Q6/17. A U.N. project surrounded ty so much secrecy that it makes
ACTA look like an exhibitionist.
The short version of Q6/17: The United Nations are working on a standard for how every single bit of traffic on the internet should be able to be traced back to its sender, killing any and all possibility of anonymity.
This project was initiated by China, that shining beacon of personal freedom and democratic due process. NSA (yes, that NSA) was quick to hop aboard.
A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.
The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.
sauce
China, NSA and the UN behind closed doors. Surely anything that comes out of there must be for the good of all mankind! When China and NSA are two of the tone-setting agencies you can't help but wonder how much of this project is actually about security and how much is about
intrusive mass-surveillance.
Since September 2008 there hasn't been much news about Q6/17, except for
this document, that also adds
climate policies as a reason to control public access to the internet.
In a leaked Q6/17 document this is used as an example:
A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.
This is being stated as a problem by Q6/17. Political opposition is a
problem that needs to be solved, they outright state. Does China get to ghostwrite everything in this project?
Political opposition, leaks to media, critical reporting, investigating journalism, deviating opinions and loud-mouthed citizens with uncomfortable opinions - are these also problems to be solved that Q6/17 will try to find a solution for? Though of course, they'll hide it behind "fighting terrorism, drugs, filesharing and child porn", as it is popular to do when censoring the internet.
Posts
Holy fucking shit
No
Yeah, that smells like China, all right.
Any link to the technical information? I'm wondering how long before widespread workarounds are found, or if it will start out vulnerable to one or more existing workarounds.
A plausible deniability workaround would be shockingly simple.
Also, this would lead to a 99.98% encryption adoption for any web communication and fuck the overhead.
How the fuck do we even stop this?
Do... Re... Mi... So... Fa.... Do... Re.... Do...
Forget it...
That leaked document isn't 100% verified, but the sources sound solid enough for me.
This is the type of shit that makes some conspiracy theories actually scary instead of ludicrous.
Also makes me doubt that we might have actually reached a level of civility in first world nations where violent revolution won't ever be necessary.
Fuckin A.
The UN wouldn't have to seize control of anything. It wouldn't take a whole lot for the NSA to monitor existing ISPs.
That's why I said "Godwin-esque."
It's often overused in a hyperbolic sense, so I was comparing the two.
You mean monitor the entire internet in real time? Is the NSA outsourcing their mainframes to the machine city now?
As it exists there technically is a way for finding the source of data, but it can't account for spoofed IP addresses, highly anonymous proxies, or services like TOR. To be able to actually, and truly stop those you'd have to take down the existing internet protocols and build new ones. You can't just expect to be able to firewall off services you don't like, the great firewall may work decently but even it isn't truly effective. To be effective, you'd basically need a new internet, and it'd have to be the only internet available.
Something tells me they're not planning on going that in-depth. What percentage of the existing population uses highly anonymous proxies or spoofed IPs? Now what percentage of those would try to circumvent a firewall preventing those services?
I don't think this policy is worried about that 0.000001% of the population.
http://www.guardian.co.uk/technology/2009/mar/25/social-networking-sites-monitored
It warms my cynical little heart that they couldn't even get past the first paragraph without invoking terrorism as the main reason for massive intrusive surveillance.
Nor will they until after the terrorist attacks and they start pussling the pieces together. Hindsight is 20/20 and all that.
Wait, but that is the UK... not the US
Does Not Compute
Edit: Now I need to start an Al-Qaeda facebook group.
If the point is to scare the average person you don't keep it a secret though. It's like what Strangelove said about the doomsday device, it's not a deterrent if no one knows about it. I think you try to keep something like this a secret because you do want to catch the people doing those things, as those are the ones doing things you want to stop, like being political dissidents or sharing information you don't want shared.
That said this seems like a pipe dream, there would be too much change to the current system needed to correctly implement this or far too much computing power needed to try and do it with the current system.
