Tag Archive for IETF

| February 12, 2013
Comments Off on UN Tries to Control the Internet Again

UN Tries to Control the Internet Again

UN Tries to Control the Internet AgainInfoSecurity reports that even after much of the free world refused to sign the controversial new ITU WCIT-12 treaty in December 2012, U.S. Many argued this would give the UN control of the Internet. Federal Communications Commission (FCC) Commissioner Robert M. McDowell warned, ‘the worst is yet to come.’

ITU logoThe United States,” he said, “should immediately prepare for an even more treacherous ITU treaty negotiation that will take place in 2014 in Korea. Those talks could expand the ITU’s reach even further.” McDowell seems convinced that the ITU’s desire to control the internet is not a passing fancy, but a long-term intent. He may be right, and it may come before 2014.

Last week the ITU Secretary-General Hamadoun Touré released his draft report for the Fifth World Telecommunication/Information and Communication Technology Policy Forum 2013. “This draft report of the Secretary-General to the WTPF-2013,” it states, “aims to provide a basis for discussion at the Policy Forum, incorporating the contributions of ITU Member States and Sector Members, and serving as the sole working document of the Forum focusing on key issues on which it would be desirable to reach conclusions.

ITU’s takeover attemptSuggested themes for discussion include, “Global Principles for the governance and use of the Internet,” and “On the basis of reciprocity, to explore ways for greater collaboration and coördination between ITU and relevant organizations – including, but not limited to, the Internet Corporation for Assigned Names and Numbers (ICANN), the Regional Internet Registries (RIRs), the Internet Engineering Task Force (IETF), the Internet Society (ISOC) and the World Wide Web Consortium (W3C) – involved in the development of IP-based networks and the future internet, through cooperation agreements, as appropriate, to increase the role of ITU in Internet governance to ensure the largest benefits to the global community.”

This is exactly what caused disarray in December’s WCIT in Dubai the commissioner states.

Meanwhile, a ‘de-fund the ITU petition has appeared on the White HouseWe the People’ website. A supporting website gives full details. “Fighting on behalf of the Internet,” it states, The United States government and fifty-four other countries rejected the ITU’s takeover attempt, but this is a single battle in a war that the ITU will continue to fight. The ITU is spending more than $180M/year to oppose the Internet and is drawing from its reserves more heavily each year ($9M in 2010, up from $5.5M in 2009), as progressive countries withdraw their payments from the ITU’s war-chest.

The ten most oppressive countries in the Open Net Initiative’s ranking of online freedom all sided against the internet, and none of them are giving the ITU as much as the U.S. is. If all the countries that stood with the Internet against the ITU’s attack withdraw their funding, it claims, “the ITU’s membership revenue will be reduced by 74%.

The petition also calls for future U.S. delegations to be reduced “to no more than one USG representative, tasked primarily with communicating a U.S. position that the ITU’s only legitimate area of authority is radio communications.” The long-term danger from such entrenched views on both sides is that the worldwide nature of the internet might fracture into one internet under multi-stakeholder governance in the ‘free’ world, and a series of heavily government-regulated Internets elsewhere.

Freedom and prosperity are at stake,” warned Commissioner McDowell.

rb-

I have warned about the United Nations’ attempt to take over the Internet since November.

Related article

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| September 11, 2012
Comments Off on ITU Regs Bad for Cybersecurity

ITU Regs Bad for Cybersecurity

ITU Regs Bad for CybersecurityEmma Llansó at the Center for Democracy & Technology writes that the International Telecommunication Union is ill-suited to regulate cybersecurity. The United Nations-backed ITU will meet in December to try to expand its control over the Internet. The CDT believes that the issue of cybersecurity perfectly illustrates why the ITU should not be given expanded regulatory authority to include matters of Internet governance.

Center for Democracy & TechnologyThe UN body is holding the World Conference on International Telecommunications (WCIT) this December in Dubai, UAE to renegotiate the International Telecommunication Regulations (ITRs), the UN’s core telecommunications treaty. The ITRs were in 1988 and sets forth general principles for the operation of international telephony systems. The CDT reports that some Member States of the ITU want to use the WCIT to expand these regulations to Internet matters by amending the ITRs. The CDT and others have warned of the risks to online freedom and innovation if the UN is allowed to regulate the Internet. The CDT has released a paper (PDF) that examines in detail some of the proposals pending before the ITU relating to cybercrime and cybersecurity.

The CDT states that cybersecurity is undeniably a critical issue for the future of telecommunications and indeed for global commerce, development, and human rights. On the other hand, it is ill-suited to the kind of centralized, government-dominated policy-making that the ITU represents.

ITU logoCybersecurity requires agility: Given the pace of technological change, governmental bodies are not likely to be the source of effective technical solutions. The CDT predicts those solutions will emerge from multi-stakeholder efforts, involving ICT companies, technologists, academics, and civil society advocates, as well as governments.

Moreover, the cybersecurity issue inevitably leads straight into questions of human rights and governmental power: surveillance, privacy, and free expression. None of these are issues the ITU has any expertise in or any ability to assess and balance. The CDT suggests, rather than adopting vague wording that could be used by governments as justification for repressive measures, the ITU should endorse existing standards initiatives such as those underway at the IETF and continue to serve as one forum among many for the development of consensus-based, private sector-led efforts.

