ITU members adopt the Y.2770 standard for global Deep Packet Inspection

reply to post by Hefficide

And there is a WEEK left for them to do even more damage.

That's what I'm worried about. Although this is pretty bad, it probably can't get much worse than this... I hope. I'll keep my eyes peeled for any future developments. It's sad to see that you turned out to be so right.

FYI: Here´s the document of the standard in question (ITU-T Y.2770 "Requirements for Deep Packet Inspection in Next Generation Networks")

Very disturbing development indeed, for example Appendix I, which gives some examples of the use of the DPI technology. More disturbing is Appendix II, where they show how it can extract vCards from all your emails to build a database of global traffic, filter on strings, detect certain FTP commands and countless other implementations.

A lot of what in that PDF seemed to be reading plain text parts of packets and looking for certain markers like "Bittorrent Protocol" so its not very deeply inspecting each packet as brute force hacking an encrypted stream in real times probably not worth it generally as all they may find is that its you sending your boss the proposals for the new toilets at work or you and your kids out snowboarding

Most of this will be used by system admins to block traffic like torrents from being used over the corporate link to the web via sneaky methods as the spooks already have plenty of taps into the web so they're already doing it

I am sickened, and Hef is right, they aren't even finished with us yet.

I can't emphasize enough how useful it can be to become dextrous with Linux distros.

Here is a great Q&A that I found on the better live distros that can be flashed to USB that have persistence and encryption out of the box...

superuser.com...

Personally, I prefer Knoppix for the USB drive, but Puppy is easier to deal with.

Sad news.

I would not be surprised if lots of encrypted data flowing under email would move a person up the watch list.

Governments snooping around will never be stopped. They just have to use that illegal info to find that actions and info that can be used in a court of law. (while a person still has some rights left)

House Votes 397-0 to Keep UN's Hands off the Internet This was from yesterday mashable.com...

Well the good news is the US house of reps voted unanimously to tell the ITU to take a flying leap. It's a pretty good showing of bipartisan action that both reps and dem voted that the US is not beholden to anything the ITU comes up with.

While the House vote is encouraging. I'm afraid that the real test is going to be what the exact wording of Octobers secret Executive Order were, and what the upcoming public Executive Order will be.

It's in the hands of the Executive Branch really.

~Heff

In August this year there was a great post about keeping safe on the internet with some interesting ways of protecting data. I searched for it and it seems to be 404'd I think it was called something like 50 ways to stay safe on the internet. Does anyone know where it's gone coz I think we're going to need a bit more of it!

www.abovetopsecret.com... is the marker I have called 51 free tools to stay informed and safe on the internet. Sorry couldn't link but it is 404'd. thanks.

Hmm, there seems to be quite a bit of incorrect information in this thread.. this story is only about developing an accepted standard for DPI. DPI has actually been around for a few years now, here's an article from 2008 that talks about it:

www.techrepublic.com...

I also remember reading quite a while ago about the "Great Firewall of China", and that they'd worked out a way via DPI to identify and block Tor traffic, so for the moment your actual data may be safe (assuming it doesn't exit Tor through a custom endpoint that logs the traffic as it's coming out), but it's still very possible to block your communications.

Also the number of "bits" a processor has is in no way related to how easily it can decrypt data. A 64bit processor is simply able to perform more accurate mathematical calculations than a 32bit processor, and able to utilise larger amounts of memory due to the longer addresses it can handle.

I'm not sure if encryption keys were EVER 32bit, but the standard these days is 256bit (minimum), 1024 (recommended) and 2048+ for anyone that wants to make it as hard as possible to decrypt the data. AES is pretty much the standard algorithm most people use and unless someone discovers a hidden flaw it's unlikely it will ever be broken. This site has some good information on the times we're talking about to decrypt the data.. 70billion computers working 24/7 would take 77,000,000,000,000,000,000,000,000 years to decrypt a 128bit string. Increase that to 1024bit encryption and you're looking at ridiculously large figures, longer than the age of the entire universe in fact.

www.eetimes.com...

DPI in itself doesn't have the ability to decrypt your SSL communications, BUT, a DPI firewall appliance could basically do a man in the middle attack, stripping out the SSL certificate, logging the data then inserting it's own certificate.

