Skip to Content
Uncategorized

Pakistan May Have to Abandon Cryptography Ban

As other countries have discovered, businesses need encrypted communications.
September 2, 2011

This week, a Pakistani Internet service provider (ISP) leaked a government regulatory memo requiring all ISPs to block encrypted communications sent over virtual private networks (VPNs).

The leak set off debate over government-imposed limitations on privacy in Pakistan and elsewhere. But even as the debate continues, the new regulation could prove impractical because of the harm it is liable to inflict on many businesses, security experts say.

According to the memo, the intent of the ban is to prevent militants from using secure connections to relay information to one another. But it will affect many ordinary citizens’ communications. And it’s likely to have an even greater impact on businesses, which regularly use VPNs to conduct e-commerce and send internal communications securely, says Rainer Enders, chief technology officer of NCP Engineering, a German provider of VPN software.

“The business use of the Internet requires encryption and requires authentication and security and confidentiality, so this does not make any sense,” says Enders. “It is a very questionable move.”

The OpenNet Initiative, an academic group that studies Internet censorship and surveillance, recently conducted a survey of policy in 15 nations, including Pakistan. All the countries surveyed censor Internet access in some way, but, the group found, most allow the use of encryption. Even in the wake of protests across the Middle East, which led many countries to curtail Internet access, they did not limit encryption. The Chinese government censors the Internet heavily, but it still allows the use of virtual private networks, and the technology is widely used by Chinese businesses.

Moxie Marlinspike, chief technology officer and co-founder of Whisper Systems, a firm focused on securing smart-phone communications, says about the Pakistani ban, “I kind of felt like these tactics were kind of over. It is very difficult to restrict the distribution of cryptography. Regulating information is really hard.”

Pakistan may eventually follow the lead of the U.S. and other governments, says Marlinspike, switching focus away from deciphering data in transit and toward gaining access to stored data. “All this information accumulates at Google, at Facebook, at Yahoo Mail—wherever,” he says. “Governments are moving to the end point where information naturally accumulates and doing what they are going to do there. It is a more indirect strategy.”

In the 1990s, the U.S. government attempted to restrict the use of encryption—but it faced opposition from civil-liberties groups and ultimately found the regulation impractical to enforce, in part because of encryption’s business applications. Nowadays, U.S. intelligence agencies eavesdrop on international communications, but domestic law enforcement generally relies on subpoenas to gain access to stored communications. In support of that strategy, over the last decade the U.S. Department of Justice has pushed to require Internet service providers to hold onto data for at least a year.

The best way for citizens and businesses to deal with the ban in Pakistan, says NCP’s Enders, is to continue to use encrypted communications for legitimate purposes—in effect passively resisting the restrictions. It would be hard, he says, to use technology to circumvent the ban. Software that enables steganography—hiding messages in innocuous-seeming forms of communication—is freely available and would allow people to communicate without tipping off the authorities, but it is far more complicated to use than a VPN.

“There are various ways to get around technical bans, but this is mainly a way to instill fear,” Enders says. “I don’t think it will be very successful. It’s not something that they can easily enforce.”

Keep Reading

Most Popular

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

supermassive black hole at center of Milky Way
supermassive black hole at center of Milky Way

This is the first image of the black hole at the center of our galaxy

The stunning image was made possible by linking eight existing radio observatories across the globe.

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.