December 5, 2012 3:29 AM   Subscribe

At its WCIT meeting in Dubai, the UN's ITU has quietly approved a collection of RFCs called 'Requirements for Deep Packet Inspection in Next Generation Networks' (Y.2770) designed to standardize broad spectrum traffic sniffing. The European Parliament recently passed a resolution against the ITU asserting exactly this sort of control over internet standard.
posted by jeffburdges (23 comments total) 10 users marked this as a favorite
Despte the misleading black-helicopter framing of the FPP, the matter of lawful interception is a fairly standard thing in telecommunication networks. Pretty much every country in the world requires that telecom operators make legal taps available to law enforcement and equipment operators are required by law to comply. It's not a power grab by the ITU, it is simply a technical affirmation of what the Grateful Dead said: "Well if you got a warrant, I guess you're gonna come in".

The real worry is, of course, this being done without a warrant, but that would seem to be outside the purview of the technical bodies at ITU.
posted by three blind mice at 3:44 AM on December 5, 2012 [3 favorites]

Y.2770 was passed at WTSA (telecommunications standards), not WCIT.
Y.2770 deals with deep packet inspection, and is not related to wireless spectrum in any way
Y.2770 doesn't have anything to do with Internet standards, per se, as it could be applied to any network that has routers in it (and it is therefore not particularly related to the resolution from the EU Parliament).

But yeah, other than that you're spot on, OP.

Protip: Masnick and Falkvinge aren't always the most accurate places to get your news. If all you're looking for is GRAR though, you're doing just fine.
posted by Inkoate at 3:50 AM on December 5, 2012 [4 favorites]

Wrong, three blind mice. DPI is about sniffing everyone; in particular no warrants. Lawful intercept only requires knowing IP addresses.

Inkoate, I haven't mentioned wireless spectrum anywhere, but yes the E.P. resolution is against the ITU's political power grab, not any particular technical proposal, that's merely an update on the previous ITU fpp.
posted by jeffburdges at 4:03 AM on December 5, 2012

According to Harvard law prof Jack Goldsmith, concern about the effects of the WCIT are almost certainly overblown. It has roughly about as much ability to "take control of the internet" as international climate change accords have to take control of carbon emission. (you should read this article, it's very thoughtful and thorough)

1. ITU Secretary-General Hamadoun Touré has maintained that WCIT-12 “will not vote on any issues” but rather will proceed by consensus. If this is true, then no nation – and especially a nation as powerful as the United States – need worry about WCIT-12, for every nation will have a veto.

2. Assuming all the nations there agree on a law, the US (or any other) gov't could still opt out at any time.

3. Assuming all nations agree and the US wants to make some significant change, this is not merely a presidential decision; the 1988 ITRs were submitted to the Senate as a treaty, and presumably any fundamental change to them would be as well.

4. Any amendments would almost certainly – like the current ITRs – be very vague and subject to multiple interpretation and contestation. In addition, the ITRs and the ITU have no enforcement or dispute resolution mechanism. Rather, they are, as the ITU itself correctly says, “implemented by member states through national legislation, without surrendering any sovereign rights to ITU or any other UN body.” The United States has interpreted (and disregarded) the current ITRs in opportunistic ways when its interests suited it and its power permitted it (see, e.g., this case), and any nation could do the same in the face of any ITRs amendment.

In short, the ITRs are hard to amend; if amended, ITRs are not self-enforcing; the ITU has no army; and the ITU cannot force any nation to do anything it doesn’t want to do.
posted by to sir with millipedes at 4:12 AM on December 5, 2012 [5 favorites]

jeffburdges: you talk about spectrum packet sniffing. Maybe I misunderstood you?

Also, everything to sir with millipedes just said. The western press has been overblowing the possible effects of the WCIT. There is work to be done here to make sure that some bad things don't get into the ITRs, but the world will not end when this conference finishes.

In particular, Y.2770, while it is not perfect (particularly in not addressing the privacy implications of DPI), matters almost not at all. DPI is a feature in nearly every commercial router sold already today. It would continue to be tomorrow, even if WTSA had done nothing on the topic. If you don't like it (and I fully understand that position) I recommend you encrypt everything you put over the pipe.
posted by Inkoate at 4:26 AM on December 5, 2012 [2 favorites]

Makes one wonder why an outfit with so little apparent power is working so hard to take away that of others over the sanctity of their own increasingly dwindling privacy.
posted by Blazecock Pileon at 4:37 AM on December 5, 2012 [3 favorites]

I'm as skeptical of the ITU-T's motives as anyone, but there seems to be a lot of smoke here and very little fire.

