to avoid it.

      And if an international treaty does it.. then what?

      As for the US doing whatever it wants well.. that's

  • ...is available for most protocols - use it!

    I would not dream of accessing my mail using plaintext protocols for instance; imaps and smtps is the way to go.

    And many websites are also available using https instead of http, and there are browser extensions that help you to avoid forgetting, and trying https in vain where not available.

    These measures may not be perfect but they do make eavesdropping much more difficult.

  • I'm sorry, but who gives a fuck what the ITU have to say about DPI?

    If I invent a new network protocol and people start using it, it gets used. I don't need the ITU to go "Ooh, that's nice. Everybody use Cederic's lovely new protocol"

    The ITU didn't design, implement, promote and create a worldwide network based on TCP/IP. It managed perfectly well without them, and its replacement can too.

    Let them make up their own little rules. The Internet grew without them, and a new network (with interoperability no less

  • Entities works in secret to require that others don't use secret. If there wants transparency, the minimum is that there are already transparent.

"Never ascribe to malice that which is caused by greed and ignorance." -- Cal Keegan

Working...