[Infowarrior] - UN agency (and NSA) eyes curbs on Internet anonymity
Richard Forno
rforno at infowarrior.org
Fri Sep 12 19:46:41 UTC 2008
September 12, 2008 4:00 AM PDT
U.N. agency eyes curbs on Internet anonymity
Posted by Declan McCullagh 19 comments
http://news.cnet.com/8301-13578_3-10040152-38.html
A United Nations agency is quietly drafting technical standards,
proposed by the Chinese government, to define methods of tracing the
original source of Internet communications and potentially curbing the
ability of users to remain anonymous.
The U.S. National Security Agency is also participating in the "IP
Traceback" drafting group, named Q6/17, which is meeting next week in
Geneva to work on the traceback proposal. Members of Q6/17 have
declined to release key documents, and meetings are closed to the
public.
The potential for eroding Internet users' right to remain anonymous,
which is protected by law in the United States and recognized in
international law by groups such as the Council of Europe, has alarmed
some technologists and privacy advocates. Also affected may be
services such as the Tor anonymizing network.
"What's distressing is that it doesn't appear that there's been any
real consideration of how this type of capability could be misused,"
said Marc Rotenberg, director of the Electronic Privacy Information
Center in Washington, D.C. "That's really a human rights concern."
Nearly everyone agrees that there are, at least in some circumstances,
legitimate security reasons to uncover the source of Internet
communications. The most common justification for tracebacks is to
counter distributed denial of service, or DDoS, attacks.
But implementation details are important, and governments
participating in the process -- organized by the International
Telecommunication Union, a U.N. agency -- may have their own agendas.
A document submitted by China this spring and obtained by CNET News
said the "IP traceback mechanism is required to be adapted to various
network environments, such as different addressing (IPv4 and IPv6),
different access methods (wire and wireless) and different access
technologies (ADSL, cable, Ethernet) and etc." It adds: "To ensure
traceability, essential information of the originator should be logged."
The Chinese author of the document, Huirong Tian, did not respond to
repeated interview requests. Neither did Jiayong Chen of China's state-
owned ZTE Corporation, the vice chairman of the Q6/17's parent group
who suggested in an April 2007 meeting that it address IP traceback.
A second, apparently leaked ITU document offers surveillance and
monitoring justifications that seem well-suited to repressive regimes:
Steve Bellovin
(Credit: Declan McCullagh/mccullagh.org)
A political opponent to a government publishes articles putting
the government in an unfavorable light. The government, having a law
against any opposition, tries to identify the source of the negative
articles but the articles having been published via a proxy server, is
unable to do so protecting the anonymity of the author.
That document was provided to Steve Bellovin, a well-known Columbia
University computer scientist, Internet Engineering Steering Group
member, and Internet Engineering Task Force participant who wrote a
traceback proposal eight years ago. Bellovin says he received the ITU
document as part of a ZIP file from someone he knows and trusts, and
subsequently confirmed its authenticity through a second source. (An
ITU representative disputed its authenticity but refused to make
public the Q6/17 documents, including a ZIP file describing traceback
requirements posted on the agency's password-protected Web site.)
Bellovin said in a blog post this week that "institutionalizing a
means for governments to quash their opposition is in direct
contravention" of the U.N.'s own Universal Declaration of Human
Rights. He said that traceback is no longer that useful a concept, on
the grounds that few attacks use spoofed addresses, there are too many
sources in a DDoS attack to be useful, and the source computer
inevitably would prove to be hacked into anyway.
Another technologist, Jacob Appelbaum, one of the developers of the
Tor anonymity system, also was alarmed. "The technical nature of this
'feature' is such a beast that it cannot and will not see the light of
day on the Internet," Appelbaum said. "If such a system was deployed,
it would be heavily abused by precisely those people that it would
supposedly trace. No blackhat would ever be caught by this."
Jacob Appelbaum
(Credit: Declan McCullagh/mccullagh.org)
Adding to speculation about where the U.N. agency is heading are
indications that some members would like to curb Internet anonymity
more broadly:
• An ITU network security meeting a few years ago concluded that
anonymity should not be permitted. The summary said: "Anonymity was
considered as an important problem on the Internet (may lead to
criminality). Privacy is required but we should make sure that it is
provided by pseudonymity rather than anonymity."
• A presentation in July from Korea's Heung-youl Youm said that
groups such as the IETF should be "required to develop standards or
guidelines" that could "facilitate tracing the source of an attacker
including IP-level traceback, application-level traceback, user-level
traceback." Another Korean proposal -- which has not been made public
-- says all Internet providers "should have procedures to assist in
the lawful traceback of security incidents."
• An early ITU proposal from RAD Data Communications in Israel said:
"Traceability means that all future networks should enable source
trace-back, while accountability signifies the responsibility of
account providers to demand some reasonable form of identification
before granting access to network resources (similar to what banks do
before opening a bank accounts)."
