A surveillance state or what?

As published by Dawn Magazine Special Report on 20th Oct’2013 

They say they’re lifting the ban on YouTube. The government has apparently come up with a brilliant plan so that just that silly video, The Innocence of Muslims, is blocked, and we can enjoy the rest of the gazillions of videos in peace. What is this plan? In order to even to begin to tell you about it, I’ll first have to explain how YouTube works.

YouTube, like other more secure websites these days, uses HTTPS instead of HTTP. When you look at the address bar in your browser when you’re at such a website, you’ll probably see a lock symbol and https://yoursiteaddress, rather than the usual http://blahblahblah. What does this mean? When you go to an HTTPS website, there is a certain exchange of certificates between your browser and the server where the site is hosted. Your browser acts a bit like an immigration officer, “May I see your passport, please?” The server says, “Here you go, sir!” And if everything looks ok, your browser allows you to view the site’s contents. These HTTPS certificates are only granted to an extremely limited number of servers across the world, and much like the holographic image on a valid visa on your passport, it would be next to impossible to fake, and all information in such exchanges with HTTPS servers is encrypted.

Now blocking access to an entire website using its root addresses (https://youtube.com, etc.) is one thing, and can be done by our Internet Service Providers (ISPs). But blocking access to a particular video on that site would mean screwing with this hardcore HTTPS protocol. Actually, the method that the ISPs have been using to block our access to YouTube, porn and a lot of sites which nobody has any idea why they have been banned in the first place, already puts our internet privacy at risk. This method allows them to keep track of what and when an internet user accesses on the internet, unless it’s done through HTTPS. And now that we’re moving against an actual HTTPS site, this will only make matters worse!

What options did we have in dealing with this issue?

  1. Unblocking YouTube outright.
  2. Working with Google, YouTube’s parent company, to block access to the video in Pakistan (like Indonesia, India, Jordan, Malaysia, Russia, Saudi Arabia, Singapore and Turkey already have).
  3. Installation of filtering and surveillance software on users’ computers.
  4. A Machine/Man-In-The-Middle (MITM) attack.

The case for unblocking

Because of the high number of complaints against this video, YouTube shows its users a notification before allowing them to watch the video. This is explained in the following excerpt from the letter they sent to Mr Yasser Hamdani, the lawyer representing Bytes for All in the Lahore High Court case to unban the site:

“In some cases, content may not breach the global guidelines but may still be flagged as particularly sensitive for some viewers. This is the case, for example, with the Innocence of Muslims video. In this case, we add a warning interstitial page that users see before they accept to continue through to the video itself.

The warning states: “The following content has been identified by the YouTube community as being potentially offensive or inappropriate. Viewer discretion is advised”. It was on the basis of this interstitial page that the government of Bangladesh, for example, lifted its earlier ban on YouTube.”

Working with Google

Google has ruled out cooperating in this regard until the company is offered Intermediary Liability Protection (ILP) through a legislative amendment which shields it from any legal repercussions resulting from any user of the website uploading content that’s considered unlawful in Pakistan. Following is the text regarding this issue from the same letter to Mr Hamdani:

“In some countries, YouTube has additional functionality and customisation that allows for the highlighting to users of local content within a country. You can see a list of these countries in the ‘country’ menu at the bottom of a YouTube page. The decision as to whether to offer this service is a business, legal and commercial decision, and takes into consideration, for example, whether there is adequate legal certainty and protections for the provision of such online services in the country.

We have been discussing this in the context of the need for intermediary liability protection for online platforms and a clear notice-and-take-down mechanism in Pakistan to bring these provisions into line with international best practice (such as the OECD guidelines). For example, any notice-and-take-down requirements should be based on legal process, address individual video URLs as opposed to requiring broad general monitoring and pre-emptive removals, and allow for counter-notice from content owners. Whilst, without prejudice to any jurisdictional argument, we are grateful for any offer to provide additional legal certainty and protections, we believe that only a legislative change such as a clarification within appropriate legislation would ensure the necessary consistency across multiple judicial bodies and address the international best practice requirements above. The provision of such legal certainty would also, we respectfully suggest, open up the broader exciting opportunities of the digital economy to Pakistan.”

In layman’s terms, Google would only consider taking the video down for Pakistan if such protection was offered to them at a legislative level. The Lahore High Court in May agreed to do this, but nothing seems to have been done about that as of yet.

The software route

There are certain HTTPS-based software which can take care of this issue. These can be installed voluntarily by all internet users in the country, or the government could launch a sort of spyware campaign, forcedly installing it on everyone’s computers. According to reports, our government is already involved in such activity, but hopefully only against certain individuals and not the public at large.

MITM

In the meanwhile, the method that our government seems to favour is this one: the Man-In-The-Middle attack effectively puts a proxy server between all of Pakistan’s computers and YouTube. So instead of many of us going to proxy server sites to watch YouTube videos, the government is going to do us a solid and set up a lovely proxy server for us. This server will filter the videos that are deemed not fit to watch in Pakistan. And to use the immigration analogy from the beginning of this article, our government is possibly getting into the business of printing fake visas. They’re going to have to use a Certificate that our browsers will trust as legitimate. Most probably the browsers won’t, and will ask us, “Are you sure about this?” And we, in our desperation, will be willing to click “Yes!” to just about anything at that point.

First of all, the whole point of HTTPS is that it is secure. When you compromise its security, you’re compromising the privacy and security of all Pakistani internet users’ internet transactions and data. Banking pins, email and social media passwords, and secure messaging, could all be monitored, logged and analysed, turning Pakistan into a surveillance state. And what if this national proxy server is hacked? We can say with certainty, that if this method is used, our entire online lives would be at risk.

The best option would be to work with Google on this. We need to speed up the legislative process regarding the ILP issue. Even though this would mean that the government would be controlling YouTube’s activity according to our local laws, which would still be unacceptable to many of us. But still, at least we’ll have YouTube without as much risk!

Tags

Add a comment

*Please complete all fields correctly

Related Blogs

No Image