Pakistan Bans Encryption

An anonymous reader writes "After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such services cannot be monitored by the government."

awesome

[dgas]

I'm sure this will totally work out for the government without any blowback or unintended consequences...

What an opportunity...

[TiggertheMad]

If all encryption is being banned, then it should make it trivial to start stealing passwords and bank card numbers from Pakistanis. We don't have an extradition treaty with them do we? Ready, set, crack!

Re:

[Anonymous Coward]

Crack what? Just listen!

no remote workers

[bugi]

They won't have anymore telecommuters. One of our workers awhile back was resident in pakistan. No way are we going to let our data over the wire in the clear, so we can't hire from there anymore.

Re:

[Issarlk]

the bribe might push the cost of having a worker in Pakistan over the cost of having a worker in, say, India.

Re:

[royallthefourth]

There won't be any blowback because Pakistan is a desperately poor country and people are generally without electricity to begin with, so rules about the internet aren't much concern.

Re:

[laird]

There will be (I hope) a push by Pakistani companies against this insane law because it makes it impossible for any Pakistani people or companies to do any work with any company outside Pakistan. It's unimaginable that any company would blow a hole in their security just to satisfy Pakistan's insecurity, so if they actually enforce this law all it will do is force everyone to shift their business from Pakistan to some other country.

Yes, their economy is in terrible shape. But IMO that means that they really

ad-hoc http encryption?

[LWolenczak]

Well.... sounds like we need an adaptive add-on to the HTTP protocol for ad-hoc encryption.

Re:

[h4rr4r]

Why?
If you need encryption over http that is called https. The real question might be why you want it over http at all.

Kids these days seem to think that is the only protocol that exists.

Re:

[rubycodez]

the normal port for http isn't blocked, and one can run any protocol one wants, plenty of better ones than ssl.

Re:

[h4rr4r]

Which has nothing to do with what the GP said as far as I can tell. You can run anything you want over port 80.

Re:

[Jonner]

Well.... sounds like we need an adaptive add-on to the HTTP protocol for ad-hoc encryption.

Or you could just HTTPS sites, whether they have self-signed certs or not. Banning VPNs without banning HTTPS is pointless. Or, maybe they're sneakier than we think and they're already monitoring all HTTPS connections by poisoning DNS and other techniques.

Dear Pakistan

[Dunbal]

Save yourselves some money and some bother, and just disconnect yourselves from the internet! That way you'll be Safe (tm).

This has just prevented pretty much anyone who works for a Fortune 500 company from doing anything in Pakistan on company laptops. I dunno, maybe that's a good thing? I can imagine that now more than one "elected official" will point to Pakistan as a shining example to follow (just like what happened earlier with RIM and the Blackberry in India and Saudi Arabia and later everywhere) and VPNs will no longer be allowed because of course they could be the tools of terrorists. Damn, why did I have to wake up in this parallel universe 10 years ago.

Re:Dear Pakistan

[h4rr4r]

Try Fortune $infinity. The company I work for is no where near Fortune 500 or even 5000 and we still could not have anyone work from Pakistan now.

Re:

[Kjella]

Oh, I can predict where this is going since I work for a consulting company and we have to work on client computers where we don't always have VPN. The answer is HTTPS, unless they want to block all HTTPS traffic as well. Oh yeah, and I assume you can't SSH to or from any Pakistan boxes anymore? That'll work so great for servers, I'd start making my migration plan now...

Re:

[silentcoder]

The article does say (yes, I read it, guess I'm new here) - that people who need VPNs for business use will be able to get a license to run them.

You'll just need to make a case for why you use it. Of course, the moment licenses exist - you open the door for the people you are supposedly targeting to bribe an official to get one - which means that you won't catch them at all now - after all, their encrypted traffic was expected and approved upfront !

Basically... this is an exercise in quantum stupidity.

Telnet

[detritus.]

Hopefully this is the end of SSH as we know it in Pakistan. Re enable telnet on all those routers and servers, like it's 1996!

And the rest?

[Lieutenant_Dan]

What about digital signatures?

eCommerce using SSL?

Password-protected files?

OS passwords?

Re:

[Co0Ps]

You're assuming politicians in general have a clue about anything remotely technical. And this is Pakistan. Because the Netscape developers called the state mechanism in HTTP "cookies", politicians thought they understood what "cookies" did and began to regulate them.

Also, as usual most people here in Slashdot will start to brainstorm technical solutions and rage over the fact that society hasn't reached their cryptographic utopia yet where people memorize 2048 bit RSA key pairs and all centralized inform

no more shopping in pakistan for me

[sneakyimp]

Rats. I was planning to make a huge purchase of textiles and smuggled afghan opium from PakistanMallOnline.com with my credit card. Now, since it won't be encrypted, I cannot. Guess I'll have to buy from IndiaMallOnline instead.

Not just no encryption -- also logging EVERYTHING!

[Anonymous Coward]

The new law not only imposes exciting requirements so that the gov't can monitor all communications for 120 days, but also forbids anyone but the government to "monitor, reconcile, or block any traffic" -- so the ISP, parents, schools etc. are not allowed to do that.

The encryption ban isn't all that impressive, just typical government not-thinking-things-through, and easily enough fixable -- they could add an exception for banks, permitting encryption but the bank has to store the corresponding unencrypted data. FWIW, the requirements pertaining to this may be in place (I'm not a lawyer, so I'm not sure if that's what the second statement here means, or if it's more a Room 641A thing for international comms passing through):

(6) The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted, and not formatted in a manner which the installed monitoring system is unable to decipher using the installed capabilities.

(7) In case it is not possible to monitor the signaling information of some traffic at the Probe and the Authority has agreed to let the traffic pass through, the required signaling information shall be extended from the Licensee(s) and Access Provider(s) network's premises, at their own cost, including but not limited to the required format conversions, hauling of data to the Authority designated location, and installation of additional equipment to achieve information as specified in subregulation (6) above.

What's really jawdropping is requiring that every fucking byte going through every ISP or telco in Pakistan must be logged for 120 days. In other news, the middle east division of every vendor of massive storage arrays report 1000% increase in sales...

Read the law here (PDF) [pta.gov.pk], it's only 6 pages.

Re:Not just no encryption -- also logging EVERYTHI

[NotSanguine]

Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.

AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.

N.B. IANAL

Satellites?

[quickgold192]

Amid all these internet-blocking stories I still haven't found an answer to how dictators prevent satellite internet connections, or even if they do. I know how they could block them if they wanted to, but does anyone know how they actually do it? Or if they even bother with it?

Re:

[ErikZ]

Government edicts don't change reality.

However, if they ever find out, the punishments can range from nothing to "Lets make an example out of you."

Re:

[betterunixthanunix]

Amid all these internet-blocking stories I still haven't found an answer to how dictators prevent satellite internet connections

You there! What are you doing with that dish? You're under arrest!

The problem with using unusual equipment to get onto the Internet is that it is unusual, which makes you stand out.

Re:Satellites? Dishes Warlords

[omb]

OMG, all this is so, so funny. The ISI (the Pakistani CIA) are finding Al Quada cadre , that they want as bargining chips Helfired, surprise surprise, they don't like it one bit, so they found an effeminate hacker and tortured him, he said "its the VPNs"

An ISI cyber General said shut the VPNs, everyone saluted and said "Yes, Sir", sounds just like the US CyberCommand?

Re:Satellites?

[MimeticLie]

Iran has been accused of jamming [i-policy.org] satellite connections in the past, as has Libya. [space.com] The US apparently has the capability. [theregister.co.uk]

As for how it's possible, Wikipedia has a brief description [wikipedia.org] of the process. Because of the satellite's distance, it's signal is relatively weak when it reaches the ground (you're familiar with the inverse-square law, right?). A terrestrial broadcast will be much stronger and can drown out the signal from the satellite.

(reposting this because I forgot to login. whoops)

Re:

[Weedhopper]

Satellite signals can be jammed. Libya has a history of jamming Thuraya signals.

