ITU Approves Deep Packet Inspection 152
dsinc sends this quote from Techdirt about the International Telecommunications Union's ongoing conference in Dubai that will have an effect on the internet everywhere:
"One of the concerns is that decisions taken there may make the Internet less a medium that can be used to enhance personal freedom than a tool for state surveillance and oppression. The new Y.2770 standard is entitled 'Requirements for deep packet inspection in Next Generation Networks', and seeks to define an international standard for deep packet inspection (DPI). As the Center for Democracy & Technology points out, it is thoroughgoing in its desire to specify technologies that can be used to spy on people. One of the big issues surrounding WCIT and the ITU has been the lack of transparency — or even understanding what real transparency might be. So it will comes as no surprise that the new DPI standard was negotiated behind closed doors, with no drafts being made available."
can you say hell no (Score:5, Interesting)
lets assume that the governments don't say no, they would still have to overturn wiretapping laws in the US at least. but maybe we could use this to get our security complacent friends to use strong encryption.
End-to-end encryption (Score:5, Interesting)
End-to-end encryption. Problem solved.
fucking politicians... (Score:5, Interesting)
Sorry for the flamebait here, but goddamn!
They *clearly* know that these measures are against the public interest, and are only desirable for reasons that are directly counter to a free and legitimate government; that the voting publics that they represent would never willingly agree to this kind of "microscope colonoscopy" type surveylence if they knew what it really meant.
That's why the fuckers do closed room and secret fucking "negotiations" to plan, orchestrate, and implemet bullshit like this.
About the only way to combat this is to make closed room negotiations so undesirable from a political career standpoint that the slimeballs treat like radioactive waste.
Something like immediate no-confidence being enacted for mere participation or something, and blacklisting from ever running for public office ever again.
Of course, such strong measures would never make it passed the slimeballs to begin with.
Fox fucking owns the henhouse.
The answer to 1984 is RFC 1984 (Score:5, Interesting)
Props to Bellovin et al for arranging the numbering coincidence.
Fragmentation (Score:4, Interesting)
DPI isn't a problem. (Score:2, Interesting)
It's not a bad thing to prioritize HTTP above or below FTP or bittorrent, and that's not even a violation of net neutrality, unless the ISP sells FTP or BT services at additional cost. When everyone has their BT client set to run on port 80, how do you prioritize traffic? Does it matter if you are a large corporation and it's at your own corporate edge? I want to be able to set HTTP above FTP and FTP above BT. But if someone sets up BT on 80, how do you verify the protocol without looking at the payload? Even then, there are "tricks" where P2P protocols can use HTTP GET and PUT in the payload to be able to manipulate inspection.
The problem is when DPI is used for "bad things" and we should worry about the bad acts, not the tools used.
Re:DPI != spying (Score:2, Interesting)
Seriously. DPI means the forwarding router being able to check against protocol signatures at more or less line rate, so that you can have forwarding/firewall/QoS rules that say things like "from application-group [VOICE | GAMING | PEER-TO-PEER | ETC]" instead of dumb rules based on tcp/udp and port. Yes, as an ISP, you want to be able to give preferential treatment to voip and gaming packets over filesharing, since everything is always oversubscribed, by necessity. The government has your packets if they want them, and they don't need "DPI" to see what is in them.
Re:can you say hell no (Score:5, Interesting)
...they would still have to overturn wiretapping laws in the US...
Except that treaties that the US agrees to trump all domestic laws, regulations, and statutes...everything but the US Constitution, and as much as that meant to halting anything the government/politicians really wanted over the last few decades, I wouldn't put a lot of faith in that "goddamn piece of paper!"
Treaties entered into by the Executive Branch need to be ratified by Congress, but even if Congress fails to ratify it, that would not necessarily kill it. In many instances over the last decade, Congress has been bypassed by Executive Orders and similar Executive Branch power tactics to achieve their goals and simulaneously grab more Executive Branch power despite Congressional inaction and/or opposition, Congressional and/or popular.
There has to be a BIG push-back on this to stop it. Whether or not that push-back materializes to the strength and magnitude required to stop it is anyone's guess at this point, although I admit being pessimistic.
Strat
Re:Handing the Internet's control to the UN eh? (Score:4, Interesting)