Pakistan’s Firewall: Explained
Pakistan has installed a national firewall that can track, block or significantly limit the visibility of content it deems is propaganda, a highly placed source in the ISP industry confirmed to The Express Tribune.
“This is a geo-fencing firewall that will be able to track content in real time,” the source confirmed. “The previous firewall could slow down the internet, but this is much more advanced.”
A geo-fencing firewall controls and restricts incoming and outgoing traffic by setting geographical limitations, such as China’s Great Firewall, which blocks YouTube, Facebook and other websites and apps. It creates a virtual geographic boundary. All of Pakistan’s internet traffic already goes through content filtering, the source said.
Almost three months after X was banned, people in Pakistan started complaining of slow and patchy internet. WhatsApp and Facebook have not been working on mobile data in the past month, and only marginally better on Wi-Fi and broadband. Then mid-July, the Pakistan Telecommunication Authority (PTA) invited bids for a “Next-Generation Firewall” that led to speculation about a firewall being implemented on the national level. However, on July 22, the PTA said that the bid (available on its website) was for the authority’s internal network.
However, the source confirmed that the firewall has been deployed at the two upstream points that Pakistan has. Upstream, in internet terms, means a large ISP that acts as the main gateway for users in a country to connect to international servers such as that of Facebook or international websites. Through this main gateway, these two checkpoints then provide access to other small and large ISPs in the country. One of these two upstream checkpoints is owned by Pakistan Telecommunication Company Ltd called PTCL Pakistan Internet Exchange (PIE). The other is Transworld.
The firewall itself has been enabled by the law enforcement, said the source. “We have no information about the make and the model, and where the firewall has been sourced from. All these details are highly confidential,” the source added.
Firewall or web-management system?
After much criticism, the IT Minister first acknowledged that the “web management system” that Pakistan already had is being upgraded. But two other sources in the ISP industry when asked pointedly whether this is a firewall or not, confirmed that this is no “routine” upgradation but that a firewall has in fact been installed. All three sources confirmed an increase in customer complaints about slow and patchy internet speeds. They also confirmed none of them had received an official notification or intimation about the installation.
“Our biggest customers know why this is happening, so they have their solutions to maintain their operations,” said the source speaking to The Express Tribune. “We try to handle our critical customers by whatever technical solutions possible to ensure they are able to carry on with their operations.” But the biggest hit is being faced by call centres, who have to make international calls. “There is a lot of work stress and we do not have the resources to deal with this kind of situation,” the source added.
Further, a web management system is a basic application that helps in managing a webpage, and placement of images, text and basic website code. This is a job description of a website manager. The minister and PTA chairman using this term is misleading.
The IT minister used this term while speaking with the public, and a press release by the National Assembly on Aug 21 says the PTA told them that the “Web Management System” is being upgraded. Another press release on Aug 26 by the National Assembly says the PTA told lawmakers that it has installed a “web monitoring system” that is being upgraded.
The term “Web Monitoring System” appears in the contract that Pakistan had with Sandvine, as reported in 2019 by CodaStory. It appears the government replaced it with “management” to dilute the surveillance aspect.
VPN behind slow internet?
The information technology minister, Shaza Fatima Khawaja, has also blamed the slow speeds on the increased VPN use. “When VPNs are used, traffic flows through the main internet path instead of the Content Delivery Networks,” she said.
Here is how this works: CDNs are servers that are distributed geographically so that a user in, say, Pakistan, can access international websites or social media sites like Facebook in the shortest time possible. The main internet, that the minister talked about, would be when a user in Pakistan would try to access servers of Facebook, based in the US or a farther location, directly. This longer path will take more time. “This leads to upstream choking, which means that users are taking up more internet traffic using VPNs than they would if they were using CDNs,” the ISP source told The Express Tribune.
An analogy would be that the government has constructed a road suitable for cars and bikes; but then there is an influx of big vehicles, causing traffic jams, similar to what happened in Karachi some years back when trucks would travel during day timings. The increase in the size and number of vehicles will choke the roads, and in the case of Pakistan, wreck the roads. Similarly, through a VPN, traffic routed through a longer route will send more and bigger data packets, choking the upstream.
The problem with the minister’s statement is not that it is technically incorrect, but that this scenario could apply on a smaller, ISP level. Think about how internet speeds can appear slow late night; this is because users or traffic increase, and due to which many telcos started offering cheap night data packages to make bank. But the minister’s statement presents an incomplete picture of the internet traffic system for an entire country. For users to get good internet speed, various factors matter, including a strong technology infrastructure and high fiber connectivity, including fiber to the home (FTTH), which means fiber directly from ISP to the home.
