Skip to Content

Cybersecurity & Standards

I* Newsletter: E2EE Traceability in India, Bypassing User DNS Choices in 5G

“I*: Navigating Internet Governance and Standards” was a monthly newsletter distributed by the Center for Democracy & Technology (CDT), and compiled by the Public Interest Technology Group (PITG), a group of expert technologists who work across a complex landscape of internet standards development (“I”) organizations that convene in the public interest.

The newsletter highlighted emerging internet infrastructure issues that affect privacy, free expression, and more, clearly explaining their technical underpinnings.

# E2EE traceability in India: WhatsApp has filed a petition in the Delhi High Court arguing that wide-ranging new regulations for intermediaries, enacted in February 2021 by the Government of India, prohibit end-to-end encryption and violate a user’s right to privacy.

The regulations include obligations for social media companies to appoint local personnel to comply with government censorship and surveillance orders, and enable voluntary verification of accounts with phone numbers or government IDs or phone numbers.

One of the controversial rules, popularly called “traceability,” requires messaging services like WhatsApp and Signal to “enable the identification of the first originator” of messages. Civil society organisations and academics have argued that the rule has adverse implications for user privacy, and will end up de facto ruling out the use of end-to-end encryption. WhatsApp’s petition came on May 25, 2021, the final date of compliance. 

Gurshabad Grover from the Centre for Internet and Society says, “The Indian Government and academicians associated with it have proposed ideas like hashing each message or adding an identifier with each message, to enable the tracing of messages. These ‘technical solutions’ for law enforcement, unfortunately, severely undermine confidentiality of messages and user privacy. The ‘traceability’ rule is solely to enable surveillance, exceeds the scope of the legislation under which it was issued, and presents a democratic threat when it is seen in the context of legal provisions that are prone to abuse by the executive.”

# 3GPP is discussing whether network operators should be able to bypass user’s DNS choices in 5G networks: The standardization body for 5G, the 3rd Generation Partnership Project (3GPP), is currently discussing whether 5G networks should be able to overwrite the domain name system (DNS) settings of connected devices such as phones and laptops.

On the one hand, this is intended to benefit implementations of edge computing, which improves network service provision. However, it could also have severe consequences for privacy and censorship. The majority of companies represented in the 3GPP currently favor overwriting users’ DNS preferences, and a significant number of large equipment manufacturers want to do this without informing the user or providing them with the opportunity to overwrite these settings themselves.

# Human rights, not national industry protection, should guide ITU advocacy: Over the last five to ten years, China has been increasing its strategic presence in intergovernmental spaces like the International Telecommunication Union (ITU) and International Organization for Standardization (ISO) to support its foothold in a range of frontier and cutting-edge technologies such as blockchain, machine learning-based biometric systems like facial recognition, Internet of Things devices, and smart cities.

Most recently, China expanded this strategy to industry-driven bodies like the Internet Engineering Task Force (IETF) and Institute of Electrical and Electronics Engineers (IEEE).

“New IP,”also known as FIPE or FVCN, is one of those technologies. New IP is the Huawei-designed network architecture whose standardization effort aims to replace the TCP/IP stack, the set of protocols by which data is currently exchanged over the internet.

Mehwish Ansari of ARTICLE 19 says, “Right now, thanks to U.S. and European foreign policy agendas, we have seen coordinated pushback against the New IP proposals in the ITU, IETF, and elsewhere, from both governments and civil society.”

However, a problem remains in that the pushback is largely oriented around anti-China foreign policy objectives rather than human rights objections. Civil society advocates should be aware that there may come a point where New IP is repackaged, with all of its concerning effects for free speech and privacy, by U.S firms seeking profit in it. Will we see the same pushback then?

This uncertainty is what makes intergovernmental standards bodies like the ITU and ISO potentially dangerous for human rights. They’re not open, and are often hostile, to civil society participation. Public interest advocates are an independent, countervailing force when government interests change or no longer align against adverse trends in internet governance.

# Conducting research across the standards community on inclusive terminology: The mission of the Inclusive Naming Initiative (INI) is to help companies and projects remove harmful language and replace it with neutral terms. The INI is conducting research to better understand what is happening in the technical community, and specifically Standards Development Organizations (SDOs), to remove racist, offensive, exclusionary, and other harmful terminology from tech standards and related documentation.

Since terminology plays a key role in established and emerging standards, the INI is gathering feedback from technology professionals and enthusiasts who work with SDOs. Later this year, the group plans to publish a summary of findings based on this research.