Originally posted by ChaoticOrder
So... this thread has 1 flag after 45 minutes and a thread titled "Phobos declared ARTIFICIAL" posted just 35 minutes ago, with the source being an old article from beforeitsnews, already has 4 flags. This is why I'm getting sick and tired of ATS.

edit on 6/12/2012 by ChaoticOrder because: (no reason given)

So it's all about the flags and stars, here you go, one of each,
Thought it was about spreading the information.

I am profoundly grateful to both hefficide and the OP for making sure this was brought to our attention. As hefficide has so aptly pointed out it doesn't matter what the house and senate have to say at this point due to the power of the executive branch and it's ability to issue classified executive orders. Not only that but keep in mind that many of the data resources many of us depend on to catch up on tv shows we missed or download songs exist in countries that may not resist the ITU. Either that or your data could pass through an ITU compliant nation on it's way to you and either never get there or be used against you in a civil suit or etc. Also we must never forget that none of us are privy to whatever reciprocity agreements our intelligence and law enforcement agencies have with signatory nations or businesses that could benefit from DPI.

While i"m happy that our elected officials at least made a token gesture I'm afraid it's probably too little too late.

reply to post by Hefficide


Well if the upcoming executive order is anything like the last one, it's not too much to be worried about. I read through that draft document you posted not long ago and it really wasn't anything too concerning. Certainly nothing like this DPI stuff.


reply to post by LordGoofus

this story is only about developing an accepted standard for DPI

I don't think so. The article says "the ITU members decided to adopt the Y.2770 standard for deep packet inspection". That doesn't sound to me like they're developing a standard, it sounds to me like they're adopting a standard which was developed by China, just like the article says. There is even a PDF in this thread which describes the technical workings of this standard. Good point about the "bits" though. It's clear that poster didn't really know much about encryption or computer architecture.


reply to post by RedmoonMWC


Try reading what I said after that. In the end though this thread was pushed into the list of top flagged threads, so well done people. I honestly didn't expect that to happen after seeing the pathetic take-off this thread had. I spoke too soon.


reply to post by roguetechie


That's what I was thinking. The United States is only one country in the world, and when it comes to the internet, a lot of the servers and data centers exist outside of the United States, in places where they are much less likely to resist the will of the UN. Still... I wonder how much impact that vote will have at the end of the day, even inside the US.

Don't forget hardware backdoors will make most security measures obsolete. Thanks for another contribution CHINA.

Hardware backdoors are lethal for three reasons: a) They can’t be removed by conventional means (antivirus, formatting); b) They can circumvent other types of security (passwords, encrypted filesystems); and c) They can be injected at manufacturing time.

Rakshasa: The hardware backdoor that China could embed in every computer

Seems they are covering all angles so people need to get familiarized with analog methods of communications again.

Originally posted by ChaoticOrder

Originally posted by charles1952
It has a lot of links to .pdf and other reports which flesh this out a bit.

Another controversial section of Y.2770 is that it contemplates having network operators decrypt their customers' Internet traffic so it can be inspected.

Thanks for the link, and that part you quoted really concerns me. There's no way they can decrypt something unless they have the credentials required to decrypt the data. Otherwise they are talking about brute force, and we all know that is simply not practical at all. Therefore the mere fact that they think they could decrypt such data indicates they have access to the credentials required to decrypt it.

edit on 6/12/2012 by ChaoticOrder because: (no reason given)

Then issue sertificates by yourself and dont publish them.

Originally posted by NihilistSanta
Don't forget hardware backdoors will make most security measures obsolete. Thanks for another contribution CHINA.

Hardware backdoors are lethal for three reasons: a) They can’t be removed by conventional means (antivirus, formatting); b) They can circumvent other types of security (passwords, encrypted filesystems); and c) They can be injected at manufacturing time.

Rakshasa: The hardware backdoor that China could embed in every computer

Seems they are covering all angles so people need to get familiarized with analog methods of communications again.

edit on 7-12-2012 by NihilistSanta because: (no reason given)

Well, will return to old pc that have BIOS write disable switch on mainboard.

