Slashdot Mirror
Pakistan Bans Encryption
An anonymous reader writes "After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such services cannot be monitored by the government."
I smell a revolution brewing.
technical game of whack-a-mole
How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?
I'm sure this will totally work out for the government without any blowback or unintended consequences...
Well.... sounds like we need an adaptive add-on to the HTTP protocol for ad-hoc encryption.
The trolls don't even try anymore.
If you aren't doing anything bad, why couldn't the government know about it?
Now where have I heard that question before...
DRM: Terminator crops for your mind!
Save yourselves some money and some bother, and just disconnect yourselves from the internet! That way you'll be Safe (tm).
This has just prevented pretty much anyone who works for a Fortune 500 company from doing anything in Pakistan on company laptops. I dunno, maybe that's a good thing? I can imagine that now more than one "elected official" will point to Pakistan as a shining example to follow (just like what happened earlier with RIM and the Blackberry in India and Saudi Arabia and later everywhere) and VPNs will no longer be allowed because of course they could be the tools of terrorists. Damn, why did I have to wake up in this parallel universe 10 years ago.
Seven puppies were harmed during the making of this post.
Hopefully this is the end of SSH as we know it in Pakistan. Re enable telnet on all those routers and servers, like it's 1996!
I use VPN and encrypted connections almost daily and I don't work for a criminale enterprise [unless you consider corporate America a criminal enterprise – but that is a different question.]. Do you really want your personal and private data exposed as I deal with the outside world?
Or there is just the simpler question of personal privacy. If you have reasonable suspicion, get a warrant. [And yes I know that the Pakistan court system is not very independent – but I am stating a principal here. And yes, I know encryption makes life harder for the cops – but I would rather have the cops work a little harder than sacrifice privacy.]
I wonder if this will include HTTPS traffic as well. I sure hope so!
Or, better, gnugp with email.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
What about digital signatures?
eCommerce using SSL?
Password-protected files?
OS passwords?
Wearing pants should always be optional.
Awww crap... now I'm really screwed.
WAIT A MINUTE!
Maybe I can apply for a special permit for rot26!
if you're not doing anything wrong
why not let the government put up cameras in your home
you're not doing anything wrong in the bathroom at home
so why can't the local police have a camera in there?
it's for your safety, it keeps us all safe
are you retarded?
It exists. Obviously.
DRM: Terminator crops for your mind!
Ah, but they can stop that war anytime they wish to, but I guess it is easier to stop VPN than such a fun things as War.
Yeah. If you can't use an encrypted connection, how are you going to spread the truth about that violent pedophile/rapist/murderer Mohammed in the country?
Oh wait that's "criminal behavior" because noting that Mohammed was the 7th-century equivalent of Warren Jeffs is "sacrilege" and "heresy" and "insulting Islam", which are all capital crimes punishable by death in the Totalitarian Cult State of Pakistan.
Take that, technologically-illiterate religious fundamentalists.
An OpenVPN connection is indistinguishable from any other TLS stream.
An OpenVPN daemon can be set to listen on 443, intercepting all VPN traffic and handling it accordingly, passing that which it can't decrypt onto the webserver for further handling.
Short of some impressive statistical analysis I have yet to see in the wild, there is no way to block OpenVPN without blocking every single TLS connection, nor is there any way to determine that TLS traffic flowing to a webserver offering HTTPS services contains OpenVPN mixed in as well.
The not so funny thing about this statement is it can be used with only changing the country names as justification for banning vpn use here in the united states.
"War" can be so convenient.
Only those that communicate through Pakistani ISPs.
Because it's none of your damned.... sigh, I give up. Take it all. But you get to live in this shitty world too.
Seven puppies were harmed during the making of this post.
Same difference.
Assuming for the sake of argument that the government's interests are genuinely for their peoples' better well being, and that they would not ever disclose any private information to anyone else unless the information indicated conspiracy to commit a crime, then for something entirely legitimate, there may not be any particular reason for the government not to know about it. However, there may damn well be a good reason to not want somebody you don't know snooping in on your traffic and is lucky enough to get away without being caught... which if the government has the ability to do, then so would anybody else. The fact that they may have to break the law to accomplish it is entirely superfluous to the problems that could be caused if they don't happen to actually get caught.
File under 'M' for 'Manic ranting'
HAHAHAHAHAHA... OMFG.
Rats. I was planning to make a huge purchase of textiles and smuggled afghan opium from PakistanMallOnline.com with my credit card. Now, since it won't be encrypted, I cannot. Guess I'll have to buy from IndiaMallOnline instead.