Multinational push to curb anonymous speech
By itself, of course, the U.N. has no power to impose Internet
standards on anyone. But U.N. and ITU officials have been lobbying for
more influence over the way the Internet is managed, most prominently
through the World Summit on the Information Society in Tunisia and a
followup series of meetings.
The official charter of the ITU's Q6/17 group says that it will work
"in collaboration" with the IETF and the U.S. Computer Emergency
Response Team Coordination Center, which could provide a path toward
widespread adoption -- especially if national governments end up
embracing the idea.
Patrick Bomgardner, the NSA's chief of public and media affairs, told
CNET News on Thursday that "we have no information to provide on this
issue." He would not say why the NSA was participating in the process
(and whether it was trying to fulfill its intelligence-gathering
mission or its other role of advancing information security).
Toby Johnson, a communications officer with the ITU's
Telecommunication Standardization Bureau in Geneva, also refused to
discuss Q6/17. "It may be difficult for experts to comment on what
state deliberations are in for fear of prejudicing the outcome," he
said in an e-mail message on Thursday.
U.N. "IP traceback" documents
China's proposal obtained by CNET News says "to ensure traceability,
essential information of the originator should be logged."
Leaked requirements document says governments may need "to identify
the source of the negative articles" posted by political adversaries.
Korean presentation says standards bodies should be "required to
develop standards or guidelines" to facilitate unmasking users.
Verisign executive's summary summarizes presentation saying protocols
must have "a strong traceback capability, and establishing traceback
considerations in developing any new standards."
When asked about the impact on Internet anonymity, Johnson replied: "I
am not fully acquainted with this topic and therefore not qualified to
provide an answer." He said that he expects that any final ITU
standard would comport with the U.N.'s Universal Declaration of Human
Rights.
It's unclear what happens next. For one thing, the traceback proposal
isn't scheduled to be finished until 2009, and one industry source
stressed that not all members of Q6/17 are in favor of it. The five
"editors" are: NSA's Richard Brackney; Tian Huirong from China's
telecommunications ministry; Korea's Youm Heung-Youl; Cisco's Gregg
Schudel; and Craig Schultz, who works for a Japan-based network
security provider. (In keeping with the NSA's penchant for secrecy,
Brackney was the lone ITU participant in a 2006 working group who
failed to provide biographical information.)
In response to a question about the eventual result, Schultz, one of
the editors, replied: "The long answer is, as you can probably
imagine, this subject can get a little 'tense.' The main issue is the
protection of privacy as well as not having to rely on 'policy' as
part of a process. A secondary issue is feasibility and cost versus
benefit." He said a final recommendation is at least a year off.
Another participant is Tony Rutkowski, Verisign's vice president for
regulatory affairs and longtime ITU attendee, who wrote a three-page
summary for IP traceback and a related concept called "International
Caller-ID Capability."
In a series of e-mail messages, Rutkowski defended the creation of the
IP traceback "work item" at a meeting in April, and disputed the
legitimacy of the document posted by Bellovin. "The political
motivation text was not part of any known ITU-T proposal and certainly
not the one which I helped facilitate," he wrote.
Rutkowski added in a separate message: "In public networks, the
capability of knowing the source of traffic has been built into
protocols and administration since 1850! It's widely viewed as
essential for settlements, network management, and infrastructure
protection purposes. The motivations are the same here. The OSI
Internet protocols (IPv5) had the capabilities built-in. The ARPA
Internet left them out because the infrastructure was a private DOD
infrastructure."
Because the Internet Protocol was not designed to be traceable, it's
possible to spoof addresses -- both for legitimate reasons, such as
sharing a single address on a home network, and for malicious ones as
well. In the early part of the decade, a flurry of academic research
focused on ways to perform IP tracebacks, perhaps by embedding origin
information in Internet communications, or Bellovin's suggestion of
occasionally automatically forwarding those data in a separate message.
If network providers and the IETF adopted IP traceback on their own,
perhaps on the grounds that security justifications outweighed the
harm to privacy and anonymity, that would be one thing.
But in the United States, a formal legal requirement to adopt IP
traceback would run up against the First Amendment. A series of court
cases, including the 1995 decision in McIntyre v. Ohio Elections
Commission, provides a powerful shield protecting the right to remain
anonymous. In that case, the majority ruled: "Under our Constitution,
anonymous pamphleteering is not a pernicious, fraudulent practice, but
an honorable tradition of advocacy and of dissent. Anonymity is a
shield from the tyranny of the majority."
More broadly, the ITU's own constitution talks about "ensuring the
secrecy of international correspondence." And the Council of Europe's
Declaration on Freedom of Communication on the Internet adopted in
2003 says nations "should respect the will of users of the Internet
not to disclose their identity," while acknowledging law enforcement-
related tracing is sometimes necessary.
"When NSA takes the lead on standard-setting, you have to ask yourself
how much is about security and how much is about surveillance," said
the Electronic Privacy Information Center's Rotenberg. "You would
think (the ITU) would be a little more sensitive to spying on Internet
users with the cooperation of the NSA and the Chinese government."
More information about the Infowarrior
mailing list