Home / News I have a News Tip

Rising Concerns Over UN Anti-Cyberattack Plan: Could End Internet Anonymity

Recent reports suggest that the International Telecommunication Union (ITU), a United Nations agency, is "quietly drafting technical standards, proposed by the Chinese government," aimed at preventing Internet attacks which could also put an end to anonymity on the Internet.

At an up coming ITU meeting in Geneva next week, telecommunication experts will be discussing draft recommendation of "IP Traceback" use case and requirements, looking at ways to identify the source of packets sent across IP (Internet Protocol) networks.

Also posted on Dave Farber's public mailing list, Declan McCullagh has shared some additional findings as a result of speaking to various people involved at ITU and while preparing to write his article:

  • The ITU's Q6/17 group is meeting next week in Geneva with an eye to having a final document finished sometime in 2009 (though one editor told me it might take longer). The proceedings are not open to the public — I applied to attend and was rejected — and relatively few documents are public.
  • China's proposal submitted in April says the "IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc." It adds: "To ensure traceability, essential information of the originator should be logged."
  • An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary said: "Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity."
  • An ITU presentation in July from Korea said that groups such as the IETF should be "required to develop standards or guidelines" that could "facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback." Another Korean proposal — which has not been made public — says all Internet providers "should have procedures to assist in the lawful traceback of security incidents."

Read full story: CNET News

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

My Computer != Me Chris Snyder  –  Sep 15, 2008 4:39 AM PST

You can (and sometimes should) trace bad actions to a source computer, but that doesn't actually prove anything. Given the sophistication of virus and botnet authors, and the relative weakness of consumer operating systems and application platforms to attack, people can't actually be held accountable for what happens on the computers they own or use.

You and your computer are separate entities. Even your cellphone, once thought to be as personal a computer as you can get, is a full-fledged consumer OS running third-party applications downloaded from the 'net.

Any actual policy or law based on removing anonymity from the Internet has to address the fact that there is no way, beyond circumstantial evidence, to "trace back" the actions of a computer to a particular human operator. Anything can be scripted, and no operator has perfect knowledge of what's happening in software.

To post comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign