Pakistan Bans Encryption

An anonymous reader writes "After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such services cannot be monitored by the government."

Hrrm..

I smell a revolution brewing.

Re:Hrrm..

Not really, this is just the influence of the old colonial power trickling down.

Re:Hrrm..

[shutdown+-p+now]

You mean, like the ongoing one in Waziristan?

Yeah, I can smell that too, but somehow I don't think you can expect any positive changes on the subject of TFA.

Re:Hrrm..

[Uncle+Warthog]

I smell a revolution brewing.

So do they. That's why they're putting the ban in place.

Re:Hrrm..

[frisket]

Not really, this is just the influence of the old colonial power trickling down.

Bullshit. The old colonial power was never that paranoid. Incompetent, self-centered, racist, arrogant, and lots of other things for sure. But this is paranoia, whether religious or political. It's a hallmark of lunatics and delusionals everywhere, particularly when they are trying to cling to ill-gotten and undeserved power.

Re:Hrrm..

[mla_anderson]

I smell a revolution brewing.

This is nothing new in Pakistan, they open(ed) all mail. I lived there as a young teen (too many years ago) and one of the other expats related how she had written her mother and and mentioned the mail being opened. When her mother received the letter it had been slit open and taped back shut. In the letter where she had mentioned the mail being opened was a note from the post office which said, "We don't open the mail."

There were no revolutions over mail being opened, or over telephone conversations being monitored, there's not likely to be a revolution over encryption being banned. There will be riots in the middle of the summer, there always are, I think it's just that the heat gets to be too much.

Security concerns

They have a valid reason to do so, being almost in war with India. VPN's and encrypted connections are mostly used for criminal purposes. If you aren't doing anything bad, why couldn't the government know about it?

Re:Security concerns

The trolls don't even try anymore.

Re:Security concerns

[spazdor]

If you aren't doing anything bad, why couldn't the government know about it?

Now where have I heard that question before...

Re:Security concerns

What? A troll? I thought he was just a Republican...

Re:Security concerns

Ah, but they can stop that war anytime they wish to, but I guess it is easier to stop VPN than such a fun things as War.

Re:Security concerns

Yeah. If you can't use an encrypted connection, how are you going to spread the truth about that violent pedophile/rapist/murderer Mohammed in the country?

Oh wait that's "criminal behavior" because noting that Mohammed was the 7th-century equivalent of Warren Jeffs is "sacrilege" and "heresy" and "insulting Islam", which are all capital crimes punishable by death in the Totalitarian Cult State of Pakistan.

Re:Security concerns

[Truekaiser]

The not so funny thing about this statement is it can be used with only changing the country names as justification for banning vpn use here in the united states.

Re:Security concerns

[Jeremy+Erwin]

"War" can be so convenient.

Re:Security concerns

[Dunbal]

Because it's none of your damned.... sigh, I give up. Take it all. But you get to live in this shitty world too.

Re:Security concerns

Same difference.

Re:Security concerns

[mark-t]

Assuming for the sake of argument that the government's interests are genuinely for their peoples' better well being, and that they would not ever disclose any private information to anyone else unless the information indicated conspiracy to commit a crime, then for something entirely legitimate, there may not be any particular reason for the government not to know about it. However, there may damn well be a good reason to not want somebody you don't know snooping in on your traffic and is lucky enough to get away without being caught... which if the government has the ability to do, then so would anybody else. The fact that they may have to break the law to accomplish it is entirely superfluous to the problems that could be caused if they don't happen to actually get caught.

Re:Security concerns

[rust627]

And then of course, there is the fact that too many people make too much money from a war

Lets face it, There is much more money to be made from war than there is from a personal citizens VPN (I am sure corporate VPN's will be excepted, or, being pakistan, certain government officials will accept a small courtesy fee to not look at corporate VPN's)

Re:Security concerns

[lavalyn]

Encrypted connections are used for online banking. Or would you prefer to have a man listening in for your passwords and emptying your bank account with your login?

Re:Security concerns

[ewanm89]

well, I hope the Pakistan military isn't connected to the internet then. On another note I actually hope it is and I'm no-longer having any dealings in Pakistan if I can avoid it.

Re:Security concerns

[Cwix]

Like a pig he'll roll around in it and enjoy it.

Re:Security concerns

Was it a Republican President that tried to foist the clipper chip on America?

Re:Security concerns

[jhoegl]

+10 funny.

Re:Security concerns

[ThatsMyNick]

Not to worry. His passwords will be unecrypted too. So all you have to do is sniff his packets and you can get back your money and more!
 
For the humour impaired, that was a joke.

Re:Security concerns

[Culture20]

Was it a Republican President that tried to foist the clipper chip on America?

No, that was the Gipper Chip. And it was delicious.

Re:Security concerns

[cavreader]

The US doesn't give a shit about VPN. They have the resources to compromise the normal VPN encryption data stream any time they want.

Re:Security concerns

[wiedzmin]

+1

Re:Security concerns

[betterunixthanunix]

VPN's and encrypted connections are mostly used for criminal purposes

Both my current and former employers would disagree with you.

If you aren't doing anything bad, why couldn't the government know about it?

So that it is harder for the government to do something bad.

Re:Security concerns

[mangu]

If you aren't doing anything bad

TIL accessing my bank account through the internet is bad.

Re:Security concerns

Thank whatever god you don't believe in that all that stopped once we got a Democrat in office, amiright?

Re:Security concerns

[silverglade00]

Mmm... Gipper Chips and Tipper Dip!

Re:Security concerns

[cduffy]

No, they don't.

Mind you, they have the resources to compromise the endpoints, but that's not the same thing as compromising the stream (even inasmuch as the effect is pretty much the same).

Re:Security concerns

[mark-t]

You are arguing from the perspective that the government is not to be trusted (which may be entirely accurate), when clearly the person you are presenting your argument to believes that is not the case. Therefore, to the person you are responding to, your argument is nothing more than a mere contradiction without logical validity.

A much better position to take would be to simply look at fundamental issues of privacy and keeping confidential information from nefarious individuals. Even if the government and law enforcement *could* be wholly trusted, there are plenty of people who cannot, and there is absolutely no reason that such people would not be just as capable of listening in on anyone's private conversations as the government is. That they might have to break the law to do so is wholly irrelevant because, again, we are talking about people who are unscrupulous in the first place. It makes matters even worse if one considers that such people can sometimes even get away with their crimes without getting caught in the act... and the economic damage that they could do would be of staggering proportions if people are legally prohibited from taking any measures whatsoever to keep their private data confidential when communicating it to a trusted party.

Re:Security concerns

Er- no. Maybe get a keylog on the machine with the sensitive info, but I seriously, seriously doubt you could break a VPN stream.

Re:Security concerns

[afidel]

Exactly, there is not even a theoretical way to brute force AES256. Unless the NSA has some kind of attack against every commercial and open source implementation (and they wouldn't be doing their job if they did as assuring military and commercial uses of encryption are secure is a bigger part of their mandate than breaking codes) then I'm reasonably confident in the security of my communications unless the end devices were compromised before they left the factory.

Re:Security concerns

[rocket+rancher]

You are arguing from the perspective that the government is not to be trusted (which may be entirely accurate), when clearly the person you are presenting your argument to believes that is not the case. Therefore, to the person you are responding to, your argument is nothing more than a mere contradiction without logical validity.

A much better position to take would be to simply look at fundamental issues of privacy blah blah blah [sound of a contented troll is blocking out the rest of your thoughtful, well-considered, and utterly wasted response]

no...no...no. you don't feed the trolls. period.

Re:Security concerns

Please list reasons why they would they disclose the fact that they can break AES256. Thank you.

Re:Security concerns

Oh wait that's "criminal behavior" because noting that Mohammed was the 7th-century equivalent of Warren Jeffs is "sacrilege" and "heresy" and "insulting Islam", which are all capital crimes punishable by death in the Totalitarian Cult State of Pakistan.

Funny. Here in Utah, we'd call that "sacrilege" and "heresy" and "insulting mormonism".

Re:Security concerns

[0123456]

Please list reasons why they would they disclose the fact that they can break AES256. Thank you.

Yes, of course. Not saying that they can break AES is CLEAR PROOF that they can.

Re:Security concerns

[compro01]

If I had to guess, probably at the most recent meetings of the Republican National Committee and the Democratic National Committee.

Re:Security concerns

[GP1911]

You're right, of course one of the most secretive and highly funded organizations in the world would disclose their knowledge.

Re:Security concerns

[afidel]

Because if they can break it they know eventually someone else WILL break it and so everything the government, the military, and the US private sector has protected with AES will be available to agents of countries hostile to the US national interest, and so they would be starting the hunt for the next standard encryption algorithm to be used for those purposes. Remember that the NSA made changes to the S-box of DES specifically to avoid attacks by methods that were not rediscovered in the general cryptography community for nearly 30 years. That change kept 3DES secure for another 5-7 years allowing them to proceed with the AES selection process. Despite what so many people think the NSA's first mission is to protect the integrity of the secrets of the US.

Re:Security concerns

[CapOblivious2010]

Only if Bill Clinton is now a republican

http://en.wikipedia.org/wiki/Clipper_chip

Nice try, though

Re:Security concerns

[0123456]

You're right, of course one of the most secretive and highly funded organizations in the world would disclose their knowledge.

Yes, of course. Not saying that they can break AES is CLEAR PROOF that they can.

Re:Security concerns

[cduffy]

There's history to look at.

The adjustments they made to the constant values in DES, for instance, were eventually discovered to improve security against an attack vector that nobody outside the NSA yet knew existed. If the academic world had instead caught up and discovered that the NSA had instead been making changes to provide them a "back door", it would have eventually been found out -- potentially by the bad guys first -- and then, when it hit the academic world, we wouldn't be trusting them to help vet newer standards either.

Re:Security concerns

[cduffy]

"Before they left the factory"?

Law enforcement has put a lot of money and resources into having ways to compromise devices after they've left the factory -- malicious dongles and the like. I wouldn't depend on a compromise needing to happen before you're a person of interest.

Re:Security concerns

[afidel]

Meh, our datacenter has motion activated cameras and my phone is never off my person so I'm not worried about it in the case where I actually worry about security. All my personal communications I assume are subject to CALEA requests and so they have no need to compromise my end stations.

Re:Security concerns

Google.

How many cookies do I get now?

Re:Security concerns

Good point -- domestic state actors, at least, have plenty of tools they can use before needing to use physical attacks to compromise endpoints. If one gets beyond meatspace attacks, though, it's not necessarily only domestic actors one needs to worry about.

I've been approached with a request to provide security-related IT services to political dissidents in the past; in the scenario where I had followed through with the requested assistance, I could see myself being targeted for intelligence acquisition by state actors (simply by virtue of having contact with an organization acting contrary to the perceived interests of said state).

In this scenario, I wouldn't have necessarily have needed to worry about local law enforcement being willing to play game, but I most certainly would have been concerned about remote attacks intended to recover the private key I used in communication with my contact in the group, or intended to discover relevant information (particularly if any information I had access to could have been used to identify persons domestic to the country involved). In conventional scenarios I'd call that kind of concern paranoia, but with other peoples' lives on the line, it becomes a different game.

"Law enforcement" isn't necessarily limited to your own country's laws, after all.

Re:Security concerns

If it's personal and private and non-criminal, why should the gov't know about it?

Re:Security concerns

[afidel]

Very interesting post. Since I'm not in that kind of situation it never would have crossed my mind. Though I guess it would be little different than a spearphishing attempt against a corporate target. Perhaps for such a situation a smartcard with physical action like PIN input would be the most robust way to store the key as it would not expose the key after a general purpose OS compromise.

Re:Security concerns

You idiot, that was his point.

Re:Security concerns

[mark-t]

If they are going to ignore a logically considered argument, that's their own problem. Not mine. Presenting them with something that simply contradicts what, judging by their statement, they evidently already believe to be true, however, is going to be even less productive. The only way that I know of for what I stated above to be seen as a mere contradiction without logical validity in their own view is if the poster claimed to believe that everybody in the world who isn't benevolent always get caught by law enforcement before they can do any damage or harm to law abiding people. This belief runs in such sharp contrast to reality that it could not feasibly be held by any person who is sophisticated enough to read and write, and would likely be sufficient evidence to have ferreted out a troll.

While it is true that you can't win an argument with a troll, you *CAN* win an argument with somebody who is simply ignorant, but willing to listen to reason. Generally, the latter such people do not even realize their ignorance, so distinguishing between the two is rarely possible given nothing more than an initial proposition. The aforementioned post that is allegedly from a troll, for example, is not sufficient evidence to actually construe either position, but it is my own view that it is at least polite to give them the benefit of the doubt until they unambiguously reveal their position to be otherwise, which in an actual troll's case would be when they either shift the goalposts of their own position to another contrary position so that they may continue to disagree with everybody about something else, or else simply blindly contradicting the stated argument without providing any supporting evidence to support their alleged position.