If you can smuggle your gear in and the state isn't jamming, you can operate so long as you aren't caught. I used a Thuraya and Mini-M for both voice and data when I was working in Burma. During the day, I used the cell data network to send data. As necessary, I sent confidential data at night, when everyone was sleeping.

Re:

[0123456]

They look for the dish on your roof.

I was using a satellite Internet connection a couple of years back. The 'dish' was a flat panel about the same size as the lid of the laptop it was connected to.

Does this apply to SSH tunnels?

[thegarbz]

TFA and TFS both mention specifically encrypted VPNs, and doesn't make mention of basic encryption systems like SSL / TLS or completely encrypted services like SSH. If this is how it was written to the letter then I imagine an SSH tunnel to a proxy server somewhere else would do the trick.

Though this being Pakistan and not the USA I highly doubt ruthlessly literal interpretation of a law can get you out of jail.

Back to the digital stone age

[FridayBob]

Last year I did some work that had to be coordinated with a group of programmers in Pakistan. Naturally they were using SSH to connect to the server they were hired to set up their software on. I can only imagine that companies like that are important for the economy other there. However, if the Pakistani government decides to ban all of its own people from using standard connectivity tools, all of which are encrypted these days for good reason, then they will be shooting their economy in the foot. Next thi

Re:

[Mashiki]

My uncle works for a company that manufactures small to large scale industrial equipment, this stuff has been used world wide from the US military to backwaters in Uzbekistan. All of the PLC's are encrypted because the control codes are proprietary to what they do, and are required to do.

I suppose this applies to that as well, in which case they'll simply stop selling their industrial equipment there as well. Not only are they going for a digital stone age, they're just aiming for a pre-computer age. But

Thank heavens we still have normal code ...

[Kittenman]

Uncle Henry and Cousin Emma are washing the pears. Prepare the spaghetti sauce. Market day is Wednesday. My dog has fleas. The alligator's thumb cannot be in the jam. The dog barks at midnight.

Don't need encryption to send coded messages...

ICMP traffic overflow

[morcego]

Blooming business for covert channel VPNs ... I saw one implementation over ICMP ECHO (ping) once, and it was pretty interesting ...

All mullahs, all the time

[93 Escort Wagon]

Start a "mullah of the day" fan club. Every day, send out a picture of a different mullah. Then just use steganography to embed your real message inside the jpeg...

Psst. Pakistan users... One word...

[roc97007]

Steganography. Hide your messages as every... oh, say, cycle through the first 100 prime numbers... particular bytes in, say, a pirated porno. If they even detect it, they'll think it's VCR noise.

Pakistan is NOT benning encryption

[riflemann]

This is a complete misread of telecoms terminology, they are not banning user encryption.

The actual regulation [pta.gov.pk] only mentions encryption ONCE, and that is in regard to signalling information.

Signalling information is not the data. I repeat, signaling information is NOT the data.

For phone calls, signalling is the bits that tell the system where the call is go to, and who from, and other "meta" information about the call. For data, signalling is the outer part of the IP packet that carries destination information.

The encrypted part of data is in the PAYLOAD. And they don't require the payload to be decrypted. It's also the same section that requires the
info to not be compressed. Are they really going to decompress all files before sending them off? No way.

All they are requiring is that the phone call source/destination info, and Ip traffic packets are not encrypted *further* by the ISP. Customer
VPN data will continue to flow as normal.

IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just
bog standard like many other countries do.

Bottom line: A non story. Pakistan wants ISPs to implement legal intercept. Big whoop, most countries have already done this.

Re:

[gl4ss]

"The Pakistan Telecommunications Authority legal notice urged ISPs to report customers using "all such mechanisms including EVPNs [encrypted virtual private networks] which conceal communication to the extent that prohibits monitoring". Anyone needing to use this technology needs to apply for special permission, the notice said.

