Top Curious Cases of Governments Opposing Encryption and Secure Means of Communication The recent ban of Telegram in Russia and basically the end of freedom of speech brought by the new legislation in Egypt inspired us to create a little paranoia-driven hit parade of countries banning secure communication tools. states a famous anonymous quote. Trying to fully secure your communication also seems to be rubbing the various world governments the wrong way. Although the theoretic concepts of banning or (currently used in many popular messengers) are laughable due to the sorry lack of understanding of the principles of work of E2EE by the officials (maybe they should check out our ELI5 ), numerous attempts are still being made at banning or hijacking the encrypted means of communication on the state level (even though a recent theoretical paper proves that two parties can still ). “Don’t steal — Government doesn’t like competition” getting a backdoor to the E2EE article on E2EE create a secure communications channel using a communications system with a backdoor The reason governments provide for justifying bans and eavesdropping is the fight against terrorism, but the are clear, whilst the real benefits of having no privacy are hazy at best. losses of being spied upon THE USA One of the most famous cases of governments vs. encryption is also one of the oldest and has its own proper title the . — “FBI-Apple encryption dispute” Throughout 2015–2016 the FBI demanded that Apple provide a new piece of software for decryption of the information stored on iPhones running iOS 7. The demand was predictably denied, which led to heated legal disputes until a correct password (but not a general-purpose iPhone unlocking software) was provided for the iPhone originally in question. The , attempting to create a forged alternative copy of Xcode that would enable adding backdoors to iOS apps. When this , it led to extensive security audits among the Apple developers. CIA also tried its hand at defeating Apple’s encryption became known through Wikileaks The most important document that regulates the governmental surveillance in the USA is the Section 702 of the Foreign Intelligence Surveillance Act ( ). FISA allows governmental intelligence services to eavesdrop upon and store the data collected from digital communication of foreign suspects living outside the USA. FISA FISA was to expire on Dec. 31, 2017 replaced by a new bill drafted up by the House of Representatives’ Judiciary Committee. That draft crafted by privacy-minded lawmakers aimed at limiting the governmental eavesdropping, especially in the absence of a court-issued order (except for the cases involving counterterrorism). However, a FISA reauthorisation bill was passed by the Congress not only to extend wireless surveillance under Section 702, but to expand it in many important ways. The newly passed bill reauthorized Section 702 for six more years. Weirdly enough, President Trump opposed the FISA extension at first, but later . legislation reframing the balance between security and privacy reversed his opinion EUROPE A which should be extended to all the EU member countries. Also, according to the amendment to proposed by the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs, end-to-end encryption should become mandatory for all forms of electronic communication. draft report from the European Parliament proposes a ban for encryption backdoors Article 7 of the Charter of Fundamental Rights However, some of the EU countries have a drastically different view on the subject. THE UK The Investigatory Powers Act, passed in 2016 . This act also also legalises a lot of tools for the government to snoop around the users’ private data. End-to-end encryption remains the last bastion of privacy, but gets attacked repeatedly. makes the UK one of the most surveillance-heavy countries In 2015, the former UK Prime Minister (i.e. iMessage, Snapchat, and WhatsApp), but that attempt has failed. In the light of the March 2017 terrorist attacks, this legislative act was brought back into the light for a discussion. David Cameron already tried to propose a ban of encrypted services The stating the government shouldn’t provide “a secret place for terrorists to communicate with each other”. It could be that on the legislative level. How this could be done in reality is still quite unclear. UK Home Secretary Amber Rudd explained the need for drastic measures the new Home Sec will finally have the powers to ban the E2EE GERMANY AND FRANCE France and Germany unanimously claim that providing a is crucial for fighting the terrorism. And while no popular end-to-end apps like WhatsApp or Telegram are banned there yet, Interior Minister of France Bernard Cazeneuve and his German colleague Thomas de Maizière stated that such apps constitute challenge during investigations in a . Together they appealed to the European Commission for creation of a new law that would upon the government’s demand related to terrorism-related investigations. This idea was met with a lot of scepticism, to say the least. backdoor to encryption joint proposal make developers compelled to provide backdoors, decrypt messages, and remove unwanted content AUSTRALIA Australia seconds the UK in its government-level attempts at banning the end-to-end encryption statewide. Australia’s Attorney-General George that the new privacy-related laws would be directly modelled on the UK’s Investigatory Powers Act. Brandis even said Unfortunately for the Australian government, the problem of banning end-to-end encryption doesn’t go anywhere — you either cherry-pick your bans only going after some definite services or you ruin the whole notion of secure transactions over the Internet. The newly proposed legislation in Australia is supposed to force tech manufacturers to provide the government with access to the user data regardless