Taking the position that everybody who makes any sort of controversial statement is only interested in controversy and cannot ever possibly be worth responding to (without having any substance to back it up with respect to the individual) is not altogether unlike a form of censorship... where it is suggested that any single dissenting voice should be quieted with nothing less than stark silence. It is entirely possible that you are right and the above post was a troll... but that could be ascertained from any responses he might have given to any reasoned arguments that pointed out the fundamental flaws in his position (and again, merely presenting the view that the government is not to be trusted is not a valid logical argument from the point of view of somebody who believes that it sometimes can be... and there do exist plenty of people who believe that. I've even personally met some of them).

good luck with that

technical game of whack-a-mole

Re:good luck with that

[spazdor]

Yeah, this is pretty much an unwinnable arms race. No matter how much deep packet inspection brute-force they want to employ - If they allow any protocols at all to run unrestricted, it'll be possible to tunnel data over it. Hell, give me an ICMP-only network and I'll encode data payloads into the TTL numbers.

Pakistan is gonna have to cut off its Internet backbones entirely if it's serious about shutting down encrypted communication.

Re:good luck with that

[mlts]

Actually, this is just the next step in the arms race.

The first generation were the firewalls. The sophistication has gone from just blind IP blackholes to active MITM attacks, changing posts in midstream.

Now, because of VPNs, the next step is to ban them, and then arresting anyone who might have any traffic out of the ordinary. With anti-VPN laws, a government can vacuum up people for "suspect packets".

This is just what a government will do when they realize people VPN around their surveillance/censorship controls. Pakistan is the first to implement this, but I am sure they will be the last.

It is only a matter of time before we see anti-VPN laws being passed, just like we see national firewalls sprouting up.

Re:good luck with that

I thought you were going to delay the pings to produce Morse Code, but TTL payload is Pure Genius (TM), I say.

Re:good luck with that

[bmuon]

Maybe the question should be how to promote policies that prevent software engineers from going to the evil dictator side.

Re:good luck with that

[Gutboy]

Who cares about packets. What if I just start emailing people in Pakistan Base64 encoded random numbers? Will they have to prove it's random numbers? Does anyone have a list of government officials email addresses?

Re:good luck with that

[Zontar+The+Mindless]

Maybe the question should be how to promote policies that prevent software engineers from going to the evil dictator side.

Assassination seems to be a popular choice of late for dealing with technical professionals who are a bit too good at doing their jobs for the wrong sorts of people...

Re:good luck with that

[Z00L00K]

And anyone that is going to transfer secret information will likely be using satellite links or steganography and similar techniques to transfer information between each other. Code words and stuff like that isn't new. "Buy eggs to Maria" may have it's straight meaning most days but on Fridays before 11AM it means that you should bring hand grenades to a certain location.

First!

Does this include systems running the drones invading their airspace?

Re:First!

[siddesu]

Only those that communicate through Pakistani ISPs.

Re:First!

[Dunbal]

The drones are probably controlled by satellite, which begs another question. Exactly what is stopping someone in Pakistan from talking to a satellite owned by a country other than Pakistan, over a VPN? Used to be expensive as fuck, I can't imagine it's very cheap nowadays, the bandwidth and latency suck, but I'm sure that Hughes is dying to sell you an account. And of course if you're engaged in nefarious, lucrative and very private business then what's a couple hundred bucks a month between friends?

Re:First!

[cavreader]

If they didn't want drones in their airspace they shouldn't have invited the US to the party with their unparalleled incompetence in suppressing the rebel elements in their midst. The groups committing terrorist attacks against their own people and foreigners have always had a very easy way to make both the soldiers and the drones disappear by temporarily suspending all of their violence for a period of 12-16 months. This means 0 attacks against civilians and military targets. If this was to happen in Afghanistan and Pakistan the US would jump at the opportunity to leave. After they get rid of the foreign militaries the extremist can get back to killing one another in peace without fear because there is absolutely no way the US or NATO would ever re-commit their forces after they leave. This same opportunity has also been available to Iraq as well. 12-16 months of no violence and they can be free of any outside interference. The extremist groups could use this time to re-arm and recruit more fighters so when the foreign interlopers leave they are ready to hit the ground running.

Re:First!

[Martin+Blank]

The convenient thing about the drones is the ease of putting them in play from carriers, small airfields, and neighboring countries and so are easy to sneak in and out. US drone strikes are suspected in many more places than just Pakistan and Afghanistan, including Yemen, Somalia, Libya, and Sudan, as well as possibly Colombia, Algeria, Morocco, and others. Many of them involve (technically) no military operations as they are carried out by the CIA.

US drones have reportedly been shot down by Iran and I think also Syria, so they're operating in many more countries than just those subject to airstrikes.

Re:First!

[cavreader]

The Pakistanis loudly criticize the drone operations but if they were really that upset it they could attempt to shoot down any drones in their airspace. The US would not retaliate with counter strikes against the Pakistani military attempting to shoot down the drones. The US would could also limit the number of drone operations by only being used for only critical operations that could not be accomplished by other means. Plus drones are a hell of a lot cheaper to replace than F-16's or other attack aircraft. The current vulnerabilities can also be addressed by modifying flight profiles. However, I am also sure that they are developing a new generation of drones with stealth capabilities similar to the F-22 or F-117 and it's possible they might have already deployed drones with stealth capabilities without people knowing, The helicopter that crashed during the Osama operation reveled stealth capabilities that nobody had ever seen before. Despite of all the US faults they are capable of maintaining secrecy some of the time. The F-117 took the world by surprise when they finally unveiled this aircraft that had been under development for nearly 20 years. Another non-stealth safeguard would include modifying attack profiles to limit the ability to identify them and eliminate loitering in an area looking for possible targets like they currently do. Another strategy for hiding drone activity would be compromise air defenses with jamming technology before a drone operation is launched.

Re:First!

[Martin+Blank]

I agree that that the Pakistani government is generally happier to have the drone strikes than not, though they have perhaps legitimately objected to those which have killed more civilians than militants. It also can make their lives harder in negotiating with tribes which are on the fence in terms of loyalties.

The stealth helicopter was surprising mostly because most people didn't think that a stealth helo even existed. The fact that it used certain materials and ducted fans isn't surprising once it's known to exist. The existence of a stealth fighter in the 1980s wasn't really a well-kept secret. What was well-kept was the shape. My parents saw it before it was publicized when they were out camping in the deserts of Southern California. A trio of planes passed not far overhead and only two of them looked familiar. When they told me about it, I got my books out and went through them. The chase planes were easy to identify as T-38s, but the other didn't look like anything I'd ever heard of. A few months later, my parents excitedly called me in from another room, pointing at the TV screen and say, "That's what we saw!" My best guess is that it was either doing a run out at the bomb ranges around China Lake or else was ferrying between Edwards and Nellis/Area-51 and the decision had been made to allow daylight flights a little before the public unveiling.

Reconnaissance drones with stealth capabilities are already in use, and that suggests that attack drones are also in use. Most people think of the Predator drones (still performing well and widely used with a payload of two Hellfire missiles), but also in use are the Grey Eagle (an upgraded Predator that can carry four Hellfires), and the Reaper (capable of carrying 14 Hellfires). Boeing has publicly rolled out the Phantom Ray for testing, but I would bet that Boeing and/or Lockheed have already provided stealth drones to the military. Even tougher to track is what the CIA buys because even more of its funding is black and it's almost impossible to guess what it's being used for. Jamming defenses isn't really viable because it lights up every scope with noise, announcing that an attack is occurring.

Of course, some of the strikes in Somalia were done with AC-130s, so drones aren't always the preferred means of attack.

Re:First!

[cavreader]

I saw a documentary on the F-117 project and it generated a surprising number of UFO sightings during testing. When the F-117 was used in the first Iraq war they had remarkable successes but the US Air Command wasn't even sure the stealth capabilities would be effective against a air defense system like they were facing. I'm sure the military tested the hell out of it but outside of computer simulations I seriously doubt they tested it against an air defense network as large and layered as the Iraqis had in place at the time. As a consequence they used other fighters to trigger and profile the Iraqi radar coverage prior to the F-117 attacks so they could exploit the small coverage gaps created where the multiple radar coverage spheres intersected with one another. You are correct in saying that taking out air defense radars prior to an attack usually just lets the intended target know where you are going to attack. The F-117 stealth systems helped alleviate this problem. A lot of people don't realize that the Iraqi air defense system used modern and top of the line Soviet, Chinese, and French hardware and was an extremely capable system. I imagine the Russian and Chinese military were a little irritated about how ineffective their hardware was against the capabilities displayed by the US.

Re:First!

[Martin+Blank]

Much of that was due to the Iraqi use of old Soviet doctrines which advocated certain rigid defensive procedures and absolute adherence to command and control centers. Only certain units were given the flexibility to go out on their own, and units cut off from C2 centers (either through loss of radio contact or by the C2 center itself being destroyed) were often lost as to how to respond. The strategy had worked well enough against Iran if you ignore Iran's superior numbers (often through the use of the Martyrs' Brigades), but the Soviets had started to get rid of it at least by the first couple of years in Afghanistan (if not earlier) where terrain and circumstances led to loss of contact with C2 on a regular basis and units had to be flexible.

Anyway, I'm not surprised that the F-117 was babied early on. I remember the talk of picking up incoming aircraft by watching for signals between cell towers to be interrupted. I don't know how that worked out, but it may be an early mechanism by which future attacks are monitored when everything is too stealthy for radar.

Re:First!

[cavreader]

I think in one of your previous post you mentioned the fuselage geometry of the F-117 was known by certain governments but the geometry is not the key characteristic in providing stealth capabilities. After WW2 the allies found German plans for a flying wing aircraft that looked very similar to the B2 geometry. Of course the development of that design never happened because of the German defeat but the basic radar geometry has been around for a while. To provide the stealth characteristics required the technology to reduce the thermal signature by using specialized jet exhaust designs, composite materials, and the specialized paint capable of absorbing the radar hits that the geometry alone couldn't deflect. One thing that puzzles me is that there has been no mention of anyone developing a method to thwart the stealth capabilities. Usually weaknesses in most weapon systems are eventually found and exploited to provide effective counter measures. Sorry for rambling on but I find this topic very interesting.

Re:First!

[Martin+Blank]

The flying wing technology was recognized in the US as stealthy to early radar, too, but despite a lot of money poured into it by Jack Northrop, it also proved to be unstable and difficult to fly with the technology of that era. It wasn't until flight computers caught up and a lot of Reagan-era build-up money became available that the B-2 became viable.

Kelly Johnson mentioned at one point that he would have loved to come up with a stealth design as sleek and cool as the F-19 concept that had been around in models for a few years, but the math for those kinds of curved surfaces is exceptionally difficult and beyond the computers of the time. The facets of the F-117 are useful to ensure that the radar signal goes elsewhere, and radar-absorbent paint helps to reduce the reflection. Even the frame around the canopy is angled to reduce direct reflections. When dropping bombs, the bay door opens, the weapon is ejected, and the door closes, all fairly quickly. S-shaped intakes remove the engine fans from the reflection problem, and diffusers reduce the heat signature. The thing is tiny, too, as fighters go, or at least appears to be. I saw it at a post-Desert Storm air show at March AFB (where it was surrounded by armed personnel who prevented anyone from getting closer than about 20 feet from it). While the length and width are about the same as an F-15 (which was also nearby), it is vertically much shorter.

They were effective for their day, but that just makes one wonder what has replaced them. It may be that the shoot-down over Yugoslavia was more effective than realized, and once word of it got around, they weren't safe anymore. I imagine a day when we'll be looking for not the planes, but the ripples they leave in the air.

Re:First!

[cavreader]

I am aware of the earlier attempts to create a flying wing design but since then the advances in computer and fly by wire technology was responsible for it's re-emergence. Even the F-117 was very difficult if not impossible to be flown manually and relied heavily on fly by wire systems just to maintain a stable flight. The B2 also relies on fly by wire to keep those planes in the air. I suspect in the very near future just about all combat aircraft will not require a pilot just like the current drone systems.

Question

How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?

Re:Question

[Chris+Burke]

How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?

By checking the "encrypted" bit in the TCP/IP packet header. It's right next to the "evil" bit.

Re:Question

[spazdor]

By checking the "encrypted" bit in the TCP/IP packet header. It's right next to the "evil" bit.

I say, that's an ingenious bit of protocol design! In other news, the Entscheidungsproblem has been solved. Turns out you just check for the "__does_program_halt__" flag that's present in all ELF binaries.

Re:Question

[anomaly256]

'Shannon Entropy'. Although, it is hard to distinguish encrypted data from merely compressed data this way iirc

Re:Question

[ewanm89]

please distinguish a truly random one time truly pad (XOR stream encryption) with just the data from the random number generator alone.

