[sdnog] Effects of encryption techniques on data-network management
Nishal Goburdhan
nishal at controlfreak.co.za
Mon Oct 21 16:41:42 SAST 2019
On 17 Oct 2019, at 19:39, Sami Salih wrote:
> Thx for reply,
> This is not in Sudan, and it's not coming from Regulatory, it's a
> discussion in ISPA to decide to implement such encryption techniques
> in their hosting premises while the gov necessitates monitoring every
> things. I'm also for not preventing technologies but I need robust
> logic with sound justification to convince this association.
hi sami,
thanks for explaining this better :-)
i think that there are a few things that you could be using to help
explain to your ISPA and/or responsible regulatory folk why trying to
undermine the use of these technologies is bad. in no particular order:
# this is a long term dis-incentive to the sudanese economy and foreign
direct investment
sudan still has a nascent domestic hosting environment. not being able
to adopt new technologies to support new growth/ideas is only going to
make those environments worse than ones that do, and, not act as a
service attractor for you. if you do this, you’re dooming your new
hosting business ventures to obsolescence before they start.
# this makes security weaker for everyone
trying to undermine technologies like this (ie. working on exploits, and
hoping to keep them hidden) only works to hurt the same measure of good
faith/security/encryption that your ISPA/regulatory environment might
want. secrets, don’t stay secrets for very long ..
# there’s more than one way to catch a thief ..
you (as an ISP) may be required to report on activities that might use
these. you still can; (ie. person A was in communication with person
B). but you have plausible deniability, as to the contents of the
conversation.
# international legal intercept practices
“legal intercept” (LI) is a real thing in many countries (this is
separate from the *illegal* intercept that some governments do. the
basis for legal intercept is that:
## the responsible regulatory party (RRP) obtains a legal writ to
perform LI and serves this to the operator
## the operator provides a means via which the required intercept should
happen, to the RRP
## the responsibility for dealing with the decryption of the intercept,
is that of the RRP
i think that the last part is the most important to you (ISPA).
because, in this case, you’re merely the “transport” to/from the
internet for your clients, and *acting within the confines of the law*
by providing a *legal* intercept means to the RRP. you, as the network
operator, are not performing any inspection and/or decryption yourself,
which keeps you (the network operator) neutral.
it also means that you’re outside the framework of doing anything
other than:
# satisfying the RRP’s request for a LI interconnect to your network
# ensuring that you can mirror/send traffic based on a LI request to the
RRP
.. which is a lot cheaper for ISPs to implement. and which means that
there’s less artificial costs that are imposed on Internet services,
meaning that it can continue to stay affordable. and if internet access
is affordable, then, more people can use the service, and overall GDP
increases [1] which is really the bigger problem that you should be
trying to solve in sudan right now, imho.
in the spirit of building a better internet landscape in sudan, i think
that there are several long-term approaches that your ISPA should be
arguing for. i’ll be happy to share my thoughts off-list, lest this
become less of a “network operators’ group” list, and more of a
“policy” group ;-)
best,
-n.
[1] https://www.eldis.org/document/A75853
More information about the sdnog
mailing list