From Declan DO READ OK-- who is saying what. Either Declan is mis-reporting or Tony is wrong or both are partilaly right or wrong.

[David Farber <dave () farber net>]

Begin forwarded message:

From: Declan McCullagh <declan () well com>
Date: September 12, 2008 7:45:29 PM EDT
To: dave () farber net
Cc: Jacob Appelbaum <jacob () appelbaum net>
Subject: Re: [IP] OK-- who is saying what. Either  Declan is mis- 
reporting or Tony is wrong or both are partilaly right or wrong.

Dave,

Before writing my article, I spent a few days talking to Tony, Steve,  
the ITU, and other folks involved. Here's what I found:

* The ITU's Q6/17 group is meeting next week in Geneva with an eye to  
having a final document finished sometime in 2009 (though one editor  
told me it might take longer). The proceedings are not open to the  
public -- I applied to attend and was rejected -- and relatively few  
documents are public.

* China's proposal submitted in April says the "IP traceback mechanism  
is required to be adapted to various network environments, such as  
different addressing (IPv4 and IPv6), different access methods (wire  
and wireless) and different access technologies (ADSL, cable,  
Ethernet) and etc." It adds: "To ensure traceability, essential  
information of the originator should be logged." See:
http://politechbot.com/docs/itu.china.internet.traceback.proposal.091108.doc

* An ITU network security meeting a few years ago concluded that  
anonymity should not be permitted. The summary said: "Anonymity was  
considered as an important problem on the Internet (may lead to  
criminality). Privacy is required but we should make sure that it is  
provided by pseudonymity rather than anonymity." See:
http://www.itu.int/itunews/issue/2002/06/discussion.html

* An ITU presentation in July from Korea said that groups such as the  
IETF should be "required to develop standards or guidelines" that  
could "facilitate tracing the source of an attacker including IP-level  
traceback, application-level traceback, user-level traceback." Another  
Korean proposal -- which has not been made public -- says all Internet  
providers "should have procedures to assist in the lawful traceback of  
security incidents." See:
http://www.itu.int/dms_pub/itu-t/oth/21/04/T21040000020095PPTE.ppt

There are two issues in dispute. The first is the purpose of the IP  
traceback initiative, especially given that China proposed it, that  
the NSA is involved (although perhaps in its infosec role), and taht  
some participants want to ban anonymity. On the other hand, when you  
have multiple parties participating in such a process, not everyone is  
likely to see eye-to-eye, and I'm told that that is the case here.

The second issue is whether or not the ITU document -- that Steve  
Bellovin says he obtained as part of a ZIP file, and then confirmed  
its authenticity via an independent source -- is authentic. Tony says  
he has never seen it. Steve says it is nevertheless legitimate. If the  
ITU made the Q6/17 portion of its Web archive public, we might be able  
to answer that for ourselves, but unfortunately it has chosen not to.  
The disputed document is here:
http://politechbot.com/docs/itu.traceback.use.cases.requirements.091108.txt

I admit that not everything is clear. But many things in the world  
fall into that category, and journalists try to report on them  
nevertheless, adding the proper caveats as necessary. See:
http://news.cnet.com/8301-13578_3-10040152-38.html

-Declan


David Farber wrote:
> A United Nations agency is quietly drafting technical standards,  
> proposed by the Chinese government, to define methods of tracing the  
> original source of Internet communications and potentially curbing  
> the ability of users to remain anonymous.
> The U.S. National Security Agency is also participating in the "IP  
> Traceback" drafting group, named Q6/17, which is meeting next week  
> in Geneva to work on the traceback proposal. Members of Q6/17 have  
> declined to release key documents, and meetings are closed to the  
> public.
> The potential for eroding Internet users' right to remain anonymous,  
> which is protected by law in the United States and recognized in  
> international law by groups such as the Council of Europe, has  
> alarmed some technologists and privacy advocates. Also affected may  
> be services such as the Tor anonymizing network.
> "What's distressing is that it doesn't appear that there's been any  
> real consideration of how this type of capability could be misused,"  
> said Marc Rotenberg, director of the Electronic Privacy Information  
> Center in Washington, D.C. "That's really a human rights concern."
> U.N. agency eyes curbs on Internet anonymity | Politics and Law -  
> CNET News
> URL: http://news.cnet.com/8301-13578_3-10040152-38.html?tag=nl.e703
> A United Nations telecommunications agency is drafting a proposal  
> called 'IP traceback' and has scheduled a meeting next week. Its  
> potential impact on anonymity is raising alarms. Read this blog post  
> by Declan McCullagh on News - Politics and Law.
> Begin forwarded message:
> From: David Farber <dave () farber net>
> Date: September 11, 2008 1:15:20 PM EDT
> To: "ip" <ip () v2 listbox com>
> Subject: [IP] Network design and operations, not political agenda
> Reply-To: dave () farber net
> Begin forwarded message:
> From: Tony Rutkowski <trutkowski () verisign com>
> Date: September 11, 2008 12:59:21 PM EDT
> To: David Farber <dave () farber net>
> Subject: Network design and operations, not political agenda
> A blog note was recently circulated alleging that an
> "An ITU study group is apparently considering a
> proposal for network traceback that includes the
> following among its rationales [quote on limiting
> political expression]."
> The allegation is not true.
> I personally helped facilitate the consideration and
> adoption of the work item at the April meeting of
> ITU-T Study Group 17 (security). Concerns relating both
> to effective network management and well as providing a
> means for international caller-ID were amalgamated to
> create a new work item shepherded by editors from the
> U.S., China, Japan, and Korea.   The underlying
> requirements relate to network management, settlements,
> infrastructure protection, and law enforcement support
> that pretty much exist worldwide, and include ongoing
> proceedings and legislation in the U.S. Congress, the FCC,
> the European Commission, and others worldwide.
> Minimally, the work will pull together valuable
> information concerning techniques, platforms, and
> development needs.  It has no normative stature.
> The international caller-ID capability would be
> a nice feature for telephony.
> The political motivation text was not part of any known
> ITU-T proposal and certainly not the one which I helped
> facilitate.   Extensive searches for the source of the
> text have yet revealed nothing.
> --tony
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com