By Rebekah Heacock
MIA 2010

Note: This post was originally posted in part at the OpenNet Initiative Blog.

A document obtained by CNet News has revealed that the UN National Security Agency is part of a group drafting a set of technical standards determining how to trace Internet communications back to their original sender, potentially limiting users’ ability to remain anonymous, according to a report published Friday.

The group, named Q6/17, is headed by the UN International Telecommunications Agency (ITU) and is reportedly acting on a proposal submitted by the Chinese government. The group is meeting in Geneva this week to work on the proposal, and meetings are closed to the public.

The proposal is intended in part to fight distributed denial of service (DDoS) attacks, but experts claim most experienced hackers would still be able to avoid detection.

The report has raised concerns among digital freedom advocates, who
claim the standards would violate the UN’s Universal Declaration of
Human Rights and who cite the potential for abuse by governments who
may use tracebacks to identify and “quash” political opponents.

Their argument is based in part on an ITU document given to Steve Bellovin,
a Columbia University computer science professor and Internet
Engineering Task Force (IETF) member who drafted a different tracebook
proposal in 2000 (Bellovin has since rescinded his proposal). The ITU
document describes possible applications of the new standards,
including the following case:

A political opponent to a government
publishes articles putting the government in an unfavorable light.
The government, having a law against any opposition, tries to
identify the source of the negative articles but the articles having
been published via a proxy server, is unable to do so protecting
the anonymity of the author.

Bellovin responded to the document
in a recent blog post, saying, “Network design should have as a primary
goal the efficient operation of a network. Naturally, security is an
important design consideration; the question, though, is what security
really means. There are lots of possible definitions; to me, though,
none of them include political censorship.”

Online anonymity is a legal right in the United States and is
recognized by international organizations including the Council of
Europe and the ITU itself. Though the U.N. lacks the authority to
enforce global Internet standards, the Q6/17 group plans to work with
the IETF and the United States Computer Emergency Response Team
Coordination Center. This collaboration could lead to acceptance of the
standards by national governments.

The proposal is scheduled to be finished next year.

Photo:  Steve Bellovin (Courtesy of Columbia University)