Reports Claim That Pakistan Is Trying To Ban Encryption Under Telco Law

from the yvxr-gung-jvyy-jbex dept

Fri, Jul 29th 2011 12:28pm — Mike Masnick

As various governments have tried to clamp down, censor and/or filter the internet, all it's really done is increase interest and usage of encryption tools such as VPNs. Every so often we have commenters who insist that outlawing encryption is the obvious next step for governments, though that suggests an ignorance of the practical impossibility of truly banning encryption -- which, after all, is really just a form of speech. The US, of course, famously toyed with trying to block the export of PGP in the 90s, but finally realized that it would likely lose big time in a court battle. While I could certainly see some politicians here trying to ban certain forms of encryption, I couldn't see any such effort being successful long term.

In other countries, however, they seem ready to make a go of it. Privacy International is reporting that Pakistan is trying to ban the use of encryption, including for VPNs, as part of the implementation of a new telco law (pdf) which requires telcos to spy on their customers. Obviously, encryption makes that tougher, so the response is just to ban it entirely.

But here's the big question: can any such ban really be effective? I mean, if you and I agree on using a simple cipher between us, that's "encryption," but is indistinguishable from "speech" in most contexts. That means any such ban on encryption is effectively and practically useless the moment it goes into effect. There will always be incredibly simple ways around it. Trying to ban encryption is like trying to ban language. You can't reasonably do it.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, pakistan

52 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Joe Publius (profile), 29 Jul 2011 @ 12:32pm

Do I get some sort of wooden nickel for realizing that the message was a rot13 encryption?
[ link to this | view in chronology ]
- Some Other Guy (profile), 29 Jul 2011 @ 1:24pm
  
  Re:
  Like that will work!
  [ link to this | view in chronology ]
Nicedoggy, 29 Jul 2011 @ 12:35pm

The good part for all the enemies of Pakistan is that now there is no protection against snooping.

I don't think the Pakistanis understand the security consequences of what they are doing.
[ link to this | view in chronology ]
Joe Publius (profile), 29 Jul 2011 @ 12:35pm

Qhu, Rapelcgvat!
Naq lrf, hygvzngryl gurer'f ab cbvag va gelvat gb ona rapelcgvba. Crbcyr jvyy fvzcyl nqncg hagvy gurl pbzr hc jvgu plcuref gung znxr gur Iblavpu Znahfpevcg ybbx yvxr n Qvpx naq Wnar obbx.
[ link to this | view in chronology ]
Anonymous Coward, 29 Jul 2011 @ 12:36pm

lol good luck to them, they'll need it
[ link to this | view in chronology ]
:Lobo Santo (profile), 29 Jul 2011 @ 12:36pm

Eh?
Bans ALWAYS work{!}

Why, the US Government has a ban on murder, and it never happens in the US anymore{.}
[ link to this | view in chronology ]
Anonymous Coward, 29 Jul 2011 @ 12:38pm

SWEET!
So they are going to transmit banking data in the clear!?!?
[ link to this | view in chronology ]
- anonymous, 29 Jul 2011 @ 12:41pm
  
  Re: SWEET!
  i guess they'll have to, itll be against the law to encrypt it, say friend, do you want to do some business together :)
  [ link to this | view in chronology ]
- Joe Publius (profile), 29 Jul 2011 @ 12:42pm
  
  Re: SWEET!
  Actually they're contracting their data security workload to Sony.
  
  Buh-zing!
  [ link to this | view in chronology ]
  - Anonymous Coward, 29 Jul 2011 @ 12:50pm
    
    Re: Re: SWEET!
    It's a tempting proposition, but I'm a bit busy helping to crowd source a Teledildonics project right now...
    
    http://freefactfinder.com/definition/Teledeldonics.html
    [ link to this | view in chronology ]
    - el_segfaulto (profile), 29 Jul 2011 @ 12:56pm
      
      Re: Re: Re: SWEET!
      I get the feeling that this comment was attached to the wrong parent, but it is still frickin' hilarious under this one.
      [ link to this | view in chronology ]
- Ninja (profile), 29 Jul 2011 @ 12:54pm
  
  Re: SWEET!
  My first thought. IT's fail on so many ways that I can't even begin to describe. Hopefully the Govt communications will not be encrypted for our joy and lulz.
  [ link to this | view in chronology ]
  - el_segfaulto (profile), 29 Jul 2011 @ 12:58pm
    
    Re: Re: SWEET!
    I've always heard that when encryption is made criminal, only criminals will have encryption. So if we follow that logic, our politicians and governments will certainly have encryption. To protect us from teh terrorists, while the average citizen should have nothing to hide.
    [ link to this | view in chronology ]
- Dark Helmet (profile), 29 Jul 2011 @ 12:59pm
  
  Re: SWEET!
  "So they are going to transmit banking data in the clear!?!?"
  
