Forgot your password?
typodupeerror
Encryption Privacy Your Rights Online IT

Pakistan Bans Encryption 351

Posted by Soulskill
from the for-undecipherable-reasons dept.
An anonymous reader writes "After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such services cannot be monitored by the government."
This discussion has been archived. No new comments can be posted.

Pakistan Bans Encryption

Comments Filter:
  • awesome (Score:3, Insightful)

    by dgas (1594547) on Tuesday August 30, 2011 @05:50PM (#37259210)
    I'm sure this will totally work out for the government without any blowback or unintended consequences...
    • by TiggertheMad (556308) on Tuesday August 30, 2011 @06:08PM (#37259432) Homepage Journal
      If all encryption is being banned, then it should make it trivial to start stealing passwords and bank card numbers from Pakistanis. We don't have an extradition treaty with them do we? Ready, set, crack!
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Crack what? Just listen!

    • no remote workers (Score:5, Interesting)

      by bugi (8479) on Tuesday August 30, 2011 @06:24PM (#37259550)

      They won't have anymore telecommuters. One of our workers awhile back was resident in pakistan. No way are we going to let our data over the wire in the clear, so we can't hire from there anymore.

    • There won't be any blowback because Pakistan is a desperately poor country and people are generally without electricity to begin with, so rules about the internet aren't much concern.

      • by laird (2705)

        There will be (I hope) a push by Pakistani companies against this insane law because it makes it impossible for any Pakistani people or companies to do any work with any company outside Pakistan. It's unimaginable that any company would blow a hole in their security just to satisfy Pakistan's insecurity, so if they actually enforce this law all it will do is force everyone to shift their business from Pakistan to some other country.

        Yes, their economy is in terrible shape. But IMO that means that they really

  • Well.... sounds like we need an adaptive add-on to the HTTP protocol for ad-hoc encryption.

    • by h4rr4r (612664)

      Why?
      If you need encryption over http that is called https. The real question might be why you want it over http at all.

      Kids these days seem to think that is the only protocol that exists.

      • by rubycodez (864176)
        the normal port for http isn't blocked, and one can run any protocol one wants, plenty of better ones than ssl.
        • by h4rr4r (612664)

          Which has nothing to do with what the GP said as far as I can tell. You can run anything you want over port 80.

    • by Jonner (189691)

      Well.... sounds like we need an adaptive add-on to the HTTP protocol for ad-hoc encryption.

      Or you could just HTTPS sites, whether they have self-signed certs or not. Banning VPNs without banning HTTPS is pointless. Or, maybe they're sneakier than we think and they're already monitoring all HTTPS connections by poisoning DNS and other techniques.

  • Dear Pakistan (Score:5, Insightful)

    by Dunbal (464142) * on Tuesday August 30, 2011 @05:53PM (#37259234)

    Save yourselves some money and some bother, and just disconnect yourselves from the internet! That way you'll be Safe (tm).

    This has just prevented pretty much anyone who works for a Fortune 500 company from doing anything in Pakistan on company laptops. I dunno, maybe that's a good thing? I can imagine that now more than one "elected official" will point to Pakistan as a shining example to follow (just like what happened earlier with RIM and the Blackberry in India and Saudi Arabia and later everywhere) and VPNs will no longer be allowed because of course they could be the tools of terrorists. Damn, why did I have to wake up in this parallel universe 10 years ago.

    • Re:Dear Pakistan (Score:5, Informative)

      by h4rr4r (612664) on Tuesday August 30, 2011 @06:02PM (#37259364)

      Try Fortune $infinity. The company I work for is no where near Fortune 500 or even 5000 and we still could not have anyone work from Pakistan now.

    • by Kjella (173770)

      Oh, I can predict where this is going since I work for a consulting company and we have to work on client computers where we don't always have VPN. The answer is HTTPS, unless they want to block all HTTPS traffic as well. Oh yeah, and I assume you can't SSH to or from any Pakistan boxes anymore? That'll work so great for servers, I'd start making my migration plan now...

    • The article does say (yes, I read it, guess I'm new here) - that people who need VPNs for business use will be able to get a license to run them.

      You'll just need to make a case for why you use it. Of course, the moment licenses exist - you open the door for the people you are supposedly targeting to bribe an official to get one - which means that you won't catch them at all now - after all, their encrypted traffic was expected and approved upfront !

      Basically... this is an exercise in quantum stupidity.

  • by detritus. (46421) on Tuesday August 30, 2011 @05:54PM (#37259254)

    Hopefully this is the end of SSH as we know it in Pakistan. Re enable telnet on all those routers and servers, like it's 1996!

  • And the rest? (Score:5, Insightful)

    by Lieutenant_Dan (583843) on Tuesday August 30, 2011 @05:58PM (#37259304) Homepage Journal

    What about digital signatures?

    eCommerce using SSL?

    Password-protected files?

    OS passwords?

    • by Co0Ps (1539395)

      You're assuming politicians in general have a clue about anything remotely technical. And this is Pakistan. Because the Netscape developers called the state mechanism in HTTP "cookies", politicians thought they understood what "cookies" did and began to regulate them.

      Also, as usual most people here in Slashdot will start to brainstorm technical solutions and rage over the fact that society hasn't reached their cryptographic utopia yet where people memorize 2048 bit RSA key pairs and all centralized inform

  • by sneakyimp (1161443) on Tuesday August 30, 2011 @06:06PM (#37259408)

    Rats. I was planning to make a huge purchase of textiles and smuggled afghan opium from PakistanMallOnline.com with my credit card. Now, since it won't be encrypted, I cannot. Guess I'll have to buy from IndiaMallOnline instead.

  • by Anonymous Coward on Tuesday August 30, 2011 @06:06PM (#37259414)

    The new law not only imposes exciting requirements so that the gov't can monitor all communications for 120 days, but also forbids anyone but the government to "monitor, reconcile, or block any traffic" -- so the ISP, parents, schools etc. are not allowed to do that.

    The encryption ban isn't all that impressive, just typical government not-thinking-things-through, and easily enough fixable -- they could add an exception for banks, permitting encryption but the bank has to store the corresponding unencrypted data. FWIW, the requirements pertaining to this may be in place (I'm not a lawyer, so I'm not sure if that's what the second statement here means, or if it's more a Room 641A thing for international comms passing through):

    (6) The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted, and not formatted in a manner which the installed monitoring system is unable to decipher using the installed capabilities.

    (7) In case it is not possible to monitor the signaling information of some traffic at the Probe and the Authority has agreed to let the traffic pass through, the required signaling information shall be extended from the Licensee(s) and Access Provider(s) network's premises, at their own cost, including but not limited to the required format conversions, hauling of data to the Authority designated location, and installation of additional equipment to achieve information as specified in subregulation (6) above.

    What's really jawdropping is requiring that every fucking byte going through every ISP or telco in Pakistan must be logged for 120 days. In other news, the middle east division of every vendor of massive storage arrays report 1000% increase in sales...

    Read the law here (PDF) [pta.gov.pk], it's only 6 pages.

    • by NotSanguine (1917456) on Tuesday August 30, 2011 @06:46PM (#37259732) Journal

      Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.

      AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.

      N.B. IANAL

  • Satellites? (Score:4, Interesting)

    by quickgold192 (1014925) on Tuesday August 30, 2011 @06:17PM (#37259504)
    Amid all these internet-blocking stories I still haven't found an answer to how dictators prevent satellite internet connections, or even if they do. I know how they could block them if they wanted to, but does anyone know how they actually do it? Or if they even bother with it?
    • by ErikZ (55491) *

      Government edicts don't change reality.

      However, if they ever find out, the punishments can range from nothing to "Lets make an example out of you."

    • Amid all these internet-blocking stories I still haven't found an answer to how dictators prevent satellite internet connections

      You there! What are you doing with that dish? You're under arrest!

      The problem with using unusual equipment to get onto the Internet is that it is unusual, which makes you stand out.

      • OMG, all this is so, so funny. The ISI (the Pakistani CIA) are finding Al Quada cadre , that they want as bargining chips Helfired, surprise surprise, they don't like it one bit, so they found an effeminate hacker and tortured him, he said "its the VPNs"

        An ISI cyber General said shut the VPNs, everyone saluted and said "Yes, Sir", sounds just like the US CyberCommand?
    • Re:Satellites? (Score:5, Informative)

      by MimeticLie (1866406) on Tuesday August 30, 2011 @07:00PM (#37259874)
      Iran has been accused of jamming [i-policy.org] satellite connections in the past, as has Libya. [space.com] The US apparently has the capability. [theregister.co.uk]

      As for how it's possible, Wikipedia has a brief description [wikipedia.org] of the process. Because of the satellite's distance, it's signal is relatively weak when it reaches the ground (you're familiar with the inverse-square law, right?). A terrestrial broadcast will be much stronger and can drown out the signal from the satellite.

      (reposting this because I forgot to login. whoops)
    • Satellite signals can be jammed. Libya has a history of jamming Thuraya signals.

      If you can smuggle your gear in and the state isn't jamming, you can operate so long as you aren't caught. I used a Thuraya and Mini-M for both voice and data when I was working in Burma. During the day, I used the cell data network to send data. As necessary, I sent confidential data at night, when everyone was sleeping.
  • TFA and TFS both mention specifically encrypted VPNs, and doesn't make mention of basic encryption systems like SSL / TLS or completely encrypted services like SSH. If this is how it was written to the letter then I imagine an SSH tunnel to a proxy server somewhere else would do the trick.

    Though this being Pakistan and not the USA I highly doubt ruthlessly literal interpretation of a law can get you out of jail.

  • Last year I did some work that had to be coordinated with a group of programmers in Pakistan. Naturally they were using SSH to connect to the server they were hired to set up their software on. I can only imagine that companies like that are important for the economy other there. However, if the Pakistani government decides to ban all of its own people from using standard connectivity tools, all of which are encrypted these days for good reason, then they will be shooting their economy in the foot. Next thi
    • by Mashiki (184564)

      My uncle works for a company that manufactures small to large scale industrial equipment, this stuff has been used world wide from the US military to backwaters in Uzbekistan. All of the PLC's are encrypted because the control codes are proprietary to what they do, and are required to do.

      I suppose this applies to that as well, in which case they'll simply stop selling their industrial equipment there as well. Not only are they going for a digital stone age, they're just aiming for a pre-computer age. But

  • Uncle Henry and Cousin Emma are washing the pears. Prepare the spaghetti sauce. Market day is Wednesday. My dog has fleas. The alligator's thumb cannot be in the jam. The dog barks at midnight.

    Don't need encryption to send coded messages...

  • Blooming business for covert channel VPNs ... I saw one implementation over ICMP ECHO (ping) once, and it was pretty interesting ...

  • Start a "mullah of the day" fan club. Every day, send out a picture of a different mullah. Then just use steganography to embed your real message inside the jpeg...

  • Steganography. Hide your messages as every... oh, say, cycle through the first 100 prime numbers... particular bytes in, say, a pirated porno. If they even detect it, they'll think it's VCR noise.

  • by riflemann (190895) <riflemann.bb@cactii@net> on Wednesday August 31, 2011 @04:01AM (#37262602)

    This is a complete misread of telecoms terminology, they are not banning user encryption.

    The actual regulation [pta.gov.pk] only mentions encryption ONCE, and that is in regard to signalling information.

    Signalling information is not the data. I repeat, signaling information is NOT the data.

    For phone calls, signalling is the bits that tell the system where the call is go to, and who from, and other "meta" information about the call. For data, signalling is the outer part of the IP packet that carries destination information.

    The encrypted part of data is in the PAYLOAD. And they don't require the payload to be decrypted. It's also the same section that requires the
    info to not be compressed. Are they really going to decompress all files before sending them off? No way.

    All they are requiring is that the phone call source/destination info, and Ip traffic packets are not encrypted *further* by the ISP. Customer
    VPN data will continue to flow as normal.

    IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just
    bog standard like many other countries do.

    Bottom line: A non story. Pakistan wants ISPs to implement legal intercept. Big whoop, most countries have already done this.

    • by gl4ss (559668)

      "The Pakistan Telecommunications Authority legal notice urged ISPs to report customers using "all such mechanisms including EVPNs [encrypted virtual private networks] which conceal communication to the extent that prohibits monitoring". Anyone needing to use this technology needs to apply for special permission, the notice said.

      Authorities in Islamabad insisted that the ban on VPN access was intended to stem communications by terrorists."

      legal intercept? there's no legal intercept for my vpn's. they're aski

    • by sunbird (96442)

      IANANE, but the regulation does not appear to be as limited as you suggest. Part II, Section 4, Clause 5 states:

      All landing station and infrastructure licensee(s) shall establish a Monitoring System with its interface to the Authority . . . for the purpose of monitoring of telecommunications traffic (voice and data) within one hundred and twenty (120) days . . . .

      And later on in clause (6) it requires each system to have "the following features:"

      Capability to monitor, control, measure and record traffic in

    • IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just bog standard like many other countries do.

      Were you in the military? That's the only reasonable definition of 'had to' that I can come up with (vs. helping governments infringe on civil liberties for profit).

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...