National URL Filtering & Blocking System

Posted · 10 Comments

 

 

PRESS KIT

On Wednesday, the 22nd of February, the ICT R&D Fund under the Ministry of Information Technology (MoIT), announced through newspapers and their website a Request For Proposal (RFP) for national “URL filtering and blocking system”.

The RFP requires that: “Each [filtering] box should be able to handle a block list of up to 50 million URLs (concurrent unidirectional filtering capacity) with processing delay of not more than 1 milliseconds.” This will allow the state to subsidise a comprehensive automated censorship regime.

The ICT RnD fund that will be funding this initiative is an arm of the Pakistani Ministry of Information Technology. The fund was created in 2007 by the Ministry to take a certain percentage of revenue from telecommunications companies and allocate it for scholarships in IT education and research and development of information and communication technologies. Therefore, all grant funding for this national censorship project comes from domestic ISPs, mobile carriers, and telephone companies. However, the decision-making process by which it chooses projects and beneficiaries or grants has not been described anywhere on their website, showing a lack of transparency. Owing to the blanket nature of this ban, we issued a press release demanding transparency on the proposal.To elaborate

–       The reason behind the decision

–       If stakeholders were consulted before the proposal

–       If implications, of the ban on various sectors, were taken into account. [http://bolobhi.org/press-release-public-statements/2222012-2/ ]

In Pakistan, only around 20 million out of 187 million people have access to the Internet. Despite limited access the Internet has brought positive benefits to Pakistan through economic growth, education, entrepreneurship and cultural sharing. The ICT R&D Fund was developed to further the use of ICTs and promote research in the field. It has been involved in doing that actively and therefore an announcement that is contrary to the progress and development of ICT’s from the same organization comes as a shock.

 

UPDATE: Even though the government announced it had shelved the plan in 2012, independent research group Citizen Lab released a report that provided evidence of Netsweeper’s Presence in Pakistan. Since then we have written to the Canadian Government and following up on the issue. 

FAQs:

What has happened?

The ICT R&D fund, under the ICT Ministry issued a request for proposals for a National Filtering & Blocking System on February 22, 2012.  It asks applicants to submit proposals to the fund by 3pm on March 02, 2012. This was later changed to 16th March, 2012.

Who cares?

This project asks for a proposal for technology that can review 50 million website links in less than a second.  Think of this as Pakistan’s very own Big Brother system, it would be a similar technology to what China government uses and is commonly known as the great firewall of China. We as rights advocates care about this initiative, because it will not only affect Internet freedom but also have economic implications. [ to look at the campaign updates so far, scroll down to the Campaign Timeline]

Why does the government of Pakistan need this blocking system? What are their concerns?

The government statement suggests that the URL blocking and filtering system is required to filter out ‘objectionable’ content. The term hasn’t been defined but past statements suggest they wish to block out pornographic, blasphemous content and content that could harm ‘national security’. There’s been no explanation/definition of ‘national security. Due to the vagueness of the issue such a system is prone to rampant abuse.

What does National Level URL Filtering and Blocking System mean for a layman?

It means that content will be blocked on URL level. This is one of the most effective methods of blocking content, making it harder for mirror websites. It means that the government has the authority to block access to certain websites completely. In this particular instance, in the absence of legislation, it means that your website or website you use actively could be blocked without citing reasons, without providing a method to complaint, reverse wrongful block and with no time frame or contact person to approach in case of wrongful block.
This could affect business websites, research, mainstream media websites, and this will also be carried out without informing the site administrator. Violation of fundamental rights.

How can it affect an ordinary internet user?

  • Speed: It would slow down your Internet speed.
  • Security & Privacy: It would permit authorities to sniff into your conversations. Blanket surveillance.
  • Academic:  academic paralysis, with a rigorous filtering system, the web sphere will be limited hence it would mean less content accessible for carrying out research (you could  cite example of UAE where in trying to censor porn, students could no longer access research papers on breast cancer).
  • Social networks will not only be prone to surveillance but could be blocked just because another user has put up content that authorities consider ‘objectionable’.