  That was my first thought too. And not only that, but what about all the other industries that rely on some form of encryption to function? Information technology MSP firms? Gone! Phone systems with soft phones? Maybe gone? Encrypted passwords? Gone?
  
  I mean...what the hell?
  [ link to this | view in chronology ]
GWH, 29 Jul 2011 @ 12:39pm

I guess the Pakistani Gov't is hoping no Navajo, Choctaw, or Cherokee are going to call
[ link to this | view in chronology ]
Richard (profile), 29 Jul 2011 @ 12:40pm

Trying to ban encryption.
Trying to ban encryption is like trying to ban language.

Actually it amounts to a ban on sending anything unintelligible over the internet. The Welsh must be very upset!
[ link to this | view in chronology ]
- Anonymous Coward, 29 Jul 2011 @ 12:42pm
  
  Re: Trying to ban encryption.
  i love welsh jokes
  [ link to this | view in chronology ]
- Anonymous Coward, 29 Jul 2011 @ 12:48pm
  
  Re: Trying to ban encryption.
  And as a side benefit, their politicians will actually have to express themselves clearly in their messages, lest the unintelligibility get them arrested.
  [ link to this | view in chronology ]
- el_segfaulto (profile), 29 Jul 2011 @ 1:01pm
  
  Re: Trying to ban encryption.
  The Welsh, and lawyers/legislators. I've understood Welshmen far better than the legalese in the average EULA or the U.S. Code of Laws.
  [ link to this | view in chronology ]
- Michael Lockyear, 29 Jul 2011 @ 2:05pm
  
  Re: Trying to ban encryption.
  As will some of the commentators on this blog!
  [ link to this | view in chronology ]
- Twm Si�n Cati, 30 Jul 2011 @ 5:01am
  
  Re: Trying to ban encryption.
  Pam y dylen ni fod yn anhapus? Does dim problem gyda'r Gymraeg. Mae'n berffaith dealladwy i mi (ac i filoedd o bobl eraill!)
  [ link to this | view in chronology ]
DCL, 29 Jul 2011 @ 1:04pm

Is that a right
Does Pakistan have right to free speech clause as a bases in their laws? I would guess not.

Either way it still seems silly to try to ban it. I bet the definition of 'encrypted' is along the lines "any communication that can't be understood by a government official. So if they don't understand pig-Latin a bunch of visiting American kids are going to be in big trouble!
[ link to this | view in chronology ]
Anonymous Coward, 29 Jul 2011 @ 1:07pm

big surprise for a nation such as this. /sarcasm
[ link to this | view in chronology ]
Ted Rosenberg, 29 Jul 2011 @ 1:19pm

encryption
Well, if they get very far with the ban, there are still native American indians who would be willing to hire on as "code talkers" because no one in Pakistan can read Navajo or Hopi
[ link to this | view in chronology ]
holizz, 29 Jul 2011 @ 1:20pm

This is the legislative equivalent of an EMP. There aren't many electronic devices that will be legal if this were to pass.
[ link to this | view in chronology ]
Anonymous Coward, 29 Jul 2011 @ 1:38pm

Security
Encryption is often used for security. Compare for instance telnet, which is laughably easy to intercept, to ssh. Compare HTTP to HTTPS. Compare "open" wireless to WPA2.

Banning encryption will lower the security of the whole country.
[ link to this | view in chronology ]
Anonymous Coward, 29 Jul 2011 @ 1:51pm

So encryption tools will not be made illegal in this country ever...its not going to happen... so I wouldn't even worry to much about the debate. How might one know this you ask? Because....wait for it....DRM uses encryption.

We've got the **AA lobbyists on our side.
[ link to this | view in chronology ]
- chris, 30 Jul 2011 @ 6:42pm
  
  Re:
  Relying on "businesses need encryption" to ensure that such a ban couldn't happen here is unsafe. What makes you think the law will extend to everyone equally? For a long time now businesses have enjoyed more rights than citizens. If you install an unauthorized rootkit on someone's computer you will go to jail. Did anyone from Sony? If you dump large amounts of oil into US waters, even by accident, you will go to jail. Did anyone from BP? I could go on and on. Besides businesses, most government officials carry immunity from many types of laws. Accidentally kill someone? You're going to jail. You're a cop and it was in the course of duty? Apologize and move on.
  [ link to this | view in chronology ]
ASTROBOI, 29 Jul 2011 @ 1:56pm