Based on current trends, Australia and Britain will be the next to ban encryption, and then the United States will soon follow. Of course this ban will NOT include politicians, celebrities or the executives of large corporations.
Everybody else will have to submit to a virtual urine sample every time they use the Internet.
The new law not only imposes exciting requirements so that the gov't can monitor all communications for 120 days, but also forbids anyone but the government to "monitor, reconcile, or block any traffic" -- so the ISP, parents, schools etc. are not allowed to do that.
The encryption ban isn't all that impressive, just typical government not-thinking-things-through, and easily enough fixable -- they could add an exception for banks, permitting encryption but the bank has to store the corresponding unencrypted data. FWIW, the requirements pertaining to this may be in place (I'm not a lawyer, so I'm not sure if that's what the second statement here means, or if it's more a Room 641A thing for international comms passing through):
What's really jawdropping is requiring that every fucking byte going through every ISP or telco in Pakistan must be logged for 120 days. In other news, the middle east division of every vendor of massive storage arrays report 1000% increase in sales...
Read the law here (PDF), it's only 6 pages.
The drones are probably controlled by satellite, which begs another question. Exactly what is stopping someone in Pakistan from talking to a satellite owned by a country other than Pakistan, over a VPN? Used to be expensive as fuck, I can't imagine it's very cheap nowadays, the bandwidth and latency suck, but I'm sure that Hughes is dying to sell you an account. And of course if you're engaged in nefarious, lucrative and very private business then what's a couple hundred bucks a month between friends?
Seven puppies were harmed during the making of this post.
If all encryption is being banned, then it should make it trivial to start stealing passwords and bank card numbers from Pakistanis. We don't have an extradition treaty with them do we? Ready, set, crack!
HA! I just wasted some of your bandwidth with a frivolous sig!
Now they only need to ban Stenography. Well, first they'll have to detect it...
Amid all these internet-blocking stories I still haven't found an answer to how dictators prevent satellite internet connections, or even if they do. I know how they could block them if they wanted to, but does anyone know how they actually do it? Or if they even bother with it?
And then of course, there is the fact that too many people make too much money from a war
Lets face it, There is much more money to be made from war than there is from a personal citizens VPN (I am sure corporate VPN's will be excepted, or, being pakistan, certain government officials will accept a small courtesy fee to not look at corporate VPN's)
da da da dum indeed.
TFA and TFS both mention specifically encrypted VPNs, and doesn't make mention of basic encryption systems like SSL / TLS or completely encrypted services like SSH. If this is how it was written to the letter then I imagine an SSH tunnel to a proxy server somewhere else would do the trick.
Though this being Pakistan and not the USA I highly doubt ruthlessly literal interpretation of a law can get you out of jail.
Encrypted connections are used for online banking. Or would you prefer to have a man listening in for your passwords and emptying your bank account with your login?
Doing the Right Thing should not be preempted by making a buck.
I am think that information want to be free, not encumber by encryption. Encryption should be ban for good of all mankind so that all good idea are free, open and available to everyone. I am think that all government should adopt similar policy. Maybe Pakistan not have best motivation at heart, but I am to like this idea.
We also should abandon money so that people more willing to share idea and not be so greedy haha.
well, I hope the Pakistan military isn't connected to the internet then. On another note I actually hope it is and I'm no-longer having any dealings in Pakistan if I can avoid it.
Wow. We should all just send unsolicited random data to random (Pakistani) IPs. There is no way they could log all that data. You could even send "interesting" data to broad swaths of Pakistani IPs (so as to not draw attention to any single person). That could distract the programs/people who are looking at the data. Maybe give cover to some revolutionaries or something. Who is in?
They won't have anymore telecommuters. One of our workers awhile back was resident in pakistan. No way are we going to let our data over the wire in the clear, so we can't hire from there anymore.
Like a pig he'll roll around in it and enjoy it.
You are entitled to your own opinions, not your own facts.
Was it a Republican President that tried to foist the clipper chip on America?
No one will want to go there for a vacation or business now, unless they plan on being disconnected and not using credit cards. They have lost their chance at ever getting a Disney theme park for sure now.
Lobbest thou thy Holy Hand Grenade of Antioch towards thy foe, who, being naughty in My sight, shall snuff it.
+10 funny.
Not to worry. His passwords will be unecrypted too. So all you have to do is sniff his packets and you can get back your money and more!