Re:Question

[spazdor]

It's also trivially easy to add as much redundant data (or, "chaff") as you like to an encrypted stream in order to make its entropy as low as you like.

Re:Question

Whooooooosh

Re:Question

[MightyYar]

Well, you wouldn't be sending random data over the interwebs, now would you? :)

Re:Question

[lgw]

Adding obvious padding doesn't really hide much.

It turns out steganography is hard, once people start looking for it specifically. Staying under the radar, so the ogvernment never thinks to check your traffic for embedded messages, is more of a social engineering excercise, but if for some reason a government takes a keen interest in you, they'll probably be able to detect steganography.

Re:Question

[anomaly256]

I never said *I* could do it. But information theory states they will have measureably and distinguishingly different entropies. Someone somewhere has a mathematical proof for it...

Re:Question

[Fnord666]

Turns out you just check for the "__does_program_halt__" flag that's present in all ELF binaries.

I wondered why that bit was marked "possibly reserved for future use" in the spec.

Re:Question

[betterunixthanunix]

How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?

Theoretically, you should not be able to distinguish encrypted bits from random data. Unfortunately, people almost never send megabytes of uniformly random bits to each other, and I doubt that the Pakistani courts are going to believe your claim that you were doing such a thing. You might claim that you were sending compressed data (which may also appear to be random), but then the courts are going to ask you how it was compressed, so that they can decompress it -- and when you tell them "LZMA" and they get random bits, they are going to throw you in prison.

Re:Question

[Fnord666]

please distinguish a truly random one time truly pad (XOR stream encryption) with just the data from the random number generator alone.

Please distinguish your one time pad encrypted stream with a one that the state makes say whatever I want it to by producing an alternate key stream. The state may be less interested in what your message says than in making a shining example of you for others.

Re:Question

[betterunixthanunix]

Yes, I am sure that would go over real well:

Government: "What are you doing sending this encrypted data?!"
Citizen: "Encrypted?! That's just random bits that I was sending to my friend in America!"
Government: "Oh, never mind then. It's not like we have any reason to think that you would not be sending random bits to someone in America!"

Re:Question

[spazdor]

Who says padding has to be obvious? You're absolutely right; hiding your crypto from human inspection is harder than hiding it from any given watchdog algorithm. The comment above me was referring to Shannon entropy, which I presume was meant as a form of wide-deployment, automated snooping. You can dodge "entropy" by just adding huge blocks of zeroes to your data stream; but I'd never suggest actually doing that. Better chaff would be, say, the output of some conversational AIs, Viagra ads, paragraphs of Hemingway, or whatever kind of human-readable content might plausibly be emanating from the server in question.

Re:Question

[spazdor]

You need to put your encrypted data somewhere that it's actually plausible for randomness to arise in your messages.
Send a copy of the Quran unencrypted, but issue a 'retransmit' after every nth packet, where n is your encrypted data stream.

"I don't know why these packets got retransmitted and others didn't! I was using wifi! packet loss!" No one's gonna ask you why that distribution looks random - it's supposed to.

Re:Question

[v1]

yup. The whole point of stenography is to hide the fact that you're hiding something in the first place. Most stenography methods are very poor at actually preventing the data from being confirmed as present (or even being collected) once discovered.

But I suppose steno'ing your encrypted data would be a worthwhile endeavor. Lower the odds of them realizing you're hiding something, and then if they discover you're hiding something, make that something difficult to figure out.

Re:Question

[Electricity+Likes+Me]

This does fall into the xkcd encryption scenario trap though. Pakistan is doing this because they really don't *need* any particularly compelling reason to get rid of you if they decide they don't like you.

All these information hiding exercises fail once you don't have to deal with rational actors making accusations anymore.

Re:Question

[mlts]

Easy... when in doubt and can't be parsed, it is encrypted. The accused have to prove it is not encryption, as opposed to the other way around.

Re:Question

[Majik+Sheff]

Actually, if I want to dodge traffic analysis that's exactly what I would do to pad the dead time between legitimate packets.

Re:Question

[Sulphur]

By checking the "encrypted" bit in the TCP/IP packet header. It's right next to the "evil" bit.

I say, that's an ingenious bit of protocol design! In other news, the Entscheidungsproblem has been solved. Turns out you just check for the "__does_program_halt__" flag that's present in all ELF binaries.

Right next to the bit much.

Re:Question

[blueg3]

As long as __does_program_halt__ has 3 states (true, false, unknown), that's pretty reasonable, though useless.

Re:Question

[MightyYar]

Exactly! If the Pakistani Secret Internet Police see someone sending "random" data, then they probably have a pretty good candidate for a door knockdown.

Re:Question

[Majik+Sheff]

DING! Rubber hose decryption is quick and effective in almost every case. This law is not about providing a technical means to stop encryption. Its purpose is to turn the targeted users into criminals. Much like the DMCA in the US.

Re:Question

[xrayspx]

The point of stenography is to write very fast in abbreviated form, using a set of glyphs that enable you to write very quickly in terrible chicken scratch that no one other than a trained secretary can read and which drives mortals straight past drink to heroin, also called shorthand. Stenograhpy also refers to typing quickly on a special keyboard, in order to capture as much spoken dialog as possible in-line. Often seen in courtrooms.

The point of steganography is to obscure data within other innocuous data. This is where you hide your secret missile codes in photos of cats you post on Flickr.

Re:Question

[RobbieThe1st]

So make is parsable! Just use the LSB's of a bunch of camera images. Now, anyone looking at it will see exactly what you want them to. The last bits may be random, but... isn't that sort of what you get from cameras anyway?

Re:Question

[mlts]

You hit upon an idea... I wonder about just hiding packets in outgoing/incoming spam SMTP messages. If it is just the usual spam with random words permuted to get by filters, a censor will just shrug it off.

Re:Question

Can't be sure whether to mod this as funny or insightful!

Re:Question

[plover]

You mean like this? http://www.spammimic.com/index.shtml

Dear Business person , We know you are interested in
receiving cutting-edge information . This is a one
time mailing there is no need to request removal if
you won't want any more ! This mail is being sent in
compliance with Senate bill 2516 , Title 6 ; Section
307 . This is different than anything else you've seen
. Why work for somebody else when you can become rich
in 55 MONTHS ! Have you ever noticed society seems
to be moving faster and faster and society seems to
be moving faster and faster . Well, now is your chance
to capitalize on this ! WE will help YOU turn your
business into an E-BUSINESS plus deliver goods right
to the customer's doorstep ! The best thing about our
system is that it is absolutely risk free for you !
But don't believe us . Mrs Simpson of Maryland tried
us and says "I was skeptical but it worked for me"
. We assure you that we operate within all applicable
laws ! We implore you - act now ! Sign up a friend
and you get half off . Thanks .

Re:Question

Mod it +9999999 random.

Re:Question

[cheaphomemadeacid]

People, Telecomms Are Most Useless at Seurity This Doesn't even work in IE . bonus points to the ones that get it ;P

Re:Question

[Z00L00K]

And if you have the same random generator on both sides and have them in sync then you can send small twitter texts or timestamp ticks at irregular intervals all in clear and only the synchronized nodes are able to create a message out of it. To all other nodes it's just junk.

Not very efficient when it comes to bandwidth but very hard to figure out what's going on.

Re:Question

[catmistake]

How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?

I was thinking the same thing. Also... I wonder... you'd think by now the encryption nerds would have come up with an encryption that doesn't look like encryption: an undetectable encryption.

Re:Question

[ewanm89]

no, that only works with a pseudo random number generator. Not a true random number generator.

Re:Question

[ewanm89]

yes and no, no predictably different it will be within the variance of the random number generator, XOR stream encryption with a truly random pad is provably secure and this is one of the reasons.

Re:Question

[ewanm89]

yes, you could construct a pad to get any message you want out of it easy enough.

Re:Question

[hawkinspeter]

How about sending a whole load of spam emails, but altering the specific words and word-order in order to convey a message?

I bet no-one is looking through spam emails and analysing it for steganography.

Re:Question

[GameboyRMH]

True. I have a similar application that does something like this, using the pseudo-RNG in Python. It's still seeded with a very complicated and salted seed value, but one that's reproducible as long as you know the seed generator algorithm, salt value and date.

So basically any two computers with a copy of this script will know what this secret value is on any given day, without being connected to each other in any way.

Re:Question

[GameboyRMH]

That's a form of steganography, which of course, is horribly inefficient.

Also it would be pretty obvious and not plausibly deniable. It's like this:

Normal conversation:

Bob: The quick brown fox jumps over the lazy dog.
Dave: the lazy what?
Bob: Dog.
Dave: Oh, I understand.

Using your technique.

Bob: The quick brown fox jumps over the lazy dog.
Dave: the lazy what?
Bob: #@23dfx!;
Dave: Oh, I understand.

A better way to do it would be like this (maybe this is what you meant but you misspoke):

Bob: The quick brown fox jumps over the lazy #@23dfx!;.
Dave: the lazy what?
Bob: Dog.
Dave: Oh, I understand.

That could actually work.

Re:Question

[GameboyRMH]

There's steganography, which is horribly inefficient since you have to basically send your small bit of encrypted data along with a huge mass of what is essentially padding, and deniable encryption (looks like random data), which in most use cases isn't so easily deniable since people don't normally send random data to each other (it's useful for delivering large amounts of encrypted data via sneakernet on apparently normal storage media though).

Re:Question

[Z00L00K]

That's true, but most random generators are pseudo random generators.

Re:Question

[Chris+Burke]

This is where you hide your secret missile codes in photos of cats you post on Flickr.

Or vice-versa.

Re:Question

[spazdor]

You misunderstand.

but issue a 'retransmit' after every nth packet, where n is your encrypted data stream.

So it's like:
Bob: The quick brown fox jumps over the lazy d%g. (The corrupted character is the 42nd character in this message.)
Dave: the lazy what?
Bob: Dog.
Dave: Oh, I understand. (That was the 42nd character he just repaired! I'll append a "42" to my ciphertext now.)

Re:Question

[GameboyRMH]

I assume you'd use some kind of pre-shared key so that the two systems can know which errors are encrypted data and which are just errors. Otherwise you'd get legitimate errors mixed in with your encrypted data.

Re:Question

[GameboyRMH]

Whoa nice. Check out the password function too.

Re:Question

[director_mr]

You can actually fit a lot more info in if you make some noise in the photo. You can take a photo, add artificial noise that is actually data you are trying to send and embed that in the photo. Looks like a poorly taken photo, but the info goes just fine.

Re:Question

The crypto layer would have to employ some kind of error-checking and recovery of its own, definitely.

awesome

[dgas]

I'm sure this will totally work out for the government without any blowback or unintended consequences...

Re:awesome

Of course there won't be any blowback or unintended consequence, it's Pakistan.

Re:awesome

[royallthefourth]

There won't be any blowback because Pakistan is a desperately poor country and people are generally without electricity to begin with, so rules about the internet aren't much concern.

Re:awesome

[smash]

Desperately poor? They're only 40bn in debt, which pales in comparison to the USA.

Re:awesome

[HornWumpus]

When you owe the IMF 40bn you have a problem.

When you owe everybody fool enough to loan you money 15 trillion dollars all the fools have a problem.

Do you know what happens when not enough suckers want to buy treasuries? The fed buys them and uses the magic of fractional reserve banking to raise the money supply by ten times (value pulled from dark place) the value of the paper.

Who the fuck knows what the governments real credit rating is? Treasury rates are not set in any market, they are set in meetings. We are fucked, but not as fucked as the euros.

Re:awesome

[laird]

There will be (I hope) a push by Pakistani companies against this insane law because it makes it impossible for any Pakistani people or companies to do any work with any company outside Pakistan. It's unimaginable that any company would blow a hole in their security just to satisfy Pakistan's insecurity, so if they actually enforce this law all it will do is force everyone to shift their business from Pakistan to some other country.

Yes, their economy is in terrible shape. But IMO that means that they really cannot afford to destroy what little industry they do have doing business internationally.

And if that doesn't work, the embarassment of having written a law that forces businesses to work with (for example) India instead of Pakistan will (IMO) do the trick.

Re:awesome

[orangebox]

Recall an article from last year labeling Pakistan as one of the cheapest (and best) outsourcing country for IT jobs. I sure wouldn't want them into my network without VPN or encryption of sort. Good by jobs.

Re:awesome

Rules about the Internet are a concern exactly for a desperately poor country, at least if it wants to have even the slightest hope of becoming less desperately poor. No business will go to a country where it cannot encrypt the internal communication.

Re:awesome

[darekgla]

I stay in the UK and I would love to disagree with you...but being honest with myself, I just simply cannot.However, the real numbers may not be as important as it seems, and imho, it does not matter who ( whether the EU or the US ) is deeper in $hit since we both are :) . I am afraid, 'the hard reset' will have to come anyway...

Re:awesome

[b0bby]

Desperately poor? They're only 40bn in debt, which pales in comparison to the USA.

As a % of GDP, they're actually quite close in terms of debt - 49% vs 58% for the US (US is closer to (90% by some measures).

For an interesting comparison of debt ratios, see:
http://www.usnews.com/news/articles/2011/01/28/the-10-countries-with-the-most-debt

ad-hoc http encryption?

[LWolenczak]

Well.... sounds like we need an adaptive add-on to the HTTP protocol for ad-hoc encryption.

Re:ad-hoc http encryption?

[h4rr4r]

Why?
If you need encryption over http that is called https. The real question might be why you want it over http at all.

Kids these days seem to think that is the only protocol that exists.

Re:ad-hoc http encryption?

[rubycodez]

the normal port for http isn't blocked, and one can run any protocol one wants, plenty of better ones than ssl.

Re:ad-hoc http encryption?

[h4rr4r]

Which has nothing to do with what the GP said as far as I can tell. You can run anything you want over port 80.

Re:ad-hoc http encryption?

Sigh...um because the government BANNED encrypted protocols. RTFA

Re:ad-hoc http encryption?

[spazdor]

Because there are only two possible ways the government could possibly be "banning encryption":

1) with an accept-by-default policy, blacklisting all 'known' protocols for transferring encrypted data (of which SSL is one), or
2) with a deny-by-default policy, whitelisting all 'known' cleartext protocols.

In either case, SSL traffic won't make the cut. With 1), the workaround is super-easy because they can't possibly have an exhaustive description of all encrypted protocols, and it's trivial to devise a new one that lacks whatever features the blacklist is looking for. With 2), the bypass is only very easy because you have to encapsulate an encrypted stream inside a protocol which is "known" as a cleartext one - HTTP being the best candidate because it's among the protocols least likely to get blocked outright.

Re:ad-hoc http encryption?

[Jonner]

Well.... sounds like we need an adaptive add-on to the HTTP protocol for ad-hoc encryption.

Or you could just HTTPS sites, whether they have self-signed certs or not. Banning VPNs without banning HTTPS is pointless. Or, maybe they're sneakier than we think and they're already monitoring all HTTPS connections by poisoning DNS and other techniques.

Re:ad-hoc http encryption?

[plover]

You're missing way #3, which is likely to be the real implementation:

Simply tell the population that you've banned encryption, and when you arrest someone for any reason you check their browser caches, their email, their hard drives, looking for PGP, SSL, certificates with private keys, scrambled files, etc. For each one of the above that the police find, you add 10 [ lashes | cane strokes | stones | genital kicks | innocent relatives punished ] to their sentence. Carry out the punishment in the central square, with all national television cameras broadcasting live. Repeat for the next month or two. Ordinary citizens will scramble to comply. Now, start looking for any traffic on port 443, and there are your "criminals".

You don't need a technical solution when a psychological solution does your job for you.

Re:ad-hoc http encryption?

[spazdor]

I'd envision the "real criminals" are almost certainly gonna be the early adopters of non-port-443, obfuscated, encapsulated-in-cleartext-protocols tunneling tools, aren't they? After a couple of months the only people left on port 443 will probably be botnet clients running on people not savvy enough to monitor their own machine's traffic.

Re:ad-hoc http encryption?

[catmistake]

Pakistan is not clever. If they were clever, they would not have outlawed encryption. They would have created a state run CA and outlawed all other CA's requiring everyone in Pakistan to use Pakistan's certificates.

Re:ad-hoc http encryption?

[GameboyRMH]

Pfft who needs to do that. Just buy some unauthorized certs like Iran did, but don't let the news leak this time.

Re:ad-hoc http encryption?

I imagine they'd do #1. Further, finding encryption is trivial, even if setting up a foolproof automated block of it is impossible. They'd still be criminals. Do you want to send your illegal packets out over an infrastructure you know they are monitoring, hoping for incompetence to protect you from years in a Pakistani jail?

Dear Pakistan

[Dunbal]

Save yourselves some money and some bother, and just disconnect yourselves from the internet! That way you'll be Safe (tm).

This has just prevented pretty much anyone who works for a Fortune 500 company from doing anything in Pakistan on company laptops. I dunno, maybe that's a good thing? I can imagine that now more than one "elected official" will point to Pakistan as a shining example to follow (just like what happened earlier with RIM and the Blackberry in India and Saudi Arabia and later everywhere) and VPNs will no longer be allowed because of course they could be the tools of terrorists. Damn, why did I have to wake up in this parallel universe 10 years ago.

Re:Dear Pakistan

[h4rr4r]

Try Fortune $infinity. The company I work for is no where near Fortune 500 or even 5000 and we still could not have anyone work from Pakistan now.

Re:Dear Pakistan

[Anne_Nonymous]

Iway avehay evelopedday away ormfay ofway encryptionway
unbreakableway ybay Islamicway Undamentalistfay overnmentsgay.

Re:Dear Pakistan

[Kjella]

Oh, I can predict where this is going since I work for a consulting company and we have to work on client computers where we don't always have VPN. The answer is HTTPS, unless they want to block all HTTPS traffic as well. Oh yeah, and I assume you can't SSH to or from any Pakistan boxes anymore? That'll work so great for servers, I'd start making my migration plan now...

Re:Dear Pakistan

C'mon, be a bit nicer. The only difference between the US and Pakistan, is that RSA and other such companies are based out of the US and we probably have the NSA intercepting everything they ever want to.

Remember Google's ex. CEO Schmidt saying (on national TV no less) "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place"

Remember Echelon ?

We just act like we have privacy - Pakistanis know they dont.

http://arstechnica.com/tech-policy/news/2009/06/fbi-compounds-mystery-with-secret-justification-of-gag-order.ars
http://www.eff.org/nsa/faq
http://en.wikipedia.org/wiki/Echelon_(signals_intelligence)#Capabilities

Re:Dear Pakistan

[RobbieThe1st]

But there's a difference between the NSA knowing what I'm doing, and a mafia(or mafiaa) member knowing it.
Do we really care if the NSA has access to a company's list of CC#'s? No, not really. But in the hands of someone who makes a living selling stolen CC#'s... yeah.

Re:Dear Pakistan

[mehrotra.akash]

Just FYI, Blackberry still hasnt been blocked or the encryption removed in India..

Pakistan doing this may prompt India to ban encryption of all kinds though -- they have already been trying to do so

Re:Dear Pakistan

Oh don't worry, big companies will probably be exempt from all this because of, you know, money.

Re:Dear Pakistan

[Issarlk]

Now we just need China, India, Korean, etc... to all ban encryption and all the jobs will come back to the old first world countries. *crosses fingers*

Re:Dear Pakistan

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place"

Let's hope for him that being a dick never gets outlawed.

Re:Dear Pakistan

[silentcoder]

The article does say (yes, I read it, guess I'm new here) - that people who need VPNs for business use will be able to get a license to run them.

You'll just need to make a case for why you use it. Of course, the moment licenses exist - you open the door for the people you are supposedly targeting to bribe an official to get one - which means that you won't catch them at all now - after all, their encrypted traffic was expected and approved upfront !

Basically... this is an exercise in quantum stupidity.

Re:Dear Pakistan

Exactly. I work for a small software engineering outfit and we wouldn't be able to work there either. We require full disk encryption, VPN to use source repositories, and 2 factor authentication. It's common for any software engineering company.

Re:Dear Pakistan

[ZombieBraintrust]

CIA has plenty of money for bribes too. So does China and India.

Re:Dear Pakistan

[silentcoder]

I assume you accidentally hit "submit" before you got to your point ?

Telnet

[detritus.]

Hopefully this is the end of SSH as we know it in Pakistan. Re enable telnet on all those routers and servers, like it's 1996!

Re:Telnet

Looks like it's time for a lot of one-time passwords and weirdly named command aliases.

Re:Telnet

[yup2000]

...and then.... tunnel ssh through the unencrypted link! genus!

Re:Telnet

But my all my telnets are kerberized you insensitive clod!

If you have nothing to hide. Nah

[alexander_686]

I use VPN and encrypted connections almost daily and I don't work for a criminale enterprise [unless you consider corporate America a criminal enterprise – but that is a different question.]. Do you really want your personal and private data exposed as I deal with the outside world?

Or there is just the simpler question of personal privacy. If you have reasonable suspicion, get a warrant. [And yes I know that the Pakistan court system is not very independent – but I am stating a principal here. And yes, I know encryption makes life harder for the cops – but I would rather have the cops work a little harder than sacrifice privacy.]

Re:If you have nothing to hide. Nah

[h4rr4r]

Don't reply to obvious trolls.

Re:If you have nothing to hide. Nah

[mlts]

With me, encryption isn't for the cops (any decent police force has a crapload of methods to obtain data, up to and including the old fashioned rubber hose). It is to lock out intruders, potential hacks, people who would maliciously alter data in flight, and people who are collecting information they have no right to. This is why I use a VPN service.

For example, when using a Wi-Fi network, it isn't uncommon for some WISPs to intercept the data stream to do ads, log all DNS requests and URLs transferred for data mining purposes, or even insert a Web frame in a HTTP stream with their crap on it. Firing up a VPN (TLS based or PPTP) keeps them out of my business. Same with some ISPs. Why should I allow an ISP to make cash from my Web browsing from a Phorm like server, unless I get a discount on my service? Then there are attacks like FireSheep (although that specific one is mitigated by a constant SSL connection).

Having a VPN is just the same thing as locking and arming a car alarm, or throwing a deadbolt before going to sleep. It is to keep thieves at bay.

HTTPS?

I wonder if this will include HTTPS traffic as well. I sure hope so!

use ssh port forwarding

[aglider]

Or, better, gnugp with email.

Re:use ssh port forwarding

[h4rr4r]

How would that be better?
I can tunnel anything via ssh, email restricts you to asynchronous communication.

Re:use ssh port forwarding

Do you understand what a law is? It's a statement that unless you comply, the government will send armed goons to put your ass in jail, or maybe just shoot you if you make the ass-putting too difficult.

So when there's a law against encryption, which also provides for 100% monitoring of all traffic, and your answer is "let's make obviously encrypted TCP connections, or better yet send obviously encrypted emails!", it leaves me wondering... why the hell do you want to go to jail so bad?

Re:use ssh port forwarding

[HornWumpus]

Anybody know of any mailing lists or auto-responders in Pakistan?

Preferably those of major political candidates and/or the government.

The alternative is that someone has to bother 'owning' boxes in the HQ of paki political parties etc.

Ether way, anon et al should be able to drown their proxies in a sea of lightly encrypted CP and goat.se from the relative safety of their mom's basement.

Re:use ssh port forwarding

[aglider]

Well, I think I have some level of understanding.
Thay ban encrypted VPN, whothout knopwing what a VPN, encryption and telecommunication is.
SSH port forwarding is not VPN but supports encryption.
Email is not VPN but can use encryption for message perusal (like HTTPS and IMAPS in GMail).
GnuPG can do encryption but is not VPN.
And then you can still embed information in almost any data traffic.
Will they arrest all those arses?

And the rest?

[Lieutenant_Dan]

What about digital signatures?

eCommerce using SSL?

Password-protected files?

OS passwords?

Re:And the rest?

[Co0Ps]

You're assuming politicians in general have a clue about anything remotely technical. And this is Pakistan. Because the Netscape developers called the state mechanism in HTTP "cookies", politicians thought they understood what "cookies" did and began to regulate them.

Also, as usual most people here in Slashdot will start to brainstorm technical solutions and rage over the fact that society hasn't reached their cryptographic utopia yet where people memorize 2048 bit RSA key pairs and all centralized information technology has been replaced with distributed p2p counterparts. When your government wants to spy on you, you have a social problem - not a technical one.

Re:And the rest?

[Bucky24]

OS passwords and password protected files aren't communicated over the internet generally, at least not in their encrypted hash form.

eCommerce using SSL might be out of luck though.

Re:And the rest?

Well, those are all examples of encryption, so - yeah.

The Pakistani government is in an unenviable position. On the one hand, I'm sure they'd like to have an internet-enabled economy. But on the other hand, if they fail to detect Osama bin Laden hiding in their midst, they get no end of belligerent flak from pompous Americans who say "they must have known about him". Trying to walk a fine line, with economic oblivion on one side and military obliteration on the other, it's fairly natural that when they stumble, they prefer to trample on the rights of businesses and individuals rather than risk pissing off the CIA.

Re:And the rest?

Shit, they'll need a new distro. Damn Unsecure Linux?

Re:And the rest?

You could still sign your conversation with crypto, you just couldn't encrypt the conversation.http://yro.slashdot.org/story/11/08/30/2228214/Pakistan-Bans-Encryption#

Re:And the rest?

What about digital signatures? OS passwords?

Not encryption, moot point.

Password-protected files? eCommerce using SSL?

