[sdnog] Effects of encryption techniques on data-network management

Sami Salih sami.salih at outlook.com
Mon Oct 21 19:47:37 SAST 2019

Thx Nishal et all for the fruitful replies,
again this is NOT in Sudan now, the reason that I bring this issue here is because gov and regulators always share their experience and I'm sure if something related to national security is shared from this country my country Sudan and some other will think to adopt the same.
Now, coming to your justification, any logic favoring business and development will be simply ignored, in our region Security is revealing anything :-/
Then they believe -and I think it's not totally wrong - all government have ways to decrypt any new encryption tech before allow it's to be used, but we less advanced.
at the end I'm working on a paper to address this issue considering all aspects including local culture, I may share it will you here or at least part of it, but please keep sharing your thoughts.

Get Outlook for Android<https://aka.ms/ghei36>
From: Nishal Goburdhan <nishal at controlfreak.co.za>
Sent: Monday, October 21, 2019 5:41:42 PM
To: Sami Salih <sami.salih at outlook.com>
Cc: sdnog at sdnog.sd <sdnog at sdnog.sd>
Subject: Re: [sdnog] Effects of encryption techniques on data-network management

On 17 Oct 2019, at 19:39, Sami Salih wrote:

> Thx for reply,
> This is not in Sudan, and it's not coming from Regulatory, it's a
> discussion in ISPA to decide to implement such encryption techniques
> in their hosting premises while the gov necessitates monitoring every
> things. I'm also for not preventing technologies but I need robust
> logic with sound justification to convince this association.

hi sami,
thanks for explaining this better  :-)
i think that there are a few things that you could be using to help
explain to your ISPA and/or responsible regulatory folk why trying to
undermine the use of these technologies is bad.  in no particular order:

# this is a long term dis-incentive to the sudanese economy and foreign
direct investment
sudan still has a nascent domestic hosting environment.  not being able
to adopt new technologies to support new growth/ideas is only going to
make those environments worse than ones that do, and, not act as a
service attractor for you.  if you do this, you’re dooming your new
hosting business ventures to obsolescence before they start.

# this makes security weaker for everyone
trying to undermine technologies like this (ie. working on exploits, and
hoping to keep them hidden) only works to hurt the same measure of good
faith/security/encryption that your ISPA/regulatory environment might
want.  secrets, don’t stay secrets for very long ..

# there’s more than one way to catch a thief ..
you (as an ISP) may be required to report on activities that might use
these.  you still can;  (ie. person A was in communication with person
B).  but you have plausible deniability, as to the contents of the

# international legal intercept practices
“legal intercept” (LI) is a real thing in many countries  (this is
separate from the *illegal* intercept that some governments do.  the
basis for legal intercept is that:
## the responsible regulatory party (RRP) obtains a legal writ to
perform LI and serves this to the operator
## the operator provides a means via which the required intercept should
happen, to the RRP
## the responsibility for dealing with the decryption of the intercept,
is that of the RRP

i think that the last part is the most important to you (ISPA).
because, in this case, you’re merely the “transport” to/from the
internet for your clients, and *acting within the confines of the law*
by providing a *legal* intercept means to the RRP.  you, as the network
operator, are not performing any inspection and/or decryption yourself,
which keeps you (the network operator) neutral.

it also means that you’re outside the framework of doing anything
other than:
# satisfying the RRP’s request for a LI interconnect to your network
# ensuring that you can mirror/send traffic based on a LI request to the

.. which is a lot cheaper for ISPs to implement.  and which means that
there’s less artificial costs that are imposed on Internet services,
meaning that it can continue to stay affordable.  and if internet access
is affordable, then, more people can use the service, and overall GDP
increases [1] which is really the bigger problem that you should be
trying to solve in sudan right now, imho.

in the spirit of building a better internet landscape in sudan, i think
that there are several long-term approaches that your ISPA should be
arguing for.  i’ll be happy to share my thoughts off-list, lest this
become less of a “network operators’ group” list, and more of a
“policy” group  ;-)


[1] https://www.eldis.org/document/A75853
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20191021/5f95bc45/attachment.html>

More information about the sdnog mailing list