For the humour impaired, that was a joke.
Last year I did some work that had to be coordinated with a group of programmers in Pakistan. Naturally they were using SSH to connect to the server they were hired to set up their software on. I can only imagine that companies like that are important for the economy other there. However, if the Pakistani government decides to ban all of its own people from using standard connectivity tools, all of which are encrypted these days for good reason, then they will be shooting their economy in the foot. Next thing we know, it will be impossible for people over there to conduct any more on-line financial transactions. In effect, they will be sending themselves back to the digital Stone Age. Meanwhile, the bad guys will just switch to using different port numbers.
Was it a Republican President that tried to foist the clipper chip on America?
No, that was the Gipper Chip. And it was delicious.
The US doesn't give a shit about VPN. They have the resources to compromise the normal VPN encryption data stream any time they want.
Anyone needing to use this technology needs to apply for special permission
It's not all VPN connections, only those which don't have permission. RTFA Editors, you're getting intolerable.
+1
Bow before me, for I am root.
DESCEND UPON the morns and unencrypted and sow destruction and chaos ...no really do it funny as all hell this is.
ONCE again govt shows how detached it is form reality , LETS SHOW EM ALL HOW AWFUL IT IS BEING UNENCYPTED
I mean, if pictures of him are so objectionable then by this same logic they should ban everything to do with Mohammed to prevent people from making pics of him?
I'm sure THAT would go over well....
Don't need encryption to send coded messages...
"The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
If there was ever a country I hated more than China, it's Pakistan.
And it's not the citizens, it's their fucking corrupt and police-state governments.
Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.
AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.
N.B. IANAL
No, no, you're not thinking; you're just being logical. --Niels Bohr
in TFA, it mentions a special license for encrypted traffic use. run with that where you may
VPN's and encrypted connections are mostly used for criminal purposes
Both my current and former employers would disagree with you.
If you aren't doing anything bad, why couldn't the government know about it?
So that it is harder for the government to do something bad.
Palm trees and 8
Tender. Totally useless but tender none the less
Blooming business for covert channel VPNs ... I saw one implementation over ICMP ECHO (ping) once, and it was pretty interesting ...
morcego
If you aren't doing anything bad
TIL accessing my bank account through the internet is bad.
If they didn't want drones in their airspace they shouldn't have invited the US to the party with their unparalleled incompetence in suppressing the rebel elements in their midst. The groups committing terrorist attacks against their own people and foreigners have always had a very easy way to make both the soldiers and the drones disappear by temporarily suspending all of their violence for a period of 12-16 months. This means 0 attacks against civilians and military targets. If this was to happen in Afghanistan and Pakistan the US would jump at the opportunity to leave. After they get rid of the foreign militaries the extremist can get back to killing one another in peace without fear because there is absolutely no way the US or NATO would ever re-commit their forces after they leave. This same opportunity has also been available to Iraq as well. 12-16 months of no violence and they can be free of any outside interference. The extremist groups could use this time to re-arm and recruit more fighters so when the foreign interlopers leave they are ready to hit the ground running.
Thank whatever god you don't believe in that all that stopped once we got a Democrat in office, amiright?
OMG, all this is so, so funny. The ISI (the Pakistani CIA) are finding Al Quada cadre , that they want as bargining chips Helfired, surprise surprise, they don't like it one bit, so they found an effeminate hacker and tortured him, he said "its the VPNs"
An ISI cyber General said shut the VPNs, everyone saluted and said "Yes, Sir", sounds just like the US CyberCommand?
Learn English, you bloody American!
Start a "mullah of the day" fan club. Every day, send out a picture of a different mullah. Then just use steganography to embed your real message inside the jpeg...
#DeleteChrome
Mmm... Gipper Chips and Tipper Dip!
No, they don't.
Mind you, they have the resources to compromise the endpoints, but that's not the same thing as compromising the stream (even inasmuch as the effect is pretty much the same).
While this is indeed a silly move it does mean that nobody in Pakistan will be taking my development contracts... of course this also means there will likely be an influx of developers into surrounding countries.
"drink deeply the illusion of your safety"
Good luck with that.
Steganography. Hide your messages as every... oh, say, cycle through the first 100 prime numbers... particular bytes in, say, a pirated porno. If they even detect it, they'll think it's VCR noise.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
You are arguing from the perspective that the government is not to be trusted (which may be entirely accurate), when clearly the person you are presenting your argument to believes that is not the case. Therefore, to the person you are responding to, your argument is nothing more than a mere contradiction without logical validity.