Around two decades back, copper cables were the most commonly used cables for internet connectivity in the world, the kind still used in PTCL’s wired connections, in which we use a LAN cable. Now, fiber has replaced copper in developed countries, providing high speeds.
But Pakistan has a miserably low fiber-teledensity, at 0.45 percent, the IT ministry said in March. There are only 1.6 million FTTH subscribers. This means that not only the baseline speeds are low, but losses become much higher in the events of any manmade or natural disruptions.
China and Russia are among the countries with similar national firewalls, but because their technology infrastructure is not like Pakistan’s, their speeds and connectivity are higher, reliable and can possibly take a hit from a firewall slowdown. Pakistan was ranked at 127 in internet speeds in the Ookla Speedtest Global Index 2023 report, while India was at 47, and China at 6.
Going back to the traffic analogy, if a city's administration constructs roads for cars and bikes, publishes no plans for heavy traffic, doesn’t invest properly to upgrade these roads, uses dated material and methods, and there is lack of transparency and accountability surrounding the entire process—whose fault is it? Do we blame the increased flow or the government?
Fact-checking government claims
Before these recent statements about the management system and VPNs, both the minister and the PTA feigned ignorance about the internet becoming slow. Now, the minister says it is happening because of VPN use.
The use of VPNs is not just because of X, but also because users have widely reported social media sites as being slow without VPNs. “The government’s main aim through this firewall is to restrict access to social media sites,” confirmed the ISP source. And how is the government restricting access to these sites?
A report by Bytes for All, published in February this year, analysed how the PTA blocks X. The report said the authority uses HTTP blocking, which means blocking on the website level, and other network procedures. They also suggested that the PTA is doing this through the services of Akamai, one of the CDN providers in Pakistan.
If VPN use slows down the internet, as claimed by the minister, how is it that the speeds were worse in the past eight weeks, while the ban on X, due to which average users have increase VPN use, has been effective since February?
Various news reports in July and August said that users in Pakistan had been facing slow internet speeds, especially with WhatsApp.
“The government has enabled proxies [that reroute traffic to and from social media sites and hence slows it],” said the source in an interview to another daily newspaper. Internet traffic is determined by internet routing protocols. These protocols are like traffic rules that work to ensure that data from a user’s computer to, say, WhatsApp’s server travels in the shortest time possible. And think of a proxy server as a tunnel; instead of traffic going through the best possible routes, now the government is forcing everyone to first pass through a tunnel, slowing down and congesting the flow.
A new report by Bytes for All confirms that they detected internet traffic behaviour that could be an indicator of “Deep-Packet Inspection or a poorly configured firewall”. The report “Slow internet in Pakistan and the smokescreen of VPNs” found that the overall internet speeds and download at the user end, in fact, improved with VPNs. This shows, the report says, that the government has tinkered with the routine paths and ways through which the internet traffic travels. And this is why a common user has been forced to use VPN when accessing applications other than X too.
“We have experienced overall degradation in all internet services, and slowness in international traffic,” one of the sources said.
According to the monthly updates, Pakistan is down four places in internet speed from last month, according to Ookla, a global standard of internet speeds. Pakistan had a median download speed of 19.7 in mobile internet, and 15.39 in fixed broadband. Compare this to China, which is at 122.27 and 207.66, respectively.
Security “rights” versus privacy
All these methods — geo-fencing, HTTP blocking, proxy servers — are actually basic network security tools employed on organizational levels to enhance cyber-security. The minister and other government officials have claimed that “almost every country” deploys firewalls. These claims have been fact-checked by Pakistani news outlets that prove that the US and the UK do not use firewalls and blocking on this level.
The IT minister said that the government has the “right” to install a firewall in view of the increased cyber attacks. There is a difference between privacy and basic IT security practices.
If you work at an organisation, the IT administrator has the “right” to block websites for users that are spam or could contain malware, because they could affect the entire organisation’s network. It is not the right of the administrator to remotely access your computer to read your messages on WhatsApp web or try to snoop on your Gmail password, just because they can.
Further, cyber security is not increased through a centralised measure; it requires regular audits and upgradation of internet and network security at all government departments, at the Pakistani government’s servers, and basic IT trainings to at least the staff of sensitive departments.
Pakistan now has the National Centre for Cyber Security, formed during the caretaker government. The PTA also launched the country’s first cyber security strategy in February this year, which the authority says will be implemented from 2023-2028. However, as of now, Pakistan’s cyber security at the basic level remains abysmal.