ITU Approves Deep Packet Inspection Standard Behind Closed Doors, Ignores Huge Privacy Implications
December 5th, 2012Via: Techdirt:
Techdirt has run a number of articles about the ITU’s World Conference on International Telecommunications (WCIT) currently taking place in Dubai. One of the concerns is that decisions taken there may make the Internet less a medium that can be used to enhance personal freedom than a tool for state surveillance and oppression.
Against that background, a story published by the Center for Democracy & Technology about the ITU’s work in the area of standards takes on an extra significance:
The telecommunications standards arm of the U.N. has quietly endorsed the standardization of technologies that could give governments and companies the ability to sift through all of an Internet user’s traffic — including emails, banking transactions, and voice calls — without adequate privacy safeguards. The move suggests that some governments hope for a world where even encrypted communications may not be safe from prying eyes.
The new Y.2770 standard is entitled “Requirements for deep packet inspection in Next Generation Networks”, and seeks to define an international standard for deep packet inspection (DPI). As the Center for Democracy & Technology points out, it is thoroughgoing in its desire to specify technologies that can be used to spy on people:
The ITU-T DPI standard holds very little in reserve when it comes to privacy invasion. For example, the document optionally requires DPI systems to support inspection of encrypted traffic “in case of a local availability of the used encryption key(s).” It’s not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications.