A much better position to take would be to simply look at fundamental issues of privacy and keeping confidential information from nefarious individuals. Even if the government and law enforcement *could* be wholly trusted, there are plenty of people who cannot, and there is absolutely no reason that such people would not be just as capable of listening in on anyone's private conversations as the government is. That they might have to break the law to do so is wholly irrelevant because, again, we are talking about people who are unscrupulous in the first place. It makes matters even worse if one considers that such people can sometimes even get away with their crimes without getting caught in the act... and the economic damage that they could do would be of staggering proportions if people are legally prohibited from taking any measures whatsoever to keep their private data confidential when communicating it to a trusted party.
File under 'M' for 'Manic ranting'
http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States
http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation
http://en.wikipedia.org/wiki/Phil_Zimmermann#Criminal_investigation_by_US_Customs
Er- no. Maybe get a keylog on the machine with the sensitive info, but I seriously, seriously doubt you could break a VPN stream.
Exactly, there is not even a theoretical way to brute force AES256. Unless the NSA has some kind of attack against every commercial and open source implementation (and they wouldn't be doing their job if they did as assuring military and commercial uses of encryption are secure is a bigger part of their mandate than breaking codes) then I'm reasonably confident in the security of my communications unless the end devices were compromised before they left the factory.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
That's all well and nice for local sites for the locals, but what about foreign visitors or accessing any international site? Any banks or anything else with a https login I'd like to visit won't work as they won't care one shit about what Pakistan wants. That's pretty much a tourism killer. And commerce killer. Ah well, it's their self-implosion.
Live today, because you never know what tomorrow brings
You are arguing from the perspective that the government is not to be trusted (which may be entirely accurate), when clearly the person you are presenting your argument to believes that is not the case. Therefore, to the person you are responding to, your argument is nothing more than a mere contradiction without logical validity.
A much better position to take would be to simply look at fundamental issues of privacy blah blah blah [sound of a contented troll is blocking out the rest of your thoughtful, well-considered, and utterly wasted response]
no...no...no. you don't feed the trolls. period.
..but officer, I was just piping /dev/random!
I have no idea how that sort of thing could be done (I'm not techy at all) but this is a fantastic idea and I wanted to say that I think it's genius, even if you got modded down.
Sure enough they'll start blocking port 443 and everyone will just move to another one, or another protocol altogether. How can you know it's encrypted, if you can't parse a protocol's traffic. lol... They're not going to sniff the contents of every packet and just not forward them if they are unreadable. That would make 99% of anything not work if they don't know what it is. Might as well be sending data verbally over the phone haha
Please list reasons why they would they disclose the fact that they can break AES256. Thank you.
Oh wait that's "criminal behavior" because noting that Mohammed was the 7th-century equivalent of Warren Jeffs is "sacrilege" and "heresy" and "insulting Islam", which are all capital crimes punishable by death in the Totalitarian Cult State of Pakistan.
Funny. Here in Utah, we'd call that "sacrilege" and "heresy" and "insulting mormonism".
Please list reasons why they would they disclose the fact that they can break AES256. Thank you.
Yes, of course. Not saying that they can break AES is CLEAR PROOF that they can.
If I had to guess, probably at the most recent meetings of the Republican National Committee and the Democratic National Committee.
upon the advice of my lawyer, i have no sig at this time
You're right, of course one of the most secretive and highly funded organizations in the world would disclose their knowledge.
...there's no way any company with half a brain would allow anyone to work from Pakistan or any work to be outsourced to Pakistan anymore. Their IT industry is toast.
Because if they can break it they know eventually someone else WILL break it and so everything the government, the military, and the US private sector has protected with AES will be available to agents of countries hostile to the US national interest, and so they would be starting the hunt for the next standard encryption algorithm to be used for those purposes. Remember that the NSA made changes to the S-box of DES specifically to avoid attacks by methods that were not rediscovered in the general cryptography community for nearly 30 years. That change kept 3DES secure for another 5-7 years allowing them to proceed with the AES selection process. Despite what so many people think the NSA's first mission is to protect the integrity of the secrets of the US.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
You can always look at it from a "glass half-full" perspective--Encryption Bans Pakistan.
Hello. I'm Peggy from Pakistan. May I have your Credit Card Number and PIN Code Please?