Originally posted by Wrabbit2000
All I can say is...Encryption. It's not just for the nerdy types anymore.

Encryption is only secure under the assumption that hardware CPU and HDD vendors do not integrate hidden code into the devices, e.g. secret IDE commands.

It's a fallacy.

If you are an average joe no-one gives a poop about your data. If you are a POI and got something of value to hide, your encryption will be broken. So why bother in the first place.

Originally posted by ChaoticOrder

Members of the United Nation’s International Telecommunications Union (ITU) have agreed to work towards implementing a standard for the Internet that would allow for eavesdropping on a worldwide scale.

At a conference in Dubai this week, the ITU members decided to adopt the Y.2770 standard for deep packet inspection, a top-secret proposal by way of China that will allow telecom companies across the world to more easily dig through data passed across the Web.

According to the UN, implementing deep-packet inspection, or DPI, on such a global scale will allow authorities to more easily detect the transferring and sharing of copyrighted materials and other protected files by finding a way for administrators to analyze the payload of online transmissions, not just the header data that is normally identified and interpreted.

(SOURCE)

Well it seems like the concerns expressed by Hefficide in this thread and this thread was not just a bunch of fear mongering after all. Honestly, I expected these concerns to be blown out of proportion, but boy was I wrong. Our worste fears are now becoming reality.

Typically, the process of deep packet inspection has been illegal because it is considered a violation of privacy. It's like me opening up your mail mid transit without your permission, and even without any legitimate reason. They can now easily see everything you do on the web and they don't need a good reason to look.

Tim Berners-Lee, a British computer scientist widely regarded as the ‘Father of the Internet,’ spoke out against proposed DPI implementation on such a grandiose scale during an address earlier this year at the World Wide Web Consortium.

"Somebody clamps a deep packet inspection thing on your cable which reads every packet and reassembles the web pages, cataloguing them against your name, address and telephone number either to be given to the government when they ask for it or to be sold to the highest bidder – that's a really serious breach of privacy,” he said.

This is absolutely disturbing stuff folks. People need to get up in arms about this. This cannot be accepted, this is a very crucial step towards total control and surveillance over the internet on a global scale. We need to take action before they can take this any further. I am simply blown away by this turn of events.

edit on 6/12/2012 by ChaoticOrder because: (no reason given)

In my opinion, its about time people start to realize just what evil is at work in the world we live in. The Elite are trying desperately to control everything and why ? They are afraid. They are afraid that the rest of the world will come after them, and rightly they should be afraid. We do not need them. They serve no useful purpose. We do not need them around for any reason. Not even to laugh at. And I have a message for them. That being, go ahead, do what you believe you need to do to the rest of us, but realize that there are more of us than of you and we can quash anything you throw at us. And one day, you will be at our mercy. Nuff Said !

Thanks Op for raising awareness of this, it is somewhat disturbing yet not surprising that again our electronic lives need to be scrutinized at will by faceless entities in a bid to embed a perceived level of control or policing.

Some have eluded to the standard of if you have nothing hide you have nothing to worry about but I don't think that is point. That is slippery slope because where does that end?

Though if this tech can highlight peodophile and slavery orginizations I can't say that's a bad thing.

I see this as a double edged sword too, should this standard be adopted doesn't it logically open itself to hacker groups (I hate using the word hacker) to using DPI against the very orginizations that want it enabled? Be careful what you wish for.

With respect to a statement made around system admins being able to control bit ware clients and control software in house, that's a load of BS. There are many practices in place in businesses around the world that allow you to control what software is installed, what traffic is allowed to your network and end user agreements to ensure said business is protected from illegal activities by employees. However smaller businesses may find this a challenge as it usually requires expertise and or pricey hardware and software.

I guess one thing we can count on is the amount of data flying around the inter webs every second will make it a challenging task for any entity to comb through let alone for legal systems to process the guilty. If they are planning to get people to pay fines for all infringement of copyrighted material they should start building more jails.

Off to read some more.

It matters little what is voted. It is just the illusion.

Parts of the government and corporations will do whatever they desire despite laws, regulations, best practice and everyone's wish list.

It has always worked as such and will continue.