"[It] could give governments and companies the ability to sift through all of an internet user's traffic – including emails, banking transactions, and voice calls – without adequate privacy safeguards. The move suggests that some governments hope for a world where even encrypted communications may not be safe from prying eyes," wrote the US-based Center for Democracy & Technology in response.
Techdirt, a privacy and online rights campaigning website, claimed that contrary to Johnson's assertion, the standard contained little that actually prevented national governments from spying on the contents of internet communications.
"The document optionally requires DPI [deep-packet inspection] systems to support inspection of encrypted traffic 'in case of a local availability of the used encryption keys'. It's not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users' traffic (quite possibly against their will) is antithetical to most norms, policies and laws concerning privacy of communications," wrote Glynn Moody.
The standard, he added, was negotiated and agreed among representatives of national governments in secret following a meeting in Dubai in November – prior to this week's World Congress on Information Technology, which is meeting to thrash out a new global telecommunications agreement.
The last global agreement was arrived at in 1988 and the ITU has been campaigning and politicking for the past 15 years for the internet to be placed in similar control under its authority.