of it being or not being encrypted in any way. Brandis to discuss the cooperation on working towards finding a ways to disclose end-to-end encryption, which is kind of missing the point of how it works. said he will be meeting with Apple An attempt at banning all encrypted communication is a brave one, but also an extremely unworkable one. The only semi-practical way end-to-end encrypted info can be somehow disclosed to a 3rd party is through adding keyloggers into the software. The keyloggers will then intercept the information as the user types it, effectively rendering all the further encryption processes useless, let alone mentioning it looks more like something criminals would do, not a government that wants to stop criminals through reading their messages (and that’s even leaving the ethical part out of it!). ASIA CHINA There had been some temporary bans of WhatsApp in China before, but seems to be a permanent one. The ban left most users in the mainland China without the ability to send and receive WhatsApp messages. The rumour had it that after the Communist Party’s congress in Beijing in October 2017 proper functioning of WhatsApp could be restored, but this never happened. Another encrypted messenger Snapchat was banned in China since day one (which didn’t prevent in the PRC). the one that started in September 2017 Snapchat from opening an office SOUTH KOREA While the absence of any kind of encrypted means of communication for the citizens of North Korea would hardly be surprising, it is South Korea that got onto our anti-encryption “hit parade”. Turns out that the officials of South Korea are very much prone to listening in on their citizens. In 2014, President Park Geun-Hye announced that the messages sent through — South Korean messenger similar to WhatsApp or iMessage (i.e. spreading rumours and insulting the government). This made Koreans for more privacy in their communication. The KakaoTalk messenger also was quick to follow suit and to its features. KakaoTalk will be screened for inappropriate content swiftly turn to WhatsApp and Telegram add end-to-end encryption THE ARABIAN PENINSULA AND AFRICA UAE AND SAUDI ARABIA A number of crucial app features are restricted in WhatsApp, Viber, Imo, and Facebook Messenger in Saudi Arabia and Dubai (UAE). This is not a matter of privacy or counter-crime/terrorism measures, but a governmental support for the national VOIP service providers to stop the losses from users’ migrating to free messengers. for the sake of preserving the state monopoly on providing VOIP services. Basically, all the chat apps that have voice and video calling functions are at least partially restricted under the local ‘regulations’ Banning messengers is not a new practice in this part of the world. For instance, in 2010 both and demanded that the company install local servers to censor the service. Saudi Arabia and the UAE threatened to ban BlackBerry instant messaging Official ad image from the advertising campaign for C’me VOIP messenger Apple’s FaceTime is not only banned in the United Arab Emirates, Egypt, Jordan, Qatar, and Saudi Arabia — it is missing ( ) from the iPhones available for purchase in these countries, for the same reasons. FaceTime is a competition to the national VOIP service providers C’me (for making domestic and international calls via WiFi) and Roaming Callback App (for making calls over WiFi while in roaming) for Android and iOS. restricted on the hardware level The main difference between the Etisalat (and ) VOIP messengers and the rest of the famous alternatives is that the services of C’me and Roaming Callback App are not free. du The payment for using VOIP is equal to making domestic calls within the coverage zone (the official rate guide states that with 1DH = $0,27). For those travelling and wanting to make a call home from will pay a flat rate of 3DH per minute. “C’Me app users can subscribe to Dh20 weekly or Dh50 monthly C’Me packs to enjoy the unlimited offer. Users can receive calls while on a WiFi or mobile data network. In addition, outgoing roaming calls from C’Me app will be .” charged at Dh2.4 per minute roaming Even though in September 2017 for Skype, WhatsApp, and other Internet calling services, they remain restricted in the UAE. Other African and Arabian Peninsula countries that block VoIP services are: Saudi Arabia decided to reverse the ban Guyana, Kuwait, Libya, North Korea, Oman, Qatar, Syria. EGYPT Egyptian citizens had their first taste of the Internet censorship in 2015 with the . In December 2016, — a messaging app that uses end-to-end encryption (currently considered to be one of the most secure messengers) got banned permanently. The creators of Signal, and initially found a workaround bypassing the ban through . Now that Google and Amazon are banning , the future of Signal in Egypt is unclear. temporary bans of Skype, WhatsApp, and Viber Signal Open Whisper System, confirmed the news about the ban domain fronting domain fronting The next digital witch hunt in Egypt started against OpenVPN. In August 2017, the Egyptian government took the first step towards trying to block VPNs, blocking PPTP and L2TP. in early October 2017. Around that time the only VPN services still working in Egypt were Softether over TCP (reported to be extremely slow), Shadowsocks, and Tor. OpenVPN got blocked in Egypt Technically speaking, VPNs are legal in Egypt as currently there are no laws in Egypt prohibiting the use of VPNs. Not all of them work consistently (OpenVPN doesn’t work at all) but many of their servers and websites are blocked. Many Egyptian web resources warn people wanting to travel to the country to download and setup the VPN of their choice before arriving. The surveillance laws passed after a also allowed the Egyptian authorities to monitor and shut down online communication and media with no judicial oversight. terrorist attack