ITU Leaks And Hacks: The Internet Strikes Back

In the span of 24 hours, two major strikes against the secretive International Telecommunication Union's World Conference on International Telecommunications in Dubai point to the Internet community hitting back in an attempt to bring transparency - and disruption - to the 12-day meeting of world governments about the future of the Internet (see Free And Open? World Governments Discuss The Internet In Secret). Alleged leaked documents and a hack against the conference has the Web buzzing.

The Leak

At the core of the controversy is one of the meeting's major issues: Deep packet inspection (or DPI) technology, a Web surveillance tool.

Australian journalist Asher Wolf claims she got a hold of alleged "secret documents" on DPI (providing a road map for how to regulate sites like BitTorrent) via the ITU's Toby Johnson. She says Johnson emailed her and asked her not to publish the unedited documents. But she did anyway. 

In a comment to ReadWrite, Wolf said she never claimed the documents were leaked. "It was the media who used that word," she explained. 

Wolf says the material was already available online in draft form, and criticized the media for not bothering "to ask for copies of relevant documents before the ITU's DPI recommendations were ratified."

"Regardless whether the document is considered 'leaked' or not, I think the reaction to the publication of the document suggests there's a disconnect when it comes to internet policy, media coverage and public awareness," Wolf said. 

The ITU's Johnson also denied that the documents were leaked, first on Twitter then in a private email exchange.   

Johnson says the documents are unedited material, and not secret. Here's the ITU's rationale for DPI use, which strangely enough, was written in response to the Center for Democracy and Technology's publication on Wednesday of the ITU adopting a new international DPI technological standard. 

Johnson says the documents in question, which can be found via a search on the ITU site (Y.2770), will be published in the coming weeks with minor editorial changes.

"I sent a pre-published version of the standard in question (Y.2770) to a journalist/activist that had expressed an interest," Johnson said. "Pre-published means that it's available only to members while some final editing is done. It is by no means a secret document. It's just subject to some final tweaks before being published. I'd rather she hadn't published it in that form but it's no big deal."

But despite Johnson's candor, it is a big deal. Why? Because this back and forth hints at a lack of openness between the ITU and the outside world. And if the nonprofit CDT's reporting is correct, that means that the DPI standard was adopted before the conference. 

"DPI technologies are nothing new of course," Johnson wrote in email response. "The proposal to standardize comes from our members (mostly private sector) and is a way of making it easier for manufacturers to take into account these requirements."

At this point, it's still not clear why Johnson would send unedited material, but what is clear is how fast the finger pointing and ownership of the messaging of this conference and this gaffe is coming into play. The overall rhetoric from the ITU is that it's here to better the Internet community. But the Web isn't buying it.

"The whole question of whether the document was leaked or not kind of implies that the process isn't as open as it might be," says Jim Fenton, chief security officer of digital identity service OneID, and formerly of Cisco Systems.

Fenton says while the content of the documents themselves aren't that surprising, the lack of transparency between the public and the ITU is worrisome. 

In other words, PR missteps and poor timing are bringing to the forefront questionable ITU behavior, even if the material it did send was in fact public - or at least soon to become so. 

The Hack

And then there's the hack. On Wednesday, the ITU's site was knocked off-line for two hours, allegedly by members of the Anonymous collective, allegedly in response to the DPI standard's shady introduction.  

Anonymous released this video aptly titled: "Keep our Internet free!"

The ITU released this statement in response, ironically detailing that while some delegates were frustrated at being unable to access online documents, "a spirit of camaraderie prevailed, with those who had access to up-to-date online versions of the texts willingly sharing with other delegates in order to keep discussions moving forward."

If anything, though, this move could backfire on the hackers responsible, giving the conference additional credence and legitimacy to push for more cybersecurity.  

Whatever happens long term, the world is watching and waiting as the story develops. We're still at the halfway point of the conference, which concludes Friday, December 14. And no matter what the delegation decides, it will then be up to individual governments to approve or reject any decisions.

Let's just hope they make the right choices...because in the name of security, the wild and wooly Internet we know and love could go the heavily regulated route of radio and television. And it would never be the same again.

 

 Photo Courtesy Of itupictures