Death to the Infidel!

Re:And the rest?

What about digital signatures? : Doesn't work without encryption. Banned.

eCommerce using SSL? : SSL is a form of encryption. Banned.

Password-protected files? : Totally ok! Just don't encrypt the passwords or else Banned.

OS passwords? : Totally fine! Just don't encrypt them when transmitting them over a network.

Re:And the rest?

[gl4ss]

what about flood hit regions?

pakistan is a backwater of the world for most parts.

anyhow, I reckon you can use vpn if you provide the government with a tap - of course that makes it impractical for anyone, you have to do some bribing to get to provide that tap(or the officials could be flooded easily), which is the point. the goverment there is medieval and has no power over most of the country anyways and is desperate to make the appearance that they do have power over the people. internet banking isn't a problem when you don't have that for most of the populace(they do have advanced regions though).

Re:And the rest?

You forgot ipv6 which requires ipsec. Since IPv4 is already alright out of addresses, i think Pakistan just pulled a HP.

Re:And the rest?

Their government knows those already.

Re:And the rest?

[GameboyRMH]

Yeah but social fixes are difficult to impossible while technical fixes are generally not that hard. So if you can work around a social problem with a technical solution, go for it!

Also you should use 4096 bit RSA key pairs, it's not the default but you can generate them with OpenSSL. And of course, generate them with a passphrase.

Re:And the rest?

[GameboyRMH]

Bin Laden was living in a mansion within sight of a military academy and other terrorists targeted for raids would conveniently skip town once Pakistani authorities were notified. So it's fair to assume at least somebody in Pakistan's government knew he was there. The question is whether this was the government's unofficial policy on the matter or just one guy spying for Al Quaeda.

Re:And the rest?

[bill_mcgonigle]

So it's fair to assume at least somebody in Pakistan's government knew he was there

And it's not unreasonable to assume that they were keeping him for 'us'.

Re:And the rest?

[GameboyRMH]

But then what were they waiting for, and why alert the other terrorists?

Re:And the rest?

[bill_mcgonigle]

But then what were they waiting for, and why alert the other terrorists?

I dunno, a presidential campaign to kick off? It's all idle speculation anyway - the American People have seen absolutely no evidence that the body dumped into the Indian Ocean was UBL anyway.

Even rot13?

Awww crap... now I'm really screwed.

WAIT A MINUTE!

Maybe I can apply for a special permit for rot26!

Re:Even rot13?

I tried using rot26, but it gives me an index out of bounds error. Fortunately, rot0 seems to work just as well.

Re:Even rot13?

[gknoy]

Sounds like a poorly implemented rot26 implementation, then. :)

Re:Even rot13?

[suso]

Nobody is using rot13 or rot26 anymore. You should be using rot533.

Re:Even rot13?

[oobayly]

Amateur, don't you realise that susceptible to brute force. Triple-ROT533 is the accepted standard

Re:Even rot13?

[GameboyRMH]

If you're really paranoid you can use quad-ROT533 with double bit inversion, but that's overkill.

rethink what you've said

[keeptruthfree]

if you're not doing anything wrong
why not let the government put up cameras in your home

you're not doing anything wrong in the bathroom at home
so why can't the local police have a camera in there?

it's for your safety, it keeps us all safe

are you retarded?

Re:rethink what you've said

Obvious troll is obvious.

Re:rethink what you've said

While it might be a bit far-fetch anyway, I wouldn't have any problem if the government had to install cameras in private apartments, including the bathroom. In fact, if it would help them to catch terrorists and child abusers, I'd be more than happy to help them.

Look, I don't know what it is you're doing in your bathroom that the government shouldn't know about, but I suggest you to reflect on what you're doing. I don't masturbate, I don't need to because I have a wonderful wife. But even if I would masturbate, I would do it in bed under the blanket (wearing a condom) and certainly not in the bathroom. And apart from that, I don't think there is anything wrong with having a camera in the bathroom, as long as the images are kept securely stored in a government protected place and only reviewed by law-enforcement experts (who, BTW, have better things to do than investigating your "personal affairs", if you get what I mean)

Do you want terrorists or child abusers to have a personal safe heaven in their apartment? A place where they can do what they want? Perhaps you are the retarded, because you didn't really think this through!

I spoke too soon

[spazdor]

It exists. Obviously.

Re:I spoke too soon

[MightyYar]

And don't forget ye olde Tunnel Over DNS!

Re:I spoke too soon

I was hoping for a Rule 34 link. ICMP tunnelling porn. Hot backdoor packet action. Privates networking.

Re:I spoke too soon

[Ihmhi]

Is it wrong that I find this kind of stuff arousing?

"Baby, I'm gonna SSH into your VPN with my DNS Tunnel until we time out."

Re:I spoke too soon

[RobbieThe1st]

Yes.

(But it's funny anyway).

OpenVPN, pure TLS

Take that, technologically-illiterate religious fundamentalists.

An OpenVPN connection is indistinguishable from any other TLS stream.

An OpenVPN daemon can be set to listen on 443, intercepting all VPN traffic and handling it accordingly, passing that which it can't decrypt onto the webserver for further handling.

Short of some impressive statistical analysis I have yet to see in the wild, there is no way to block OpenVPN without blocking every single TLS connection, nor is there any way to determine that TLS traffic flowing to a webserver offering HTTPS services contains OpenVPN mixed in as well.

Re:OpenVPN, pure TLS

[spazdor]

no way to block OpenVPN without blocking every single TLS connection

Um, I got the impression from the article that that's exactly what they're doing.

Re:OpenVPN, pure TLS

I would declare BS on this one. Why?

I've noticed traffic on port 443 for long periods of time between two hosts on a network I used to run. I then looked at one machine (a work desktop), and then looked at the IP where it was going, which turned out to be a VPN process.

A scan of his workstation via a remote command line, a quick SSH into a switch and a disabled port later, I had someone in my office explaining to his boss, a HR representative, and me why he was running P2P communication on a corporate machine.

If I can catch someone running traffic via TLS just because of the connection length, and I'm just a basic IT person, then the ISI can do the exact same thing with far better manpower, intelligence, equipment, and firepower than I will ever see in my life.

Re:OpenVPN, pure TLS

[julesh]

no way to block OpenVPN without blocking every single TLS connection

Um, I got the impression from the article that that's exactly what they're doing.

This article seems a little clearer: it appears to only be VPNs that are to blocked. And it doesn't sound like (as some are assuming) it will become illegal to use them, just a requirement is being placed on ISPs to take steps to block them. So, yeah, VPNs that produce traffic that is hard to distinguish from regular encrypted traffic will be the way forward.

Silly

LoseThos has compression. http://www.losethos.com/code/Compress.html

10 i = i + 1

15 IF i > 99999 THEN i = 0

20 IF LEN(INKEY$) = 0 THEN PRINT ".";: GOTO 10

30 PRINT "King James Bible, Line:", i

God says...
Let us pass, I pray thee, through thy country: we will not pass
through the fields, or through the vineyards, neither will we drink of
the water of the wells: we will go by the king's high way, we will not
turn to the right hand nor to the left, until we have passed thy
borders.

20:18 And Edom said unto him, Thou shalt not pass by me, lest I come
out against thee with the sword.

20:19 And the children of Israel said unto him, We will go by the high
way: and if I and my cattle drink of thy water, then I will pay for
it: I will only, without doing anything else, go through on my feet.

wow

HAHAHAHAHAHA... OMFG.

no more shopping in pakistan for me

[sneakyimp]

Rats. I was planning to make a huge purchase of textiles and smuggled afghan opium from PakistanMallOnline.com with my credit card. Now, since it won't be encrypted, I cannot. Guess I'll have to buy from IndiaMallOnline instead.

Re:no more shopping in pakistan for me

[RyanCheeseman]

I actually just tried to go to PakistanMallOnline.com ...... i was hoping for some "textiles" ;-D

Re:no more shopping in pakistan for me

Just be careful with your blackberry device.

Re:no more shopping in pakistan for me

[sunbird]

Not so fast. Recall that India has implemented a similar regulation. Remember the whole dispute with RIM a while back? From the linked article:

the ISP license also bans internet providers from deploying 'bulk encryption' and further restricts the level of encryption for individuals, groups or organisations to a key length of only 40 bits in symmetric key algorithms or equivalents. Such weak encryption is easily broken, highly insecure and not suitable for e-commerce or any other sensitive applications. For the use of encryption equipment stronger than 40 bits, individuals, groups or organisations are required to obtain prior written permission and to deposit the decryption key, split into two parts, with the Department of Telecommunications.

Re:no more shopping in pakistan for me

[darekgla]

but india-mallonline exists :D

Re:no more shopping in pakistan for me

[sneakyimp]

Darn it. Forgot about that. I supposed I'll have to rely on UzbekistanMallOnline.com then.

Asia is the leader in the common people

Based on current trends, Australia and Britain will be the next to ban encryption, and then the United States will soon follow. Of course this ban will NOT include politicians, celebrities or the executives of large corporations.

Everybody else will have to submit to a virtual urine sample every time they use the Internet.

Re:Asia is the leader in the common people

[jonwil]

As an Aussie, I can tell you that trying to ban encryption would be political suicide for the current government.

In the US, it would probably result in a supreme court challenge on constitutional grounds.

As for Pakistan, can someone remind me why we support these idiots? Oh yeah, because we need Pakistan to get to Afghanistan and because Pakistan has an unstable government, fundamentalist islamic groups that would LOVE to be running the country and (unlike Iran) functioning nukes that could probably hit targets in countries like India or Israel if the bad guys wanted to use em.

Re:Asia is the leader in the common people

[Shikaku]

There are fortune 500 companies that rely on VPN, not even including the US military. They wouldn't even consider it.

Re:Asia is the leader in the common people

[syousef]

Based on current trends, Australia and Britain will be the next to ban encryption, and then the United States will soon follow. Of course this ban will NOT include politicians, celebrities or the executives of large corporations.

Everybody else will have to submit to a virtual urine sample every time they use the Internet.

Well that just pisses me off!

Re:Asia is the leader in the common people

[ZombieBraintrust]

Banning the use of encription is not new. It was the norm till computers made it easy and e commerce made it neccesary. The United States, Autralia, and Britain had various restrictions in the past.

Not just no encryption -- also logging EVERYTHING!

The new law not only imposes exciting requirements so that the gov't can monitor all communications for 120 days, but also forbids anyone but the government to "monitor, reconcile, or block any traffic" -- so the ISP, parents, schools etc. are not allowed to do that.

The encryption ban isn't all that impressive, just typical government not-thinking-things-through, and easily enough fixable -- they could add an exception for banks, permitting encryption but the bank has to store the corresponding unencrypted data. FWIW, the requirements pertaining to this may be in place (I'm not a lawyer, so I'm not sure if that's what the second statement here means, or if it's more a Room 641A thing for international comms passing through):

(6) The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted, and not formatted in a manner which the installed monitoring system is unable to decipher using the installed capabilities.

(7) In case it is not possible to monitor the signaling information of some traffic at the Probe and the Authority has agreed to let the traffic pass through, the required signaling information shall be extended from the Licensee(s) and Access Provider(s) network's premises, at their own cost, including but not limited to the required format conversions, hauling of data to the Authority designated location, and installation of additional equipment to achieve information as specified in subregulation (6) above.

What's really jawdropping is requiring that every fucking byte going through every ISP or telco in Pakistan must be logged for 120 days. In other news, the middle east division of every vendor of massive storage arrays report 1000% increase in sales...

Read the law here (PDF), it's only 6 pages.

What an opportunity...

[TiggertheMad]

If all encryption is being banned, then it should make it trivial to start stealing passwords and bank card numbers from Pakistanis. We don't have an extradition treaty with them do we? Ready, set, crack!

Re:What an opportunity...

Crack what? Just listen!

Re:What an opportunity...

[Rizimar]

What about hashing, though? That's not meant to be a reversible process, especially since the possibility of collisions exists. So you can still store secured passwords and the like, just not the data itself?

I'm pretty sure this is going to blow up in the government's face either way. Pass the popcorn.

Re:What an opportunity...

[DigiShaman]

Better yet, it also makes it easier to figure out who else is using encryption. That would be the following.

A. The Pakistan government
B. Al-Qaeda (ok, so that could be filed under 'A', whatever)
C. Some poor innocent geek in a dusty basement being targeted with a drone.

Re:What an opportunity...

I'm pretty sure this is not intended to catch "Islamic" terrorists but to hinder U.S. operations and interests in the country. There will be some back door negotiations and bribes paid and everyone intended to be hindered by this will go on as usual.

Re:What an opportunity...

We don't have an extradition treaty with them do we?

Who is "we"? (please remember that this is site has an international community - we're not all Americans around here)

Re:What an opportunity...

[Tim+C]

He means that if all encrypted traffic is banned, that includes HTTPS, so you can just sniff usernames and passwords, etc, as they're sent over the wire.

