Forgot your password?
typodupeerror
Encryption Censorship Communications Government IT

Pakistan Tries To Ban Encryption 185

Posted by timothy
from the shh-don't-tell-the-other-countries dept.
An anonymous reader writes "Pakistan has a new Telecoms Law going into effect, which requires widespread monitoring of internet usage. In response, new reports are saying that the country is banning encryption, including VPNs, because it would interfere with the ability of ISPs to monitor internet usage."
This discussion has been archived. No new comments can be posted.

Pakistan Tries To Ban Encryption

Comments Filter:
  • Cool! (Score:5, Insightful)

    by Penguinisto (415985) on Friday July 29, 2011 @06:38PM (#36929118) Journal

    ...now I just have to get hold of a few Pakistani bank IP addys, set up some sort of listener, and...

    Oh, you thought SSL would still be around after this little law gets into effect?

    (obviously I'm kidding, at least about wanting to do any such thing. OTOH, there are quite a few folks who probably wouldn't be kidding at all).

    • by jc42 (318812)

      ...now I just have to get hold of a few Pakistani bank IP addys, set up some sort of listener, and...

      Why bother, when you can simply talk to a few people at the bank's ISP, exchange a bit of something under the table, and get a list of all the banks' customers' account numbers, PINs and login info.

      That's much simpler than setting up your own listener. And the new law will require the ISP to collect such information, so they might as well productize it.

      • by EdIII (1114411)

        This is just stupid. For many reasons.

        Banning VPN's? Sure they encrypt traffic, but they also serve a very useful purpose. They bridge networks.

        Sounds like the people that set up MPLS (The ISPs) in Pakistan are out looking at expensive toys they are going to buy. Only corps will be able to afford to bridge networks now because those will be the only state sanctioned bridges.

        • by wagnerrp (1305589)
          Eh? You don't need encryption to bridge two networks or set up a tunnel.
          • by EdIII (1114411)

            I think that really depends on the firmware and software. Most developers assume you are going to use encryption so that option 'none' does not appear anywhere.

            Personally, I have never seen a VPN set up that allowed to specify no encryption in the proposals. Maybe you could do it with open source and set up an encryptionless tunnel.

            Technically you are probably correct, but pragmatically, I don't think it matters.

            • What about GRE, IP-in-IP/IP6-in-IP, and tunnel mode AH for IPSec? These are all common tunneling mechanisms that do not use encryption, though as you said, they'd have to be supported in the software. I'm prepared to be wrong on this as I don't work with small business equipment, but I would imagine the lowest end boxes that will provide an IPSec VPN will let you do an AH-only tunnel.

              Interestingly, some open source IPSec implementations will even allow "encryptionless" ESP tunnels, using "null" ciphers for

              • by EdIII (1114411)

                Since I have worked on the low end boxes for years, and some higher end stuff, I can tell you they don't allow AH-only tunnels.

                I am not surprised that open source IPSec implementations could do it, and I mentioned that they probably could, but not everybody is going to shell out $500-$600 bucks to create their own routers for both sides.

                If the majority of the hardware does not support it, then making the rule is not very wise. You mention IPv6 too, which is still not largely supported by the majority of ro

                • by pakar (813627)

                  I am not surprised that open source IPSec implementations could do it, and I mentioned that they probably could, but not everybody is going to shell out $500-$600 bucks to create their own routers for both sides.

                  Option 1 - 2 routers running OpenWRT and OpenVPN can be had for $100... Complete with a web-interface, but will probably need the user to follow a step by step howto on setting up the tunnel...

                  Option 2 - Get a couple of old computers (even a 486 could probably handle this..) ... say ~$50 each.. Install PFSense and then just use the webgui and setup a GRE or OpenVPN-tunnel...

                  Option 3 - I know MikroTik RouterBoard supports GRE and they can be had for around $50 as a starting-point... never used them myself so

          • Eh? You dont need encryption for a VPN either.

        • by Jawnn (445279)

          This is just stupid. For many reasons.

          Banning VPN's? Sure they encrypt traffic, but they also serve a very useful purpose. They bridge networks.

          Uhm..., One can bridge networks without that encryption layer, dude. Never bothered to do it across the public Internet, for obvious reasons, but just sayin'.
          Then again, with the way the idiots in Congress (I'm looking at you, Tea Baggers) [cnet.com] are going, I might need to make plans for that. Apparently, some in our own government feel that they too should know everything that their subjets..., er..., citizens are doing.

