Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Hi, On Thu, Dec 06, 2012 at 01:19:47PM +0100, KheOps wrote: DPI censorship is not a 'competitive' advantage, so it's quite likely that in a pure market society ('anarchocapitalism') without strong socialistic governments and their stupid Internet regulations, most Internet providers WILL NOT censor their connections, otherwise they will loose their customers. Most customers are not willing to pay for censored Internet if they can choose unfiltered free Internet. And the only one who can take them this right is a monopoly for laws/regulations - the centralized government. I'd say it can happen for purely economic reasons. For instance, in France, some ISPs used to have marketing agreements with Dailymotion and consequently slowed down Youtube access. This is completely fine if customers decide for this kind of marketing / ads Internet connection for free (and accept all related advertisements). I am more than sure there will be also an economical demand for non-ads, non-filtered and fast Internet and many people will be willing to pay for it. So market will work. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
On Thu, Dec 06, 2012 at 01:25:46PM +0100, Julian Oliver wrote: Great examples. I've often experienced what appears to be severe throttling of an Alice DSL connection (Germany) after using bittorrent, whether that be to download a Linux ISO or otherwise. It persists for an hour or so after the bittorrent application is stopped. Telling locals about it one night it appears it's quite common. If there are enough people willing to pay for fast bittorrent downloads, I am sure that for someone it will make sense to build a new ISP especially for needs of these people. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Hi, Le 05/12/2012 23:10, Pavol Luptak a écrit : On Wed, Dec 05, 2012 at 07:27:27PM +0100, Christian Fuchs wrote: [...] DPI censorship is not a 'competitive' advantage, so it's quite likely that in a pure market society ('anarchocapitalism') without strong socialistic governments and their stupid Internet regulations, most Internet providers WILL NOT censor their connections, otherwise they will loose their customers. Most customers are not willing to pay for censored Internet if they can choose unfiltered free Internet. And the only one who can take them this right is a monopoly for laws/regulations - the centralized government. I'd say it can happen for purely economic reasons. For instance, in France, some ISPs used to have marketing agreements with Dailymotion and consequently slowed down Youtube access. Another exemple is the will to forbid VoIP on 3G connections in order to force people to continue using the old GSM thingy (also happening in France afaik). KheOps -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
..on Thu, Dec 06, 2012 at 01:19:47PM +0100, KheOps wrote: Hi, Le 05/12/2012 23:10, Pavol Luptak a écrit : On Wed, Dec 05, 2012 at 07:27:27PM +0100, Christian Fuchs wrote: [...] DPI censorship is not a 'competitive' advantage, so it's quite likely that in a pure market society ('anarchocapitalism') without strong socialistic governments and their stupid Internet regulations, most Internet providers WILL NOT censor their connections, otherwise they will loose their customers. Most customers are not willing to pay for censored Internet if they can choose unfiltered free Internet. And the only one who can take them this right is a monopoly for laws/regulations - the centralized government. I'd say it can happen for purely economic reasons. For instance, in France, some ISPs used to have marketing agreements with Dailymotion and consequently slowed down Youtube access. Another exemple is the will to forbid VoIP on 3G connections in order to force people to continue using the old GSM thingy (also happening in France afaik). Great examples. I've often experienced what appears to be severe throttling of an Alice DSL connection (Germany) after using bittorrent, whether that be to download a Linux ISO or otherwise. It persists for an hour or so after the bittorrent application is stopped. Telling locals about it one night it appears it's quite common. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/12/12 11:19 PM, KheOps wrote: I'd say it can happen for purely economic reasons. For instance, in France, some ISPs used to have marketing agreements with Dailymotion and consequently slowed down Youtube access. Another exemple is the will to forbid VoIP on 3G connections in order to force people to continue using the old GSM thingy (also happening in France afaik). Yup, some of the examples of DPI use given in the ITU's final draft includes: * DPI-based policing of peer-to-peer traffic * Services-based billing * “Business Card (vCard) application – Correlate Employee with Organization” * Identifying uploading BitTorrent users * and blocking Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols - - Asher Wolf. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQwJJEAAoJEGMP98UuqmgE1/cP/3Vyl1kGi/rt6c904R6mDD2b RgPPP6+zarMeWb0BSq0DZ4UBEPErhNKrvMVxWV0Dhbk76pVgQBZe35id/cKbtX9g r32n4P0bBTpgfRMXbbZaa0bH4CiEf3XKq9aNQsstQCT2OF9gE50nRgg5A0yB+sH5 aCzAoriyhHQM+k/8Ic1kOnxtRsgT8Zc7G/aaIiZMynWDbmDtFBJqBuhUb+BFET/1 LGoLJKaGxsXJ0yoYAAh69ES0ilPVtH50PmjcR8Sy6ADMmvD73n/z/A/otfja9QOq SWHh60Hv797DOH8DGkmClna66xN5Igx9YzlUvukW1oJGV2QSsSZwyw43tQ811FAh B4mJxqdEeIgr6B3fZpetjnnX1trgC4IG/8oU9cx64xDRm4pTEo+m6wQY76fdfcBz 2lJX7VX9pIR8K/zd46jTaVrzzl6GOHtXHRHKAc/DxhIVC3yHdSkUisMG+vX4TV3/ xvjCsuYiEfhAA95WDI1hMiyq/VGxaa0DQww2bLP7tKGh8QHca8SZ0AYdW8W4ilhC khctiL3ErmpLGqLm9IanWeRxW/AhhwTbAHqDJT9uqbg19DfFJKrhw+p9jYeU+fix NWwTIfuMa0vSSDa4Xtnuo/aMjifjm2I6CvEzMHZiC1J550s+HDDq1ev3IWxzOnOe 3Oe39CovxD8M91qHsrU1 =WN+y -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/06/2012 01:40 PM, Asher Wolf wrote: * DPI-based policing of peer-to-peer traffic * Services-based billing That is all in, Asher, but everything starts on these 90 or so pages with identifying crypto protocols and the matching of signatures to non encrypted header metada such as in SRTP. IpSCE? Further discussion. Document editor is some Guosheng Zhu from FiberHome Networks, Wuhan, China. Here is some analysis focusing on these aspects [German]. http://fm4.orf.at/stories/1709038/ Servus Erich * “Business Card (vCard) application – Correlate Employee with Organization” * Identifying uploading BitTorrent users * and blocking Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols - Asher Wolf. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- http://moechel.com/kontakt.htmlPGP KEY 0xEA7DC174 fingerprint 02AA B2E7 C609 307D 34FE 4B5C ACC6 A796 EA7D C174 - --... ...-- -.. . . .-. .. -.-. --- . ...-- . -- -... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJQwLfgAAoJEKzGp5bqfcF08aQH/jjSidBc14c6MijSHxlJTds4 fqq/6x8WuwHEH8hVnXM62GPxkW4umBrFnSqR32+OSRRLDYrW3YMPcAZ/AWtkLVD2 cgarbFGCwmX3AOnldpvydBIohdlk4DJUiYvjNizgI6ukPG9odP8vigqMDWXYSg5g 8G1lgEV2iJ2cHL6iLgBoFwpVxVrRDd+n3iZkBxB7qwBbDrSCqgeLigIy4W8cIQdQ D8H2bow6CUyaqyTSbe/QH2rrIZcRv6TFPRo/OewxiOhgOXHvEw1r5tZ3G4i50Pi1 yRkEOGNdP69Qj1CbuIQZAEkEJ7z7S7mNc1BmEp6MJLNEchQA5/x2bGxFskTT6YM= =/yQL -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Good work Asher *high five* http://www.theregister.co.uk/2012/12/06/dpi_standard_leaked/ On 6 December 2012 12:40, Asher Wolf asherw...@cryptoparty.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 6/12/12 11:19 PM, KheOps wrote: I'd say it can happen for purely economic reasons. For instance, in France, some ISPs used to have marketing agreements with Dailymotion and consequently slowed down Youtube access. Another exemple is the will to forbid VoIP on 3G connections in order to force people to continue using the old GSM thingy (also happening in France afaik). Yup, some of the examples of DPI use given in the ITU's final draft includes: * DPI-based policing of peer-to-peer traffic * Services-based billing * “Business Card (vCard) application – Correlate Employee with Organization” * Identifying uploading BitTorrent users * and blocking Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols - - Asher Wolf. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQwJJEAAoJEGMP98UuqmgE1/cP/3Vyl1kGi/rt6c904R6mDD2b RgPPP6+zarMeWb0BSq0DZ4UBEPErhNKrvMVxWV0Dhbk76pVgQBZe35id/cKbtX9g r32n4P0bBTpgfRMXbbZaa0bH4CiEf3XKq9aNQsstQCT2OF9gE50nRgg5A0yB+sH5 aCzAoriyhHQM+k/8Ic1kOnxtRsgT8Zc7G/aaIiZMynWDbmDtFBJqBuhUb+BFET/1 LGoLJKaGxsXJ0yoYAAh69ES0ilPVtH50PmjcR8Sy6ADMmvD73n/z/A/otfja9QOq SWHh60Hv797DOH8DGkmClna66xN5Igx9YzlUvukW1oJGV2QSsSZwyw43tQ811FAh B4mJxqdEeIgr6B3fZpetjnnX1trgC4IG/8oU9cx64xDRm4pTEo+m6wQY76fdfcBz 2lJX7VX9pIR8K/zd46jTaVrzzl6GOHtXHRHKAc/DxhIVC3yHdSkUisMG+vX4TV3/ xvjCsuYiEfhAA95WDI1hMiyq/VGxaa0DQww2bLP7tKGh8QHca8SZ0AYdW8W4ilhC khctiL3ErmpLGqLm9IanWeRxW/AhhwTbAHqDJT9uqbg19DfFJKrhw+p9jYeU+fix NWwTIfuMa0vSSDa4Xtnuo/aMjifjm2I6CvEzMHZiC1J550s+HDDq1ev3IWxzOnOe 3Oe39CovxD8M91qHsrU1 =WN+y -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Samuel Carlisle BEng (Hons) Dunelm MIET pgp: 0x54828CAA twitter: @samthetechie https://twitter.com/#!/samthetechie -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 woah, just read the translation. thank you. On 7/12/12 2:21 AM, Erich M. wrote: On 12/06/2012 01:40 PM, Asher Wolf wrote: * DPI-based policing of peer-to-peer traffic * Services-based billing That is all in, Asher, but everything starts on these 90 or so pages with identifying crypto protocols and the matching of signatures to non encrypted header metada such as in SRTP. IpSCE? Further discussion. Document editor is some Guosheng Zhu from FiberHome Networks, Wuhan, China. Here is some analysis focusing on these aspects [German]. http://fm4.orf.at/stories/1709038/ Servus Erich * “Business Card (vCard) application – Correlate Employee with Organization” * Identifying uploading BitTorrent users * and blocking Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols - Asher Wolf. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQwLo6AAoJEGMP98UuqmgEErAP/jMOzB999v60dxFrDosdJCCo 01jViETss54Gk+StiheBf2NKuoN+vG7GIl1hhmJ6ylFqCE9jtqgtCjnFntjkjVem E+dx5Jx2vI1CWxNNY7SAyx07kNt/Gv+et/BoRMr/84GQK4Q84JPltKYhM4+U3Cdp JBtSBalx3I8JbsgNZv2j30cTENjYU7uIY+C6rYRiHMQFoXiK4NAE9yPXh9DJ5A2H oEOVB0kRH7+5vHe12iPC0/SZHY0r3lh4mYHdgCjPSshUbPTSUOWSesxUoEkFFBG5 obInjx0xg7HmreML0JgilzpWcST/4TqVw82tAuQQ3foIOdEoOvM8/9fnXQRNY7s9 ApGJ9vhI8krZs7AkedpwFwPwHiNIJ3j4CeuTjUgbWou5HgpUAjhm5dmcb6oaXT1D zTgDdA3sG86/CKSzXtdTIHkmGidxOwmGCufN6hzP5agFFhezkegKOj6IP4wjf1yw Trh2Sy0rBmu3aZdbwqXhMIbmgrQI3NqvskwI5i8vZr9WXlDDqaQR0xxZ1izIWcFx pJ2CZdUncbUteqlF782liEcBl4nVdIBdRQPGyjNoeA1ige+DirWIvKq7+sKr/XMU 4wiOgJy2981JT1Iy25L1QcjNgnv61tScWSsslXosXRirttceh7RGNdJ9FWDm+6Mi WIJ6Dp5a6sOGfr0KgUx1 =d2Y1 -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
On Wed, Dec 05, 2012 at 08:28:36PM +0100, Petter Ericson wrote: Transparent IPv4-to-IPv6 tunneling, detection of certain forms of abuse, QoS modificaton, traffic monitoring and shaping. Obviouly, these are mostly happening at a firewall or equivalent, which is kind of the point. Very little DPI is legitimate in core networking. I would not limit your point to core networking. DPI technology is also used by organizations at the networking edges to conduct censorship. I agree that there is some legitimate use for DPI but giving up on that is a small price to pay considering the mass surveillance and censorship which is made so easy by DPI. Looking into packet payload should be considered taboo for middle boxes. No matter where they are. Cheers, Philipp -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/06/2012 04:31 PM, Asher Wolf wrote: woah, just read the translation. thank you. Compliment in return! Great to discuss this here. Apparently the doq has surfaced in Australia and Austria around the same time via different channels. Good Omen ;) The first protocol on the ITU T menu really is crypto. P2P traffic Co come long afterwards. Here is some more inside stuff on the Russian part of the game. How a Russian spook spilled the surveillance beans in ITU-T during a fit of anger. http://fm4.orf.at/stories/1708488/ lulz Erich On 7/12/12 2:21 AM, Erich M. wrote: On 12/06/2012 01:40 PM, Asher Wolf wrote: * DPI-based policing of peer-to-peer traffic * Services-based billing That is all in, Asher, but everything starts on these 90 or so pages with identifying crypto protocols and the matching of signatures to non encrypted header metada such as in SRTP. IpSCE? Further discussion. Document editor is some Guosheng Zhu from FiberHome Networks, Wuhan, China. Here is some analysis focusing on these aspects [German]. http://fm4.orf.at/stories/1709038/ Servus Erich * “Business Card (vCard) application – Correlate Employee with Organization” * Identifying uploading BitTorrent users * and blocking Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols - Asher Wolf. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech - -- http://moechel.com/kontakt.htmlPGP KEY 0xEA7DC174 fingerprint 02AA B2E7 C609 307D 34FE 4B5C ACC6 A796 EA7D C174 - --... ...-- -.. . . .-. .. -.-. --- . ...-- . -- -... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJQwL/SAAoJEKzGp5bqfcF0+LEH/jr4nL+cCPC4JEfb0LmPWR8J y9oAvpuojmpVrGpFartPIVB0nSKrFHxBUzn6frihLaiUTQAsnV84eUuHGoM65NwL kfAPnb4JyP3WFzC8zvDTNOU32HoUuq+ukmOqeuX0KhCUTHiCJAqIYVSXs6pLu6GL 3o7gtFQwUuaFYiPzvoDHY08Yg76VrgDxabGQyVdeuj8IXqVONT26IPhtYFhQaZZP Y7LNf2T3z279UIQzZ0TrBUSLbrD3M+VXMMTw7nu7Io/KDwzhqYXC7xJbKjjbuCyq mGDS8g3fs2BJaTfBlJjzpArNzkM8ZQA80E3eOajx0Nz6Dq15MzBVEX52K/OgdCE= =Nij9 -END PGP SIGNATURE- -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
On Wed, Dec 05, 2012 at 01:11:08PM -0500, Nicholas Judd wrote: If I could tap into your hive-mind intelligence for a moment to help me be more precise about explaining why this is an issue, I would appreciate it ... Others have articulated a number of reasons for this already, so I'll attempt to avoid re-covering the same ground, and instead focus on something that I don't think has come up. What happens to all the data gathered during DPI? Surely it isn't thrown away, as that would remove some of the reason for gathering it in the first place. No, it's certain to be collected and stored. Where will it be stored? How will it be stored? Who will have access to it? What will it be used for? Will it be secured? Actually, I can answer that last one, and the answer is no, because there's no reason for those involved to make any effort to secure it, therefore the money/time/effort to do so won't be spent. And