Michael Geist sez, "The debate over Internet governance for much of the past decade has often come down to a battle between ICANN and the ITU (a UN body), which in turn is characterized as a choice between a private-sector led, bottoms-up, consensus model (ICANN) or a governmental-controlled approach. The reality has always been far more complicated. The U.S. still maintains contractual control over ICANN, while all governments exert considerable power within the ICANN model through the Governmental Advisory Committee (GAC)."

While the GAC claims its role is merely to provide 'advice' to ICANN, it often seems to take the view that its suggestions can't be refused. Indeed, late on Friday, ICANN proposed a by-law change that would grant governments even greater control over its decision-making process. At the moment, ICANN looks to various supporting organizations to develop policies designed to represent the views of many different stakeholders, including the GAC. Where the GAC and the ICANN board disagree on a policy issue, the ICANN board decision governs provided that a simple majority of board members vote against the GAC advice and that ICANN provide an explanation for the decision.

ICANN is now proposing that the threshold be increased so that 2/3 of eligible ICANN board members would be required to vote against GAC advice in order to reject it. The increased threshold would grant governments enormous power over ICANN, coming close to an effective veto over decisions based on broad consultations and participation from around the world. With the GAC intervening with increasing frequency (particularly on new generic TLD issues), ICANN has maintained that it is not required to follow the governmental advice.

The "father of the Internet" explains why the Congressional posturing and global freakout about the US National Telecommunications and Information Administration stepping back from management of the Internet domain name system is misplaced. Read the rest

Warren Ellis's Vice column, "How to Shut Down Internets," looks at the phenomenon of Middle Eastern dictators shutting off their nation's Internet during moments of extremis. Here's the money graf:

There are two reasons why these shutdowns happen in this manner. The first is that these governments wish to black out activities like, say, indiscriminate slaughter. That much is obvious. The second is sometimes not so obvious. These governments intend to turn the internet back on. Deep down, they believe they will be in their seats the next month and have the power to turn it back on. They believe they will win. It is the arrogance of power: they take their future for granted, and need only hide from the world the corpses it will be built on.

For me, this raises a couple of much more interesting questions:

1. Why would a basket-case dictator even allow his citizenry to access the Internet in the first place? (A: Because the national economy can't function without it)

2. Why not shut down the Internet the instant trouble breaks out? (A: Because it would be immensely unpopular, even among your sympathizers; also, see 1.)

Update: Bruce Schneier adds: "The reason is that the Internet is a valuable tool for social control. Dictators can use the Internet for surveillance and propaganda as well as censorship, and they only resort to extreme censorship when the value of that outweighs the value of doing all three in some sort of totalitarian balance."

How to Shut Down Internets Read the rest

Yesterday morning, I wrote about the closed-door International Telecommunications Union meeting where they were working on standardizing "deep packet inspection" -- a technology crucial to mass Internet surveillance. Other standards bodies have refused to touch DPI because of the risk to Internet users that arises from making it easier to spy on them. But not the ITU.

The ITU standardization effort has been conducted in secret, without public scrutiny. Now, Asher Wolf writes,

I publicly asked (via Twitter) if anyone could give me access to documents relating to the ITU's DPI recommendations, now endorsed by the U.N. The ITU's senior communications officer, Toby Johnson, emailed me a copy of their unpublished policy recommendations.

OOOPS!

5 hours later, they emailed, asking me not to publish it, in part or in whole, and that it was for my eyes only.

Please publish it (credit me for sending it to you.)