in 2017 Not just Signal with its secure E2EE exchange, but many messengers providing VoIP services were also partially blocked in Egypt in August 2017. Similarly to the functionality of the Facebook Messenger in Saudi Arabia, voice and video calls made over VoIP were restricted in Skype, FaceTime, and WhatsApp. The Egyptian government has also ordered ISPs to block many blogs and news sites using the new accounts and punishment of journalist who publish “fake news”. According to this law, passed in July 2018, a social media account with over 5,000 followers could be prosecuted for publishing fake news. The law also orders anyone wanting to create a new online media outlet to obtain a license from the Supreme Council of Egypt. Existing websites can be blocked or fined under a suspicion of aiding terrorists. law enabling blockage of social media THE RUSSIAN FEDERATION Roskomnadzor (The Federal Service for Supervision of Communications, Information Technology and Mass Media in Russia) tried to ban one encrypted messenger and . Bad luck. And guess what? The messenger still works. ended up banning Google, YouTube, Viber, Spotify, and Amazon The team working on the secure messaging service was warned by the Russian officials that they needed to hand over the keys for decrypting the end-to-end communication going on between the users of the service to the FSB (Federal Security Service). When Telegram refused, in Russia followed in April 2018. Telegram Messenger an order of the Moscow court for banning the services of Telegram The resulting sanctions led to a number of crucial services being accidentally banned in Russia as were blocked in an attempt to take down the Telegram. millions of Amazon, Google, and other popular platforms’ IPs Telegram initially used domain fronting to remain functional for the people within the Russian Federation and directed a considerable stream of their resources to keeping the messenger working for its users. The official website of Telegram where you can download the messenger or use its Web version is indeed banned in Russia (unless ipv6 or DualStack is used specifically), but otherwise it is functional and stable in most of the cases. In fact, Telegram cannot be fully blocked as currently it is technically impossible. The first wave of bans by Roskomnadzor took place within the ipv4 space and around 1–2 millions of addresses (detected as those accessing the messenger) were banned at a time, per day. The next day Telegram simply moved on to new available addresses. So the cat and mouse game can go on forever, until the address space runs out. What is more fun is that the ipv6 is fully out of reach for the ban as the address space can never run out there. Indeed, not everyone is using ipv6, but it is available and working. Also, Telegram didn’t just use this loophole, but also created an MTProxy, which only lets through through the traffic created within the messenger. Such proxies cannot be legally banned by Roskomnadzor unless there was a direct complaint. What’s interesting — this re-enabled the work of Telegram in China and Iran where it is also banned. Summary or Should we worry? (Or can someone fight Math with legislation?) really Privacy is not something reserved exclusively for exchanging cat nudes, buying firearms, or sending grocery lists to your spouse on the way to a supermarket — it is one of the cornerstones of our digital world and a basic human right. Although this article mostly uses messengers as examples, specifically underpins not just the messaging apps but also online shopping, banking, and even government websites. Banning it would cause chaos. And in any case, you cannot legislate against Math. People will still be able to find ways to communicate securely and encrypt their information when necessary. end-to-end encryption Such a reaction of governments to an encryption they cannot get access to is an indicator that we’re onto something powerful here and that we collectively should by all means keep going in developing E2EE communications. If we manage to turn the notion of an end-to-end trust from a scary term straight out of hell of scientific crypto papers into a standard thing, we’ll make this world not just a bit safer, but a bit more free, too. We take privacy very seriously in Cossack Labs, turning advanced cryptography into simple and useable open source encryption tools. You may want to if you want to bring more security into your own apps. check them out — If you have a story to share about weird encryption bans in your country we’d love to hear from you! Please reach out to us via info@cossacklabs.com or @cossacklabs on Twitter.

Amazon

Apple

Facebook

Google

Nintendo

Techcrunch

Twitter

YouTube

Explain Like I'm Five: Poison Records (Honeypots for Database Tables)

Explain Like I’m 5: Zero Knowledge Proof (Halloween Edition)

Visit our website now!

Too Long; Didn't Read

The Geography of Bans

The Geography of Bans

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A short horror story about web app data leaks and how to prevent them

30 Stories To Learn About Censorship

Anti-Censorship Activists Should be Paying Attention to Australia Right Now

Behind the Great Wall: Poring Light on the Chinese Internet

Censorship: From Ancient Greece To Today's Big Tech - A Brief Overview

Court Calls Cloudflare for Denying Access to Copyright Infringement or Face Penalties or Lockup

A short horror story about web app data leaks and how to prevent them

30 Stories To Learn About Censorship

Anti-Censorship Activists Should be Paying Attention to Australia Right Now

Behind the Great Wall: Poring Light on the Chinese Internet

Censorship: From Ancient Greece To Today's Big Tech - A Brief Overview

Court Calls Cloudflare for Denying Access to Copyright Infringement or Face Penalties or Lockup

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps