[sdnog] Effects of encryption techniques on data-network management

Nishal Goburdhan nishal at controlfreak.co.za
Mon Oct 21 16:41:42 SAST 2019 

On 17 Oct 2019, at 19:39, Sami Salih wrote:

> Thx for reply,
> This is not in Sudan, and it's not coming from Regulatory, it's a 
> discussion in ISPA to decide to implement such encryption techniques 
> in their hosting premises while the gov necessitates monitoring every 
> things. I'm also for not preventing technologies but I need robust 
> logic with sound justification to convince this association.


hi sami,
thanks for explaining this better  :-)
i think that there are a few things that you could be using to help 
explain to your ISPA and/or responsible regulatory folk why trying to 
undermine the use of these technologies is bad.  in no particular order:

# this is a long term dis-incentive to the sudanese economy and foreign 
direct investment
sudan still has a nascent domestic hosting environment.  not being able 
to adopt new technologies to support new growth/ideas is only going to 
make those environments worse than ones that do, and, not act as a 
service attractor for you.  if you do this, you’re dooming your new 
hosting business ventures to obsolescence before they start.

# this makes security weaker for everyone
trying to undermine technologies like this (ie. working on exploits, and 
hoping to keep them hidden) only works to hurt the same measure of good 
faith/security/encryption that your ISPA/regulatory environment might 
want.  secrets, don’t stay secrets for very long ..

# there’s more than one way to catch a thief ..
you (as an ISP) may be required to report on activities that might use 
these.  you still can;  (ie. person A was in communication with person 
B).  but you have plausible deniability, as to the contents of the 
conversation.

# international legal intercept practices
“legal intercept” (LI) is a real thing in many countries  (this is 
separate from the *illegal* intercept that some governments do.  the 
basis for legal intercept is that:
## the responsible regulatory party (RRP) obtains a legal writ to 
perform LI and serves this to the operator
## the operator provides a means via which the required intercept should 
happen, to the RRP
## the responsibility for dealing with the decryption of the intercept, 
is that of the RRP

i think that the last part is the most important to you (ISPA).  
because, in this case, you’re merely the “transport” to/from the 
internet for your clients, and *acting within the confines of the law* 
by providing a *legal* intercept means to the RRP.  you, as the network 
operator, are not performing any inspection and/or decryption yourself, 
which keeps you (the network operator) neutral.

it also means that you’re outside the framework of doing anything 
other than:
# satisfying the RRP’s request for a LI interconnect to your network
# ensuring that you can mirror/send traffic based on a LI request to the 
RRP

.. which is a lot cheaper for ISPs to implement.  and which means that 
there’s less artificial costs that are imposed on Internet services, 
meaning that it can continue to stay affordable.  and if internet access 
is affordable, then, more people can use the service, and overall GDP 
increases [1] which is really the bigger problem that you should be 
trying to solve in sudan right now, imho.

in the spirit of building a better internet landscape in sudan, i think 
that there are several long-term approaches that your ISPA should be 
arguing for.  i’ll be happy to share my thoughts off-list, lest this 
become less of a “network operators’ group” list, and more of a 
“policy” group  ;-)

best,
-n.


[1] https://www.eldis.org/document/A75853

More information about the sdnog mailing list