Also note:

1. The recommendations *NEVER* discuss the impact of DPI.

2. A FEW EXAMPLES OF POTENTIAL DPI USE CITED BY THE ITU:

"I.9.2 DPI engine use case: Simple fixed string matching for BitTorrent" "II.3.4 Example “Forwarding copy right protected audio content”" "II.3.6 Example “Detection of a specific transferred file from a particular user”" "II.4.2 Example “Security check – Block SIP messages (across entire SIP traffic) with specific content types”" "II.4.5 Example “Identify particular host by evaluating all RTCP SDES packets”" "II.4.6 Example “Measure Spanish Jabber traffic”" "II.4.7 Example “Blocking of dedicated games”" "II.4.11 Example “Identify uploading BitTorrent users”" "II.4.13 Example “Blocking Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols”" "II.5.1 Example “Detecting a specific Peer-to-Peer VoIP telephony with proprietary end-to-end application control protocols”"

The International Telecommunications Union, a UN agency dominated by veterans of incumbent telcoms who mistrust the Internet, and representatives of repressive governments who want to control it, have quietly begun the standardization process for a kind of invasive network spying called "deep packet inspection" (DPI). Other standards bodies have shied away from standardizing surveillance technology, but the ITU just dived in with both feet, and proposed a standard that includes not only garden-variety spying, but also spying "in case of a local availability of the used encryption key(s)" -- a situation that includes the kind of spying Iran's government is suspected of engaging in, when an Iranian hacker stole signing keys from the Dutch certificate authority DigiNotar, allowing for silent interception of Facebook and Gmail traffic by Iranian dissidents.

The ITU-T DPI standard holds very little in reserve when it comes to privacy invasion. For example, the document optionally requires DPI systems to support inspection of encrypted traffic “in case of a local availability of the used encryption key(s).” It’s not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications. In discussing IPSec, an end-to-end encryption technology that obscures all traffic content, the document notes that “aspects related to application identification are for further study” – as if some future work may be dedicated to somehow breaking or circumventing IPSec.

Evan from Fight for the Future, "The open internet is in danger. In just a few weeks, governments from around the world are getting together, and they could decide the future of our internet.

Watch the video to find out why a government-dominated agency as old as the telegraph is trying to get its hands on the net we love. Then take action by using the platform to contact your government and tell them to stand up for an open internet."

There’s a meeting between the world’s governments in a just a few weeks, and it could very well decide the future of the internet through a binding international treaty. It’s called the World Conference on International Telecommunications (WCIT), and it’s being organized by a government-controlled UN agency called the International Telecommunication Union (ITU).

If some proposals at WCIT are approved, decisions about the internet would be made by a top-down, old-school government-centric agency behind closed doors. Some proposals allow for access to be cut off more easily, threaten privacy, legitimize monitoring and blocking online traffic. Others seek to impose new fees for accessing content, not to mention slowing down connection speeds. If the delicate balance of the internet is upset, it could have grave consequences for businesses and human rights.

The ITU could put the Internet behind closed doors.

(Thanks, Evan!) Read the rest

FCC Commissioner Robert M. McDowell has a WSJ op-ed condemning a treaty proposed at the International Telecommunications Union, the UN agency that oversees global phone systems, which would transfer much of Internet governance to the UN.

Commissioner McDowell correctly asserts that transferring governance to the ITU would be bad for Internet freedom. There are few UN specialized agencies that are more ossified and more prone to being gamed by the world's totalitarian regimes than the ITU. One UN acquaintance of mine memorably referred to the ITU as the place "where superannuated telco bureaucrats go to die." And let's not forget the vital role that ITU designates filled in creating surveillance and censorship regimes established by the failing governments of Tunisia and Egypt (and the similar role they're likely playing in other regional nations in the midst of popular uprisings).

But it's pretty rich for someone from the Obama administration US government to go around talking about how the Internet is in danger from political interference from special interests. This is the administration that gave us SOPA and the TPP, that argues that ACTA can be put into law without an act of Congress, and that has made a habit of extrajudicially seizing .com and .net domains on the sloppy say-so of its political donors from the entertainment industry.

I agree with Commissioner McDowell that the Internet needs to be free of political interference. I agree that this won't happen at the ITU.

But that's where we part ways. McDowell describes a present-day Internet where wise American stewards neutrally steer the net's course. Read the rest