 

How does it affect various institutions:
Academia

  • Academic Paralysis, limiting the scope of the Internet hence limiting research material. (In UAE while banning porn, authorities also filtered out links containing word ‘breasts’, making students unable to access research papers on breast cancer, etc).
  • Censoring political figures, news or subjects to curtail political dissent would practically remove figures from history. Unfortunately our textbooks are no saviors either.
  • If a college/university website is blocked, it would have major implications for students, who might be unable to apply for admissions e.g: Many university/college websites have student forums, while there are rules for the forum they are most likely to be different than rules set up by our government.

Businesses:

  • Economic loses due to wrongful banning. In the absence of legislation there are no methods or rules to reverse, unspecified duration of ban and there are no legal rights given to individual businesses in case that happens (Eg: P@sha innovation fund grantee who registered a website  hometownshoes.com, learnt that PTA has banned it, Jehan Ara, the President of P@sha, was able to approach the authorities and it took them ten days to reverse it. Apparently all sites containing term ‘shoes’ were banned.]
  • Barrier to the flow of information: Businesses need to be able to communicate on demand, censorship restrictions limits such communication
  • Innovation:  Pakistan entrepreneurs need to have the scope to research and test wide number of ideas, restricting content or monitoring of their activity severely limits the ability of entrepreneurs.

Public discourse:

  • During the 2007 emergency imposed by Musharraf, the media crack down resulted in an outpouring of information on social networks. These were actively used to mobilize people, spread information regarding police brutality on journalists and protesters and work as a news portal in the absence of mainstream media. Authorities recognize that this could be crucial hence a complete control on it would allow them to censor political dissent.
  • A huge number of Baloch websites have already been blocked, and we have no reassurances or reasons to believe that a ‘flip flop’ switch for the internet will not be used to silence mainstream voices. Imagine mainstream media websites being banned under the same pretext.
  • In a country where public discourse is limited, public spheres shrinking this will be damaging.

 

Could the government invade our email boxes, access social media passwords, and monitor our web activity?

Yes, because this method would enable them to access https sessions and issue their own certificates. Https means secure browsing, which is encrypted and not sniffable. An example to elaborate would be: using http your conversations are like a postcard readable to anyone, using https your message is in a sealed envelope and can only be opened by person it’s addressed to.

Can local IT experts and solution providers meet their requirements?

Essentially, they will need to buy the technology from international companies and then as the RFP suggest build it indigenously.

Will these measures slow down Internet speed too?
Yes.

Why is there such a strong protest against any such step? Isn’t this step taken in good faith by the government? Why should we condemn and protest against this?

Our protest stems from government’s past record of abusing censorship, take for example the LHC decision to ban Facebook that extended to google, YouTube, blogs & even blackberry services were suspended. This is a democracy not a dictatorship. We vote and pay our taxes why should governments have to spend millions of dollars on filtering system? In the absence of legislation we are right in believing that the system is prone to abuse. The Parliament should legislate not ban.

Do you just want pornography/blasphemy in Pakistan?

It’s not a matter of pornography/blasphemy or not, it’s a matter of blanket censorship in Pakistan under the pretense of banning ‘objectionable content’.

Who will be responsible if people are killed on streets because of such content? Who will defend in the Court not to place a ban on such content and contest religious parties there?

The Internet by nature is a free space. It provides voluntary access to information and not imposition.  It is a tool and like any other tool is prone to abuse. We don’t believe criminal content should be freely available online, supporting open access should not be seen as aiding and abetting crime. However, criminal content can only be governed if there is legislation or a law in place specifically defining the crime.

Explained below:

Technical Background:

1. The Government already has a tap on the International Fibers from the two peering points (TWA and PTCL), i.e. the two submarine cable operators in Pakistan.

2. All the traffic to/from Pakistan flows through these peering points and the two taps. The two taps go to “Government” where exactly (PTA, Military, Etc.) No one knows and no one wants to talk about it.

3. What happens with these existing taps? You can very well imagine, they can do DPI (Deep Packet Inspection) of all the traffic. What they cannot open right now are encrypted packets, such as packets by Skype, HTTPS sessions and VPN or other encrypted sessions.

