Slashdot Mirror
Pakistan Bans Encryption
An anonymous reader writes "After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such services cannot be monitored by the government."
I'm sure this will totally work out for the government without any blowback or unintended consequences...
If you aren't doing anything bad, why couldn't the government know about it?
Now where have I heard that question before...
DRM: Terminator crops for your mind!
How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?
By checking the "encrypted" bit in the TCP/IP packet header. It's right next to the "evil" bit.
The enemies of Democracy are
Save yourselves some money and some bother, and just disconnect yourselves from the internet! That way you'll be Safe (tm).
This has just prevented pretty much anyone who works for a Fortune 500 company from doing anything in Pakistan on company laptops. I dunno, maybe that's a good thing? I can imagine that now more than one "elected official" will point to Pakistan as a shining example to follow (just like what happened earlier with RIM and the Blackberry in India and Saudi Arabia and later everywhere) and VPNs will no longer be allowed because of course they could be the tools of terrorists. Damn, why did I have to wake up in this parallel universe 10 years ago.
Seven puppies were harmed during the making of this post.
Yeah, this is pretty much an unwinnable arms race. No matter how much deep packet inspection brute-force they want to employ - If they allow any protocols at all to run unrestricted, it'll be possible to tunnel data over it. Hell, give me an ICMP-only network and I'll encode data payloads into the TTL numbers.
Pakistan is gonna have to cut off its Internet backbones entirely if it's serious about shutting down encrypted communication.
DRM: Terminator crops for your mind!
Hopefully this is the end of SSH as we know it in Pakistan. Re enable telnet on all those routers and servers, like it's 1996!
What about digital signatures?
eCommerce using SSL?
Password-protected files?
OS passwords?
Wearing pants should always be optional.
It exists. Obviously.
DRM: Terminator crops for your mind!
"War" can be so convenient.
Because it's none of your damned.... sigh, I give up. Take it all. But you get to live in this shitty world too.
Seven puppies were harmed during the making of this post.
Rats. I was planning to make a huge purchase of textiles and smuggled afghan opium from PakistanMallOnline.com with my credit card. Now, since it won't be encrypted, I cannot. Guess I'll have to buy from IndiaMallOnline instead.
The new law not only imposes exciting requirements so that the gov't can monitor all communications for 120 days, but also forbids anyone but the government to "monitor, reconcile, or block any traffic" -- so the ISP, parents, schools etc. are not allowed to do that.
The encryption ban isn't all that impressive, just typical government not-thinking-things-through, and easily enough fixable -- they could add an exception for banks, permitting encryption but the bank has to store the corresponding unencrypted data. FWIW, the requirements pertaining to this may be in place (I'm not a lawyer, so I'm not sure if that's what the second statement here means, or if it's more a Room 641A thing for international comms passing through):
What's really jawdropping is requiring that every fucking byte going through every ISP or telco in Pakistan must be logged for 120 days. In other news, the middle east division of every vendor of massive storage arrays report 1000% increase in sales...
Read the law here (PDF), it's only 6 pages.
The drones are probably controlled by satellite, which begs another question. Exactly what is stopping someone in Pakistan from talking to a satellite owned by a country other than Pakistan, over a VPN? Used to be expensive as fuck, I can't imagine it's very cheap nowadays, the bandwidth and latency suck, but I'm sure that Hughes is dying to sell you an account. And of course if you're engaged in nefarious, lucrative and very private business then what's a couple hundred bucks a month between friends?
Seven puppies were harmed during the making of this post.
If all encryption is being banned, then it should make it trivial to start stealing passwords and bank card numbers from Pakistanis. We don't have an extradition treaty with them do we? Ready, set, crack!
HA! I just wasted some of your bandwidth with a frivolous sig!
Amid all these internet-blocking stories I still haven't found an answer to how dictators prevent satellite internet connections, or even if they do. I know how they could block them if they wanted to, but does anyone know how they actually do it? Or if they even bother with it?
Encrypted connections are used for online banking. Or would you prefer to have a man listening in for your passwords and emptying your bank account with your login?
Doing the Right Thing should not be preempted by making a buck.
Detecting stenography is easy, you just look for the person sitting there with the funny typewriter thingy. Now steganography, that's hard to spot...
Blank until
They won't have anymore telecommuters. One of our workers awhile back was resident in pakistan. No way are we going to let our data over the wire in the clear, so we can't hire from there anymore.
Like a pig he'll roll around in it and enjoy it.
You are entitled to your own opinions, not your own facts.
Not to worry. His passwords will be unecrypted too. So all you have to do is sniff his packets and you can get back your money and more!
For the humour impaired, that was a joke.
Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.
AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.
N.B. IANAL
No, no, you're not thinking; you're just being logical. --Niels Bohr
How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?
