On Friday an article appeared on techdirt.com claiming that Pakistan is trying to ban encryption under their new Telco law.
Deb Hale |
Deborah 278 Posts ISC Handler |
Subscribe |
Jul 30th 2011 8 years ago |
That would mean the end of any SSL web site in Pakistan. That, in itself, would seem to make it a no-go. I can't imagine banks and the like liking that at all.
|
Bill 5 Posts |
Quote |
Jul 30th 2011 8 years ago |
From the document at : http://www.pta.gov.pk/media/monitoring_telephony_traffic_reg_070510.pdf
Page 5, 5.6 The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted and not formatted in a manner which the installed monitoring system is unable to decuipher using installed capabilities. So I guess they could still use SSL, but intercept (and take the entire point of SSL away). The document also states that this must be in place 120 days after this publication, which was March 15. - 2010 |
gs 1 Posts |
Quote |
Jul 30th 2011 8 years ago |
Not relay a great surprise !
Globally, the governments and intelligence agencie juggernauts seem to be inexorably moving towards mandatory decryption and/or key disclosure (or they throw you in jail until you do - now where have I heard this before ? ) -or- they ban anything that will deny them access to any electronic media or communication. Remember the UAE ban on BlackBerry ? |
Karl 14 Posts |
Quote |
Jul 30th 2011 8 years ago |
I think that encryption is a point of dynamic tension between the corporate world which wants/needs to have data be private and (parts of) governments which want to know everything.
Some people might suggest that it's ok if it's only the government that knows the key - as long as it's not a market competitor or something. But that's like saying that your firewall is perfectly secure, after all the only open port is port 80... Personally, I vote for privacy. |
Tim 3 Posts |
Quote |
Jul 31st 2011 8 years ago |
My opinion is this regulation doesn't actually ban encryption; it says signalling information must be provided unencrypted. In the telco world, "Signalling" information refers to such information as the originating number and the terminating number of the phone call; there doesn't appear to be any mention that the "payload transmitted over the channel" cannot contain any encrypted information.
Signalling information is data transmitted between point A and point B on the provider's telco network, that the end users never see, some signalling info is exchanged between carriers for billing; if you have say an internet connection on an OC48.... you the end user never see the signalling information, how your circuit is built, or what path through the telco network it takes, only the telco sees these signalling details. "The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted and not formatted in a manner which the installed monitoring system is unable to decuipher using installed capabilities." Is that what this is about, really? "Licensees for the purpose of these regulations the licensee means LDI, Infrastructure and/or Landing Station License" "LDI: ... a person licensed under the act to establish, maintain and operate a public fixed switched network for provision of nation-wide long distance and international telephony" "Landing Station License... an authorization granted by the authority to establish, maintain and operate private or public landing station.... which it connects Pakistan directly or indirectly with foreign countries.. in Pakistan" Where do we see any discussion/regulation about contents of _user transmitted data_, IP headers, datagram contents, etc? |
Mysid 146 Posts |
Quote |
Jul 31st 2011 8 years ago |
Wasn't PGP under export law's by the USA? Data Encryption Ban? Really?
![]() |
Mysid 27 Posts |
Quote |
Aug 1st 2011 8 years ago |
The Pakistani government is renown for its exercise of poor judgment. When a purported 'ally' harbors the likes of OBL, I think trade considerations are the least of our concerns. This is similar to the tree that falls in the forest... If Pakistan bans encryption, will anyone notice? ... or care?
|
Kilroy 4 Posts |
Quote |
Aug 1st 2011 8 years ago |
I would say this is exactly how a rumor mill works. The story was tweeted and then it caught fire - apparently very few people actually looked at the law that it was referring. Here is some of my observation on the story:
1 - This is 16 month old law. 2 - The intent was to monitor and control grey traffic - traffic which is illegal in one country while legal in other. VoIP essentially. The pdf also indicates to that monitoring telephony traffic!! 3 - It does not talk about banning any sort of traffic. However it does talk about moving the traffic that cannot be converted to approved standard for archival at the Authority - this would be the encrypted traffic. Still it does not say it should be blocked by default. 4 - The law it seems is designed to control illegal VoIP operators, to ensure the licensed parties are not put on a disadvantage - however the technology required by this law can be of dual use. This part is most alarming. Privacy is the major concern as Bill indicated in his post. 5 - Concerns should be if in US such powers resulted in abuse - what can we expect in a nation which has much lower legal standards and almost no oversight. What happens to the right of the citizens to privacy? 6 - I do not think this will result in banning of encryption in Pakistan - I highly doubt that and definitely this law does not indicate as such. 7 - We should also perhaps look into how rumor are started especially through social media and what is their net effect on our understanding of the issues. |
Kilroy 1 Posts |
Quote |
Aug 1st 2011 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!