It will be like all the other prohibitions.
Once encryption is banned all that remains is to define what encryption actually is. Look at history: The RICO act was supposed to make it possible to arrest gangsters just for belonging to a gang. Who could argue with that? But today, if even two people appear to be involved in something the government doesn't like, the RICO act is pulled out and now the couple is facing a serious federal felony. Consider the laws against so-called "child porn": we have people threatened with decades in jail and destroyed lives over pictures of willing, paid, 17 1/2 year old women who posed for pictures. And of course the sex-offender registry, originally meant to keep track of serious criminals. Now its used to threaten young kids who shoot a moon at a detested teacher or administrator. It has become nothing but a club to punish insubordinate kids exercising their supposed right of free speech. So too, the criminalization of "encryption" will eventually be degraded to include use of slang and colloquial terms. Kids will be accused of encrypting criminal messages through the use of hip-hop terms and nerds will be encrypting deadly messages by using acronyms. We all better just stay indoors and keep our mouths shut.
[ link to this | view in chronology ]
Joe Publius (profile), 29 Jul 2011 @ 2:02pm

Mental Note
Much like the nation of Pakistan, the TD message board software also hates encryption. :)
[ link to this | view in chronology ]
Thomas Jefferson, 29 Jul 2011 @ 2:11pm

Upid-stay overnment-gay.
[ link to this | view in chronology ]
btr1701 (profile), 29 Jul 2011 @ 2:31pm

No Way
> The US, of course, famously toyed with
> trying to block the export of PGP in the
> 90s, but finally realized that it would
> likely lose big time in a court battle.
> While I could certainly see some politicians
> here trying to ban certain forms of
> encryption, I couldn't see any such effort
> being successful long term.

Yes, that's a nice philosophical/legal analysis but the practical reality is that encryption will never be banned in the USA because Big Copy would have a shrieking meltdown if the government ever tried to do that. Can you imagine their reaction if all their current and future DRM schemes suddenly turned into criminal offenses and them being required to broadcast/provide all their content in the clear?

As has been pointed out here too many times to count, there are far too many politicians who routinely drop trou and bend over for Big Copy for there to ever be enough votes to pass a ban on encryption.
[ link to this | view in chronology ]
- G Thompson (profile), 30 Jul 2011 @ 12:09am
  
  Re: No Way
  The Problem with 'Big Copy' is that they are trying to keep encryption legal whilst trying to make decryption illegal
  [ link to this | view in chronology ]
Anonymous Coward, 29 Jul 2011 @ 2:57pm

This won't last long. As soon as the US hears that Pakistan is thinking about making open WiFi the only legal type of wireless network, they'll send over the MIB to enforce compliance with US law.
[ link to this | view in chronology ]
chris, 29 Jul 2011 @ 4:56pm

So does that mean if you're browsing some e-commerce site and your browser redirects you to an https page that you could get arrested? Crazy.
[ link to this | view in chronology ]
aldestrawk (profile), 29 Jul 2011 @ 5:19pm

It's not about banning cryptography
My reading of the regulation is that Pakistan is requiring that all traffic can be monitored and that the signaling information cannot be encrypted. I could be wrong, but my understanding of the term "signaling information" is the set of mechanisms and algorithms allowing for call setup and breakdown, billing, and administrative functions. It seems to me the actual traffic, be it voice or data, can be encrypted but their has to be a way for the monitoring system to understand it (i.e. a backdoor).

This backdoor is what a lot of governments desire. It is a way to obtain a key for any cipher used. This will make it far easier to track and prosecute or persecute all criminals, both real and political. This is not foolproof. If illegal encryption is used, the government could possibly identify the communication endpoints and prosecute just on the basis of utilizing an illegal cipher. Smart criminals and dissidents will resort to using strong, illegal encryption along with steganography and traffic obfuscation (i.e. Tor Onion Routers). The technology that would make the system functional on a general basis is automatic flagging or filtering of packets identified as using illegal encryption. In the U.S., considering that the NSA is already monitoring all our communications, this is not far-fetched.

When strong encryption, encryption that the U.S. federal government couldn't defeat, became available to the masses in the early '90s, the U.S. became involved in two separate struggles. One was the export of strong cryptography and the main battle was with PGP and Phil Zimmermann. The feds dropped their indictment of Mr. Zimmermann without any comment. The code had been exported, but it was not clear that Phil was instrumental in doing that. Later, court precedents did allow algorithms for strong cryptography to be published and exported, protected as free speech by the first amendment. The feds did relax the rules on export, recognizing their futility because of the free speech aspect and also recognizing that it hurt U.S. business by restricting the use of strong encryption in international transactions.

The other front in the strong cryptography battle was the feds attempt to put backdoors in any system using cryptography. The Clipper chip was an effort to do this for voice transmission. It was not mandatory, and the existence of alternatives and the fact that the algorithms behind clipper were classified and could not be independently evaluated for vulnerabilities led to it's demise.

Why wouldn't the U.S. government be successful in making backdoors mandatory for all strong ciphers? Business needs strong encryption for both domestic and international transactions. A U.S. business might not trust having a backdoor available even if that backdoor is supposedly restricted with a key escrow system. More importantly, would a foreign business trust the U.S.? Such a requirement would have put U.S. businesses at a disadvantage in international competition.

France, in the mid '90s had very strong restrictions on the use of cryptography. France's decision to drop their strict cryptography laws came about because of lobbying from businesses. This link briefly describes that decision and humorously gets the French Finance Minister's gender wrong (it was Dominique Strauss-Kahn, yes, that DSK!).
http://www.theregister.co.uk/1999/01/15/france_to_end_severe_encryption/

If you think that the U.S. will never have laws restricting the use of cryptography, think again. There have been laws introduced that would make the use of cryptography an enhancement when committing a felony. Consider also, the slow but steady expansion of CALEA regulations.

The following is a good summary of existing crypto-law in various contries:
http://rechten.uvt.nl/koops/cryptolaw/
[ link to this | view in chronology ]
- Josh in CharlotteNC (profile), 29 Jul 2011 @ 10:13pm
  
  Re: It's not about banning cryptography
  My reading of the regulation is that Pakistan is requiring that all traffic can be monitored and that the signaling information cannot be encrypted. I could be wrong, but my understanding of the term "signaling information" is the set of mechanisms and algorithms allowing for call setup and breakdown, billing, and administrative functions. It seems to me the actual traffic, be it voice or data, can be encrypted but their has to be a way for the monitoring system to understand it (i.e. a backdoor).
  
  Even if your interpretation is correct, that would still outlaw VPN and any other type of encrypted proxies. VPNs encapsulate a normal packet, including all header and signalling information, between two points. Once the packet arrives at the other end of a VPN, it is decryted, the extra VPN header stripped, and the packet is sent on its way. There is no way to track that packet after it reaches the end of the VPN with only the information you had by monitoring the encrypted packet.
  
  No sane business would operate with their data following over an open network without encryption. Many business based in other countries, notably banks (or anyone dealing with financial information) and those dealing with medical information are legally required to protect that data with encryption.
  [ link to this | view in chronology ]
  - aldestrawk (profile), 29 Jul 2011 @ 10:26pm
    
    Re: Re: It's not about banning cryptography
    The way that the term "signalling information" is used in the U.S. does not include any header in the entire protocol stack. The signalling information is "out of band". Look up SS7 and how it is used in the Telcom world. What I am not absolutely sure about is how that term is being used by Pakistan in this law. If, in fact, they are referring to any header information then you are absolutely right as "No sane business would operate with their data following over an open network without encryption".
    [ link to this | view in chronology ]
TDR, 29 Jul 2011 @ 7:03pm

Just thought I'd quote from Red Dwarf here, as it seems appropriate:

Rimmer: Open communications channels, Lister. Broadcast on all known frequencies and in all known languages, including Welsh.

I can't see how Pakistan has any hope that this idea will work.
[ link to this | view in chronology ]
- Atkray (profile), 29 Jul 2011 @ 10:30pm
  
  Re:
  +1 for Red Dwarf
  [ link to this | view in chronology ]
Common Sense, 29 Jul 2011 @ 7:07pm

Pakistan is not a free nation. Pakistan hangs people on suspicion of "blasphemy" or "sexual immorality."

If their legal system can send people to the gallows for questioning ancient superstition then it is more than capable of enforcing a very vague "anything else" clause against anyone who the secret cyberpolice believed to be trying to engage in clever circumvention.

Unfree nations do not have loopholes and safe harbors.

Soviet era dissidents didn't have that luxury either. If they didn't like you then there was always something or another on the books enabling them to do basically whatever they wanted.

Arguing over what is and isn't within the bounds of technical language is meaningless when the police can accuse a person of doing something "they shouldn't" and which the police "don't like" and be assured that guilt will be rubber stamped by a kangaroo court.

In unfree countries you have no rights to begin with, only temporary privileges.

An unfree nation moving against encryption will not afford users any sort of due process by adhering to what is and isn't strictly mentioned by the law.