        • by slick7 (1703596)
          Considering their batting average combating the Taliban, al Queda, stopping the flow of money, weapons and information to them, it's par for the course.
        • by DarkOx (621550)

          Um what makes you think you can do VPN in clear text? I guess the "Private" part of VPN would not really apply but you could bridge networks just fine over the Internet using GRE for instance.

      • by NFN_NLN (633283)

        Why bother, when you can simply talk to a few people at the bank's ISP, exchange a bit of something under the table, and get a list of all the banks' customers' account numbers, PINs and login info.

        After some careful analysis, I've determined you could make off with tens of dollars by hacking the average Pakistani's bank account. It would be more lucrative and less effort to trick dumb and greedy Americans into Nigerian money laundering scams.

        http://www.einfopedia.com/per-capita-income-of-pakistan.php [einfopedia.com]

    • Oh, you thought SSL would still be around after this little law gets into effect?

      I, for one, welcome the arrival our new Telnet Overlords.

  • by SpiralSpirit (874918) on Friday July 29, 2011 @06:38PM (#36929124)
    no more secrets. at all. this time I mean it. now go back to putting your secrets on the internet, in plain text!
    • I'm just wondering how the hell they're going to be able to tell images with steganographic messages from the ordinary variety.

      (the more I think about this, the more I'm forced to concldue that the Pakistani government isn't really thinking this thing through...)

      • by caerwyn (38056)

        Sure they are. They're interested in low-hanging fruit, and this will catch a whole lot of it.

        • by gl4ss (559668)

          and it's going to nicely suck development money back to western countries. you know, to those houses selling them this bullshit surveillance sw.

      • There will certainly be a number of ways to encrypt transmissions on the sly, and the Pakistani Govt will eventually be forced to allow a certain level of encryption to banks and/or military suppliers (maybe licensed encryption?). However, for the vast majority of punters, it will make subversive activities much harder.

        As I follow it through, it seems to be consistent with the ongoing push (in some parts of the world) to de-anonymise (is that a word?) the Internet. And that's a whole debate in its own r
        • by ultranova (717540)

          However, for the vast majority of punters, it will make subversive activities much harder.

          Most people simply want to be left alone. Making them feel threatened posting shit on discussion boards or downloading porn or games - or even browsing Wikipedia - is a sure way of turning someone who doesn't care about the government one way or another into someone who actively hates it. Consequently, this will actually make any subversive actions easier, since it increases the pool of people willing to go out of th

      • Very easy. If you're suspected, for whatever reason, of using steganography, they will employ thermorectal cryptoanalysis to determine whether any encryption was in fact involved. I hear the success rate of that method easily exceeds 100%.

    • by ShakaUVM (157947)

      >>no more secrets. at all. this time I mean it. now go back to putting your secrets on the internet, in plain text!

      I can't wait until we all move back to using telnet.

      I had some great fun with that in computer labs, back in the day.

  • by Arancaytar (966377) <arancaytar.ilyaran@gmail.com> on Friday July 29, 2011 @06:44PM (#36929144) Homepage

    The particulars may vary, but the essence is that you try to forbid people to have secrets from you.

    Once you see it in this light, the paradoxical futility becomes clear.

    • by PopeRatzo (965947) *

      The particulars may vary, but the essence is that you try to forbid people to have secrets from you. Once you see it in this light, the paradoxical futility becomes clear.

      You don't have to forbid people from having secrets if you take away any tools that allow them to share those secrets.

      Oh, you can still think whatever you want about the corrupt government, you just can't tell anyone else about it without exposing yourself to imprisonment and torture.

      That approach has actually been pretty effective. Remem

      • by Nikker (749551)
        Once you lack enough trust in your own people to have secrets then everything is potentially a secret, even the most sincere communications.
  • That'll work about as well as outlawing prostitution has worked for the last several thousand years.
    • by Ironchew (1069966)

      The FCC bans encryption over amateur radio frequencies and it's worked out fine. Of course, the FCC also bans commercial traffic over said frequencies, so any argument about "online commerce" is moot in that scenario.

      • Apples and oranges. With a wave of their hands the Paki legislature have made monetary transactions over the wire impossible. This law will necessarily be re-visited. Commerce isn't and has never been done over general band radio, but the very medium of digital money transactions is now made useless in Pakistan. That obviously won't work for them for long.
      • by ewanm89 (1052822)
        I would like to point out that it's international telecommunications union regulations that ban encryption on amateur wavelengths, and it is fine as amateur radio is for the purpose of research and learning about radio technology. Not research into encryption systems.
    • That'll work about as well as outlawing prostitution has worked for the last several thousand years.

