4 September 2008
Network design should have as a primary goal the efficient operation of a network. Naturally, security is an important design consideration; the question, though, is what security really means. There are lots of possible definitions; to me, though, none of them include political censorship. Regrettably, the ITU seems to be considering just such a requirement for some new network facilities.
The facility in question is a "traceback" facility — where did some network message come from? This is not a bad idea; I've even worked on it myself, though I've since concluded that that particular approach isn't useful. (Why? I don't want to spend a lot of time and space discussing it here; briefly, there are three reasons. First, very few attacks these days use spoofed source addresses; the real IP address already tells you where the attack is coming from. Second, in case of a DDoS attack, there are too many sources; you can't do anything with the information. Third, the machine attacking you is almost certainly someone else's hacked machine and tracking them down (and getting them to clean it up) is itself time-consuming.) But what constitutes an "attack"? Put another way, what kinds of behavior justify letting the authorities track someone down?
In what I'm told is a document being used by an ITU study group, the following rationale appears for a traceback facility requirement:
A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.To me, countering this is exactly what network designs should not be aimed at.
Now — we all know that there are countries that believe in such censorship. Fortunately, there are many others that do not. In fact, in the US the right to anonymity in political speech is constitutionally protected. Why should a network design intentionally subvert that?
The ITU — a UN agency — should not subvert UN principles. Article 19 of the Universal Declaration of Human Rights — a UN document — states
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.Institutionalizing a means for governments to quash their opposition is in direct contravention of this passage.
To prevent this sort of abuse, a network-based traceback facility should yield no more information than is already necessary for the network to function. In the Internet, that means source IP addresses, which are present in every legitimate packet. (The traceback facility I worked on had that property.) I'll take it a step further: any design process for a new network should at least consider eliminating even that, since source addresses convey geographical information to the packets' recipients.
(Disclaimer: since I'm not a participant in any ITU study groups; I don't know this provision is the group's consensus or simply a proposal from some members.)