Skip to Content
Uncategorized

Pakistan May Have to Abandon Cryptography Ban

As other countries have discovered, businesses need encrypted communications.
September 2, 2011

This week, a Pakistani Internet service provider (ISP) leaked a government regulatory memo requiring all ISPs to block encrypted communications sent over virtual private networks (VPNs).

The leak set off debate over government-imposed limitations on privacy in Pakistan and elsewhere. But even as the debate continues, the new regulation could prove impractical because of the harm it is liable to inflict on many businesses, security experts say.

According to the memo, the intent of the ban is to prevent militants from using secure connections to relay information to one another. But it will affect many ordinary citizens’ communications. And it’s likely to have an even greater impact on businesses, which regularly use VPNs to conduct e-commerce and send internal communications securely, says Rainer Enders, chief technology officer of NCP Engineering, a German provider of VPN software.

“The business use of the Internet requires encryption and requires authentication and security and confidentiality, so this does not make any sense,” says Enders. “It is a very questionable move.”

The OpenNet Initiative, an academic group that studies Internet censorship and surveillance, recently conducted a survey of policy in 15 nations, including Pakistan. All the countries surveyed censor Internet access in some way, but, the group found, most allow the use of encryption. Even in the wake of protests across the Middle East, which led many countries to curtail Internet access, they did not limit encryption. The Chinese government censors the Internet heavily, but it still allows the use of virtual private networks, and the technology is widely used by Chinese businesses.

Moxie Marlinspike, chief technology officer and co-founder of Whisper Systems, a firm focused on securing smart-phone communications, says about the Pakistani ban, “I kind of felt like these tactics were kind of over. It is very difficult to restrict the distribution of cryptography. Regulating information is really hard.”

Pakistan may eventually follow the lead of the U.S. and other governments, says Marlinspike, switching focus away from deciphering data in transit and toward gaining access to stored data. “All this information accumulates at Google, at Facebook, at Yahoo Mail—wherever,” he says. “Governments are moving to the end point where information naturally accumulates and doing what they are going to do there. It is a more indirect strategy.”

In the 1990s, the U.S. government attempted to restrict the use of encryption—but it faced opposition from civil-liberties groups and ultimately found the regulation impractical to enforce, in part because of encryption’s business applications. Nowadays, U.S. intelligence agencies eavesdrop on international communications, but domestic law enforcement generally relies on subpoenas to gain access to stored communications. In support of that strategy, over the last decade the U.S. Department of Justice has pushed to require Internet service providers to hold onto data for at least a year.

The best way for citizens and businesses to deal with the ban in Pakistan, says NCP’s Enders, is to continue to use encrypted communications for legitimate purposes—in effect passively resisting the restrictions. It would be hard, he says, to use technology to circumvent the ban. Software that enables steganography—hiding messages in innocuous-seeming forms of communication—is freely available and would allow people to communicate without tipping off the authorities, but it is far more complicated to use than a VPN.

“There are various ways to get around technical bans, but this is mainly a way to instill fear,” Enders says. “I don’t think it will be very successful. It’s not something that they can easily enforce.”

Deep Dive

Uncategorized

Five poems about the mind

DREAM VENDING MACHINE I feed it coins and watch the spring coil back,the clunk of a vacuum-packed, foil-wrappeddream dropping into the tray. It dispenses all kinds of dreams—bad dreams, good dreams,short nightmares to stave off worse ones, recurring dreams with a teacake marshmallow center.Hardboiled caramel dreams to tuck in your cheek,a bag of orange dreams…

Work reinvented: Tech will drive the office evolution

As organizations navigate a new world of hybrid work, tech innovation will be crucial for employee connection and collaboration.

lucid dreaming concept
lucid dreaming concept

I taught myself to lucid dream. You can too.

We still don’t know much about the experience of being aware that you’re dreaming—but a few researchers think it could help us find out more about how the brain works.

panpsychism concept
panpsychism concept

Is everything in the world a little bit conscious?

The idea that consciousness is widespread is attractive to many for intellectual and, perhaps, also emotional
reasons. But can it be tested? Surprisingly, perhaps it can.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.