when the inevitable security breach occurs, the designated spokesliar will stand at the podium and use the favorite phrase for such situations: nobody could have foreseen -- even though we can all see it coming. This is a specific case of a more general problem: people who think they're building tools/weapons when they're really building targets... very attractive, highly useful, much-sought-after targets. I wrote about that issue in a related context here: https://www.techdirt.com/articles/20120222/01562717837/how-new-internet-spying-laws-will-actually-enable-stalkers-spammers-phishers-yes-pedophiles-terrorists.shtml Most of what that piece says applies in this case as well. ---rsk -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Eugen Leitl: ITU Approves Deep Packet Inspection I have been trying to get more information on this for days. Slashdot only links to CDT and Techdirt, with Techdirt only relying on CDT. So the base source for all three is this: https://www.cdt.org/blogs/cdt/2811adoption-traffic-sniffing-standard-fans-wcit-flames CDT quotes from the document, but also sais: Like most ITU working documents, drafts of the standard are locked behind a password wall and not available to the public. Most likely referring tho this: http://www.itu.int/ITU-T/workprog/wp_item.aspx?isn=7082 If anyone can get their hands on the actual standard document, I would love to report on it (in German). Without the source document, things are too vague. -- ilf Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg! -- Eine Initiative des Bundesamtes für Tastaturbenutzung -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
..on Wed, Dec 05, 2012 at 10:27:53AM +0100, Eugen Leitl wrote: http://yro.slashdot.org/story/12/12/05/0115214/itu-approves-deep-packet-inspection ITU Approves Deep Packet Inspection I guess the 'optional' part of IPSec in IPv6 just became a little more political. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Am 05.12.2012 10:27, schrieb Eugen Leitl: http://yro.slashdot.org/story/12/12/05/0115214/itu-approves-deep-packet-inspection ITU Approves Deep Packet Inspection Posted by Soulskill on Tuesday December 04, @08:19PM from the inspect-my-encryption-all-you'd-like dept. dsinc sends this quote from Techdirt about the International Telecommunications Union's ongoing conference in Dubai that will have an effect on the internet everywhere: The WCIT is a diplomatic conference for the rules governing the ITU, the ITRs. It seems wrong to mix that with ongoing specific standardisation work of the ITU. Anyway, interesting discussions over at circleid.com: http://www.circleid.com/posts/20121203_wcit_off_to_a_flying_start/ Apparently ITU fellows are disgruntled that they cannot control the media coverage and complain about all the misinformation. Best, André -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Hi list, Nick from techPresident here. If I could tap into your hive-mind intelligence for a moment to help me be more precise about explaining why this is an issue, I would appreciate it ... Governments, intelligence organizations and assorted nogoodniks already use deep-packet inspection, so the declaration of a standard for DPI comes off as vaguely Orwellian but not news. I'm searching for a way to explain the privacy-advocate position on this is both accurately and concisely. The sense I get from CDT's blog post is that there are three reasons why this is more than just creepy in principle: 1. The standard outlines ways that, in the ITU's view, ISPs should structure their operations so that highly invasive surveillance can function; 2. Under current governance, this standard could be as widely ignored as the blink tag, but ISPs could be forced to comply if the ITU becomes a must-follow standards-making body for the Internet — meaning all traffic in every ITU member state, in this extreme example, would be vulnerable by design; 3. On principle, IETF and W3C don't address standards for surveillance, highlighting another way the ITU is ideologically removed from the way the Internet is now governed. Am I on target here? On Dec 5, 2012, at 12:41 PM, Cynthia Wong wrote: The final version of the standard should show up here... eventually: http://www.itu.int/en/ITU-T/publications/Pages/latest.aspx http://www.itu.int/dms_pages/itu-t/rec/T-REC-RSS.xml -Original Message- From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Asher Wolf Sent: Wednesday, December 05, 2012 7:38 AM To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] /. ITU Approves Deep Packet Inspection From http://committee.tta.or.kr : Revision of Y.2770 Requirements for #DPI in Next Generation Networks http://bit.ly/Yx0Sya (via @BetweenMyths) On 5/12/12 9:25 PM, Andre Rebentisch wrote: Am 05.12.2012 10:27, schrieb Eugen Leitl: http://yro.slashdot.org/story/12/12/05/0115214/itu-approves-deep-pack