The Pakistan Telecommunications Authority (PTA) has issued a reminder that all VPN users need to register their VPN tunnel with their internet service provider (ISP) by June 30th, 2020. This marks an escalation of the PTA’s ongoing war against VPN use, which they consider to be harmful to the country’s information and communications technology (ICT) industry as well as the source of what they call “grey traffic” and illegal VoIP companies. Users that fail to register will face disconnection and possible legal action. While the notice seems to be targeted towards corporate VPN users, the past application of the law indicates that personal use VPNs will likely end up being blocked if they are unregistered. A Pakistani ISP noted in their call for VPN registration which has been active for over six years:
“Please be informed that VPNs of all types fall under the purview of this mandate.”
The Great Firewall of Pakistan: A decade long history of fighting VPNs
The PTA first notified Pakistanis that all unregistered VPNs would be blocked back in May of 2014 but their war against VPNs actually started back in 2011 when Pakistan announced that they would be banning encryption software. Back then, the authorities were worried that terrorists were using VPNs to communicate and the government wouldn’t be able to monitor it. In 2011, the PTA asked all ISPs to report:
“all such mechanisms including EVPNs [encrypted virtual private networks] which conceal communication to the extent that prohibits monitoring.”
Since 2011, internet users in Pakistan have noticed that some VPN connections are randomly blocked by Pakistani ISPs and users claim that the largest ISP in Pakistan is actually using the same deep packet inspection (DPI) technology that is used by the Great Firewall of China. In China, only registered VPN IP addresses are allow-listed and allowed to work, and it seems like the same is coming to Pakistan. Welcome to the Great Firewall of Pakistan where:
“Use of any mode of communication such as VPN by means of which communication becomes hidden or encrypted is a violation of PTA regulations.”
Pakistan’s ban on unregistered VPNs is officially to stop illegal VoIP businesses
Looking at the registration process for VPNs that is offered by the ISPs sheds a little bit of clarity. Those registering need to provide their identification number and swear that they won’t be used for any Grey/VoIP telephony. Additionally, VPN registrants need to list out what kind of “non standard communication” they will be using the VPN for as well as the “type of compression.” Pakistan’s war on encryption has coalesced and is coming to a head on June 30th, 2020.
In reality, the Pakistan VPN ban will be used to stifle to free speech and encryption
Pakistan’s history of internet censorship is long and arduous and belies the real reason why VPNs are being targeted in the country. Last month, Netblocks verified that Twitter, Periscope and Zoom were throttled by the Pakistani government- though users were still able to connect via VPN. Despite Twitter being blocked in Pakistan, the PTA still maintains an active Twitter account which tweeted that legal VPN use could continue due to the COVID-19 pandemic and need for internet use in the country.
While it remains to be seen how the use of VPNs by non business entities will be treated, for now it seems like disconnections and legal fines will be limited to corporations that continue to use unregistered VPNs for “grey” reasons. Unfortunately, even if it isn’t illegal to use, the ISPs have proven capable of blocking VPN connections. Through DPI, the Great Firewall of Pakistan could actively stifle the ability for regular users to use VPNs that don’t provide obfuscation as well. VPN use is being targeted in a systematic way by the PTA and Pakistan’s millions of internet users will be the ones to suffer for it.