      Outlawing prostitution has worked, if your goal was to have a reason to arrest prostitutes....
    • That'll work about as well as outlawing prostitution has worked for the last several thousand years.

      It should be noted that prostitution hasn't been outlawed over most of the last several thousand years.

      Nor has it been outlawed in many places, even when it was being outlawed.

      Fact of the matter is, even nominally Christian countries haven't made much effort to suppress the Oldest Profession until the last few centuries, and not universally even then.

      • by ewanm89 (1052822)
        Hell, courtesans were popular in most European courts (including in Italy, right outside the Vatican) until about 150 years ago. It was the Victorian age that defined pornography and prostitution as bad.
  • Didn't France ban encryption at least on some strengths years ago? I'm not too familiar with what happened after that, and a quick Googling is just bringing up old hits from when the ban was enacted. Anybody care to fill in the reality of what happens in such a case?

    • The data on the law must have been encrypted...

    • by jgrahn (181062)

      Didn't France ban encryption at least on some strengths years ago? I'm not too familiar with what happened after that, and a quick Googling is just bringing up old hits from when the ban was enacted.

      Back in the early 1990s, I believed that useful encryption would eventually be outlawed everywhere. The legal troubles of Phil Zimmerman and PGP didn't look promising. The US export ban on encryption, US and non-US versions of software ... What happened then I suppose was that encryption became a vital part of the infrastructure of the internet, so it couldn't easily get banned.

  • by scosco62 (864264) on Friday July 29, 2011 @06:53PM (#36929206) Journal
    They might actually hide the location of Osama Bin Laden....oh, wait.....
  • Does anyone remember when an article was posted a while back highlighting techniques for practical stenography based encryption for network traffic? Does anyone remember all the snarky comments and derision because you would never need that kind of encryption? This is how it begins.
  • Right after hundreds of top secret governments docs are leaked.

  • by Sprouticus (1503545) on Friday July 29, 2011 @06:57PM (#36929250)

    ...and I thought the US government was clueless.

  • By "interfere with the ability of ISPs to monitor internet usage", presumably they mean collecting all their customers' account numbers, PINs, login ids, passwords, etc.

    The major effect of banning encryption would be to make electronic commerce impossible. If anyone alone the data path can intercept your names, numbers, and passwords, then people will learn very quickly that the Internet simply can't be used for anything that involves a transfer of money.

    • The major effect of banning encryption would be to make electronic commerce impossible. If anyone alone the data path can intercept your names, numbers, and passwords, then people will learn very quickly that the Internet simply can't be used for anything that involves a transfer of money.

      Which might serve their purpose nicely. It's certainly a clever way to do a "buy local" law without imposing tariffs...

  • Remember that it wasn't that long ago that the U.S. was trying to peek in on you via the Clipper Chip [wikipedia.org]. After being soundly trounced, they got a little smarter about it. The NSA owns the patent on DES. [wikipedia.org] and can peek in on you anytime they like with your "triple DES encrypted" device. Comfy?
    • by NReitzel (77941)

      Yah, and how did that work out?

    • by jonwil (467024)

      Triple DES can be cracked by anyone with a sufficiently fast computer (even faster if you have special custom made chips for it) and should be avoided for anything unless you have to talk to something that's already using triple DES.

      These days the best choice is a well tested open implementation of AES that has been peer-reviewed. And then you ideally review it yourself for back-doors.
      Short of bugs in the encryption code that make it weak, 256 bit AES is as good as unbreakable with today's technology (I bet

      • Triple DES can be cracked by anyone with a sufficiently fast computer (even faster if you have special custom made chips for it)

        That's the original (single) DES; Triple DES is still not feasible to crack.

  • And us government contractors may also have to stop being able to do some work there as well.

  • In Ruritania we had better policy. We banned decryption.
    You could encrypt as you like.

  • Huh? (Score:2, Funny)

    by asifyoucare (302582)
    They have the internet there?

    I thought they had just a couple of rocks and a donkey.
    • They have the internet there, you uniformed, racist, insensitive clod! It's Afghanistan where they have just a couple rocks and a donkey, some poppies, and AK-47 rifles.
    • That *is* their internet. You put your packets in the donkeys, whack them with the rocks, and away they go. The latency's a bitch, and there's pretty rough packet loss when the donkeys get concussed from the rocks or get lost in the mountains. Still, the bandwidth is surprisingly respectable.
    • by Chemisor (97276)

      Since all data can be represented in binary, two rocks is all you need. The donkey can then serve as the transport layer. The connection can be encrypted by picking up more rocks on the way.