First: the ITU-T can't meaningfully "approve" RFCs: RFCs are published by the IETF. The ITU-T "approving" an RFC is exactly as meaningful as any random guy off the street pointing at an RFC and saying "I like RFC 1149", for example. Second, nothing here actually has the force of law.

I can't read the text of Y.2770, since I'm not part of the ITU-T, so I don't actually know what's going on here, but it's likely got very little to do with mandating privacy-threatening DPI everywhere and more to do with specifying how DPI boxes (which are going to be deployed by governments that want to deploy them anyway) should talk to each other.

Looking at the RFCs referenced by Y.2770, RFCs 5101 and 5102 define IP Flow Information Export (IPFIX) (full disclosure, I'm an author of RFC 5101, and am presently working within the IETF to update both RFCs; if you prefer to read about IPFIX in C++ or Ruby, have a look at github.) which is an extensible protocol for describing information about network flows. Flow measurement is based on looking at endpoints -- "which IP sent how much data from which port to which port at which IP at what time" -- and the data, roughly equivalent to pen register data from the PSTN, is used for billing and accounting, performance monitoring, capacity planning, general network management, anomaly detection and various security monitoring, but there's specifically no payload available. This is not new technology. RFC 5101 was published in 2008, and describes something quite similar to Cisco's NetFlow version 9 protocol, described in 2004 in RFC 3954, but available before that, I believe.

RFC 5476 defines PSAMP (Packet SAMPling), which sits on top of IPFIX to provide packet-level data. For the most part, this is intended for the same sort of applications as IPFIX itself, just using sampled packets (without payload, or with generated "dummy" payload for active network measurement techniques) instead of flows because packet sampling requires less state on the measurement device than flow measurement does. Now, you could use the PSAMP Information Elements to export packet contents, though sampling a full packet stream is technically explicitly forbidden by the IETF standard (see PSAMP's security considerations); this itself is rather meaningless because a DPI box doesn't actually have to follow IETF standards to the letter.

One could certainly extend IPFIX and PSAMP to do classification of flows and to link DPI-derived data to flows, but there's nothing inherent about the technology that implies surveillance applications.

None of this has very much to do with the WCIT, except the WCIT is also an ITU-T thing. On the WCIT, what to sir with millipedes said. And following Inkoate, encryption (e.g. HTTPS Everywhere) is your best defense, and will in the end render DPI useless anywhere encryption isn't outlawed.
posted by Vetinari at 4:40 AM on December 5, 2012 [11 favorites]

Wrong, three blind mice. DPI is about sniffing everyone; in particular no warrants. Lawful intercept only requires knowing IP addresses.

OK I am game to learn something. What is wrong with anonymously "sniffing everyone" in the context of network management? Isn't this done now to some extent, e.g. looking at DiffServ bits and things like that for QoS purposes? Isn't the perceived problem privacy and does not LI already make those concerns moot?
posted by three blind mice at 4:54 AM on December 5, 2012 [1 favorite]

Doesn't really matter. Darknets are popping up everywhere, and they talk to each other over heavily encrypted channels, only some of which go over the internet.
posted by Slap*Happy at 4:55 AM on December 5, 2012

Makes one wonder why an outfit with so little apparent power is working so hard to take away that of others over the sanctity of their own increasingly dwindling privacy.

In the same article I linked earlier, Goldsmith says that while the power that the WCIT has is minimal, the concern is that vaguely worded recommendations by the body can be used as cover to enact laws that have international repercussions:
some national regulators that want to exert more control domestically could be empowered under domestic law or politics if their regulatory aims find support in the ITRs. As a matter of sovereignty, neither amendment nor non-amendment of ITRs would prevent nations from regulating within their borders to promote their vision of the Internet. But given the domestic and legal situation in some nations, the ITRs might enhance domestic regulatory power in those nations by providing political or legal cover or support for such regulation. And any such domestic regulations could impact other nations to the extent that they enhanced (or weakened) the nation’s power to regulate content, pricing, surveillance, and security on the Internet. To take a simple example, if amendments to ITRs empower a regulator in Mongolia to charge Google or Facebook for transmission of its services in Mongolia (which currently does not happen), the ITRs could indirectly harm U.S. economic and political interests.
He also says that it's essentially a place for nations to come together and compare notes, so they can pick up the technical "best" practices of other countries and potentially try to implement them domestically.
posted by to sir with millipedes at 4:59 AM on December 5, 2012

Yeah, the ITU doesn't really hold that much power over the world's governments. It's roughly analogous to an international pizza research consortium offering recipes and guidelines on how to make certain kinds of pizza to pizza makers all over the world. Most places will just keep making their own kind of pizza.