Authorities in Islamabad insisted that the ban on VPN access was intended to stem communications by terrorists."

legal intercept? there's no legal intercept for my vpn's. they're aski

Re:

[sunbird]

IANANE, but the regulation does not appear to be as limited as you suggest. Part II, Section 4, Clause 5 states:

All landing station and infrastructure licensee(s) shall establish a Monitoring System with its interface to the Authority . . . for the purpose of monitoring of telecommunications traffic (voice and data) within one hundred and twenty (120) days . . . .

And later on in clause (6) it requires each system to have "the following features:"

Capability to monitor, control, measure and record traffic in

Re:

[bill_mcgonigle]

IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just bog standard like many other countries do.

Were you in the military? That's the only reasonable definition of 'had to' that I can come up with (vs. helping governments infringe on civil liberties for profit).

Re:

[spazdor]

If you aren't doing anything bad, why couldn't the government know about it?

Now where have I heard that question before...

Re:

[compro01]

If I had to guess, probably at the most recent meetings of the Republican National Committee and the Democratic National Committee.

If you have nothing to hide. Nah

[alexander_686]

I use VPN and encrypted connections almost daily and I don't work for a criminale enterprise [unless you consider corporate America a criminal enterprise – but that is a different question.]. Do you really want your personal and private data exposed as I deal with the outside world?

Or there is just the simpler question of personal privacy. If you have reasonable suspicion, get a warrant. [And yes I know that the Pakistan court system is not very independent – but I am stating a principal here.

Re:

[h4rr4r]

Don't reply to obvious trolls.

Re:If you have nothing to hide. Nah

[mlts]

With me, encryption isn't for the cops (any decent police force has a crapload of methods to obtain data, up to and including the old fashioned rubber hose). It is to lock out intruders, potential hacks, people who would maliciously alter data in flight, and people who are collecting information they have no right to. This is why I use a VPN service.

For example, when using a Wi-Fi network, it isn't uncommon for some WISPs to intercept the data stream to do ads, log all DNS requests and URLs transferred for data mining purposes, or even insert a Web frame in a HTTP stream with their crap on it. Firing up a VPN (TLS based or PPTP) keeps them out of my business. Same with some ISPs. Why should I allow an ISP to make cash from my Web browsing from a Phorm like server, unless I get a discount on my service? Then there are attacks like FireSheep (although that specific one is mitigated by a constant SSL connection).

Having a VPN is just the same thing as locking and arming a car alarm, or throwing a deadbolt before going to sleep. It is to keep thieves at bay.

Re:

[Truekaiser]

The not so funny thing about this statement is it can be used with only changing the country names as justification for banning vpn use here in the united states.

Re:

[cavreader]

The US doesn't give a shit about VPN. They have the resources to compromise the normal VPN encryption data stream any time they want.

Re:

[cduffy]

No, they don't.

Mind you, they have the resources to compromise the endpoints, but that's not the same thing as compromising the stream (even inasmuch as the effect is pretty much the same).

Re:

[0123456]

Please list reasons why they would they disclose the fact that they can break AES256. Thank you.

Yes, of course. Not saying that they can break AES is CLEAR PROOF that they can.

Re:

[0123456]

You're right, of course one of the most secretive and highly funded organizations in the world would disclose their knowledge.

Yes, of course. Not saying that they can break AES is CLEAR PROOF that they can.

Re:Security concerns

[afidel]

Because if they can break it they know eventually someone else WILL break it and so everything the government, the military, and the US private sector has protected with AES will be available to agents of countries hostile to the US national interest, and so they would be starting the hunt for the next standard encryption algorithm to be used for those purposes. Remember that the NSA made changes to the S-box of DES specifically to avoid attacks by methods that were not rediscovered in the general cryptography community for nearly 30 years. That change kept 3DES secure for another 5-7 years allowing them to proceed with the AES selection process. Despite what so many people think the NSA's first mission is to protect the integrity of the secrets of the US.

Re:Security concerns

[Jeremy Erwin]

"War" can be so convenient.

Re:Security concerns

[Dunbal]

Because it's none of your damned.... sigh, I give up. Take it all. But you get to live in this shitty world too.

