Reports Claim That Pakistan Is Trying To Ban Encryption Under Telco Law

from the yvxr-gung-jvyy-jbex dept

As various governments have tried to clamp down, censor and/or filter the internet, all it's really done is increase interest and usage of encryption tools such as VPNs. Every so often we have commenters who insist that outlawing encryption is the obvious next step for governments, though that suggests an ignorance of the practical impossibility of truly banning encryption -- which, after all, is really just a form of speech. The US, of course, famously toyed with trying to block the export of PGP in the 90s, but finally realized that it would likely lose big time in a court battle. While I could certainly see some politicians here trying to ban certain forms of encryption, I couldn't see any such effort being successful long term.

In other countries, however, they seem ready to make a go of it. Privacy International is reporting that Pakistan is trying to ban the use of encryption, including for VPNs, as part of the implementation of a new telco law (pdf) which requires telcos to spy on their customers. Obviously, encryption makes that tougher, so the response is just to ban it entirely.

But here's the big question: can any such ban really be effective? I mean, if you and I agree on using a simple cipher between us, that's "encryption," but is indistinguishable from "speech" in most contexts. That means any such ban on encryption is effectively and practically useless the moment it goes into effect. There will always be incredibly simple ways around it. Trying to ban encryption is like trying to ban language. You can't reasonably do it.

Filed Under: encryption, pakistan


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Josh in CharlotteNC (profile), 29 Jul 2011 @ 10:13pm

    Re: It's not about banning cryptography

    My reading of the regulation is that Pakistan is requiring that all traffic can be monitored and that the signaling information cannot be encrypted. I could be wrong, but my understanding of the term "signaling information" is the set of mechanisms and algorithms allowing for call setup and breakdown, billing, and administrative functions. It seems to me the actual traffic, be it voice or data, can be encrypted but their has to be a way for the monitoring system to understand it (i.e. a backdoor).

    Even if your interpretation is correct, that would still outlaw VPN and any other type of encrypted proxies. VPNs encapsulate a normal packet, including all header and signalling information, between two points. Once the packet arrives at the other end of a VPN, it is decryted, the extra VPN header stripped, and the packet is sent on its way. There is no way to track that packet after it reaches the end of the VPN with only the information you had by monitoring the encrypted packet.

    No sane business would operate with their data following over an open network without encryption. Many business based in other countries, notably banks (or anyone dealing with financial information) and those dealing with medical information are legally required to protect that data with encryption.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.