Home / News I have a News Tip

Rising Concerns Over UN Anti-Cyberattack Plan: Could End Internet Anonymity

Recent reports suggest that the International Telecommunication Union (ITU), a United Nations agency, is "quietly drafting technical standards, proposed by the Chinese government," aimed at preventing Internet attacks which could also put an end to anonymity on the Internet.

At an up coming ITU meeting in Geneva next week, telecommunication experts will be discussing draft recommendation of "IP Traceback" use case and requirements, looking at ways to identify the source of packets sent across IP (Internet Protocol) networks.

Also posted on Dave Farber's public mailing list, Declan McCullagh has shared some additional findings as a result of speaking to various people involved at ITU and while preparing to write his article:

  • The ITU's Q6/17 group is meeting next week in Geneva with an eye to having a final document finished sometime in 2009 (though one editor told me it might take longer). The proceedings are not open to the public — I applied to attend and was rejected — and relatively few documents are public.
  • China's proposal submitted in April says the "IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc." It adds: "To ensure traceability, essential information of the originator should be logged."
  • An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary said: "Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity."
  • An ITU presentation in July from Korea said that groups such as the IETF should be "required to develop standards or guidelines" that could "facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback." Another Korean proposal — which has not been made public — says all Internet providers "should have procedures to assist in the lawful traceback of security incidents."

Read full story: CNET News

Related topics: Cyberattack, Cybercrime, Internet Governance, Privacy

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

My Computer != Me Chris Snyder  –  Sep 15, 2008 5:39 AM PDT

You can (and sometimes should) trace bad actions to a source computer, but that doesn't actually prove anything. Given the sophistication of virus and botnet authors, and the relative weakness of consumer operating systems and application platforms to attack, people can't actually be held accountable for what happens on the computers they own or use.

You and your computer are separate entities. Even your cellphone, once thought to be as personal a computer as you can get, is a full-fledged consumer OS running third-party applications downloaded from the 'net.

Any actual policy or law based on removing anonymity from the Internet has to address the fact that there is no way, beyond circumstantial evidence, to "trace back" the actions of a computer to a particular human operator. Anything can be scripted, and no operator has perfect knowledge of what's happening in software.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Promoted Post

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Sponsored Topics