Re:

[Cwix]

Like a pig he'll roll around in it and enjoy it.

Re:

[mark-t]

Assuming for the sake of argument that the government's interests are genuinely for their peoples' better well being, and that they would not ever disclose any private information to anyone else unless the information indicated conspiracy to commit a crime, then for something entirely legitimate, there may not be any particular reason for the government not to know about it. However, there may damn well be a good reason to not want somebody you don't know snooping in on your traffic and is lucky enough to

Re:

[lavalyn]

Encrypted connections are used for online banking. Or would you prefer to have a man listening in for your passwords and emptying your bank account with your login?

Re:

[ThatsMyNick]

Not to worry. His passwords will be unecrypted too. So all you have to do is sniff his packets and you can get back your money and more!
 
For the humour impaired, that was a joke.

Re:

[ewanm89]

well, I hope the Pakistan military isn't connected to the internet then. On another note I actually hope it is and I'm no-longer having any dealings in Pakistan if I can avoid it.

Re:

[betterunixthanunix]

VPN's and encrypted connections are mostly used for criminal purposes

Both my current and former employers would disagree with you.

If you aren't doing anything bad, why couldn't the government know about it?

So that it is harder for the government to do something bad.

Re:

[mark-t]

You are arguing from the perspective that the government is not to be trusted (which may be entirely accurate), when clearly the person you are presenting your argument to believes that is not the case. Therefore, to the person you are responding to, your argument is nothing more than a mere contradiction without logical validity.

A much better position to take would be to simply look at fundamental issues of privacy and keeping confidential information from nefarious individuals. Even if the government

Re:

[mangu]

If you aren't doing anything bad

TIL accessing my bank account through the internet is bad.

Re:

[jhoegl]

+10 funny.

Re:

[Culture20]

Was it a Republican President that tried to foist the clipper chip on America?

No, that was the Gipper Chip. And it was delicious.

Re:Question

[Chris Burke]

How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?

By checking the "encrypted" bit in the TCP/IP packet header. It's right next to the "evil" bit.

Re:

[spazdor]

By checking the "encrypted" bit in the TCP/IP packet header. It's right next to the "evil" bit.

I say, that's an ingenious bit of protocol design! In other news, the Entscheidungsproblem has been solved. Turns out you just check for the "__does_program_halt__" flag that's present in all ELF binaries.

Re:

[Fnord666]

Turns out you just check for the "__does_program_halt__" flag that's present in all ELF binaries.

I wondered why that bit was marked "possibly reserved for future use" in the spec.

Re:

[betterunixthanunix]

How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?

Theoretically, you should not be able to distinguish encrypted bits from random data. Unfortunately, people almost never send megabytes of uniformly random bits to each other, and I doubt that the Pakistani courts are going to believe your claim that you were doing such a thing. You might claim that you were sending compressed data (which may also appear to be random), but then the courts are going to ask you how it was compressed, so that they can decompress it -- and when you tell them "LZMA" and they

Re:

[spazdor]

You need to put your encrypted data somewhere that it's actually plausible for randomness to arise in your messages.
Send a copy of the Quran unencrypted, but issue a 'retransmit' after every nth packet, where n is your encrypted data stream.

"I don't know why these packets got retransmitted and others didn't! I was using wifi! packet loss!" No one's gonna ask you why that distribution looks random - it's supposed to.

Re:

[GameboyRMH]

That's a form of steganography, which of course, is horribly inefficient.

Also it would be pretty obvious and not plausibly deniable. It's like this:

Normal conversation:

Bob: The quick brown fox jumps over the lazy dog.
Dave: the lazy what?
Bob: Dog.
Dave: Oh, I understand.

Using your technique.

Bob: The quick brown fox jumps over the lazy dog.
Dave: the lazy what?
Bob: #@23dfx!;
Dave: Oh, I understand.

A better way to do it would be like this (maybe this is what you meant but you misspoke):

Bob: The quick brown fox ju

Re:

[ewanm89]

please distinguish a truly random one time truly pad (XOR stream encryption) with just the data from the random number generator alone.

