Plans to adopt a global standard to make it easier for governments and corporations to intercept all our Internet traffic have been “quietly endorsed” at the International Telecommunications Union (ITU) meeting taking place behind closed doors in Dubai this week.
According to the Center for Democracy & Technology (CDT), the new standardization – officially listed as Requirements for Deep Packet Inspection in Next Generation Networks, or Y.2770 – poses severe threats to online privacy without once mentioning any privacy concerns in the document.
News that the ITU has already endorsed the standardization for “Black Box” Deep Packet Inspection (DPI)  does not bode well for the remainder of the 11-day meeting that ends on Friday, December 14.
“The ITU-T DPI standard holds very little in reserve when it comes to privacy invasion,” says the center. “For example, the document optionally requires DPI systems to support inspection of encrypted traffic ‘in case of a local availability of the used encryption key(s)’.”
But, says the center, it is “not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications.”
The ITU has drawn considerable criticism for its lack of transparency and for the more draconian proposals put forward by Russia and China, and backed by many member countries from Africa and the Middle East.
These include proposed new rules to limit Web privacy and outlaw anonymity, and introduce Internet tariffs and taxes.
Many members of the secretive U.N. body, which previously concerned itself with 20th century technology like telephones and faxes, want to see the organization take on the role of Internet regulator.
This prompted swift and highly-critical responses from the White House, the European Parliament and online giants like Google, as well as privacy campaigners.
There is considerable backing within the ITU to have certain of its recommendations made mandatory, which will provide a legal framework for DPI to be built into telecommunications equipment in the future and ensure that Web developers and software programmers incorporate the technology in their work.
“Mandatory standards are a bad idea even when they are well designed,” says the CDT report. “Forcing the world’s technology companies to adopt standards developed in a body that fails to conduct rigorous privacy analysis could have dire global consequences for online trust and users’ rights.”
As with the majority of ITU recommendations up for discussion this week, draft proposals are severely restricted and not open to outside scrutiny. However, the final standard for DPI and other new rules will eventually be made public.
By then, of course, they will be enshrined in international regulations and those who want to control and censor the Internet will have the legitimacy of United Nations backing.
It seems apt that, in choosing Dubai to host its meeting, the ITU picked one of the few countries in the region not experiencing the Arab Spring, but one moving firmly in the opposite direction.