Nations with a lack of due process come down on anyone who violates the spirit of the law, whereas we in free nations exonerate those who comply with the letter of the law.
[ link to this | view in chronology ]
- LOL, 30 Jul 2011 @ 7:34pm
  
  Re:
  Please tell me which nations are free.
  [ link to this | view in chronology ]
- Anonymous Coward, 22 Jun 2012 @ 6:55pm
  
  Re:
  The US is not exactly not an unfree nation anymore if you catch the drift. Certainly the drift has caught the populice.
  [ link to this | view in chronology ]
Charles Tryon, 29 Jul 2011 @ 7:22pm

Banning Business??
Banning encryption is also effectively banning any form of digital business. Can you imagine how long legitimate businesses are going to stand for having ALL of their communications with partners, suppliers, employees, customers, banks and financial institutions traveling in plain text over the Internet??
[ link to this | view in chronology ]
Justin Olbrantz (Quantam), 29 Jul 2011 @ 8:03pm

Copyright Alliance Blog
I seem to recall somebody on Copyright Alliance blog suggesting requiring government licensing of all use of encryption as a means of preventing encryption for masking copyright infringement.
[ link to this | view in chronology ]
Shahzeb, 30 Jul 2011 @ 5:17am

they cant do that
i dont see a point of desperation for that act people dont do much stuff online here in Pakistan beside socializing or entertainment. PakistanOnLine(dialup isp) which blocked adult natured stuff for 1 month and they did not have enough money to pay their bills. I guess how many people know whats VPN about yeah they know when they travel to middle east.
[ link to this | view in chronology ]
Smiling_Satan, 30 Jul 2011 @ 2:30pm

I hate being online
well....now im afraid doing my online transactions,sending my personal data to my recruiters and other people.....simply i cannt do anything....its better to be offline...may be that can bring problem to me as FBI may smash my door thinking i am doing something spooky and this new law may expose me......damn! what should i do now :(
all banks use VPNs,all telcos use these..i can never consider paki media secure with my data...
[ link to this | view in chronology ]
Dfg, 31 Jul 2011 @ 1:57am

Hahha, idiots
Okay, I know most of you're guessing things about Pakistan but let me give you the big scoop; Pakistan is a shithole, yes I know I am being rude but hey I can be rude because I actually live there.

We have many ISPs but PTCL is the major Internet contractor throughout Pakistan. The Internet service is worse than anything I have ever used before, line drops, disconnections and not to mention other issues. Now, we're already using a crippled system adding something like this rule/filter is just stupid. You know why it's stupid? Because people in Pakistan don't have a clue. The PTCL is a Government component and even if they implement the system they will only make their lives harder.

They might try to bans certain things but considering their history (Banning Youtube (LAWL)) I don't think they're capable of doing it.

But hey thanks to this move, I will start using SSL more and get VPNs accounts because honestly I am tired of Pakistan politics. These people are MORONS! Someone gives them the order and without even thinking they just go for it.

I hope they try to implement this fail, I am going to make sure to complain the f**k out of it :D.

TL;DR, Pakistani Government and Agencies are idiots. I am surprised they didn't ban the whole Internet already, oh wait they can't hahahaha.
[ link to this | view in chronology ]
- karachidude, 31 Jul 2011 @ 8:38am
  
  Re: Hahha, idiots
  it doesnt make any sense,pakistans not a shithole,its a piece of land,i know it because i live there,the big scoop is ur anus is a shit hole.
  anyways judging from what u have to say bout ur country,ur a ungrateful son of a "cross between a african american sex tourist and a cheap hera mandi tramp",yes i know i am being rude but hey i can be rude i have met people who talk trash about there country on international forums,and when i traced them back a bit,i found bout this whole new breed :)
  [ link to this | view in chronology ]
hugh williams, 31 Jul 2011 @ 5:36am

banning encryption so that would ban SSL
[ link to this | view in chronology ]
gary k, 1 Aug 2011 @ 9:00am

ALL encryption?
does this apply to the government as well? Use of SATCOMM, any type of VOIP or landline phone encryption, any material that shold be protected from non government use? What about hashing? Does integrity go down the toilet as well?

Commmon, if this is a way to snoop to people, the people who are scared, may obey. Then only the criminals will use encryption. Its like trying to take the guns away from all good people, so the crooks can have open season on them.

Lets see how this all washes out. It may have been a misunderstood comment, and then, the knee jerk reporters grabbed what they could just in time for print.
[ link to this | view in chronology ]
Anonymous Coward, 4 Aug 2011 @ 6:55pm

Honda Financial being proactive
Honda Financial Services (www.hondafinancialservices.com) has been sporting a 'VeriSign Secured' logo on their website while at the same time defaulting to clear, unencrypted finacial transactions since at least early July.

Are they headquartered in Pakistan?
[ link to this | view in chronology ]