CircleID

Recent reports suggest that the International Telecommunication Union (ITU), a United Nations agency, is "quietly drafting technical standards, proposed by the Chinese government," aimed at preventing Internet attacks which could also put an end to anonymity on the Internet.

At an up coming ITU meeting in Geneva next week, telecommunication experts will be discussing draft recommendation of "IP Traceback" use case and requirements, looking at ways to identify the source of packets sent across IP (Internet Protocol) networks.

Also posted on Dave Farber's public mailing list, Declan McCullagh has shared some additional findings as a result of speaking to various people involved at ITU and while preparing to write his article:

• The ITU's Q6/17 group is meeting next week in Geneva with an eye to having a final document finished sometime in 2009 (though one editor told me it might take longer). The proceedings are not open to the public — I applied to attend and was rejected — and relatively few documents are public.
• China's proposal submitted in April says the "IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc." It adds: "To ensure traceability, essential information of the originator should be logged."
• An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary said: "Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity."
• An ITU presentation in July from Korea said that groups such as the IETF should be "required to develop standards or guidelines" that could "facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback." Another Korean proposal — which has not been made public — says all Internet providers "should have procedures to assist in the lawful traceback of security incidents."

Read full story: CNET News

Related topics: Cyberattack, Cybercrime, Internet Governance, Privacy