Pakistan tests secret China-like ‘firewall’ to tighten online surveillance

The new monitoring system could give the government unprecedented insights into citizens’ online use. It could also slow down the internet.

The Pakistani government is deploying a national internet firewall, which experts fear can be used to surveil regular internet users [KM Chaudary/AP Photos]

Islamabad, Pakistan – Pakistan’s government has deployed Chinese technology to build what some senior officials familiar with the project are calling a new, national internet “firewall” that will allow authorities to monitor online traffic and regulate the use of popular apps with greater control than before.

The project aims to upgrade the government’s web monitoring capabilities at the country’s main internet gateways, as well as at the data centres of mobile service and major internet service providers.

Senior executives from two internet service providers (ISPs) and an official from the country’s security establishment told Al Jazeera that trials of this new firewall, installed as part of Pakistan’s internet infrastructure, were responsible for a spate of complaints of poor internet connectivity in the country in recent months.

Advertisement

Officially, though, government officials, while acknowledging that they are tightening the country’s online monitoring structure, have denied that this is to blame for slowdowns in internet speed.

The trial of the new firewall comes at a time of heightened political tensions in Pakistan. The country’s authorities have suspended mobile internet and blocked several VPNs amid a massive protest launched by supporters of former Prime Minister Imran Khan, who is under arrest since August 2023 over a spate of charges. The protesters, who have arrived in Islamabad despite court orders against their agitation, are demanding Khan’s release. At least six security personnel have died in clashes with the protesters so far.

The new monitoring system — the trials started well before the latest protest march — cost between 20 to 30 billion rupees ($72m to $107m), according to officials aware of the project.

Advertisement

Since mid-July, internet users in Pakistan have reported frequent slowdowns, degraded service quality and occasional disruptions to multimedia features on WhatsApp, the widely used messaging app.

“The issues internet users faced in July were due to the firewall testing, which also affected WhatsApp’s multimedia functions, such as sending photos, videos, voice notes and making audio/video calls,” said a senior official from one of the country’s leading ISPs.

A firewall is a combination of hardware and software used by governments or organisations to control and monitor internet traffic, acting as a digital gatekeeper that decides what data to allow or block.

According to the ISP official, Pakistan’s previous technology lacked the ability to manage applications or websites at a “granular level”– a capability that the recently acquired Chinese technology provides.

“The new firewall also allows specific features within an app or website to be blocked or throttled,” he explained, citing the example of WhatsApp in several Middle Eastern nations, where users cannot make audio or video calls on the platform but can use other multimedia features.

A Ministry of Defence official, familiar with the new deployments, also confirmed that Pakistan had acquired a new “firewall system” from China, which was first tested in mid-July.

Advertisement

“Typically, such systems are tested in a sandbox environment to avoid widespread service disruptions,” the official told Al Jazeera, requesting anonymity as he was not authorised to speak to the media.

However, Pakistan’s internet infrastructure – such as fibre optics, network-related equipment, switches and routers – has been built using technology from a range of countries including France, Finland, the United States and China.

“Due to the diverse equipment in Pakistan’s internet infrastructure, testing on a live system was necessary, leading to some initial connectivity and service issues,” the official explained.

Advertisement

The official added that the new system has the ability to block VPNs and significantly enhance real-time monitoring through a range of content filtering methods.

A VPN is a tool that creates a secure connection between a device and a network by encrypting internet traffic and masking the user’s online identity.

Advertisement

Pakistani authorities have long struggled with attempts to block specific articles, videos or other content online without needing to pull the plug on an entire website.

In a particularly notorious incident in 2008, Pakistan wanted to block a YouTube link that the government argued contained a blasphemous documentary. Instead, Pakistan ended up crashing YouTube globally.

The new system, the Defence Ministry official said, would be the first to help Pakistan get around that frustrating challenge. “Instead of blocking an entire platform like YouTube or a website, we can now restrict access to a single video or article,” the official said.

Advertisement

Shifting explanations for internet slowdown

In July and August, when instances of internet slowdown were at their peak, the government offered a range of explanations: Excessive VPN use, faulty submarine cables, global internet collapse after an outage at the US cybersecurity firm CrowdStrike, a cyberattack and routine failures.

Shaza Fatima Khawaja, minister for information technology and telecommunication, has denied the existence of a ‘national firewall’. [Handout/Ministry of Information Technology and Telecommunication]
On August 15, following a parliamentary committee meeting, Shaza Fatima Khawaja, Pakistan’s minister for information technology, said she was “not aware” of any firewall testing but added that Pakistan was upgrading its existing “Web Management System” (WMS) due to cybersecurity threats.

“Every government in the world takes measures to implement cybersecurity measures. We previously had a WMS, and now there is an upgrade of the same,” Khawaja told reporters.

Advertisement

Three days later, during a news conference, Khwaja robustly denied any allegations of government tampering with the internet, saying there was no order to “throttle” the web. She blamed excessive VPN use.

“A large number of people in the country now use VPN, which leads to pressure on the internet resulting in a slowdown,” she told the media.

