Our coation partners over at the Centre for Democracy and Technology (CDT) have raised concerns over some developments in the International Telecommunications Union (ITU) negotiations currently going on in Dubai. These negotiations will expand the power of the ITU, and as we’ve noted in the past, their secrecy is being used by some nations to push undemocratic rules that will legitimize the censorship and surveillance of its citizens. The CDT has now discovered that this goal has been brought one step closer to reality, through new rules for the standards-setting body of the ITU in advance of the official negotiations.
“The [new standard] holds very little in reserve when it comes to privacy invasion... It’s not entirely clear under what circumstances ISPs might have access to [decryption] keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications.”
“Forcing the world’s technology companies to adopt standards developed in a body that fails to conduct rigorous privacy analysis could have dire global consequences for online trust and users’ rights.”
“The idea that adding [deep packet inspection] to a network creates a potential security risk for users – not just for network operators – is utterly absent... Adding [deep packet inspection] to a network creates a significant new attack vector; thorough threat modelling and mitigation at the standardization phase are more than appropriate – they’re absolutely necessary.”
“it further highlights the grave problems with trying to address cybersecurity through a closed, centralized body where ultimate authority rests with regulators and where technical experts and advocates cannot even access draft specifications.”