et-inspection ITU Approves Deep Packet Inspection Posted by Soulskill on Tuesday December 04, @08:19PM from the inspect-my-encryption-all-you'd-like dept. dsinc sends this quote from Techdirt about the International Telecommunications Union's ongoing conference in Dubai that will have an effect on the internet everywhere: The WCIT is a diplomatic conference for the rules governing the ITU, the ITRs. It seems wrong to mix that with ongoing specific standardisation work of the ITU. Anyway, interesting discussions over at circleid.com: http://www.circleid.com/posts/20121203_wcit_off_to_a_flying_start/ Apparently ITU fellows are disgruntled that they cannot control the media coverage and complain about all the misinformation. Best, André -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
If this approval by the ITU is true - then it is no surprise at all, but what one would expect. What else has the ITU in the past ever been than an instrument that supports capitalist interests and commodification of the ICT and telecommunications industries? DPI can advance large-scale monitoring of citizens by the state-capital complex that is connected by a right-wing state ideology of fighting crime and terror by massive use of surveillance technologies and a neoliberal ideology of capitalist organisations that want to make a profit out of surveillance and want to hinder the undermining of intellectual property rights. See this: Christian Fuchs: Implications of Deep Packet Inspection (DPI) Internet Surveillance for Society. http://www.projectpact.eu/documents-1/%231_Privacy_and_Security_Research_Paper_Series.pdf Best, CF Am 12/5/12 7:11 PM, schrieb Nicholas Judd: Hi list, Nick from techPresident here. If I could tap into your hive-mind intelligence for a moment to help me be more precise about explaining why this is an issue, I would appreciate it ... Governments, intelligence organizations and assorted nogoodniks already use deep-packet inspection, so the declaration of a standard for DPI comes off as vaguely Orwellian but not news. I'm searching for a way to explain the privacy-advocate position on this is both accurately and concisely. The sense I get from CDT's blog post is that there are three reasons why this is more than just creepy in principle: 1. The standard outlines ways that, in the ITU's view, ISPs should structure their operations so that highly invasive surveillance can function; 2. Under current governance, this standard could be as widely ignored as the blink tag, but ISPs could be forced to comply if the ITU becomes a must-follow standards-making body for the Internet — meaning all traffic in every ITU member state, in this extreme example, would be vulnerable by design; 3. On principle, IETF and W3C don't address standards for surveillance, highlighting another way the ITU is ideologically removed from the way the Internet is now governed. Am I on target here? On Dec 5, 2012, at 12:41 PM, Cynthia Wong wrote: The final version of the standard should show up here... eventually: http://www.itu.int/en/ITU-T/publications/Pages/latest.aspx http://www.itu.int/dms_pages/itu-t/rec/T-REC-RSS.xml -Original Message- From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Asher Wolf Sent: Wednesday, December 05, 2012 7:38 AM To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] /. ITU Approves Deep Packet Inspection From http://committee.tta.or.kr : Revision of Y.2770 Requirements for #DPI in Next Generation Networks http://bit.ly/Yx0Sya (via @BetweenMyths) On 5/12/12 9:25 PM, Andre Rebentisch wrote: Am 05.12.2012 10:27, schrieb Eugen Leitl: http://yro.slashdot.org/story/12/12/05/0115214/itu-approves-deep-pack et-inspection ITU Approves Deep Packet Inspection Posted by Soulskill on Tuesday December 04, @08:19PM from the inspect-my-encryption-all-you'd-like dept. dsinc sends this quote from Techdirt about the International Telecommunications Union's ongoing conference in Dubai that will have an effect on the internet everywhere: The WCIT is a diplomatic conference for the rules governing the ITU, the ITRs. It seems wrong to mix that with ongoing specific standardisation work of the ITU. Anyway, interesting discussions over at circleid.com: http://www.circleid.com/posts/20121203_wcit_off_to_a_flying_start/ Apparently ITU fellows are disgruntled that they cannot control the media coverage and complain about all the misinformation. Best, André -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
- Forwarded message from Tom Taylor tom.taylor.s...@gmail.com - From: Tom Taylor tom.taylor.s...@gmail.com Date: Wed, 05 Dec 2012 14:01:41 -0500 To: na...@nanog.org Subject: Re: /. ITU Approves Deep Packet Inspection User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 I'm seriously not clear why Y.2770 is characterized as negotiated behind closed doors. Any drafts were available to all participants in the ITU-T, on exactly the same terms as drafts of other Recommendations. As an example, the draft coming out of the October, 2011 meeting can be seen at http://www.itu.int/md/T09-SG13-111010-TD-WP4-0201/en. (I have access delegated by a vendor to whom I have been consulting, by virtue of their membership in the ITU-T.) I should mention that the Next Generation Network within the context of which this draft was developed is more likely to be implemented by old-line operators than by pure internet operations. Tom Taylor On 05/12/2012 4:34 AM, Eugen Leitl wrote: http://yro.slashdot.org/story/12/12/05/0115214/itu-approves-deep-packet-inspection ITU Approves Deep Packet Inspection Posted by Soulskill on Tuesday December 04, @08:19PM from the inspect-my-encryption-all-you'd-like dept. dsinc sends this quote from Techdirt about the International Telecommunications Union's ongoing conference in Dubai that will have an effect on the internet everywhere: One of the concerns is that decisions taken there may make the Internet less a medium that can be used to enhance personal freedom than a tool for state surveillance and oppression. The new Y.2770 standard is entitled 'Requirements for deep packet inspection in Next Generation Networks', and seeks to define an international standard for deep packet inspection (DPI). As the Center for Democracy Technology points out, it is thoroughgoing in its desire to specify technologies that can be used to spy on people. One of the big issues surrounding WCIT and the ITU has been the lack of transparency — or even understanding what real transparency might be. So it will comes as no surprise that the new DPI standard was negotiated behind closed doors, with no drafts being made available. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
: 1. The standard outlines ways that, in the ITU's view, ISPs should structure their operations so that highly invasive surveillance can function; 2. Under current governance, this standard could be as widely ignored as the blink tag, but ISPs could be forced to comply if the ITU becomes a must-follow standards-making body for the Internet — meaning all traffic in every ITU member state, in this extreme example, would be vulnerable by design; 3. On principle, IETF and W3C don't address standards for surveillance, highlighting another way the ITU is ideologically removed from the way the Internet is now governed. Am I on target here? On Dec 5, 2012, at 12:41 PM, Cynthia Wong wrote: The final version of the standard should show up here... eventually: http://www.itu.int/en/ITU-T/publications/Pages/latest.aspx http://www.itu.int/dms_pages/itu-t/rec/T-REC-RSS.xml -Original Message- From: liberationtech-boun...@lists.stanford.edu [mailto:liberationtech-boun...@lists.stanford.edu] On Behalf Of Asher Wolf Sent: Wednesday, December 05, 2012 7:38 AM To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] /. ITU Approves Deep Packet Inspection From http://committee.tta.or.kr : Revision of Y.2770 Requirements for #DPI in Next Generation Networks http://bit.ly/Yx0Sya (via @BetweenMyths) On 5/12/12 9:25 PM, Andre Rebentisch wrote: Am 05.12.2012 10:27, schrieb Eugen Leitl: http://yro.slashdot.org/story/12/12/05/0115214/itu-approves-deep-pack et-inspection ITU Approves Deep Packet Inspection Posted by Soulskill on Tuesday December 04, @08:19PM from the inspect-my-encryption-all-you'd-like dept. dsinc sends this quote from Techdirt about the International Telecommunications Union's ongoing conference in Dubai that will have an effect on the internet everywhere: The WCIT is a diplomatic conference for the rules governing the ITU, the ITRs. It seems wrong to mix that with ongoing specific standardisation work of the ITU. Anyway, interesting discussions over at circleid.com: http://www.circleid.com/posts/20121203_wcit_off_to_a_flying_start/ Apparently ITU fellows are disgruntled that they cannot control the media coverage and complain about all the misinformation. Best, André -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Petter Ericson (pett...@acc.umu.se) Telecomix Sleeper Jellyfish -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- --- I try to respond to emails at 9:30 and 1:30pm daily (PST). --- Fenwick McKelvey Postdoctoral Fellow Visiting Scholar, University of Washington http://fenwickmckelvey.com -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Petter Ericson (pett...@acc.umu.se) Telecomix Sleeper Jellyfish -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Transparent IPv4-to-IPv6 tunneling, detection of certain forms of abuse, QoS modificaton, traffic monitoring and shaping. Obviouly, these are mostly happening at a firewall or equivalent, which is kind of the point. Very little DPI is legitimate in core networking. /P On 05 December, 2012 - Wayne Moore wrote: What legitimate uses do you see? On 12/5/2012 10:34, Petter Ericson wrote: There are legitimate uses for DPI, -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Petter Ericson (pett...