On August 21, Hafeez-ur-Rehman, a retired major general and the head of the Pakistan Telecommunication Authority (PTA), the country’s telecom regulatory body, told a group of parliamentarians that faults in one of the seven submarine cables connecting Pakistan to the global internet were responsible for the slow speeds.

Advertisement

Rehman firmly denied that the installation of a new monitoring system was behind the disruptions.

“Every country has some mechanism to monitor internet content or services. Whether you call it a firewall, a web monitoring system, or content filtering, it exists everywhere. We are also upgrading our system, but it is not the reason for the slow internet,” Rehman told parliamentarians during the meeting.

In a written response to Al Jazeera, the regulator reiterated that a WMS had been operational in the country for several years to “monitor and mitigate” illegal telecom activities, commonly known as grey traffic, but was not responsible for the degraded internet quality. “WMS is continuously upgraded to cater for the increasing usage of the internet. It has never caused a slowness in internet services,” the PTA said.

Advertisement

Khawaja also submitted a response to the National Assembly on August 26 [PDF], in which she confirmed that the PTA was using a WMS for “internet content management”, through which applications or websites were blocked in Pakistan.

Despite several attempts to contact Khawaja, the minister did not respond to Al Jazeera’s questions regarding the capabilities, objectives, origins, procurement details, or costs of the new firewall – or any details about the WMS.

However, in a written response submitted to Pakistan’s Senate, Khawaja said that the PTA, as the regulatory body, was not involved with the firewall project.

Advertisement

The “PTA is not involved in the funding, procurement, deployment, or operations of any firewall project at the national level,” Khawaja said [PDF] on September 12, responding to questions from senators.

Confusingly, Khawaja has over the months used the terms “management” and “monitoring” alternatively on various occasions, while referring to the monitoring system which, according to the military official and the ISP executives Al Jazeera spoke with, has surveillance capabilities.

A ‘national firewall’ for ‘national security’

Pakistan, a country of 241 million people, has nearly 140 million broadband users and 190 million mobile subscribers. However, it relies on just two major internet gateway points, both located in Karachi, the country’s largest city and economic hub.

Advertisement

These gateways, operated by the state-owned Pakistan Telecommunication Company Limited (PTCL) and private-sector firm Transworld Associates (TWA), are connected by seven submarine cables that provide internet connectivity.

According to a statement from the PTA in January, upgrades to Pakistan’s web monitoring system at these gateways began in December 2023.

This announcement came after then-Prime Minister Anwaar-ul-Haq Kakar revealed the imminent introduction of what he described as a “national firewall” to regulate the country’s social media.

Advertisement

“We are working on technology-based solutions to address our challenges and threats,” Kakar said in a late January interview, just before the February 8 general elections.

On the morning of February 8, the Ministry of Interior announced the closure of mobile internet services across the country to “maintain the law and order situation and to deal with potential threats”.

But the first signs of a broader internet crackdown appeared on February 17, when users found themselves unable to access the social media platform X.

Advertisement

Simon Migliano, head of research at Top10VPN.com, an independent VPN review website, noted that after the X ban, VPN use in Pakistan more than doubled compared with the previous four weeks.

The newly elected government, led by Prime Minister Shehbaz Sharif, initially remained silent on the issue but later disclosed that X had been blocked under orders from the Interior Ministry for non-compliance with government directives to take down content.

“The decision to ban X was made to uphold national security, maintain public order, and preserve the nation’s integrity,” the ministry stated in its report to the Islamabad High Court in April.

Advertisement

While statements from various government officials continued to hint at the introduction of a new “firewall”, it wasn’t until mid-July that widespread internet service disruptions began. Users across the country reported sluggish speeds, degraded service quality and frequent connectivity issues.

Pakistani internet users in July complained of widespread disruption of internet services, particularly the communication application, WhatsApp [Fareed Khan/AP Photos]
Most notably, WhatsApp’s multimedia services were disrupted, though text messaging on the platform continued without issues.

Arturo Filasto, co-founder of the Open Observatory of Network Interference (OONI), confirmed that WhatsApp multimedia features had been “throttled” on July 17.

Advertisement

OONI data from August revealed similar interference, showing that internet traffic was “monitored” and that user attempts to connect with Signal, another encrypted communications app, were also impeded.

Jazz, the country’s largest mobile service provider, acknowledged receiving complaints about degraded internet services.

“We have received reports of disruptions affecting some users on certain social media platforms. Our team is actively investigating the issue and remains committed to ensuring uninterrupted service,” a Jazz spokesperson said in a statement emailed to Al Jazeera in early September.

Advertisement

Al Jazeera also reached out to more than two dozen officials across several ISPs, telecommunications companies and government departments. Only a few responded, and those who did spoke on condition of anonymity, while most declined to comment.

Like a security checkpoint, slowdowns are inevitable

For nearly two decades, Pakistan has deployed monitoring hardware and software solutions, primarily to combat grey traffic and counter “offensive material” online.

The country has a longstanding ban on pornographic and blasphemous content. It also regularly issues content takedown requests to social media platforms under national laws.

Advertisement

In the 2010s, the government began seeking more sophisticated surveillance technologies, capable of intercepting mobile phone calls and monitoring internet activity.

