The World Conference on International Telecommunications is being held by the International Telecommunications Union (ITU, an agency of the United Nations). The ITU has denied it wants to control the internet, and that may be true. But as little bits of information emerge from WCIT, control may be a side-effect of what is sought – and what the telecommunications companies seek is more money.
The problem is that the ‘web’ is seen as a freeloader on their networks. The telecom companies’ web income comes from broadband connection charges rather than traffic. As telephony migrates from PSTN to VoIP, subscriber traffic income to the telecommunications companies decreases without any increase from web traffic income – and this is what the companies want to reverse.
The easiest way to reverse this is to apply the same model that has always applied to PSTN traffic to the newer IP traffic; that is, the sender pays. As IP traffic crosses multiple national networks, all wanting their share of any fee, understanding the source and destination becomes useful – and knowledge of packet content is important. It emerged yesterday that one of the proposals being discussed at WCIT is a standard for deep packet inspection (DPI), the method used by telecoms companies – and government agencies, and – if Phorm had got its way, ad agencies – to peek inside the content of internet messages.
This was leaked yesterday. “The slip-up happened,” reports the Register, “when an Australian CryptoParty activist Asher Wolf put out a public call on Twitter asking for a copy of the text. The ITU duly sent it by e-mail – only later realising its mistake and asking her to treat it as for her eyes only.” But it was too late, and the cat was out of the bag.
The ITU blog has announced today that the DPI proposal, technically the Recommendation ITU-T Y.2770, has been accepted and approved. The purpose, we are told, is to enable better network management. “ITU-T members have approved a new ITU standard on Deep Packet Inspection (DPI) which will enable Internet Service Providers (ISPs) to manage network traffic more efficiently and thereby heighten users’ quality of service and quality of experience (QoS and QoE),” writes Toby Johnson.
Privacy activists remain concerned. In fact, the Center for Democracy and Technology (CDT) had known and warned about Y.2770 a week ago. “DPI has the potential to be extremely privacy-invasive, to defy user expectations, and to facilitate wiretapping,” it warned. “For example, the document optionally requires DPI systems to support inspection of encrypted traffic ‘in case of a local availability of the used encryption key(s).’ It’s not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications.”
The implication is not that the ITU is seeking control of the internet for the UN, but that the outcome of WCIT will provide individual telecommunications companies greater control over their individual networks. National governments already control their national telecommunications companies. Those national governments will undoubtedly make use of any facilities offered by the telecoms companies that will help in their own national security programs – and standard DPI facilities will be used.
| The likelihood is then – although it won’t be confirmed or disproved until WCIT is complete – both ‘sides’ are correct: WCIT is not seeking to damage the internet as it stands, but it will. |