Theoretically, you should not be able to distinguish encrypted bits from random data. Unfortunately, people almost never send megabytes of uniformly random bits to each other, and I doubt that the Pakistani courts are going to believe your claim that you were doing such a thing. You might claim that you were sending compressed data (which may also appear to be random), but then the courts are going to ask you how it was compressed, so that they can decompress it -- and when you tell them "LZMA" and they get random bits, they are going to throw you in prison.
Palm trees and 8
If you aren't doing anything bad
TIL accessing my bank account through the internet is bad.
Yes, I am sure that would go over real well:
Government: "What are you doing sending this encrypted data?!"
Citizen: "Encrypted?! That's just random bits that I was sending to my friend in America!"
Government: "Oh, never mind then. It's not like we have any reason to think that you would not be sending random bits to someone in America!"
Palm trees and 8
Actually, this is just the next step in the arms race.
The first generation were the firewalls. The sophistication has gone from just blind IP blackholes to active MITM attacks, changing posts in midstream.
Now, because of VPNs, the next step is to ban them, and then arresting anyone who might have any traffic out of the ordinary. With anti-VPN laws, a government can vacuum up people for "suspect packets".
This is just what a government will do when they realize people VPN around their surveillance/censorship controls. Pakistan is the first to implement this, but I am sure they will be the last.
It is only a matter of time before we see anti-VPN laws being passed, just like we see national firewalls sprouting up.
I smell a revolution brewing.
So do they. That's why they're putting the ban in place.
You are arguing from the perspective that the government is not to be trusted (which may be entirely accurate), when clearly the person you are presenting your argument to believes that is not the case. Therefore, to the person you are responding to, your argument is nothing more than a mere contradiction without logical validity.
A much better position to take would be to simply look at fundamental issues of privacy and keeping confidential information from nefarious individuals. Even if the government and law enforcement *could* be wholly trusted, there are plenty of people who cannot, and there is absolutely no reason that such people would not be just as capable of listening in on anyone's private conversations as the government is. That they might have to break the law to do so is wholly irrelevant because, again, we are talking about people who are unscrupulous in the first place. It makes matters even worse if one considers that such people can sometimes even get away with their crimes without getting caught in the act... and the economic damage that they could do would be of staggering proportions if people are legally prohibited from taking any measures whatsoever to keep their private data confidential when communicating it to a trusted party.
File under 'M' for 'Manic ranting'
Nobody is using rot13 or rot26 anymore. You should be using rot533.
yup. The whole point of stenography is to hide the fact that you're hiding something in the first place. Most stenography methods are very poor at actually preventing the data from being confirmed as present (or even being collected) once discovered.
But I suppose steno'ing your encrypted data would be a worthwhile endeavor. Lower the odds of them realizing you're hiding something, and then if they discover you're hiding something, make that something difficult to figure out.
I work for the Department of Redundancy Department.
Please list reasons why they would they disclose the fact that they can break AES256. Thank you.
Yes, of course. Not saying that they can break AES is CLEAR PROOF that they can.
If I had to guess, probably at the most recent meetings of the Republican National Committee and the Democratic National Committee.
upon the advice of my lawyer, i have no sig at this time
Because if they can break it they know eventually someone else WILL break it and so everything the government, the military, and the US private sector has protected with AES will be available to agents of countries hostile to the US national interest, and so they would be starting the hunt for the next standard encryption algorithm to be used for those purposes. Remember that the NSA made changes to the S-box of DES specifically to avoid attacks by methods that were not rediscovered in the general cryptography community for nearly 30 years. That change kept 3DES secure for another 5-7 years allowing them to proceed with the AES selection process. Despite what so many people think the NSA's first mission is to protect the integrity of the secrets of the US.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
You're right, of course one of the most secretive and highly funded organizations in the world would disclose their knowledge.
Yes, of course. Not saying that they can break AES is CLEAR PROOF that they can.
DING! Rubber hose decryption is quick and effective in almost every case. This law is not about providing a technical means to stop encryption. Its purpose is to turn the targeted users into criminals. Much like the DMCA in the US.
Women are like electronics: you don't know how damaged they are until you try to turn them on.
The point of stenography is to write very fast in abbreviated form, using a set of glyphs that enable you to write very quickly in terrible chicken scratch that no one other than a trained secretary can read and which drives mortals straight past drink to heroin, also called shorthand. Stenograhpy also refers to typing quickly on a special keyboard, in order to capture as much spoken dialog as possible in-line. Often seen in courtrooms.
The point of steganography is to obscure data within other innocuous data. This is where you hide your secret missile codes in photos of cats you post on Flickr.
I like music
With me, encryption isn't for the cops (any decent police force has a crapload of methods to obtain data, up to and including the old fashioned rubber hose). It is to lock out intruders, potential hacks, people who would maliciously alter data in flight, and people who are collecting information they have no right to. This is why I use a VPN service.
For example, when using a Wi-Fi network, it isn't uncommon for some WISPs to intercept the data stream to do ads, log all DNS requests and URLs transferred for data mining purposes, or even insert a Web frame in a HTTP stream with their crap on it. Firing up a VPN (TLS based or PPTP) keeps them out of my business. Same with some ISPs. Why should I allow an ISP to make cash from my Web browsing from a Phorm like server, unless I get a discount on my service? Then there are attacks like FireSheep (although that specific one is mitigated by a constant SSL connection).
Having a VPN is just the same thing as locking and arming a car alarm, or throwing a deadbolt before going to sleep. It is to keep thieves at bay.
Who cares about packets. What if I just start emailing people in Pakistan Base64 encoded random numbers? Will they have to prove it's random numbers? Does anyone have a list of government officials email addresses?
You mean like this? http://www.spammimic.com/index.shtml
Dear Business person , We know you are interested in
receiving cutting-edge information . This is a one
time mailing there is no need to request removal if
you won't want any more ! This mail is being sent in
compliance with Senate bill 2516 , Title 6 ; Section
307 . This is different than anything else you've seen
. Why work for somebody else when you can become rich
in 55 MONTHS ! Have you ever noticed society seems
to be moving faster and faster and society seems to
be moving faster and faster . Well, now is your chance
to capitalize on this ! WE will help YOU turn your
business into an E-BUSINESS plus deliver goods right
to the customer's doorstep ! The best thing about our
system is that it is absolutely risk free for you !
But don't believe us . Mrs Simpson of Maryland tried
us and says "I was skeptical but it worked for me"
. We assure you that we operate within all applicable
laws ! We implore you - act now ! Sign up a friend
and you get half off . Thanks .
John
Maybe the question should be how to promote policies that prevent software engineers from going to the evil dictator side.
Assassination seems to be a popular choice of late for dealing with technical professionals who are a bit too good at doing their jobs for the wrong sorts of people...
Il n'y a pas de Planet B.
This is a complete misread of telecoms terminology, they are not banning user encryption.
The actual regulation only mentions encryption ONCE, and that is in regard to signalling information.
Signalling information is not the data. I repeat, signaling information is NOT the data.
For phone calls, signalling is the bits that tell the system where the call is go to, and who from, and other "meta" information about the call. For data, signalling is the outer part of the IP packet that carries destination information.
The encrypted part of data is in the PAYLOAD. And they don't require the payload to be decrypted. It's also the same section that requires the
info to not be compressed. Are they really going to decompress all files before sending them off? No way.
All they are requiring is that the phone call source/destination info, and Ip traffic packets are not encrypted *further* by the ISP. Customer
VPN data will continue to flow as normal.
IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just
bog standard like many other countries do.
Bottom line: A non story. Pakistan wants ISPs to implement legal intercept. Big whoop, most countries have already done this.
Sparks:Gadget:Beer Maker
Not really, this is just the influence of the old colonial power trickling down.
Bullshit. The old colonial power was never that paranoid. Incompetent, self-centered, racist, arrogant, and lots of other things for sure. But this is paranoia, whether religious or political. It's a hallmark of lunatics and delusionals everywhere, particularly when they are trying to cling to ill-gotten and undeserved power.
... your speed limits are an offense to every thinking human ...
Except those who have lost loved ones to motor vehicles travelling over the speed limit. Believe it or not, some regulation is actually there to preserve human life and health. Would you abolish environmental protection agencies also?
Yes, I know it's off topic.
How about sending a whole load of spam emails, but altering the specific words and word-order in order to convey a message?
I bet no-one is looking through spam emails and analysing it for steganography.
You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
That's a form of steganography, which of course, is horribly inefficient.
Also it would be pretty obvious and not plausibly deniable. It's like this:
Normal conversation:
Bob: The quick brown fox jumps over the lazy dog.
Dave: the lazy what?
Bob: Dog.
Dave: Oh, I understand.
Using your technique.
Bob: The quick brown fox jumps over the lazy dog.
Dave: the lazy what?
Bob: #@23dfx!;
Dave: Oh, I understand.
A better way to do it would be like this (maybe this is what you meant but you misspoke):
Bob: The quick brown fox jumps over the lazy #@23dfx!;.
Dave: the lazy what?
Bob: Dog.
Dave: Oh, I understand.
That could actually work.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Speed limits, prohibitions on public drunkenness, and religious freedom are clearly the three basic tenets of fascism.
Gamingmuseum.com: Give your 3D accelerator a rest.