Only if Bill Clinton is now a republican
http://en.wikipedia.org/wiki/Clipper_chip
Nice try, though
The convenient thing about the drones is the ease of putting them in play from carriers, small airfields, and neighboring countries and so are easy to sneak in and out. US drone strikes are suspected in many more places than just Pakistan and Afghanistan, including Yemen, Somalia, Libya, and Sudan, as well as possibly Colombia, Algeria, Morocco, and others. Many of them involve (technically) no military operations as they are carried out by the CIA.
US drones have reportedly been shot down by Iran and I think also Syria, so they're operating in many more countries than just those subject to airstrikes.
You can never go home again... but I guess you can shop there.
What encryption, that was a jpg I was sending in my own format... sure this is going to stop all the encrypted comms.
SSH , openVPN ....
This could never happen in the USA.
You're right, of course one of the most secretive and highly funded organizations in the world would disclose their knowledge.
Yes, of course. Not saying that they can break AES is CLEAR PROOF that they can.
There's history to look at.
The adjustments they made to the constant values in DES, for instance, were eventually discovered to improve security against an attack vector that nobody outside the NSA yet knew existed. If the academic world had instead caught up and discovered that the NSA had instead been making changes to provide them a "back door", it would have eventually been found out -- potentially by the bad guys first -- and then, when it hit the academic world, we wouldn't be trusting them to help vet newer standards either.
This is useless, people in Pakistan can dial into American dialup ISPs and use an encrypted VPN through them. There are other ways around this ban, too.
"Before they left the factory"?
Law enforcement has put a lot of money and resources into having ways to compromise devices after they've left the factory -- malicious dongles and the like. I wouldn't depend on a compromise needing to happen before you're a person of interest.
Meh, our datacenter has motion activated cameras and my phone is never off my person so I'm not worried about it in the case where I actually worry about security. All my personal communications I assume are subject to CALEA requests and so they have no need to compromise my end stations.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
How many cookies do I get now?
No compression either? WTF? No gif, png or jpeg? No gzip?
Wow....just....wow. Colour me gobsmacked.
Pakistani tourism? seriously? Cash is where its at in that part of the world anyway.
Gogo gadget stenography.
The Pakistanis loudly criticize the drone operations but if they were really that upset it they could attempt to shoot down any drones in their airspace. The US would not retaliate with counter strikes against the Pakistani military attempting to shoot down the drones. The US would could also limit the number of drone operations by only being used for only critical operations that could not be accomplished by other means. Plus drones are a hell of a lot cheaper to replace than F-16's or other attack aircraft. The current vulnerabilities can also be addressed by modifying flight profiles. However, I am also sure that they are developing a new generation of drones with stealth capabilities similar to the F-22 or F-117 and it's possible they might have already deployed drones with stealth capabilities without people knowing, The helicopter that crashed during the Osama operation reveled stealth capabilities that nobody had ever seen before. Despite of all the US faults they are capable of maintaining secrecy some of the time. The F-117 took the world by surprise when they finally unveiled this aircraft that had been under development for nearly 20 years. Another non-stealth safeguard would include modifying attack profiles to limit the ability to identify them and eliminate loitering in an area looking for possible targets like they currently do. Another strategy for hiding drone activity would be compromise air defenses with jamming technology before a drone operation is launched.
Why would the average Pakastani want to encrypt their goat or mud hut anyway? It's not like they have nuclear....OH!
Good point -- domestic state actors, at least, have plenty of tools they can use before needing to use physical attacks to compromise endpoints. If one gets beyond meatspace attacks, though, it's not necessarily only domestic actors one needs to worry about.
I've been approached with a request to provide security-related IT services to political dissidents in the past; in the scenario where I had followed through with the requested assistance, I could see myself being targeted for intelligence acquisition by state actors (simply by virtue of having contact with an organization acting contrary to the perceived interests of said state).
In this scenario, I wouldn't have necessarily have needed to worry about local law enforcement being willing to play game, but I most certainly would have been concerned about remote attacks intended to recover the private key I used in communication with my contact in the group, or intended to discover relevant information (particularly if any information I had access to could have been used to identify persons domestic to the country involved). In conventional scenarios I'd call that kind of concern paranoia, but with other peoples' lives on the line, it becomes a different game.
"Law enforcement" isn't necessarily limited to your own country's laws, after all.
(Posting AC because of moderations)
So let me get this straight, we have no light, water or gas, people are being slaughtered by the hundreds every-single-day by political workers of the same freaking (secular!) parties that are in power (look up the Current Karachi massacres, we have bigger things to worry about than Al Qaeda)....and THIS is what the govt decides to focus it's attentions on?