Re:

[MightyYar]

Well, you wouldn't be sending random data over the interwebs, now would you? :)

Re:Question

[Majik Sheff]

DING! Rubber hose decryption is quick and effective in almost every case. This law is not about providing a technical means to stop encryption. Its purpose is to turn the targeted users into criminals. Much like the DMCA in the US.

Re:

[Fnord666]

please distinguish a truly random one time truly pad (XOR stream encryption) with just the data from the random number generator alone.

Please distinguish your one time pad encrypted stream with a one that the state makes say whatever I want it to by producing an alternate key stream. The state may be less interested in what your message says than in making a shining example of you for others.

Re:Question

[betterunixthanunix]

Yes, I am sure that would go over real well:

Government: "What are you doing sending this encrypted data?!"
Citizen: "Encrypted?! That's just random bits that I was sending to my friend in America!"
Government: "Oh, never mind then. It's not like we have any reason to think that you would not be sending random bits to someone in America!"

Re:

[spazdor]

It's also trivially easy to add as much redundant data (or, "chaff") as you like to an encrypted stream in order to make its entropy as low as you like.

Re:

[lgw]

Adding obvious padding doesn't really hide much.

It turns out steganography is hard, once people start looking for it specifically. Staying under the radar, so the ogvernment never thinks to check your traffic for embedded messages, is more of a social engineering excercise, but if for some reason a government takes a keen interest in you, they'll probably be able to detect steganography.

Re:

[spazdor]

Who says padding has to be obvious? You're absolutely right; hiding your crypto from human inspection is harder than hiding it from any given watchdog algorithm. The comment above me was referring to Shannon entropy, which I presume was meant as a form of wide-deployment, automated snooping. You can dodge "entropy" by just adding huge blocks of zeroes to your data stream; but I'd never suggest actually doing that. Better chaff would be, say, the output of some conversational AIs, Viagra ads, paragraphs of H

Re:

[hawkinspeter]

How about sending a whole load of spam emails, but altering the specific words and word-order in order to convey a message?

I bet no-one is looking through spam emails and analysing it for steganography.

Re:

[v1]

yup. The whole point of stenography is to hide the fact that you're hiding something in the first place. Most stenography methods are very poor at actually preventing the data from being confirmed as present (or even being collected) once discovered.

But I suppose steno'ing your encrypted data would be a worthwhile endeavor. Lower the odds of them realizing you're hiding something, and then if they discover you're hiding something, make that something difficult to figure out.

Re:Question

[xrayspx]

The point of stenography is to write very fast in abbreviated form, using a set of glyphs that enable you to write very quickly in terrible chicken scratch that no one other than a trained secretary can read and which drives mortals straight past drink to heroin, also called shorthand. Stenograhpy also refers to typing quickly on a special keyboard, in order to capture as much spoken dialog as possible in-line. Often seen in courtrooms.

The point of steganography is to obscure data within other innocuous data. This is where you hide your secret missile codes in photos of cats you post on Flickr.

Re:

[plover]

You mean like this? http://www.spammimic.com/index.shtml [spammimic.com]

Dear Business person , We know you are interested in
receiving cutting-edge information . This is a one
time mailing there is no need to request removal if
you won't want any more ! This mail is being sent in
compliance with Senate bill 2516 , Title 6 ; Section
307 . This is different than anything else you've seen
. Why work for somebody else when you can become rich
in 55 MONTHS ! Have you ever noticed society seems
to be moving faster and faster and societ

Re:good luck with that

[spazdor]

Yeah, this is pretty much an unwinnable arms race. No matter how much deep packet inspection brute-force they want to employ - If they allow any protocols at all to run unrestricted, it'll be possible to tunnel data over it. Hell, give me an ICMP-only network and I'll encode data payloads into the TTL numbers.

Pakistan is gonna have to cut off its Internet backbones entirely if it's serious about shutting down encrypted communication.

I spoke too soon

[spazdor]

It exists. [wikipedia.org] Obviously.