Re:What an opportunity...

The worst part about that comment is that you say "we" as if we're all in some random little KKK club of yours.

Re:What an opportunity...

Not sure, but I'd guess if the CC company does business in your locale, they would attempt to prosecute you using laws local to you in your jurisdiction.

Stenography

Now they only need to ban Stenography. Well, first they'll have to detect it...

Re:Stenography

[Farmer+Tim]

Detecting stenography is easy, you just look for the person sitting there with the funny typewriter thingy. Now steganography, that's hard to spot...

Re:Stenography

[ZombieBraintrust]

I detected the word stenography in the word steganography. You need a better method of hiding words.

Re:Stenography

[Farmer+Tim]

Well, I did say detecting stenography is easy...

Satellites?

[quickgold192]

Amid all these internet-blocking stories I still haven't found an answer to how dictators prevent satellite internet connections, or even if they do. I know how they could block them if they wanted to, but does anyone know how they actually do it? Or if they even bother with it?

Re:Satellites?

[ErikZ]

Government edicts don't change reality.

However, if they ever find out, the punishments can range from nothing to "Lets make an example out of you."

Re:Satellites?

[geoffaus]

This is how they are dealt with if they find out: http://www.nytimes.com/2011/08/06/world/americas/06cuba.html

Re:Satellites?

[Entropy98]

I still haven't found an answer to how dictators prevent satellite internet connections

They look for the dish on your roof.

Re:Satellites?

[betterunixthanunix]

Amid all these internet-blocking stories I still haven't found an answer to how dictators prevent satellite internet connections

You there! What are you doing with that dish? You're under arrest!

The problem with using unusual equipment to get onto the Internet is that it is unusual, which makes you stand out.

Re:Satellites?

Iran has been accused of jamming satellite connections in the past, as has Libya. The US apparently has the capability.

As for how it's possible, Wikipedia has a brief description of the process. Because of the satellite's distance, it's signal is relatively weak when it reaches the ground (you're familiar with the inverse-square law, right?). A terrestrial broadcast will be much stronger and can drown out the signal from the satellite.

Re:Satellites?

[MimeticLie]

Iran has been accused of jamming satellite connections in the past, as has Libya. The US apparently has the capability.

As for how it's possible, Wikipedia has a brief description of the process. Because of the satellite's distance, it's signal is relatively weak when it reaches the ground (you're familiar with the inverse-square law, right?). A terrestrial broadcast will be much stronger and can drown out the signal from the satellite.

(reposting this because I forgot to login. whoops)

Re:Satellites?

[rtfm_admin]

Most services depend on GPS for spot-beam selection, timing, etc. Depending on your geographic location, the downsites can route all traffic through that countries proxies and other "stuff". BGAN does this for the US.

Satcom KB article

Re:Satellites?

[Bucky24]

They don't have to. They can just find you and arrest you. Like during the internet blackout in Egypt when people were using radio signals for internet access. They didn't have to block the signals (though they did), they just had to find who was broadcasting and arrest them.

Re:Satellites?

[Weedhopper]

Satellite signals can be jammed. Libya has a history of jamming Thuraya signals.

If you can smuggle your gear in and the state isn't jamming, you can operate so long as you aren't caught. I used a Thuraya and Mini-M for both voice and data when I was working in Burma. During the day, I used the cell data network to send data. As necessary, I sent confidential data at night, when everyone was sleeping.

Re:Satellites?

[0123456]

They look for the dish on your roof.

I was using a satellite Internet connection a couple of years back. The 'dish' was a flat panel about the same size as the lid of the laptop it was connected to.

Re:Satellites?

[jodido]

this has nothing to do with government blocking internet access. Alan Gross was an agent of the US govt sent to work on the overthrow of the Cuban government. He smuggled in satellite phones for individuals who want to overthrow the government. Satellite phones are illegal in Cuba; he knew this, or his bosses did. He admits what he was doing, the US admits it, they're just trying to make it into some kind of "internet freedom" case so as to cover up the truth. What country in the world allows agents of foreign governments to organize their overthrow? Would the US?

Re:Satellites?

[cliffjumper222]

Prevent, maybe not, but monitor yes. The signals have to come back down at some point so governments could try to intercept satellite connections at a ground station. Iridium routes from satellite to satellite and then down to the US (Tempe, Arizona and Wahiawa, Hawaii for the military) so is fairly impregnable from that perspective. Globalstar's satellite are "bent pipes" and beam down immediately to a ground station in Argentina, Australia, Botswana, France, Korea or the United States. Inmarsat is perhaps the most interceptable (in theory) as the ground stations are not owned by Inmarsat and are in a number of countries: China, Indonesia, Malaysia, Russian Federation, Saudi Arabia, India, Singapore, US, various EU countries, etc.
But there is also signal monitoring equipment like that from Shoghi Communications that can snoop on all the signals. One would use a VPN at that point, but you'd be breaking the law...

Re:Satellites?

How good are arrays of antennas at detecting the spatial components of the RF and not just the frequency and amplitude? It seems that unless the RF jamming is extremely energetic it should be rather easy to separate with some good frequency analysis software. Software radios are relatively cheap.

Re:Satellites?

Typically with method such as a wrench, hot oil, or electrodes attached to your testicles.

Re:Satellites?

Wikipedia is not accurate source for such information what you say. Please validate your information from wikileaks if somewhere.

Re:Satellites?

[drinkypoo]

...which can be covered with a sheet of white plastic without impairing its function significantly.

Re:Satellites?

[SuperTechnoNerd]

Im sure if authorities see an un-authorized dish on your property, you will get an unfreindly knock on the door by men with guns...

Re:Satellites?

[GameboyRMH]

They'd have to trace radio waves basically. And it would be practically impossible to triangulate (or even detect the presence of) a directional transmitter on the ground, as long as it's hidden (easy to do in a cluttered urban environment).

Re:Satellites?

[fnj]

Jamming GPS and satellite phones, sure; of course. The antennas are not directional; the satellites are not geosync. TV and internet, sorry, I don't think so. They may want to make you THINK they can jam it, but the idea doesn't stand up on elementary inspection. Those antennas are HIGHLY directional, the satellites are geosync, and in low latitudes they will be pointing pretty high up in the sky. Unless you fly overhead continuously, how do you propose to jam that? Maybe they don't have geosync satellites holding station almost directly in the longitude of the countries mentioned (Pakistan, Libya - yeah, I know Libya is an obsolete problem now), but they certainly could be placed there if someone wanted to do so, and there isn't a goddam think those picayune flyspec countries could do about it.

Maybe by using INCREDIBLY high power, you could jam a specific antenna, or a very limited geographical area. Otherwise, I'm inclined to disbelieve.

Re:Satellites?

[joemck]

You there! What are you doing with that dish?

Watching state-licensed satellite television.

Does this apply to SSH tunnels?

[thegarbz]

TFA and TFS both mention specifically encrypted VPNs, and doesn't make mention of basic encryption systems like SSL / TLS or completely encrypted services like SSH. If this is how it was written to the letter then I imagine an SSH tunnel to a proxy server somewhere else would do the trick.

Though this being Pakistan and not the USA I highly doubt ruthlessly literal interpretation of a law can get you out of jail.

Re:Does this apply to SSH tunnels?

If this is how it was written to the letter then I imagine an SSH tunnel to a proxy server somewhere else would do the trick.

Thing about Brutal Regimes is they don't care so much about the letter of their laws, more the "spirit". In this case, I'm sure you could try to argue that technically you weren't violating anything, but it's not likely to save you from the Nipple Clamps.

The point is, if they catch you trying to hide anything from them, you're gonna be fucked.

Re:Does this apply to SSH tunnels?

The law says nothing about your method. If the government can't read your information in plain text then it's illegal.

Information want to be unencrypted

[hantarto]

I am think that information want to be free, not encumber by encryption. Encryption should be ban for good of all mankind so that all good idea are free, open and available to everyone. I am think that all government should adopt similar policy. Maybe Pakistan not have best motivation at heart, but I am to like this idea.

We also should abandon money so that people more willing to share idea and not be so greedy haha.

Re:Information want to be unencrypted

[mikechant]

I am think that information want to be free, not encumber by encryption. Encryption should be ban for good of all mankind so that all good idea are free, open and available to everyone.

Assuming you're serious, the usual response follows:
Please post your credit/debit card details, your bank account details, your full name, address, date of birth and mother's maiden name. Plus all your email ids, logon ids and passwords for all websites that you use.

Someone will put this 'freed information' to good use for you.

Re:Information want to be unencrypted

[GameboyRMH]

And for once that response is quite fitting, unlike when it's used in arguments over Wikileaks, because that's the information that's actually being protected by encryption right now.

Re:Not just no encryption -- also logging EVERYTHI

Wow. We should all just send unsolicited random data to random (Pakistani) IPs. There is no way they could log all that data. You could even send "interesting" data to broad swaths of Pakistani IPs (so as to not draw attention to any single person). That could distract the programs/people who are looking at the data. Maybe give cover to some revolutionaries or something. Who is in?

no remote workers

[bugi]

They won't have anymore telecommuters. One of our workers awhile back was resident in pakistan. No way are we going to let our data over the wire in the clear, so we can't hire from there anymore.

Re:no remote workers

[Hatta]

Anyone who actually needs a vpn will get one after making the appropriate bribes.

Re:no remote workers

[Issarlk]

the bribe might push the cost of having a worker in Pakistan over the cost of having a worker in, say, India.

Re:no remote workers

You say that like most corporate manager-types are computer-savvy enough to listen/care about/understand when someone tells them they can't connect securely (and legally) with anyone in that country.

@TiggertheMad: Except they don't get extradited here either and their government just removed a huge wall for them.

Re:no remote workers

[Schemat1c]

They won't have anymore telecommuters. One of our workers awhile back was resident in pakistan. No way are we going to let our data over the wire in the clear, so we can't hire from there anymore.

Guess what? There are plenty of people in your own country that would be happy to work for you. They just won't do it for slave wages, what a shame.

Re:no remote workers

[jafac]

Well, factor the cost of nuking India into the equation then. I'm sure there are those in the Pakistani government who've been dreaming of that.

Re:no remote workers

[cos(0)]

You don't understand economics.

There goes all that tourism

[Zandali]

No one will want to go there for a vacation or business now, unless they plan on being disconnected and not using credit cards. They have lost their chance at ever getting a Disney theme park for sure now.

Re:There goes all that tourism

They have lost their chance at ever getting a Disney theme park for sure now.

They ever had a chance?

Re:There goes all that tourism

[mbkennel]

just a few localization modifications needed

it's a world of slaughter, a world of tears
it's a world of dope, it's a world of fear
there's so much that we hate
don't get us too irate
it's a small nuke after all

Back to the digital stone age

[FridayBob]

Last year I did some work that had to be coordinated with a group of programmers in Pakistan. Naturally they were using SSH to connect to the server they were hired to set up their software on. I can only imagine that companies like that are important for the economy other there. However, if the Pakistani government decides to ban all of its own people from using standard connectivity tools, all of which are encrypted these days for good reason, then they will be shooting their economy in the foot. Next thing we know, it will be impossible for people over there to conduct any more on-line financial transactions. In effect, they will be sending themselves back to the digital Stone Age. Meanwhile, the bad guys will just switch to using different port numbers.

Re:Back to the digital stone age

[Mashiki]

My uncle works for a company that manufactures small to large scale industrial equipment, this stuff has been used world wide from the US military to backwaters in Uzbekistan. All of the PLC's are encrypted because the control codes are proprietary to what they do, and are required to do.

I suppose this applies to that as well, in which case they'll simply stop selling their industrial equipment there as well. Not only are they going for a digital stone age, they're just aiming for a pre-computer age. But then again, we are talking about the pakistani government that's increasingly coming under the control of groups that believe in the 13th century way of life.

Re:Back to the digital stone age

I do a lot of work with PLCs. Any "encryption" on common PLCs is a joke. It's just a password, usually stored in plain text in the PLC, and only the programming software sold by the same company is respecting it. A little MITM or port scanning is all you need to break into a PLC. They're just not secure. In fact, Siemens boxes, in particular, have a programmed back door password, and if you download the free ROM flash binaries from their site, do a hex dump, and correct for little/big endian, you can do a search for "password" to find where it prompts you, and the password is right around there. It's a joke.

Besides, I don't think this law would have anything to do with whether you encrypt anything on a box. This is about encrypting what goes over the internet.

Re:Back to the digital stone age

Some university in Irland doesnt allow ssh out. They also look into the traffic so that running the outside server on another port doesn't work. Having to resort to https to exchange data between universities is annoying.

Re:Back to the digital stone age

[GameboyRMH]

Yeah I was just going to say I hope he's not connecting to the PLC directly because their built-in security is a joke. Connecting to a computer via SSH/VPN that controls the PLC would be more acceptable (although it's best to airgap PLCs whenever possible).

