ITU Adopts Controversial Packet Inspection Measures

The International Telecommunications Union (ITU), the UN’s telecommunications standards body, has approved a standard for deep packet inspection (DPI) that has drawn criticism for civil liberties groups, which argue it will encourage surveillance as well as more commercially oriented uses such as service differentiation.

DPI is a form of network packet filtering that examines packets and determines whether they should be allowed to pass or should be routed to another destination, based on criteria such as the contents of the content of the packet’s data or its header.

Surveillance and censorship

The technology is used in firewalls and antivirus products, as well as for load balancing and, as critics have noted, is also used by governments, including the US, UK and others in Europe, the Middle East and Asia, for purposes such as censorship and surveillance.

The approval of the standard, known as Recommendation ITU-T Y.2770, Requirements for Deep Packet Inspection in Next Generation Networks, will allow DPI to be developed in a more coordinated and standardised way for use in future networks, ITU said.

“ISPs have in the past used ‘over-provisioning’ of bandwidth to meet the requirements of network applications,” said ITU spokesman Toby Johnson in a blog post announcing the move. “However, as new high-bandwidth Internet applications emerge, over-provisioning has been detrimental to sustainable network evolution. DPI thus presents a fine-grained, long-term traffic management solution to aid ISPs in contending with volumes of traffic rising at an exponential rate.”

He noted that DPI plays an important role in a number of the intelligent traffic management architectures currently under development by standards bodies such as 3GPP, IETF, ETSI and ITU for the more efficient handling of data, meaning the standardisation of the technology helps push those development efforts forward.

Privacy measures

ITU has maintained that issues related to the regulation of how technologies are used do not fall under its remit, being controlled by the regulatory bodies of member countries. However, Johnson said the standard does include a specific requirement that implementers “comply with all applicable national and regional laws, regulations and policies”, as well as allowing measures to ensure secrecy.

The standard was developed at the World Telecommunication Standardisation Assembly (WTSA) meeting held in Dubai in November and adopted during the ITU-coordinated World Conference on International Telecommunications 2012 (WCIT-12), also in Dubai, last week. It will be made available on ITU’s website, according to Johnson.

The US-based Centre for Democracy and Technology (CDT) argued that ITU could have taken a more active approach toward specifying how DPI should be used, for instance specifying how privacy threats could be mitigated, rather than simply coordinating a technical standard based on existing technology.

“The ITU-T standard barely acknowledges that DPI has privacy implications, let alone does it provide a thorough analysis of how the potential privacy threats associated with the technology might be mitigated,” said the CDT’s Alissa Cooper and Emma Llansó in an analysis.

The group also criticised ITU for including only “very generic” security specifications.

“In general, the security requirements appear to be very generic, specifying what information needs to be protected without specifying the standards to be used for authentication, confidentiality, or integrity protection,” Cooper and Llansó wrote.

Controversy

WCIT attendees have until this Friday, 14 December, to decide on what proposals will be accepted. Over 900 proposals have been put forward so far.

The conference has attracted plenty of negative press, as major organisations like the European Union and Google have launched campaigns raising concern over increased government control over the Web.

Last week, reports claimed the ITU website had come under attack, with more hits planned in the coming days. Hacktivist collective Anonymous has been vocal about its qualms with the meeting.

Do you know all about public sector IT – the triumph and the tragedy? Take our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

21 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

22 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

23 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago