by Anonymous Coward writes:
on Tuesday August 30, 2011 @07:06PM (#37259414)
The new law not only imposes exciting requirements so that the gov't can monitor all communications for 120 days, but also forbids anyone but the government to "monitor, reconcile, or block any traffic" -- so the ISP, parents, schools etc. are not allowed to do that.
The encryption ban isn't all that impressive, just typical government not-thinking-things-through, and easily enough fixable -- they could add an exception for banks, permitting encryption but the bank has to store the corresponding unencrypted data. FWIW, the requirements pertaining to this may be in place (I'm not a lawyer, so I'm not sure if that's what the second statement here means, or if it's more a Room 641A thing for international comms passing through):
(6) The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted, and not formatted in a manner which the installed monitoring system is unable to decipher using the installed capabilities.
(7) In case it is not possible to monitor the signaling information of some traffic at the Probe and the Authority has agreed to let the traffic pass through, the required signaling information shall be extended from the Licensee(s) and Access Provider(s) network's premises, at their own cost, including but not limited to the required format conversions, hauling of data to the Authority designated location, and installation of additional equipment to achieve information as specified in subregulation (6) above.
What's really jawdropping is requiring that every fucking byte going through every ISP or telco in Pakistan must be logged for 120 days. In other news, the middle east division of every vendor of massive storage arrays report 1000% increase in sales...
Read the law here (PDF) [pta.gov.pk], it's only 6 pages.
I have no idea how that sort of thing could be done (I'm not techy at all) but this is a fantastic idea and I wanted to say that I think it's genius, even if you got modded down.
A list of pakistani IP ranges, and a simple app that pings things and then spews random data at an IP if it responds. Simple. You could probably even do it in a shellscript.
Sounds like a great idea, dilute their logs with crap. Heck don't make it random, use random text from Pakistani websites to make it harder to filter out.
Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.
AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.
That's all well and nice for local sites for the locals, but what about foreign visitors or accessing any international site? Any banks or anything else with a https login I'd like to visit won't work as they won't care one shit about what Pakistan wants. That's pretty much a tourism killer. And commerce killer. Ah well, it's their self-implosion.
Not just no encryption -- also logging EVERYTHING! (Score:4, Informative)
The new law not only imposes exciting requirements so that the gov't can monitor all communications for 120 days, but also forbids anyone but the government to "monitor, reconcile, or block any traffic" -- so the ISP, parents, schools etc. are not allowed to do that.
The encryption ban isn't all that impressive, just typical government not-thinking-things-through, and easily enough fixable -- they could add an exception for banks, permitting encryption but the bank has to store the corresponding unencrypted data. FWIW, the requirements pertaining to this may be in place (I'm not a lawyer, so I'm not sure if that's what the second statement here means, or if it's more a Room 641A thing for international comms passing through):
What's really jawdropping is requiring that every fucking byte going through every ISP or telco in Pakistan must be logged for 120 days. In other news, the middle east division of every vendor of massive storage arrays report 1000% increase in sales...
Read the law here (PDF) [pta.gov.pk], it's only 6 pages.
Re: (Score:1)
Re: (Score:2)
A list of pakistani IP ranges, and a simple app that pings things and then spews random data at an IP if it responds. Simple. You could probably even do it in a shellscript.
Re: (Score:2)
Re: (Score:2)
Sounds like a great idea, dilute their logs with crap. Heck don't make it random, use random text from Pakistani websites to make it harder to filter out.
Re:Not just no encryption -- also logging EVERYTHI (Score:5, Informative)
Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.
AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.
N.B. IANAL
Re: (Score:2)
That's all well and nice for local sites for the locals, but what about foreign visitors or accessing any international site? Any banks or anything else with a https login I'd like to visit won't work as they won't care one shit about what Pakistan wants. That's pretty much a tourism killer. And commerce killer. Ah well, it's their self-implosion.
Re: (Score:2)
Re: (Score:2)
yay for the economy! (?)
Re: (Score:1)
Uncompressed too? Really?
Idiots are born every day.....