Tracing from an IP address to an individual computer cannot be done automatically because the computer doesn't have a unique ID. The internet system assumes that the IP address is the unique ID. And of course, a regular user logging in through a corporate internet provider receives a different, dynamically-allocated IP address each time. However, you log in to that provider using a unique login and password, and the provider keeps track of which IP address it gives to each user each session. So, while we cannot automatically trace an IP address to an individual computer directly, we can trace it manually by getting the information from the internet provider. And all we need to do that is a court order.
Too much hassle for NSA and China.
If that's the case they can just copy China and go great firewall, because that's what it sounds like. You can't expect to have a decently effective firewall with current protocols. You can't expect to reliably track all connections to said proxies because if you don't want to require absolutely obscene amounts of data retention and analysis, the likes of which we've never even dreamed of before, then you'd need to go one step further than China and base your firewall around a whitelist versus a blacklist. This would require either insane amounts of manpower to properly maintain, or require you effectively banish the free internet as we know it and state that only businesses registered with the government may have any sort of web presence, and must all conform with strict government regulations. Which, if you're going to go that far, you might as well just do what I said above and just redo the whole damn thing from scratch, protocols and all.
Again, the solution is either ineffective, horribly costly, or requires a brand new internet, complete with that new internet smell.....or possibly all of the above!
As much as I'm politically and morally opposed to this shit, the tech geek in me is really interested in how they plan to solve this technically. :P
In nations under totalitarian regimes this idea becomes downright frightening. Political rivals, journalists and protesters lives could easily be in danger if their identities are revealed.
Except if you don't care to receive a response, you can write bullshit into the IP field of the packet header and it will work for some protocols. If you have a proxy, you can route traffic through it and the IP address in the packet header will belong to the proxy rather than to you. (There are many anonymizing proxies that will not keep records of what IP address sent and received what data for long enough for a court order to be used.) Then you get into the really neat networks like Tor and Freenet where you just use other people's computers on the network as proxies several layers deep, et cetera et cetera.
The point of this project is to plug these loopholes, which I'm not sure can be feasibly done without replacing IP entirely, but it's still sort of distressing that it's being attempted.
Do you... do you not know what a proxy server does?
the "no true scotch man" fallacy.
Or NAT.
Stateless proxy.
...well, it doesn't sound all that different from a regular proxy to me.
Short version: A stateless proxy will only keep info about your connection for as long as it takes to load a web page.
edit: and now that I have more than 30 seconds... you initiate the connection behind the proxy, the proxy connects the web server, the web server ponders and sends response back through the same connection. Then the proxy forgets it all when that connection is closed.
That wouldn't really contradict my previous post, where I said the chain exists, if only temporarily, tracing back to you. And for as long as the transaction is going on, the packets can be traced through the proxy to you. Granted, at this point it can only be traced to you for less than a second, so it's nearly impossible to do in practise, for now.
So I'll admit the wet concrete analogy my prof used is no longer valid.
Yeah, it's more like wet snow.
During a snowstorm.
the "no true scotch man" fallacy.
Such a system (if it worked... and that's a pretty big if) would make it significantly harder to send spam, perform hacking attempts, phishing attempts, certain forms of fraud, etc.
However, I wouldn't trust these folks anywhere near it.
the "no true scotch man" fallacy.
All the arguments I've seen in favor of that position confuse personal anonymity with technical anonymity.
Do you have an argument that doesn't?
the "no true scotch man" fallacy.
I've heard indications that the NSA is hooked into the internet backbones already, based on leaks about the warrantless wiretapping system from Bush's years. The really scary/ingenious part is that they've figured out some ways to dig down in that unimaginably large amount of information to be able to figure out who to snoop on, using metadata analysis.
That wouldn't be able to catch every last bit of IP communication, as there would be data that passes between devices with smaller subnetworks and ISPs that doesn't go out across the main routers, but it could get a whole hell of a lot of it.
Being able to have a man in the middle on most of the major connections points of the internet makes this sort of thing sound a fair amount more feasible to me, but they would have to be a hell of a lot smarter and more dedicated than I am to figure out how to make it foolproof and be able to trace everything.