Pakistan’s notoriously censorious telecoms authority has reportedly asked the country’s ISPs to block commercial VPN connections as a way of stopping militants from communicating in secret.
According to a memo sent by the Pakistan Telecommunication Authority (PTA) to an ISP that leaked it to journalists, said that a previous directive to block “Encrypted Virtual Private Networks” was not being enforced.
“In line with Regulations 2010 and national security, Authority prohibited usage of all such mechanisms including encrypted virtual private networks (EVPNs) which conceal communication to the extent that prohibits monitoring,” said the communication.
“It is observed that the aforementioned directive has not been followed in true letter and spirit as EVPNs are heavily being used on the Licensees Network,” it continued.
Some commentators have taken this as a blanket ban on VPNs, but it is more likely aimed at proxy services that allow encrypted connections to be set up in a way that hides the IP address of the two ends of a link. These can fairly straightforwardly be blocked using domain filtering at ISP level although such an action is indiscriminate.
Informal VPNs – those between two or more PCs – can’t easily be detected let alone blocked without somehow looking for the ports opened by specific programs, an almost needle-in-a-haystack job. The packets themselves offer no clues as they are encrypted.
There are also encrypted services such as Skype that use local PCs as supernodes and can’t be blocked at ISP level.
The PTA has an established history of trying to block websites that infringe its sometimes opaque rules on content. YouTube, Facebook and Rolling Stone magazine have all fallen foul of this regime.