According to the CDT briefing, the Arab States regional group has offered a proposal to amend the ITRs to require Member States to “undertake appropriate measures” to address issues relating to “Confidence and Security of telecommunications/ICTs,” including “… online crime; controlling and countering unsolicited electronic communication (e.g Spam); and protection of information and personal data (e.g. phishing).” The governments of the middle-east have a history of manipulating the Internet to silence dissent.

Another example of why the UN should not control the Internet comes from the African Member States cybersecurity proposal which deals with data retention. The CDT reports the requirement will force communications companies to retain data about customers and communications for the benefit of the government rather than for business purposes.

UN against U.S. ConstitutionAnalysis by CDT says that this requirement goes against American criminal laws. This data retention law turns the presumption of innocence on its head since these cybersecurity data retention laws apply to every citizen regardless of whether they have committed a crime. Further, because data retention laws require service providers to store information that identifies people online, they threaten anonymity online, implicating the rights to both privacy and free expression.

The CDT writes that several cybersecurity proposals to amend the ITRs refer to the routing of communications. One proposal from the Arab States regional group would amend the ITRs to specify that “A Member State has the right to know how its traffic is routed.”

national securityThe proposal is justified on the grounds of security, according to the CDT which some Member States clearly interpret to mean national security. In its comments, Egypt argued, “…  Member States must be able to know the routes used … to maintain national security. If the [Member State] does [not] have the right to know or select the route in certain circumstances (e.g. for Security reasons), then the only alternative left is to block traffic from such destinations…”

The brief explains that Internet protocol (IP) networks transmit communications and interconnect entirely differently than traditional telephone networks; in that context the Arab States proposal to “know how traffic is routed” simply would not work and could fundamentally disrupt the operation of the Internet. If the Arab States proposal were applied to all Internet communications, the requirement that countries be able to “know” how every IP packet is routed to its destination would necessitate extensive network engineering changes, not only creating huge new costs but also threatening the performance benefits and network efficiency of the current system.

The brief goes on to explain that the Arab States proposal could also serve to legitimize governmental efforts to set up controls on the Internet traffic, by enshrining in an international treaty. Changes to IP routing rules to carry out the Arab States’ cybersecurity proposal could give the Member States more technical tools to use to block traffic to and from certain websites or nations. The regulations on routing that the Arab States proposal condones could take a variety of forms, from prohibiting certain IP addresses from being received inside a country to tracking users by IP addresses and blocking specific individuals from sending or receiving certain communications. “Knowledge” of IP routing could also encompass countries keeping track of what websites their citizens visit or with whom they email – all in the name of national security.

These types of regulations, which could be legitimized if the Arab States proposal is adopted, could threaten user rights to privacy and freedom of expression on the Internet.

rb-

The UN must not be allowed to expand its control over the Internet.  ITU regulation will be bad for cybersecurity.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| September 18, 2010
Comments Off on D-Link Raises Net Security Bar

D-Link Raises Net Security Bar

D-Link Raises Net Security Bar Help Net Security reports that D-Link (TSEC dlink) has upgraded its products to rival some of the “enterprise-level” devices I see at client sites. The vendor has enhanced its router security to a higher level of protection to guard against hacking, worms, viruses, and other malicious Web attacks. by incorporating DNSSEC, IPv6, and CAPTCHA.

DNSSEC is a suite of Internet Engineering Task Force (IETF) specifications (Core DNSSEC RFCs are RFC 4033, RFC 4034, and RFC 4035) that adds security to the DNS to offer assurance that the information received from a Domain Name Server is authentic according to the article. The security extensions are designed to protect the DNS from man-in-the-middle and cache poisoning attacks, which can occur when hackers corrupt DNS data stored on recursive name servers to redirect queries to malicious sites.

DNSSEC applies digital signatures to DNS data to authenticate the data’s origin and verify its integrity as it moves across the Internet and can give users an effective means of verification that their applications, such as Web or email, are using the correct addresses for servers they want to reach.

D-Link is also providing additional security and future-proofing its routers, by migrating to IPv6 certification according to Help Net Security. With the growing number of Internet-capable devices on the market, the pool of IPv4 addresses has dropped to six percent and is expected to run out sometime in 2011. While this is a major motivation for IPv6, other improvements are also realized.

The IPv6 specification now specifies certain security measures that were not defined in IPv4, such as IPSec. IPSec is a method of authenticating and encrypting data transferred between pairs of hosts. Although it was possible to implement IPSec with IPv4, it was not part of the specification. IPSec is now a requirement, not an option, in the IPv6 specification.

CAPTCHAD-Link has previously implemented a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) to improve security. CAPTCHA is a challenge-response test that ensures that a response during a user login is not computer-generated but instead is truly entered by a human hand, by requiring a user to manually enter a small amount of text displayed in an image to help prevent automated registration and fraud.

rb-

I looked at a production switch today that was still running only CatOS 9.0 (EOL 2009), they might be better protected with a new D-Link.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
  Recent Entries »