Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pakistan Bans Encryption

Posted by Soulskill on from the for-undecipherable-reasons dept.

An anonymous reader writes "After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such services cannot be monitored by the government."

15 of 351 comments (clear)

  1. Re:Question by Chris+Burke · · Score: 5, Funny

    How can one detect if a packet is encrypted? How do you distinguish unencrypted binary data from encrypted binary data?

    By checking the "encrypted" bit in the TCP/IP packet header. It's right next to the "evil" bit.

    --

    The enemies of Democracy are
  2. Dear Pakistan by Dunbal · · Score: 5, Insightful

    Save yourselves some money and some bother, and just disconnect yourselves from the internet! That way you'll be Safe (tm).

    This has just prevented pretty much anyone who works for a Fortune 500 company from doing anything in Pakistan on company laptops. I dunno, maybe that's a good thing? I can imagine that now more than one "elected official" will point to Pakistan as a shining example to follow (just like what happened earlier with RIM and the Blackberry in India and Saudi Arabia and later everywhere) and VPNs will no longer be allowed because of course they could be the tools of terrorists. Damn, why did I have to wake up in this parallel universe 10 years ago.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Dear Pakistan by h4rr4r · · Score: 4, Informative

      Try Fortune $infinity. The company I work for is no where near Fortune 500 or even 5000 and we still could not have anyone work from Pakistan now.

  3. Re:good luck with that by spazdor · · Score: 5, Insightful

    Yeah, this is pretty much an unwinnable arms race. No matter how much deep packet inspection brute-force they want to employ - If they allow any protocols at all to run unrestricted, it'll be possible to tunnel data over it. Hell, give me an ICMP-only network and I'll encode data payloads into the TTL numbers.

    Pakistan is gonna have to cut off its Internet backbones entirely if it's serious about shutting down encrypted communication.

    --
    DRM: Terminator crops for your mind!
  4. And the rest? by Lieutenant_Dan · · Score: 5, Insightful

    What about digital signatures?

    eCommerce using SSL?

    Password-protected files?

    OS passwords?

    --
    Wearing pants should always be optional.
  5. no more shopping in pakistan for me by sneakyimp · · Score: 4, Funny

    Rats. I was planning to make a huge purchase of textiles and smuggled afghan opium from PakistanMallOnline.com with my credit card. Now, since it won't be encrypted, I cannot. Guess I'll have to buy from IndiaMallOnline instead.

  6. Not just no encryption -- also logging EVERYTHING! by Anonymous Coward · · Score: 4, Informative

    The new law not only imposes exciting requirements so that the gov't can monitor all communications for 120 days, but also forbids anyone but the government to "monitor, reconcile, or block any traffic" -- so the ISP, parents, schools etc. are not allowed to do that.

    The encryption ban isn't all that impressive, just typical government not-thinking-things-through, and easily enough fixable -- they could add an exception for banks, permitting encryption but the bank has to store the corresponding unencrypted data. FWIW, the requirements pertaining to this may be in place (I'm not a lawyer, so I'm not sure if that's what the second statement here means, or if it's more a Room 641A thing for international comms passing through):

    (6) The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted, and not formatted in a manner which the installed monitoring system is unable to decipher using the installed capabilities.

    (7) In case it is not possible to monitor the signaling information of some traffic at the Probe and the Authority has agreed to let the traffic pass through, the required signaling information shall be extended from the Licensee(s) and Access Provider(s) network's premises, at their own cost, including but not limited to the required format conversions, hauling of data to the Authority designated location, and installation of additional equipment to achieve information as specified in subregulation (6) above.

    What's really jawdropping is requiring that every fucking byte going through every ISP or telco in Pakistan must be logged for 120 days. In other news, the middle east division of every vendor of massive storage arrays report 1000% increase in sales...

    Read the law here (PDF), it's only 6 pages.

  7. What an opportunity... by TiggertheMad · · Score: 5, Insightful

    If all encryption is being banned, then it should make it trivial to start stealing passwords and bank card numbers from Pakistanis. We don't have an extradition treaty with them do we? Ready, set, crack!

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
  8. no remote workers by bugi · · Score: 5, Interesting

    They won't have anymore telecommuters. One of our workers awhile back was resident in pakistan. No way are we going to let our data over the wire in the clear, so we can't hire from there anymore.

  9. Re:I spoke too soon by MightyYar · · Score: 4, Interesting

    And don't forget ye olde Tunnel Over DNS!

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  10. Re:Not just no encryption -- also logging EVERYTHI by NotSanguine · · Score: 4, Informative

    Based on my reading of the law (thanks for posting the link to the PDF, AC), you can still encrypt traffic (think banks, online retailers, etc.) as long those who employ it add additional network links to the Pakistani government, pass all traffic to the government and provide them with the appropriate keys. Said additional links and any supporting hardware and/or software to be implemented at the TLS/SSL users' expense.

    AFAICT, The 120 days that the OP refers to isn't how long they have to keep the data, it's how long ISPs have to implement the environment.

    N.B. IANAL

    --
    No, no, you're not thinking; you're just being logical. --Niels Bohr
  11. Re:Satellites? by MimeticLie · · Score: 5, Informative

    Iran has been accused of jamming satellite connections in the past, as has Libya. The US apparently has the capability.

    As for how it's possible, Wikipedia has a brief description of the process. Because of the satellite's distance, it's signal is relatively weak when it reaches the ground (you're familiar with the inverse-square law, right?). A terrestrial broadcast will be much stronger and can drown out the signal from the satellite.

    (reposting this because I forgot to login. whoops)

  12. Re:Question by betterunixthanunix · · Score: 4, Insightful

    Yes, I am sure that would go over real well:

    Government: "What are you doing sending this encrypted data?!"
    Citizen: "Encrypted?! That's just random bits that I was sending to my friend in America!"
    Government: "Oh, never mind then. It's not like we have any reason to think that you would not be sending random bits to someone in America!"

    --
    Palm trees and 8
  13. Re:Hrrm.. by Uncle+Warthog · · Score: 4, Insightful

    I smell a revolution brewing.

    So do they. That's why they're putting the ban in place.

  14. Pakistan is NOT benning encryption by riflemann · · Score: 4, Informative

    This is a complete misread of telecoms terminology, they are not banning user encryption.

    The actual regulation only mentions encryption ONCE, and that is in regard to signalling information.

    Signalling information is not the data. I repeat, signaling information is NOT the data.

    For phone calls, signalling is the bits that tell the system where the call is go to, and who from, and other "meta" information about the call. For data, signalling is the outer part of the IP packet that carries destination information.

    The encrypted part of data is in the PAYLOAD. And they don't require the payload to be decrypted. It's also the same section that requires the
    info to not be compressed. Are they really going to decompress all files before sending them off? No way.

    All they are requiring is that the phone call source/destination info, and Ip traffic packets are not encrypted *further* by the ISP. Customer
    VPN data will continue to flow as normal.

    IAANE (I am a network engineer) and I have had to deploy a government spying^Hlegal intercept platform before, and this is pretty much just
    bog standard like many other countries do.

    Bottom line: A non story. Pakistan wants ISPs to implement legal intercept. Big whoop, most countries have already done this.

    --
    Sparks:Gadget:Beer Maker