Bad Summary

Anyone needing to use this technology needs to apply for special permission

It's not all VPN connections, only those which don't have permission. RTFA Editors, you're getting intolerable.

HACKERS OF THE WORLD

DESCEND UPON the morns and unencrypted and sow destruction and chaos ...no really do it funny as all hell this is.

ONCE again govt shows how detached it is form reality , LETS SHOW EM ALL HOW AWFUL IT IS BEING UNENCYPTED

If they do this, shouldn't they ban Mohammed?

I mean, if pictures of him are so objectionable then by this same logic they should ban everything to do with Mohammed to prevent people from making pics of him?

I'm sure THAT would go over well....

Thank heavens we still have normal code ...

[Kittenman]

Uncle Henry and Cousin Emma are washing the pears. Prepare the spaghetti sauce. Market day is Wednesday. My dog has fleas. The alligator's thumb cannot be in the jam. The dog barks at midnight.

Don't need encryption to send coded messages...

Re:Thank heavens we still have normal code ...

Write a program that wraps a VPN and converts each two bytes to a word from the dictionary and send the text streams as HTTP posts and responses.

Re:Thank heavens we still have normal code ...

[Bucky24]

At first I thought you were talking about a standard day on a farm.... That's a really good code. Aside from the alligator's thumb, though that could be a "inside joke" type of reference.

Oh dear God I hope so.

If there was ever a country I hated more than China, it's Pakistan.

And it's not the citizens, it's their fucking corrupt and police-state governments.

Re:Oh dear God I hope so.

yeah, kinda like the US. only that there people actually think they are free while the government is brainwashing them by dumbing them down with a horrible education system and 24/7 propaganda via the TV. i think the US are THE western country with the least personal freedom (hell, you can't even drink in public and your speed limits are an offense to every thinking human) and the most ridiculous religious people (remember, i said 'western'). the country wages imperialist wars against oil countries and sells them as humanitarian mission. US rating agencies try to sabotage europe with frivolous ratings while the US (who almost went bankrupt) get AA+. seriously, your government and the banks are making your country into a joke.

just like the previous poster i'm also not directly talking about the people themselves, i am sure there are plenty of decent people there but the government and the banks have been running the US into thr ground for decades now and the consequences are really obvious.

Re:Oh dear God I hope so.

[jc79]

... your speed limits are an offense to every thinking human ...

Except those who have lost loved ones to motor vehicles travelling over the speed limit. Believe it or not, some regulation is actually there to preserve human life and health. Would you abolish environmental protection agencies also?

Yes, I know it's off topic.

Re:Oh dear God I hope so.

I think it was at cluborlov.blogspot.com where I read a pleasant statement that at least the Soviets knew their media was full of shit government propaganda, in the US people really believe that their media is the freeest and the best, "fair and balanced' and "number one in news" that despite the fact that their media (the mainstream one at least) is none of that.

Ah, America... keep believing in that Exceptionalism, Palin and Bachmann!

Re:Oh dear God I hope so.

[GameboyRMH]

Off topic and barely relevant to the improvement of driving safety.

If you want better driving safety, you want better driver training, no matter what those self-interested greedsters at the IIHS (basically an auto insurance industry group) say. Speed limits actually hinder driving safety more often than they help.

The way speed limits are used now, their primary purpose is to generate revenue, their secondary purpose is to reduce pollution. To be very generous you could call safety as a side-effect a distant third, but that's not even true in most cases.

Also ask yourself this, with all the modern safety improvements to cars, why don't they have racing-style fuel cells to prevent fires, a technology that was nearly incorporated into the Pinto in the '70s? When mass produced it would only add $20-40 to the final price of a car and would practically eliminate fires resulting from accidents.

Re:Oh dear God I hope so.

[operagost]

i think the US are THE western country with the least personal freedom (hell, you can't even drink in public and your speed limits are an offense to every thinking human) and the most ridiculous religious people (remember, i said 'western').

Speed limits, prohibitions on public drunkenness, and religious freedom are clearly the three basic tenets of fascism.

Re:Oh dear God I hope so.

[gfreeman]

Speed limits, prohibitions on public drunkenness, and religious freedom are clearly the three basic tenets of fascism.

How about freedom to marry (DOMA), suspension of rights (PATRIOT) and travel bans (Cuba)?

Re:Oh dear God I hope so.

[Grishnakh]

i think the US are THE western country with the least personal freedom (hell, you can't even drink in public and your speed limits are an offense to every thinking human)

You totally missed some of the far more egregious offenses against our freedom that we Americans endure. How about being molested at airports, even though these actions haven't stopped a single bomber and even though lots of other people have smuggled all kinds of contraband past the TSA despite their anti-privacy security screenings? How about the fact that you're not allowed to carry large sums of cash on your person, or it will be confiscated (stolen) by government officials as "drug money" and never returned to you, even though this is a blatant violation of the 4th Amendment (illegal search and seizure without due process). If you're going to complain about our traffic laws, how about the fact that red-light cameras have been installed at thousands of intersections nationwide, ostensibly to improve safety, however at these same intersections, the yellow-light durations have been reduced to below safe limits, in order to intentionally increase the number of people running red lights, and thus increase ticket revenue?

and the most ridiculous religious people (remember, i said 'western')

Yep, we have national politicians who might even be elected President next year who are advocating a new religious practice called "quiverfull", where a woman is supposed to totally and completely submit to her husband, and no birth control at all is to be used (followers say it's just as bad as abortion, and this includes "natural family planning" too), and God will control their family planning. Even the Muslims aren't this nutty. If one of these fruitcakes gets elected, I forsee a push to ban all contraceptives.

US rating agencies try to sabotage europe with frivolous ratings while the US (who almost went bankrupt) get AA+.

Now this, on the other hand, is Europe's fault. Why does Europe care what US ratings agencies say about it and its institutions? Doesn't Europe have its own rating agencies?

Europe needs to step and and stop being America's lapdog. Europeans are always complaining about Americans and American influence, but I don't see them doing much to make themselves independent of us and our stupid ways. Everyone complains (rightfully so) about America's space program going down the tubes, but what is Europe doing to step up? Why hasn't Europe been working on manned missions? Heck, even China has sent men into orbit, but not Europe (unless you include Russia, but they're not exactly "western"). Europe has about 50% more population than the US, a bigger economy, Germany in particular is #2 in the world for exports, but what are you guys doing to make up for the USA swirling the drain? Most of the advances in technology are still coming out of the US it seems.

If Europe got their act together and made their society the premier place for work in science and technology, which really is the answer to most of our world's problems, then smart Americans would be streaming over there the way smart Europeans streamed over here 100 years ago, to go to a place where their work was valued and where they weren't subjected to the craziness and backwardness that is prevailing over here these days.

Re:Oh dear God I hope so.

[Synerg1y]

There's a flip side you conveniently forgot. Taxes in Europe, are insane, business taxes? insaner. The credit rating doesn't matter because there is no substance behind it, rate the USA whatever you want, nobody can win a war against the USA basically meaning we'll pay you when we feel like it. We import lots of stuff from China, but the point is we don't have to, Europeans, HAVE TO because there are no natural resources, just houses in Europe.

There are huge pro cons to both places of residence such as the EU, and free travel across countries in Europe. But then again everything is more expensive, and there is less of everything.

On that note, I want to visit Europe and then make a decision on what's better :)

Re:Oh dear God I hope so.

[Grishnakh]

There's a flip side you conveniently forgot. Taxes in Europe, are insane, business taxes? insaner.

I didn't really forget that; the taxes are probably one of the big reasons you never hear of any tech start-ups (or any start-ups for that matter) in Europe, and almost all of them in California and other business-friendly states in the USA. (Business-friendly is only part of it, however: you have to have a well-educated population too; I live in Arizona which is very business-friendly, but the population here is just a bunch of morons, so there's never any tech start-ups here. Google tried to open a satellite office here in Phoenix but that fizzled quickly and they pulled out.)

However, that's not the whole story. Corporate taxes here in the USA are insanely high, and much, much lower in Europe. Look here, at the purple bars on the graph. Most US corporations use various tricks to get around this, like having mailboxes in a small town in Switzerland or being based in the Bahamas or somesuch.

So yes, personal taxes here are better than Europe, but not business taxes, if you follow the laws like you're supposed to.

We import lots of stuff from China, but the point is we don't have to,

Yes, we do. We no longer have the manufacturing capability to sustain ourselves, and our population is so ill-educated that there's absolutely no way they could rebuild that ability even if they wanted to. The people who are educated are only educated in BS subjects like law and marketing rather than science and engineering, so there's not that many people who can actually do things. Sure, there's tons of business majors who can put together companies (or at least flap their lips a whole lot to make it sound like they can), but no one to actually do the work.

Europeans, HAVE TO because there are no natural resources, just houses in Europe.

The Japanese and South Koreans have proven you don't need natural resources to have a prosperous and advanced economy, you just need technological talent (and of course a government that doesn't screw it up). Don't forget the Swiss; tech talent plus great banking has made them a prosperous country despite no real resources. However, contrary to your view, Europe has resources that you seem to have forgotten about: 1) the North Sea is full of oil and gas; that's why the Norwegians are rich. 2) There's plenty of agriculture throughout Europe; in fact, that's probably the main reason Europe was advanced so far beyond the rest of the world for so long. It's probably the best location in the world for agriculture. Of course, a high population has reduced the land available for farming, but they do produce a lot of ag products still, but most of them are consumed within rather than exported. Have you totally forgotten about French and Italian wines?

But then again everything is more expensive

Middle-class people in those countries also get paid a lot more than middle-class people in the USA. Real salaries for middle-class people in this country have been going down for decades (after you adjust for inflation).

Re:Oh dear God I hope so.

[Bassman59]

Off topic and barely relevant to the improvement of driving safety.

If you want better driving safety, you want better driver training

I agree wholeheartedly with the need for better driver training.

However, the problems remain. For example, there's always going to be some jackass driving like a maniac, weaving in and out of traffic, trying to shave a minute off of his commute. The fact that he's a well-trained jackass is irrelevant if he cuts you off or runs a stoplight.

And no matter how well-trained a driver might be, one cannot discount the problems caused by lack of vehicle maintenance. Just yesterday, I was at a stoplight and I looked at passenger-side rear wheel of the monster truck to my left, and the tire was bald to the point of showing wires. (OK, a well-trained driver would be one who is smart enough to know not to drive on such dangerous tires -- but the argument always presented is, "I can't afford a replacement, and I need my car to get to work ..." The argument is bogus, of course ..)

I'd love to see much more stringent driver training. But between the lack of funding on all levels for such things, and the ridiculous idea that a 16-year-old kid is mature enough to drive a car, unfortunately it won't happen.

Speed limits actually hinder driving safety more often than they help.

Citation, please.

Re:Oh dear God I hope so.

[__aaacif3008]

if you want to travel to cuba, head into mexico and cross from there. it's still illegal, yes, but nobody along the border there cares in the slightest. i know people who do it all the time. :P your point still stands, however.

Re:Oh dear God I hope so.

[GameboyRMH]

Speed limits actually hinder driving safety more often than they help.

Citation, please.

https://secure.wikimedia.org/wikipedia/en/wiki/Speed_limit#Opposition

http://www.motorists.org/press/montana-no-speed-limit-safety-paradox

http://money.msn.com/auto-insurance/town-slams-brakes-on-traffic-tickets-carinsurance.aspx?page=2

Re:Oh dear God I hope so.

[operagost]

I was specifically responding to the parent, and not any of the more obvious issues of liberty in the USA. But since you mention it, the common thread between those items is an overreaching federal government. Unfortunately, the number of people who realize oppression results from placing too much power in the hands of a single authority instead of focusing on a few pet issues is vanishingly small.

Re:Oh dear God I hope so.

[gfreeman]

You responded to the parent and introduced the word "fascism" where none had been mentioned before. The parent was pointing out the lack of personal freedoms in the US (as was I) and you seemed to be applying sarcasm as a response. Regardless of the causes of this lack of freedoms, unless you can prove otherwise the parent's assertion stands.

Re:Oh dear God I hope so.

[cbiltcliffe]

How come whenever someone says that speed limits don't help safety, some proponent justifies them by bringing up something like "some speeding maniac that cuts you off or runs a red light"?

I've got news for you. These two driving errors are in no way related to speeding.
People run red lights driving 10 under the limit. People cut you off driving 10 under the limit. People drive respectfully of others and traffic lights and stay in their own lane at 10 over the limit.

This is virtually no better than the Chewbacca defence.

And your sentence that contains these two logical errors:

The fact that he's a well-trained jackass is irrelevant if he cuts you off or runs a stoplight.

How can you even type that with a straight face? If he's running red lights and cutting people off, he's obviously not well-trained.

Re:Not just no encryption -- also logging EVERYTHI

[NotSanguine]

Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.

AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.

N.B. IANAL

Meh.

Who cares what they do in Dumbfuckistan? Anyone with any brains gets out of that place in a hurry.

i think most of you missed a key phrase

in TFA, it mentions a special license for encrypted traffic use. run with that where you may

Mooslims

What else would you expect out of those backwards bitches? Fucking Allah has them in the ass and they gladly march off to death for it. Fucking savages.
 
FUCK MOOHAMMAD, FUCK ALLAH, FUCK ISLAM!!!!!!

Re:Mooslims

Learn English, you bloody American!

Tender

Tender. Totally useless but tender none the less

ICMP traffic overflow

[morcego]

Blooming business for covert channel VPNs ... I saw one implementation over ICMP ECHO (ping) once, and it was pretty interesting ...

Re:Satellites? Dishes Warlords

[omb]

OMG, all this is so, so funny. The ISI (the Pakistani CIA) are finding Al Quada cadre , that they want as bargining chips Helfired, surprise surprise, they don't like it one bit, so they found an effeminate hacker and tortured him, he said "its the VPNs"

An ISI cyber General said shut the VPNs, everyone saluted and said "Yes, Sir", sounds just like the US CyberCommand?

All mullahs, all the time

[93+Escort+Wagon]

Start a "mullah of the day" fan club. Every day, send out a picture of a different mullah. Then just use steganography to embed your real message inside the jpeg...

One less competitor

[StatusWoe]

While this is indeed a silly move it does mean that nobody in Pakistan will be taking my development contracts... of course this also means there will likely be an influx of developers into surrounding countries.

Right...

[Sean]

Good luck with that.

Psst. Pakistan users... One word...

[roc97007]

Steganography. Hide your messages as every... oh, say, cycle through the first 100 prime numbers... particular bytes in, say, a pirated porno. If they even detect it, they'll think it's VCR noise.

Because Such Things Never Happen in America

http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States

http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation

http://en.wikipedia.org/wiki/Phil_Zimmermann#Criminal_investigation_by_US_Customs

...because in America, they'd never try to prevent anybody from using encryption. They only tried to make it impossible for anybody to get ahold of the tools that enable its use. Well... that is, unless your a big, wealthy, politically aligned business. America will let you do whatever you want in those cases. I bet Pakistan is a lot different.

Re:Not just no encryption -- also logging EVERYTHI

[Kjella]

That's all well and nice for local sites for the locals, but what about foreign visitors or accessing any international site? Any banks or anything else with a https login I'd like to visit won't work as they won't care one shit about what Pakistan wants. That's pretty much a tourism killer. And commerce killer. Ah well, it's their self-implosion.

Obligatory..

..but officer, I was just piping /dev/random!

Re:Not just no encryption -- also logging EVERYTHI

[elocinanna]

I have no idea how that sort of thing could be done (I'm not techy at all) but this is a fantastic idea and I wanted to say that I think it's genius, even if you got modded down.

Complete idiots

Sure enough they'll start blocking port 443 and everyone will just move to another one, or another protocol altogether. How can you know it's encrypted, if you can't parse a protocol's traffic. lol... They're not going to sniff the contents of every packet and just not forward them if they are unreadable. That would make 99% of anything not work if they don't know what it is. Might as well be sending data verbally over the phone haha

Good new for the US...

...there's no way any company with half a brain would allow anyone to work from Pakistan or any work to be outsourced to Pakistan anymore. Their IT industry is toast.

Re:Good new for the US...

[ZombieBraintrust]

Do US companies currently outsource to Pakistan? I figured all that would of been gone after the Patriot act.

Glass half full...

[Anachragnome]

You can always look at it from a "glass half-full" perspective--Encryption Bans Pakistan.

Peggy...

Hello. I'm Peggy from Pakistan. May I have your Credit Card Number and PIN Code Please?

Encryption

What encryption, that was a jpg I was sending in my own format... sure this is going to stop all the encrypted comms.

SSH , openVPN ....

Hmmmm

This could never happen in the USA.

lol

This is useless, people in Pakistan can dial into American dialup ISPs and use an encrypted VPN through them. There are other ways around this ban, too.

AGW IS THE MODERN DAY PILTDOWN MAN

Fuck Islam in its smelly goat ass!

Re:Not just no encryption -- also logging EVERYTHI

No compression either? WTF? No gif, png or jpeg? No gzip?

Wow....just....wow. Colour me gobsmacked.

Re:Not just no encryption -- also logging EVERYTHI

Pakistani tourism? seriously? Cash is where its at in that part of the world anyway.

Pointless

Gogo gadget stenography.

No Encryption Required

Why would the average Pakastani want to encrypt their goat or mud hut anyway? It's not like they have nuclear....OH!

Hi! Pakistani Here

(Posting AC because of moderations)

So let me get this straight, we have no light, water or gas, people are being slaughtered by the hundreds every-single-day by political workers of the same freaking (secular!) parties that are in power (look up the Current Karachi massacres, we have bigger things to worry about than Al Qaeda)....and THIS is what the govt decides to focus it's attentions on?

My dear god, what the hell is happening to my country? You know, this is why the Islamic parties get votes here, they may be ass-backwards, but at least their political workers don't go emptying dozens of magazines of people for (literally!!!) the lulz.

Also, seeking my advice: Any way to send credit card information securely? I have to pay my exam fees to an examining institute in the UK, and I usually used credit cards. Now however....

I am not in a revolutionary mode, I just want to get an education and somehow go abroad and earn a simple living and die without ever making a ripple.

Re:Not just no encryption -- also logging EVERYTHI

Well, that PDF is dated march, so, the law is in action today?

Steganography, anyone?

[mcrbids]

I remember writing a steganographic tool that sent hidden messages via SPAM. I had a massive source of SPAM and use a combination of hash tables and a psuedo-random number generator in order to pass any type of binary data as SPAM. The trick was to have all possible combinations of spam words with offsets for all the hexidecimal characters. Numbers are scarce, but spam is such bad spelling that you could "cheat" a little and get it all set up. (My favorite trick was to embed a meaningless tag that had the hexidecimal value I needed in it)

I'm sure the NSA could have cracked my little toy / experiment fairly quickly, but they would only have cracked the fact that I was using steganography. The binary stream encoded therein could still easily be encrypted with AES or Blowfish or any other cryptomechanism.

The stream expansion was pretty intense, some 20:1 or so. But it was honest-to-god SPAM and it was fun to cleanly pass compressed, encrypted binary data via penis pill offers.

Just to screw with them,

[melted]

I would totally start sending megabytes of Mersenne twister output to addresses in the US.

Re:Just to screw with them,

[isorox]

I would totally start sending megabytes of Mersenne twister output to addresses in the US.

Before or after you get thrown in jail and your hand chopped off?

Echelon

Couldn't they just download ECHELON from SourceForge and run that? Or does that only work in Anglophone countries?

I think it's safe to say: Pakistan, you're NEXT!

I think it's safe to say on behalf of Uncle Sam: "Pakistan, you're NEXT!"

These Aren't the Bits You're Looking For!

[WhoBeDaPlaya]

These Aren't the Bits You're Looking For!

Re:Not just no encryption -- also logging EVERYTHI

[Issarlk]

Brilliant!

Leaned on

Can we expect a future wikileak or open leak to show they were leaned on to do this by the US government?

Pakistan is NOT benning encryption

[riflemann]

This is a complete misread of telecoms terminology, they are not banning user encryption.

The actual regulation only mentions encryption ONCE, and that is in regard to signalling information.

Signalling information is not the data. I repeat, signaling information is NOT the data.

For phone calls, signalling is the bits that tell the system where the call is go to, and who from, and other "meta" information about the call. For data, signalling is the outer part of the IP packet that carries destination information.

The encrypted part of data is in the PAYLOAD. And they don't require the payload to be decrypted. It's also the same section that requires the
info to not be compressed. Are they really going to decompress all files before sending them off? No way.

All they are requiring is that the phone call source/destination info, and Ip traffic packets are not encrypted *further* by the ISP. Customer
VPN data will continue to flow as normal.

IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just
bog standard like many other countries do.

Bottom line: A non story. Pakistan wants ISPs to implement legal intercept. Big whoop, most countries have already done this.

Re:Pakistan is NOT benning encryption

[gl4ss]

"The Pakistan Telecommunications Authority legal notice urged ISPs to report customers using "all such mechanisms including EVPNs [encrypted virtual private networks] which conceal communication to the extent that prohibits monitoring". Anyone needing to use this technology needs to apply for special permission, the notice said.

Authorities in Islamabad insisted that the ban on VPN access was intended to stem communications by terrorists."

legal intercept? there's no legal intercept for my vpn's. they're asking isp's to report customers who evade the "legal interception" - one thing you should note that what's written on law and what's then as practicality is different.

Re:Pakistan is NOT benning encryption

[sunbird]

IANANE, but the regulation does not appear to be as limited as you suggest. Part II, Section 4, Clause 5 states:

All landing station and infrastructure licensee(s) shall establish a Monitoring System with its interface to the Authority . . . for the purpose of monitoring of telecommunications traffic (voice and data) within one hundred and twenty (120) days . . . .

And later on in clause (6) it requires each system to have "the following features:"

Capability to monitor, control, measure and record traffic in real-time

The clause you are referring to (and the only reference to encryption) occurs on the next page:

The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted, and not formatted in a manner which the installed monitoring system is unable to decipher using installed capabilities.

But the limitation of this clause to signaling information seems to conflict with the earlier statement that the monitoring system must be capable of recording voice and data traffic in real time. I suppose you could argue that turning over the encrypted stream is sufficient, but I wouldn't want to hang my hat on that.

It'll be interesting to see how this is enforced. My guess will be that if they take the position that it applies to VPNs, it will not be enforced against the foreign visitor. There are many internet cafes in Pakistan and many hotels with internet service so there would be a huge logistical problem to enforce it. Sadly, Pakistanis and long-term ex-pats who use a VPN from their home or office could be targeted, especially if they are government opponents or dissidents.

Re:Pakistan is NOT benning encryption

[metrometro]

RTFA. Carefully. The actual regulation is not at issue. What the Guardian is reporting is a notice to ISPs, the contents of which, according to the Guardian, are not what you describe.

If you are surprised that government is implementing policy that differs significantly from written law... well, you must be new here, whatever your UID# says.

Re:Pakistan is NOT benning encryption

[bill_mcgonigle]

IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just bog standard like many other countries do.

Were you in the military? That's the only reasonable definition of 'had to' that I can come up with (vs. helping governments infringe on civil liberties for profit).

Re:Not just no encryption -- also logging EVERYTHI

[Gaygirlie]

Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.

AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.

N.B. IANAL

This stuff still screws over any small companies and newstarters who wish to e.g. offer their products online. Having to provide the government with all that means a lot higher operational costs, not to mention the extra hardware and maintenance needed, and it could very well even mean the company is no longer sustainable.

Such a horribly shortsighted move.

Re:Not just no encryption -- also logging EVERYTHI

No, you're all wrong.

IUALBTIPDI (I'm Usually A Lawyer But This Is Pakistan Damn It)

DVD-DeCSS?

[catmistake]

Obviously, Pakistan has never heard of the MPAA. If Pakistan can beat Hollywood lawyers... India should begin sweating. I suspect it be long before Pakistan is just another Warner Bros. backlot.

genius!

[alizard]

They just banned e-commerce, telecommuting, offshoring operations providing services (e.g. customer service at your bank), and foreign corporate operations.

nothing to hide

If you have nothing to hide and a clear conscience, you have no need for encryption. This whole thing is a non-issue.

business

well since business is completely dependent on strong crypo... I guess Pakistan's greed for information > Pakistan's greed for money.
even if they make exceptions for corporations this would completely limit the ability of start-ups to get a foothold.

Re:Not just no encryption -- also logging EVERYTHI

[jafac]

yay for the economy! (?)

Silly Pakistan;

[jafac]

Don't they know? Information wants to be free.

Re:Not just no encryption -- also logging EVERYTHI

[SuperTechnoNerd]

"information is uncompressed"
Uncompressed too? Really?

Idiots are born every day.....

Re:Not just no encryption -- also logging EVERYTHI

[GameboyRMH]

Sounds like a great idea, dilute their logs with crap. Heck don't make it random, use random text from Pakistani websites to make it harder to filter out.

Re:Not just no encryption -- also logging EVERYTHI

[GameboyRMH]

A list of pakistani IP ranges, and a simple app that pings things and then spews random data at an IP if it responds. Simple. You could probably even do it in a shellscript.

US almost had this

[bill_mcgonigle]

What about digital signatures?

Let's not forget we went through this with the Clinton administration just 15 years ago. If I could get the Slashdot search to cooperate I'd include a link here to Rivest's winnowing-and-chaffing algorithm that passes secure messages where encryption is banned but digital signatures are allowed.