In this case the "pizza recipe" is basically the answers to "What are the current best practices for broad spectrum internet wiretapping, monitoring and inspection? Let's share notes!"

And I'm going to say this again because it's important and the cat has long since been let out of the bag:

You should assume that all of your electronic communication is monitored, logged and recorded whether it's encrypted or not. By multiple agencies and/or governments depending on your traffic route. Even the encrypted stuff, which may be simply stored encrypted as is for later inspection just in case, or for when it becomes trivial to crack.

And I mean all of it. Every last packet and byte - at least the ones that matter.

It's no longer beyond the realm of technical feasibility to do so. Large agencies like the NSA have been building out and deploying a large monitoring network for years, and it's less complicated than you think to do so. If needed it's easy enough to discard the superfluous high bandwidth data like netflix, pandora or youtube and just keep all of the personally generated data.

Google already does this to provide all of their cloud services. They're just one such company betting on the long bet that offering free, unlimited email is a very valuable thing. To them. Not you.

How many public channels does your data actually go over? Gmail? Facebook? Skype or Facetime? Maybe a couple of kinds of instant messenger protocols? Maybe a little SSH if you work in IT or development? You could fit most of that traffic on a small flash drive every month.

All of that data goes through an alarmingly small amount of concentration points that are easily tapped and mirrored by whatever legal or quasi-legal entity who wishes to do so. Remember the AT&T wiretapping case where a top level network node was having its traffic split to a secret room? I promise you they're still doing that. They're just going to be much more careful about not being noticed or caught.

Assume all of your data is already being logged, scanned, and/or inspected. All of it. Even the encrypted stuff should be considered suspect.

And you should be really pissed off and freaked out about it.

The danger isn't less from your local bumbling government, but that most of the agencies doing the snooping are extra-governmental and they tend to concentrate power for their own self protection, gain and power in spite of government.
posted by loquacious at 5:26 AM on December 5, 2012 [23 favorites]

Logged in and allowed the various Javas to load and talk to each other in order to favorite that, laquacios.
posted by eurypteris at 7:26 AM on December 5, 2012 [1 favorite]

And you should be really pissed off and freaked out about it.

instead of that, what are things we can do about it
posted by This, of course, alludes to you at 7:46 AM on December 5, 2012

Peek-a-boo, ITU?
posted by ZenMasterThis at 7:51 AM on December 5, 2012

This is a rather depressing turn of events - international bodies should be working to improve the global state of the world and not standardizing a bunch of often illegal spying activity.

Fuck so-called Lawful interception; spying isn't more respectable just because it is allegedly in pursuit of criminals.
posted by ioerror at 9:59 AM on December 5, 2012 [2 favorites]

instead of that, what are things we can do about it

Come hack on Tor with us?
posted by ioerror at 10:06 AM on December 5, 2012 [4 favorites]

>instead of that, what are things we can do about it

Nothing. Or join the EFF, which is a great org and will make you feel better than nothing but won't practically accomplish anything on this front.

Example - In 2000 the existence of one global program from the 70's and 80's was acknowledged in public. It is literally the stuff of Bond movies and conspiracy buffs, yet no batted an eye. Again with room 614 mentioned above. Again with patriot act. And that's just the stuff we have wiki articles on.

And all this and more is supported by multiple global intelligence agencies and operatives, backed by multiple governments world-wide to be used on their own people. It is so common and unremarkable today that telecomm workers unions are setting up best practices to support it. So pardon my defeatism, but I don't see anything that can be done to oppose this.
posted by anti social order at 11:54 AM on December 5, 2012

ioerror: "international bodies should be working to improve the global state of the world and not standardizing a bunch of often illegal spying activity."
International bodies are run by the nations that make up their membership. When a majority of the members spy on their own citizens, of course the international body is going to reflect that.

/UN employee
posted by brokkr at 12:01 PM on December 5, 2012 [1 favorite]

ioerror: Come hack on Tor with us?

Tor is wonderful. What can non-programmers do about it?
posted by dunkadunc at 9:17 AM on December 6, 2012

posted by brokkr at 12:19 PM on December 9, 2012

« Older Cthulhu awaits for another day...   |   The ethics of taking a picture Newer »

This thread has been archived and is closed to new comments