My dear god, what the hell is happening to my country? You know, this is why the Islamic parties get votes here, they may be ass-backwards, but at least their political workers don't go emptying dozens of magazines of people for (literally!!!) the lulz.
Also, seeking my advice: Any way to send credit card information securely? I have to pay my exam fees to an examining institute in the UK, and I usually used credit cards. Now however....
I am not in a revolutionary mode, I just want to get an education and somehow go abroad and earn a simple living and die without ever making a ripple.
Well, that PDF is dated march, so, the law is in action today?
I remember writing a steganographic tool that sent hidden messages via SPAM. I had a massive source of SPAM and use a combination of hash tables and a psuedo-random number generator in order to pass any type of binary data as SPAM. The trick was to have all possible combinations of spam words with offsets for all the hexidecimal characters. Numbers are scarce, but spam is such bad spelling that you could "cheat" a little and get it all set up. (My favorite trick was to embed a meaningless tag that had the hexidecimal value I needed in it)
I'm sure the NSA could have cracked my little toy / experiment fairly quickly, but they would only have cracked the fact that I was using steganography. The binary stream encoded therein could still easily be encrypted with AES or Blowfish or any other cryptomechanism.
The stream expansion was pretty intense, some 20:1 or so. But it was honest-to-god SPAM and it was fun to cleanly pass compressed, encrypted binary data via penis pill offers.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I would totally start sending megabytes of Mersenne twister output to addresses in the US.
Couldn't they just download ECHELON from SourceForge and run that? Or does that only work in Anglophone countries?
I think it's safe to say on behalf of Uncle Sam: "Pakistan, you're NEXT!"
These Aren't the Bits You're Looking For!
Brilliant!
Can we expect a future wikileak or open leak to show they were leaned on to do this by the US government?
This is a complete misread of telecoms terminology, they are not banning user encryption.
The actual regulation only mentions encryption ONCE, and that is in regard to signalling information.
Signalling information is not the data. I repeat, signaling information is NOT the data.
For phone calls, signalling is the bits that tell the system where the call is go to, and who from, and other "meta" information about the call. For data, signalling is the outer part of the IP packet that carries destination information.
The encrypted part of data is in the PAYLOAD. And they don't require the payload to be decrypted. It's also the same section that requires the
info to not be compressed. Are they really going to decompress all files before sending them off? No way.
All they are requiring is that the phone call source/destination info, and Ip traffic packets are not encrypted *further* by the ISP. Customer
VPN data will continue to flow as normal.
IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just
bog standard like many other countries do.
Bottom line: A non story. Pakistan wants ISPs to implement legal intercept. Big whoop, most countries have already done this.
Sparks:Gadget:Beer Maker
Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.
AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.
N.B. IANAL
This stuff still screws over any small companies and newstarters who wish to e.g. offer their products online. Having to provide the government with all that means a lot higher operational costs, not to mention the extra hardware and maintenance needed, and it could very well even mean the company is no longer sustainable.
Such a horribly shortsighted move.
No, you're all wrong.
IUALBTIPDI (I'm Usually A Lawyer But This Is Pakistan Damn It)
Obviously, Pakistan has never heard of the MPAA. If Pakistan can beat Hollywood lawyers... India should begin sweating. I suspect it be long before Pakistan is just another Warner Bros. backlot.
The Admin and the Engineer
If it's personal and private and non-criminal, why should the gov't know about it?
They just banned e-commerce, telecommuting, offshoring operations providing services (e.g. customer service at your bank), and foreign corporate operations.
Tech Public Policy stuff
If you have nothing to hide and a clear conscience, you have no need for encryption. This whole thing is a non-issue.
Very interesting post. Since I'm not in that kind of situation it never would have crossed my mind. Though I guess it would be little different than a spearphishing attempt against a corporate target. Perhaps for such a situation a smartcard with physical action like PIN input would be the most robust way to store the key as it would not expose the key after a general purpose OS compromise.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
well since business is completely dependent on strong crypo... I guess Pakistan's greed for information > Pakistan's greed for money.
even if they make exceptions for corporations this would completely limit the ability of start-ups to get a foothold.
You idiot, that was his point.
yay for the economy! (?)
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Don't they know? Information wants to be free.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
"information is uncompressed"
Uncompressed too? Really?
Idiots are born every day.....