@acc.umu.se) Telecomix Sleeper Jellyfish -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Well perhaps I'm over my head here, not really my field but it seems that with the exception of some forms of abuse all these can be done by inspecting the packet headers. My understanding of DPI, as Deep Packet Inspection was looking at the content not just the routing and protocol information. On 12/5/2012 11:28, Petter Ericson wrote: Transparent IPv4-to-IPv6 tunneling, detection of certain forms of abuse, QoS modificaton, traffic monitoring and shaping. Obviouly, these are mostly happening at a firewall or equivalent, which is kind of the point. Very little DPI is legitimate in core networking. /P On 05 December, 2012 - Wayne Moore wrote: What legitimate uses do you see? On 12/5/2012 10:34, Petter Ericson wrote: There are legitimate uses for DPI, -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
..on Wed, Dec 05, 2012 at 11:37:16AM -0800, Wayne Moore wrote: Well perhaps I'm over my head here, not really my field but it seems that with the exception of some forms of abuse all these can be done by inspecting the packet headers. My understanding of DPI, as Deep Packet Inspection was looking at the content not just the routing and protocol information. Yes, that's the point of DPI, to traverse the packet and inspect its payload. This can be done already at the firewall with many existing libpcap-based tools and is something that each network administrator should determine as necessary or not. There are steps that can be taken to make it harder for DPI of course, from VPNs to payload nested in ZIP/tarballs (albeit something Deep Content Inspection (DCI) proposes to overcome). In any case, Pettter's right, it has no place in core networking and it certainly shouldn't be forced upon infrastructure providers as it's imposes a severe breach to basic rights. Next we'll be handing in our SSH keys at the local police station. Cheers, Julian On 12/5/2012 11:28, Petter Ericson wrote: Transparent IPv4-to-IPv6 tunneling, detection of certain forms of abuse, QoS modificaton, traffic monitoring and shaping. Obviouly, these are mostly happening at a firewall or equivalent, which is kind of the point. Very little DPI is legitimate in core networking. /P On 05 December, 2012 - Wayne Moore wrote: What legitimate uses do you see? On 12/5/2012 10:34, Petter Ericson wrote: There are legitimate uses for DPI, -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Hi all, I'd be interested in knowing if this document specifies any retention capabilities / requirements. My concern is with DPI appliances like the Bivio NetFalcon which promise much great and actionable traffic logging for lawful access, see: http://www.cert.org/flocon/2011/presentations/Ebrahimi_DataCollection.pdf page 15 Best, Fenwick On Wed, Dec 5, 2012 at 11:54 AM, Julian Oliver jul...@julianoliver.com wrote: ..on Wed, Dec 05, 2012 at 11:37:16AM -0800, Wayne Moore wrote: Well perhaps I'm over my head here, not really my field but it seems that with the exception of some forms of abuse all these can be done by inspecting the packet headers. My understanding of DPI, as Deep Packet Inspection was looking at the content not just the routing and protocol information. Yes, that's the point of DPI, to traverse the packet and inspect its payload. This can be done already at the firewall with many existing libpcap-based tools and is something that each network administrator should determine as necessary or not. There are steps that can be taken to make it harder for DPI of course, from VPNs to payload nested in ZIP/tarballs (albeit something Deep Content Inspection (DCI) proposes to overcome). In any case, Pettter's right, it has no place in core networking and it certainly shouldn't be forced upon infrastructure providers as it's imposes a severe breach to basic rights. Next we'll be handing in our SSH keys at the local police station. Cheers, Julian On 12/5/2012 11:28, Petter Ericson wrote: Transparent IPv4-to-IPv6 tunneling, detection of certain forms of abuse, QoS modificaton, traffic monitoring and shaping. Obviouly, these are mostly happening at a firewall or equivalent, which is kind of the point. Very little DPI is legitimate in core networking. /P On 05 December, 2012 - Wayne Moore wrote: What legitimate uses do you see? On 12/5/2012 10:34, Petter Ericson wrote: There are legitimate uses for DPI, -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. William Pitt (1759-1806) -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- --- I try to respond to emails at 9:30 and 1:30pm daily (PST). --- Fenwick McKelvey Postdoctoral Fellow Visiting Scholar, University of Washington http://fenwickmckelvey.com -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