4. Under the guise of blocking grey VOIP (voice over IP) traffic, etc. the various agencies (MI, ISI, IB, etc.) have already managed to get the taps and be able to look at the payload traffic (essentially peer into your traffic) be able to “assemble” your packet-stream and reconstruct your Web or Email or FTP session. This is very easy to do with the right tools, provided you have the ability to tap into the link. Currently Government uses Narus to do this. Remember the official story is that it is to curb Grey VOIP traffic that is supposedly causing loss to the national exchequer in the Million (Billions, etc.).

5. The government has been trying for a long time to tap into the VPN and encrypted
circuits. This they did with a legislation / circular by PTA to register ALL VPN circuits in the country. You can look at the current URL for more information (Virtual watchdog: Internet users banned from browsing privately for ‘security reasons’).

6. Now what remains to reign in the control is – blocking of URLs (porn? anti-state propaganda material, anti-Islam material?) All of these clauses are part and parcel of the various Data Communication Licenses that have been given to the various operators. So the way PTA sees it – this is something long overdue.

7. Under the guise of the URL filtering, HTTPS sessions would also be tapped. In order to do this, all HTTPS sessions would be subjected to something called Man In The Middle Attacks (MITM). This basically says, you proxy the original HTTPS certificate/session (say as given by Gmail) and provides the user a locally owned Certificate (lets call this Pakistan URL Filtering Certificate) and with this, you have essentially been able to now

 

Looking into HTTPS (Secure) traffic:

8. This is a huge issue. With all the dissidents, anti-state activists, persons of interests, political figures, etc. The government will be able to see the HTTPS traffic and be able to identify the sources.

9. With Gmail, it currently establishes an HTTPS session and obfuscates the Source IP of the sender of the email. This is a stone in the government’s shoe, they cannot “identify” where these people are, and with this HTTPS peering ability, they will be able to do this just so easily as they can do with HTTP sessions.

Concerns:

11. Any blanket privacy you had with respect to HTTPS is gone. So Internet banking secures communication, email, etc. all out of the door.

12. They will be able to capture all your User IDs and Password and specific answers to secret questions that you are suppose to provide in order to recover access to your email accounts.

13. Anyone who is a whistle-blower can be identified. Anyone who does not agree with the government can be identified. Anyone can be pressured. Think the McCarthyism – this is where we are heading. Big Brother is always watching and collecting information (personal dossiers) on its citizens. Now they can comfortably collect the “digital” information of its citizens.

14. The state should define and elaborate what it considers as anti-sate content. Is human rights violation in Baluchistan anti-state? Is illegal abduction and torture by intelligence agencies?

15. How does one challenge a wrong decision?

16. What are the repercussions of bypassing and viewing such content? Can it land you behind bars?

17. What / Where is the accountability factor in this?

18. How do we ensure privacy rights are not invaded when your conversations are accessible?

19. What about the MISUSE of the information collected? Pressure tactics, blackmail, etc

20. How does one challenge the government’s writ in such an implementation, which is a clear and gross violation of your basic fundamental rights?

21. Who / Where are the definitions of what is anti-state, anti-religious, anti-moral etc? How do you agree on a consensus of what a decision is? How do you challenge it? How do you modify it?

Currently the constitution states that ‘distribution’ of blasphemous and obscene content is illegal. However, such content available on the Internet is not ‘distributed’. The access is voluntary not imposing.

22. What about data-retention and data mining being done on this data collected?

23. What about Court-approved taps (such powers are supposed to be limited and only with a court-approved order are you able to insert taps). Most software vendors who provide such tapping software and reconstructions software for hand-off (technical term used in industry), have appropriate sections for implementing such Court-orders into the software for proper logging.

24. This LI (Lawful Intercept) is no longer lawful nor being monitored by any member of the legislative or court bodies. In fact it is hushed.
25. Such a system will give the government extra muscle to go after “activists” – “liberals” – “troublemakers” – You and I. Anyone who is a hindrance, becomes a target.

Campaign Timeline:
[If you are interested in learning more about the Government’s history of E-regulation and censorship attempts, please check timeline here http://bolobhi.org/resources/state-of-internet-in-pakistan-e-regulations-timeline/ ]

The timeline below enlists statement and media coverage the issue has received thus far.
Day one press release%

sana@bolobhi.org'
10 Responses to "National URL Filtering & Blocking System"

Comments are closed.