Re: Pakistan to ban encryption software
- From: "Norman Wells" <hex@xxxxxxxxxxxx>
- Date: Thu, 1 Sep 2011 10:12:41 +0100
On 31/08/11 22:25, Norman Wells wrote:
While a VPN isn't something I use for personal things,
I do use it for connecting to networks such as universities and
colleges, I don't see why that information should be unencrypted
either. Should personal emails sent across academic or business
networks be public? Should corporate or academic information which
is often highly confidential be made public? Of course not, and you
are not suggesting it is,
Then why raise it?
Because what is proposed will make using VPNs a quick ticket to a
visit from the police, and not all users of VPNs are corporate office
to office, I'd say a lot of them are work related say for working from
home, or academic working from home. It is in Pakistan, that does not
particularly bother me immediately, but should that idea become
popular in the EU it would bother me. If I use VPNs, I don't see why that
should invite police investigation.
No-one's saying that legitimate uses don't exist in business or academia, or that they'll be banned. What are under threat are personal communications where there is no such justification but serious abuse.
Try doing some packet capture in promiscuous mode on a medium sized
network you have access to (and of course, permission to packet
capture, which is illegal without said permission). Email logins,
passwords, the content of the email itself, all quite easy to
capture and reconstruct. You are relying on everyone with access to
any network inbetween the sender and the receiver being honest and
No you're not. It's not like a letter, which can be stolen and
opened at any point. Email is divided and sent in many different
Right, and when you have enough packets you can reassemble them, with
a few clicks, actually 2 clicks last time I used some packet capture
software, which was about a week ago.
There's always a criminal element around. But the point remains that general email is at least as secure as a letter, and that greater security than that is not generally warranted.
Look, I'm not arguing that commercial transactions and communications
shouldn't be secured, just that private individuals in the normal
course of events have no legitimate need to use encryption, so there
is little to be lost if they're not allowed to. If there are
significant advantages to be gained by generally not allowing it,
it's a small price to pay.
So who decides what is the legitimate need?
It's what we elect governments for.
I'm asking again, should
all your communications be open to inspection at all times? At what
level do you think the power to inspect should cut off? How many
people and for what reason should be able to inspect it? This kind of thing is
already well regulated, for phones, post, and email as it is
Then it is sufficient. No-one's proposing anything less.
Failure to divulge encryption keys carries a penalty already, if people are
hiding something really obnoxious, they will of course not reveal the keys
for encrypted hard drives let alone emails. Making VPNs restricted
will do nothing to solve the problem of that kind of encryption.
But it will make non-disclosure punishable in its own right, hopefully to the same extent as if something serious had been kept hidden.
Sadly I think that is not so, and the
distance between sender and receiver just increases the chances of
it being read.
The more servers it traverses the more points where someone malicious
can access the server or the server has some other issue, such as
being compromised deliberately in such a way that it will harvest
It's still as secure as people with no criminal intent need. If it wasn't no-one would ever use ordinary email systems.
It is nothing to do with my email personally, those
engaged in that activity capture everything they can and sift
through it later.
You may think my personal life is uninteresting, and I am sure the
intimate details of it are, but things like names, dates of birth,
places I visit, who my relatives are can all be used to build up the
required information for identity theft. It's much safer than trying
to rummage in my bin, and far more information can be gleaned.
Of course it isn't safer. It's also a lot more difficult.
It's safer for someone in Russia to collect data on me by collating it
online than it is for them to send someone around to rummage in my
bins or break into my house, obviously.
But much more difficult.
There have been cases of fake ATM machines fitted in the morning and
within hours of people using the fake machine (and the fake machine
still being in place, so the data was retrieved over wifi) the same
card details used in one of the former Soviet states. Presumably the
card details are sold in batches as quickly as possible. There is far
far less risk for the person buying those card details and using them than
coming along and stealing the card. The end buyer is not even directly
connected to the theft, so where is the risk of being caught for the
And what has that to do with VPN? It's just normal criminal behaviour.
Something as innocent as sending happy birthday email along with
some travel plans, perhaps with hotel dates.... you get the idea.
I get the idea you're paranoid, and perhaps don't understand as much
as you should.
Not at all, it's normal practice in certain jobs to avoid any such
information being given out. Even in low grade governments jobs things
like notebooks (the paper kind) are supposed to be locked in desks
when you go for a tea break. There is a reason for those precautions, I've
sat through enough lectures on data security from employers training
programmes and academic lectures as well, to take them seriously. If
you want to call me paranoid when a lot of money is being spent
training people to think about these things and NOT treat email as secure,
then I think it's you who might not understand as much as you could.
I don't say should, because in most areas people don't need to be overly
cautious with their data, but in some areas they do, and unencrypted
email is not reliable in a lot of those cases.
Ordinary email is perfectly secure enough for individuals to use for personal communication. It's only if they have something they desperately want to hide that they turn to systems like VPN.
- Re: Pakistan to ban encryption software
- From: martin
- Re: Pakistan to ban encryption software
- Prev by Date: Re: Gay Love Scenes on telly
- Next by Date: Re: Pakistan to ban encryption software
- Previous by thread: Re: Pakistan to ban encryption software
- Next by thread: Re: Pakistan to ban encryption software