On Wed, Dec 05, 2012 at 07:27:27PM +0100, Christian Fuchs wrote: If this approval by the ITU is true - then it is no surprise at all, but what one would expect. What else has the ITU in the past ever been than an instrument that supports capitalist interests and commodification of the ICT and telecommunications industries? DPI can advance large-scale monitoring of citizens by the state-capital complex that is connected by a right-wing state ideology of fighting crime and terror by massive use of surveillance technologies and a neoliberal ideology of capitalist organisations that want to make a profit out of surveillance and want to hinder the undermining of intellectual property rights. DPI censorship is not a 'competitive' advantage, so it's quite likely that in a pure market society ('anarchocapitalism') without strong socialistic governments and their stupid Internet regulations, most Internet providers WILL NOT censor their connections, otherwise they will loose their customers. Most customers are not willing to pay for censored Internet if they can choose unfiltered free Internet. And the only one who can take them this right is a monopoly for laws/regulations - the centralized government. Pavol -- ___ [wil...@trip.sk] [http://trip.sk/wilder/] [talker: ttt.sk 5678] -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
On 05 December, 2012 - Pavol Luptak wrote: On Wed, Dec 05, 2012 at 07:27:27PM +0100, Christian Fuchs wrote: If this approval by the ITU is true - then it is no surprise at all, but what one would expect. What else has the ITU in the past ever been than an instrument that supports capitalist interests and commodification of the ICT and telecommunications industries? DPI can advance large-scale monitoring of citizens by the state-capital complex that is connected by a right-wing state ideology of fighting crime and terror by massive use of surveillance technologies and a neoliberal ideology of capitalist organisations that want to make a profit out of surveillance and want to hinder the undermining of intellectual property rights. DPI censorship is not a 'competitive' advantage, so it's quite likely that in a pure market society ('anarchocapitalism') without strong socialistic governments and their stupid Internet regulations, most Internet providers WILL NOT censor their connections, otherwise they will loose their customers. Most customers are not willing to pay for censored Internet if they can choose unfiltered free Internet. And the only one who can take them this right is a monopoly for laws/regulations - the centralized government. Without being drawn wildly off-topic, let me just note that you are assuming that the customers of a generic ISP in a pure market society are the people getting the internet access. /P -- Petter Ericson (pett...@acc.umu.se) Telecomix Sleeper Jellyfish -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] /. ITU Approves Deep Packet Inspection
Latest copy of the ITU's DPI recommendations: http://brendan.so/2012/12/06/leak-draft-new-recommendation-itu-t-y-2770-formerly-y-dpireq/ - Asher Wolf On 6/12/12 9:41 AM, Petter Ericson wrote: On 05 December, 2012 - Pavol Luptak wrote: On Wed, Dec 05, 2012 at 07:27:27PM +0100, Christian Fuchs wrote: If this approval by the ITU is true - then it is no surprise at all, but what one would expect. What else has the ITU in the past ever been than an instrument that supports capitalist interests and commodification of the ICT and telecommunications industries? DPI can advance large-scale monitoring of citizens by the state-capital complex that is connected by a right-wing state ideology of fighting crime and terror by massive use of surveillance technologies and a neoliberal ideology of capitalist organisations that want to make a profit out of surveillance and want to hinder the undermining of intellectual property rights. DPI censorship is not a 'competitive' advantage, so it's quite likely that in a pure market society ('anarchocapitalism') without strong socialistic governments and their stupid Internet regulations, most Internet providers WILL NOT censor their connections, otherwise they will loose their customers. Most customers are not willing to pay for censored Internet if they can choose unfiltered free Internet. And the only one who can take them this right is a monopoly for laws/regulations - the centralized government. Without being drawn wildly off-topic, let me just note that you are assuming that the customers of a generic ISP in a pure market society are the people getting the internet access. /P -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech