Data Encryption Ban? Really?
On Friday an article appeared on techdirt.com claiming that Pakistan is trying to ban encryption under their new Telco law.
In the article the author suggests that encryption is "really just a form of speech" and that "trying to ban encryption is
like trying to ban language".
I find the banning of encryption interesting in light of the number of United States compliance standards and laws governing
the use of encryption to protect financial data (PCI) and medical records (HIPPA) among them. These laws require that the
data be protected in place and in transit. Does the proposed Telco Law in Pakistan mean that the US will not be able to
exchange data with them? How will laws like this effect world trade?
All of the work that has been done to establish world economy could come crashing down if laws like this stand. It will be
interesting to see how this develops. Many businesses today operate in the Internet, many are moving to the cloud. These businesses and organizations need to protect their data to protect their financial stability. So in this Handler's opinion, ban encryption will never happen. Others may not agree with me. Let me hear from you. Can we or should we ban encryption?
Deb Hale
Comments
Bill
Jul 30th 2011
1 decade ago
Page 5, 5.6
The Licensee(s) and Access Provider shall ensure that signaling information
is uncompressed, unencrypted and not formatted in a manner which the
installed monitoring system is unable to decuipher using installed
capabilities.
So I guess they could still use SSL, but intercept (and take the entire point of SSL away).
The document also states that this must be in place 120 days after this publication, which was March 15. - 2010
gs
Jul 30th 2011
1 decade ago
Globally, the governments and intelligence agencie juggernauts seem to be inexorably moving towards mandatory decryption and/or key disclosure (or they throw you in jail until you do - now where have I heard this before ? ) -or- they ban anything that will deny them access to any electronic media or communication.
Remember the UAE ban on BlackBerry ?
Karl
Jul 30th 2011
1 decade ago
Some people might suggest that it's ok if it's only the government that knows the key - as long as it's not a market competitor or something. But that's like saying that your firewall is perfectly secure, after all the only open port is port 80...
Personally, I vote for privacy.
Tim
Jul 31st 2011
1 decade ago
Signalling information is data transmitted between point A and point B on the provider's telco network, that the end users never see, some signalling info is exchanged between carriers for billing; if you have say an internet connection on an OC48.... you the end user never see the signalling information, how your circuit is built, or what path through the telco network it takes, only the telco sees these signalling details.
"The Licensee(s) and Access Provider shall ensure that signaling information is uncompressed, unencrypted and not formatted in a manner which the installed monitoring system is unable to decuipher using installed capabilities."
Is that what this is about, really?
"Licensees for the purpose of these regulations the licensee means LDI, Infrastructure and/or Landing Station License"
"LDI: ... a person licensed under the act to establish, maintain and operate a public fixed switched network for provision of nation-wide long distance and international telephony"
"Landing Station License... an authorization granted by the authority to establish, maintain and operate private or public landing station.... which it connects Pakistan directly or indirectly with foreign countries.. in Pakistan"
Where do we see any discussion/regulation about contents of _user transmitted data_, IP headers, datagram contents, etc?
Mysid
Jul 31st 2011
1 decade ago
alibert
Aug 1st 2011
1 decade ago
Kilroy
Aug 1st 2011
1 decade ago
1 - This is 16 month old law.
2 - The intent was to monitor and control grey traffic - traffic which is illegal in one country while legal in other. VoIP essentially. The pdf also indicates to that monitoring telephony traffic!!
3 - It does not talk about banning any sort of traffic. However it does talk about moving the traffic that cannot be converted to approved standard for archival at the Authority - this would be the encrypted traffic. Still it does not say it should be blocked by default.
4 - The law it seems is designed to control illegal VoIP operators, to ensure the licensed parties are not put on a disadvantage - however the technology required by this law can be of dual use. This part is most alarming. Privacy is the major concern as Bill indicated in his post.
5 - Concerns should be if in US such powers resulted in abuse - what can we expect in a nation which has much lower legal standards and almost no oversight. What happens to the right of the citizens to privacy?
6 - I do not think this will result in banning of encryption in Pakistan - I highly doubt that and definitely this law does not indicate as such.
7 - We should also perhaps look into how rumor are started especially through social media and what is their net effect on our understanding of the issues.
mir
Aug 1st 2011
1 decade ago