  • -----BEGIN PGP MESSAGE-----
    Version: APG v1.0.8

    jA0ECQMChZ3RwgUsAJdg0lEBYUPJE99vUuXd5HppJFBZM0enqVmr8C8x6BYdUtBi
    B1ndcpYpk8T7zotMlr/7SuS13rdg3gvvHsECU8sLNLIeUaWrWNGoMpIvRBosCuLa
    dvU=
    =OgVf
    -----END PGP MESSAGE-----
    • by cvtan (752695)
      At the risk of showing my ignorance, what is the most friendly way to decode PGP encrypted messages: Plug-in for Firefox or stand alone program?
      • by spasm (79260)

        You need the stand alone program either way to generate your own keys; plugins for firefox and most common email clients just simplify using the keys.

        But the originator of the message has to have used *your* public key to encrypt the message for *you* to be able to decrypt it. The post by ZankerH will only be readable by whichever person generated the pubic key s/he used to encrypt it.

    • by Wingman 5 (551897)
      Be sure to drink your ovaltine?
    • by choongiri (840652)
      -----BEGIN PGP MESSAGE-----
      Version: GnuPG v1.4.10 (GNU/Linux)

      jA0EAwMCw969+iZOTVxgyTKvx7h2bBPpHOqa1mDTD3+RnwtyKB0hdI03RZNOtDLL
      r+YARKbR369SinLNWRz+kZW5Dw==
      =ZWgV
      -----END PGP MESSAGE-----
  • I hope they make good use of it.

    As Pakistan turns into Talibanistan it will become a massive threat to the region.

  • Because after every terrorist exploit, the security agencies make threatening noises about Skype (most favourite) followed by Gmail and then mail in general. How to explain to our dumbos that banning automobiles is no solution to hit-and-run accidents !
    • by nedlohs (1335013)

      Well banning automobiles would be a solution to hit-and-run accidents. You'd significantly reduce them after all.

      Whereas banning VPN will do exactly nothing to stop terrorists from blowing shit up.

      • Well banning automobiles would be a solution to hit-and-run accidents. You'd significantly reduce them after all.

        No, it wont. Not a single soul will respect the ban.

        • by nedlohs (1335013)

          Of course they would. Gas stations are now illegal. Possession of gasoline is a jailable offence. Possession of an automobile is a jailable offence. Driving an automobile is a shoot on site offence. All the roads have been ripped up and replaced with parks surrounded by solid steel poles or by brick/concrete apartment blocks.

          Most people won't will respect the ban.

          Been to venice? See many people not respecting the ban on cars?

  • This will just continue the trend of driving smart and educated Pakistanis out of Pakistan. The USA has a massive opportunity to welcome them with open arms. Are you a Pakistani who is well educated and fed up with corruption and religious hysteria? Please come and raise your family here in America.
  • by jroysdon (201893) on Friday July 29, 2011 @10:34PM (#36930336) Homepage

    Wow, way to make sure your country can never have any outsourcing jobs. No business with a clue would ever set up operations in a country where all traffic has to be open to corporate espionage.

    They're going to be in the technological dark ages forever if this persists, vs. following India into the cheap outsourcing market.

  • It's not encrypted. We're just sending random, meaningless strings to one-another.
  • Isn't this one of those countries that's supposedly afraid of foreign agents infiltrating their country and attacking their citizens? At least, that's the excuse totalitarian regimes always use for imprisoning and torturing their own citizens. I'd say this is a call for some actual foreign assailants to launch an attack on Pakistan. All internet traffic is unencrypted. Let's steal some government accounts and passwords. Let's read the government's emails. Let's hack into their public utilities and make 'em

  • What's "encrypted traffic"? Did they define that too? Like, say, "every traffic we can't instantly read"? Then say sayonara to online gaming as well, twice so if it's a MMO which by default encrypts traffic to make cheating and botting harder. And pretty much any traffic that's not following one of the well known protocols, which also means no "nonstandard" remote control software, no file transfer, no streaming, no ... you get the picture.

    Talking about streaming, how do you plan to sell streamed movies onl

  • Memo Australian Government: this is how you make your intergoogle filter work. It comes with the advantage of completely screwing up any credible e-commerce in the country, too, which is handy when you want your economy to be all about being someone else's quarry.

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein

Working...