Akber on Law

Surveillance without Disruption

Akber A Choudhry -

As I write this, Pakistan's intelligence agencies are bent upon rejigging network layers to insert a surveillance layer at a national level. The process is rather opaque and, from what can be determined by end users, most likely badly planned or its implementation is becoming unmanageable.Major disruptions over the past few days can lead to IT industry and foreign exchange losses comparable to IMF loans. National intelligence agencies have to do what they have to do, but so do IT companies and freelancers.

The recommendation of the IT industry is:

  • EXPERT PEOPLE: Get consultants who have worked independently as network experts and freelancers, and who understand risks, traffic volumes and availability of networks.
  • CHANGE TIMING: Try to switch over networks when IT workers are mostly offline. Saturday night, maybe? Most IT firms and professionals have alternate Internet connections and can switch over. Try to work with, and switch one ISP at a time. The ISP should sign off on any impact as they are answerable to their subscribers.
  • VPNs for WORK: VPNs are not only for tweets. VPNs are essential for confidential communication over the Internet. VPN registration with the government is impossible for IT service providers. A typical software house will use about a dozen different VPN endpoints for customers, cloud providers etc. It is not possible to give the government a finite static list without destroying their business or breaking the law.
  • TRY OFFLINE ANALYSIS: Instead of a firewall or filter, try using offline filtering and detection. Full volume of traffic through any filter adds problems and will get unmanageable over time. There is always the risk of device failure bringing don the country's economy as non-IT vendors increasingly use online banking and communications for paperless trading.
  • EVENT-BASED: In off-line mode, security related breaches or network events can be channeled offline and patterns observed and alerts created without impacting speeds or having every network packet pass through a national firewall. A few minutes delay will not hurt investigations.
  • SUMMARY: Do not inadvertently an industry that is crucial to the country's financial and human development.

The above request does not include any deadline, threat, or indication of political resistance or affiliation.