Sounds like a great idea, dilute their logs with crap. Heck don't make it random, use random text from Pakistani websites to make it harder to filter out.
"When information is power, privacy is freedom" - Jah-Wren Ryel
A list of pakistani IP ranges, and a simple app that pings things and then spews random data at an IP if it responds. Simple. You could probably even do it in a shellscript.
"When information is power, privacy is freedom" - Jah-Wren Ryel
What about digital signatures?
Let's not forget we went through this with the Clinton administration just 15 years ago. If I could get the Slashdot search to cooperate I'd include a link here to Rivest's winnowing-and-chaffing algorithm that passes secure messages where encryption is banned but digital signatures are allowed.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I agree that that the Pakistani government is generally happier to have the drone strikes than not, though they have perhaps legitimately objected to those which have killed more civilians than militants. It also can make their lives harder in negotiating with tribes which are on the fence in terms of loyalties.
The stealth helicopter was surprising mostly because most people didn't think that a stealth helo even existed. The fact that it used certain materials and ducted fans isn't surprising once it's known to exist. The existence of a stealth fighter in the 1980s wasn't really a well-kept secret. What was well-kept was the shape. My parents saw it before it was publicized when they were out camping in the deserts of Southern California. A trio of planes passed not far overhead and only two of them looked familiar. When they told me about it, I got my books out and went through them. The chase planes were easy to identify as T-38s, but the other didn't look like anything I'd ever heard of. A few months later, my parents excitedly called me in from another room, pointing at the TV screen and say, "That's what we saw!" My best guess is that it was either doing a run out at the bomb ranges around China Lake or else was ferrying between Edwards and Nellis/Area-51 and the decision had been made to allow daylight flights a little before the public unveiling.
Reconnaissance drones with stealth capabilities are already in use, and that suggests that attack drones are also in use. Most people think of the Predator drones (still performing well and widely used with a payload of two Hellfire missiles), but also in use are the Grey Eagle (an upgraded Predator that can carry four Hellfires), and the Reaper (capable of carrying 14 Hellfires). Boeing has publicly rolled out the Phantom Ray for testing, but I would bet that Boeing and/or Lockheed have already provided stealth drones to the military. Even tougher to track is what the CIA buys because even more of its funding is black and it's almost impossible to guess what it's being used for. Jamming defenses isn't really viable because it lights up every scope with noise, announcing that an attack is occurring.
Of course, some of the strikes in Somalia were done with AC-130s, so drones aren't always the preferred means of attack.
You can never go home again... but I guess you can shop there.
If they are going to ignore a logically considered argument, that's their own problem. Not mine. Presenting them with something that simply contradicts what, judging by their statement, they evidently already believe to be true, however, is going to be even less productive. The only way that I know of for what I stated above to be seen as a mere contradiction without logical validity in their own view is if the poster claimed to believe that everybody in the world who isn't benevolent always get caught by law enforcement before they can do any damage or harm to law abiding people. This belief runs in such sharp contrast to reality that it could not feasibly be held by any person who is sophisticated enough to read and write, and would likely be sufficient evidence to have ferreted out a troll.
While it is true that you can't win an argument with a troll, you *CAN* win an argument with somebody who is simply ignorant, but willing to listen to reason. Generally, the latter such people do not even realize their ignorance, so distinguishing between the two is rarely possible given nothing more than an initial proposition. The aforementioned post that is allegedly from a troll, for example, is not sufficient evidence to actually construe either position, but it is my own view that it is at least polite to give them the benefit of the doubt until they unambiguously reveal their position to be otherwise, which in an actual troll's case would be when they either shift the goalposts of their own position to another contrary position so that they may continue to disagree with everybody about something else, or else simply blindly contradicting the stated argument without providing any supporting evidence to support their alleged position.
Taking the position that everybody who makes any sort of controversial statement is only interested in controversy and cannot ever possibly be worth responding to (without having any substance to back it up with respect to the individual) is not altogether unlike a form of censorship... where it is suggested that any single dissenting voice should be quieted with nothing less than stark silence. It is entirely possible that you are right and the above post was a troll... but that could be ascertained from any responses he might have given to any reasoned arguments that pointed out the fundamental flaws in his position (and again, merely presenting the view that the government is not to be trusted is not a valid logical argument from the point of view of somebody who believes that it sometimes can be... and there do exist plenty of people who believe that. I've even personally met some of them).
File under 'M' for 'Manic ranting'
I saw a documentary on the F-117 project and it generated a surprising number of UFO sightings during testing. When the F-117 was used in the first Iraq war they had remarkable successes but the US Air Command wasn't even sure the stealth capabilities would be effective against a air defense system like they were facing. I'm sure the military tested the hell out of it but outside of computer simulations I seriously doubt they tested it against an air defense network as large and layered as the Iraqis had in place at the time. As a consequence they used other fighters to trigger and profile the Iraqi radar coverage prior to the F-117 attacks so they could exploit the small coverage gaps created where the multiple radar coverage spheres intersected with one another. You are correct in saying that taking out air defense radars prior to an attack usually just lets the intended target know where you are going to attack. The F-117 stealth systems helped alleviate this problem. A lot of people don't realize that the Iraqi air defense system used modern and top of the line Soviet, Chinese, and French hardware and was an extremely capable system. I imagine the Russian and Chinese military were a little irritated about how ineffective their hardware was against the capabilities displayed by the US.
Much of that was due to the Iraqi use of old Soviet doctrines which advocated certain rigid defensive procedures and absolute adherence to command and control centers. Only certain units were given the flexibility to go out on their own, and units cut off from C2 centers (either through loss of radio contact or by the C2 center itself being destroyed) were often lost as to how to respond. The strategy had worked well enough against Iran if you ignore Iran's superior numbers (often through the use of the Martyrs' Brigades), but the Soviets had started to get rid of it at least by the first couple of years in Afghanistan (if not earlier) where terrain and circumstances led to loss of contact with C2 on a regular basis and units had to be flexible.
Anyway, I'm not surprised that the F-117 was babied early on. I remember the talk of picking up incoming aircraft by watching for signals between cell towers to be interrupted. I don't know how that worked out, but it may be an early mechanism by which future attacks are monitored when everything is too stealthy for radar.
You can never go home again... but I guess you can shop there.
I think in one of your previous post you mentioned the fuselage geometry of the F-117 was known by certain governments but the geometry is not the key characteristic in providing stealth capabilities. After WW2 the allies found German plans for a flying wing aircraft that looked very similar to the B2 geometry. Of course the development of that design never happened because of the German defeat but the basic radar geometry has been around for a while. To provide the stealth characteristics required the technology to reduce the thermal signature by using specialized jet exhaust designs, composite materials, and the specialized paint capable of absorbing the radar hits that the geometry alone couldn't deflect. One thing that puzzles me is that there has been no mention of anyone developing a method to thwart the stealth capabilities. Usually weaknesses in most weapon systems are eventually found and exploited to provide effective counter measures. Sorry for rambling on but I find this topic very interesting.
The flying wing technology was recognized in the US as stealthy to early radar, too, but despite a lot of money poured into it by Jack Northrop, it also proved to be unstable and difficult to fly with the technology of that era. It wasn't until flight computers caught up and a lot of Reagan-era build-up money became available that the B-2 became viable.
Kelly Johnson mentioned at one point that he would have loved to come up with a stealth design as sleek and cool as the F-19 concept that had been around in models for a few years, but the math for those kinds of curved surfaces is exceptionally difficult and beyond the computers of the time. The facets of the F-117 are useful to ensure that the radar signal goes elsewhere, and radar-absorbent paint helps to reduce the reflection. Even the frame around the canopy is angled to reduce direct reflections. When dropping bombs, the bay door opens, the weapon is ejected, and the door closes, all fairly quickly. S-shaped intakes remove the engine fans from the reflection problem, and diffusers reduce the heat signature. The thing is tiny, too, as fighters go, or at least appears to be. I saw it at a post-Desert Storm air show at March AFB (where it was surrounded by armed personnel who prevented anyone from getting closer than about 20 feet from it). While the length and width are about the same as an F-15 (which was also nearby), it is vertically much shorter.
They were effective for their day, but that just makes one wonder what has replaced them. It may be that the shoot-down over Yugoslavia was more effective than realized, and once word of it got around, they weren't safe anymore. I imagine a day when we'll be looking for not the planes, but the ripples they leave in the air.
You can never go home again... but I guess you can shop there.
I am aware of the earlier attempts to create a flying wing design but since then the advances in computer and fly by wire technology was responsible for it's re-emergence. Even the F-117 was very difficult if not impossible to be flown manually and relied heavily on fly by wire systems just to maintain a stable flight. The B2 also relies on fly by wire to keep those planes in the air. I suspect in the very near future just about all combat aircraft will not require a pilot just like the current drone systems.