Re:I spoke too soon

[MightyYar]

And don't forget ye olde Tunnel Over DNS [dnstunnel.de]!

Re:good luck with that

[mlts]

Actually, this is just the next step in the arms race.

The first generation were the firewalls. The sophistication has gone from just blind IP blackholes to active MITM attacks, changing posts in midstream.

Now, because of VPNs, the next step is to ban them, and then arresting anyone who might have any traffic out of the ordinary. With anti-VPN laws, a government can vacuum up people for "suspect packets".

This is just what a government will do when they realize people VPN around their surveillance/censorship controls. Pakistan is the first to implement this, but I am sure they will be the last.

It is only a matter of time before we see anti-VPN laws being passed, just like we see national firewalls sprouting up.

Re:

[Zontar The Mindless]

Maybe the question should be how to promote policies that prevent software engineers from going to the evil dictator side.

Assassination [bbc.co.uk] seems to be a popular choice of late for dealing with technical professionals who are a bit too good at doing their jobs for the wrong sorts of people...

Re:

[Gutboy]

Who cares about packets. What if I just start emailing people in Pakistan Base64 encoded random numbers? Will they have to prove it's random numbers? Does anyone have a list of government officials email addresses?

Re:

[h4rr4r]

How would that be better?
I can tunnel anything via ssh, email restricts you to asynchronous communication.

Re:

[siddesu]

Only those that communicate through Pakistani ISPs.

Re:

[Dunbal]

The drones are probably controlled by satellite, which begs another question. Exactly what is stopping someone in Pakistan from talking to a satellite owned by a country other than Pakistan, over a VPN? Used to be expensive as fuck, I can't imagine it's very cheap nowadays, the bandwidth and latency suck, but I'm sure that Hughes is dying to sell you an account. And of course if you're engaged in nefarious, lucrative and very private business then what's a couple hundred bucks a month between friends?

Re:

[cavreader]

If they didn't want drones in their airspace they shouldn't have invited the US to the party with their unparalleled incompetence in suppressing the rebel elements in their midst. The groups committing terrorist attacks against their own people and foreigners have always had a very easy way to make both the soldiers and the drones disappear by temporarily suspending all of their violence for a period of 12-16 months. This means 0 attacks against civilians and military targets. If this was to happen in Afgha

Re:

[Farmer Tim]

Detecting stenography is easy, you just look for the person sitting there with the funny typewriter thingy. Now steganography, that's hard to spot...

Re:

[spazdor]

no way to block OpenVPN without blocking every single TLS connection

Um, I got the impression from the article that that's exactly what they're doing.

Re:

[jonwil]

As an Aussie, I can tell you that trying to ban encryption would be political suicide for the current government.

In the US, it would probably result in a supreme court challenge on constitutional grounds.

As for Pakistan, can someone remind me why we support these idiots? Oh yeah, because we need Pakistan to get to Afghanistan and because Pakistan has an unstable government, fundamentalist islamic groups that would LOVE to be running the country and (unlike Iran) functioning nukes that could probably hit tar

Re:

[Shikaku]

There are fortune 500 companies that rely on VPN, not even including the US military. They wouldn't even consider it.

Re:

[shutdown -p now]

You mean, like the ongoing one in Waziristan [wikipedia.org]?

Yeah, I can smell that too, but somehow I don't think you can expect any positive changes on the subject of TFA.

Re:Hrrm..

[Uncle Warthog]

I smell a revolution brewing.

So do they. That's why they're putting the ban in place.

Re:

[frisket]

Not really, this is just the influence of the old colonial power trickling down.

Bullshit. The old colonial power was never that paranoid. Incompetent, self-centered, racist, arrogant, and lots of other things for sure. But this is paranoia, whether religious or political. It's a hallmark of lunatics and delusionals everywhere, particularly when they are trying to cling to ill-gotten and undeserved power.

Re:

[gknoy]

Sounds like a poorly implemented rot26 implementation, then. :)

Re:

[suso]

Nobody is using rot13 or rot26 anymore. You should be using rot533.