In December 2018, Pakistan signed a five-year contract worth $18m with Canadian firm Sandvine for a WMS.

The Sandvine WMS, like other similar surveillance systems, could perform various content filtering measures such as Uniform Resource Locator (URL) filtering, Internet Protocol (IP) filtering, Domain Name System (DNS) filtering and keyword filtering – all designed to manage the internet traffic passing through the WMS, which was installed on the country’s internet gateway points.

Advertisement

However, the most powerful tool in its repertoire was Deep Packet Inspection (DPI) – a method that intercepts and analyses data transmitted over a network and is capable of decrypting and monitoring traffic between users and servers.

DPI works like an airport scanner, allowing authorities to look inside the data packets travelling across the internet and check their contents for sensitive information.

Advertisement

Monitoring systems like Sandvine “heavily rely on DPI”, explained Haroon Ali, a cybersecurity expert and director at the Australian Cyber Corporation, a Sydney-based private organisation specialising in cybersecurity for businesses and government clients.

“DPI examines data packets at a granular level, identifying the type of traffic and allowing for blocking or deeper inspection based on the rules set within the WMS,” Ali told Al Jazeera.

According to two employees at a major ISP, the Sandvine contract ended in November 2023: The system had struggled to handle Pakistan’s growing internet traffic and increasing monitoring demands.

Advertisement

“The system became overloaded due to the constant addition of new rules. Each rule consumes bandwidth and capacity,” one ISP employee told Al Jazeera.

Meanwhile, the Defence Ministry official said that the new firewall system being implemented will offer more advanced surveillance capabilities.

“The goal is to monitor everything without shutting down or restricting the entire system. A powerful DPI-enabled system can gather metadata from users, even if their primary data traffic remains encrypted,” the official said.

Advertisement

Metadata, or “data about data”, includes crucial information such as a user’s network, device, timestamps and location, and plays a key role in identifying individuals.

WhatsApp, for example, collects various types of metadata, including timestamps, IP addresses, device information, timing of use, and sender and recipient details.

While metadata does not contain actual message content, and no WMS system can read the messages themselves, Ali, the cybersecurity expert, explained that metadata still holds enough information to compromise user anonymity.

Advertisement

“A WMS can be a powerful surveillance tool, using DPI to analyse metadata and potentially breach user privacy,” he said.

But the manner in which Pakistan plans to deploy the new system could inevitably slow internet speeds, warn some experts – not as a bug but as a feature.

Major websites and services like Google, Netflix and Meta store copies of frequently requested online content locally, reducing the need to fetch data from distant servers. That, however, means that a WMS that monitors only internet gateways to the country does not capture use details of locally stored data.

Advertisement

To get around that, a senior ISP executive said the new web monitoring system was being deployed not only at the country’s internet gateway but also at local data centres of mobile service providers and ISPs.

“Unlike the Sandvine system, the new DPI-based system is now capable of monitoring local internet traffic,” the executive added.

But to monitor local traffic, the new firewall will use what is known as an “in-line network”, which acts like a security checkpoint, where each data packet must be inspected and either allowed to pass or be blocked – as opposed to an alternative mechanism that simply observed and records traffic without interfering with its flow.

Advertisement

The use of an in-line network “will inevitably slow down internet speeds”, the ISP official said.

It could lead to “slower internet and delays, affecting real-time applications like video conferencing and degrading the overall user experience”, said Usman Ilyas, an assistant professor at the University of Birmingham.

So, why would any government employ an in-line network? The answer is simple, said Ilyas: This mechanism is necessary for surveillance and censorship.

Advertisement

Could VPNs be responsible for slow speeds?

Both the PTA and the IT Ministry have repeatedly denied that internet slowdown concerns are linked to the new firewall deployment or testing.

Pakistani authorities say the country experienced at least three major submarine cable faults this year which they say caused degradation of internet services in the country [Akhtar Soomro/Reuters]
On September 6, the IT Ministry submitted a written response to the National Assembly, detailing three major submarine cable faults in 2024 that affected internet services in the country. The ministry said that all but one fault, which occurred in June, had been resolved.

Research by Bytes for All, an Islamabad-based organisation focused on information and communication technologies, recorded at least 15 major internet and mobile service disruptions in Pakistan this year.

Advertisement

Aftab Siddiqui, a senior manager at the Internet Society, an international advocacy group, also confirmed the cable fault disrupting Pakistan’s internet services in June, but added that this alone did not fully explain the widespread service degradation.

Often, he said, the government does not even explain reasons for slowdowns and disruptions, “showing a notable lack of transparency”.

Bytes for All also challenged Khwaja’s, the IT minister, claims blaming excessive VPN use for internet slowdowns, in a detailed technical report.

Advertisement

Published on August 27, the report contradicted Khawaja’s assertion, showing that using a VPN often improved internet quality.

The report further observed that this improvement in service quality suggested that a VPN allowed users to bypass “throttling or DPI measures”.

According to data by Top10VPN, Pakistan’s VPN use in July and August 2024 was 63 percent higher than in the same period in 2023. Migliano of Top10VPN said that the claim that excessive VPN use was causing internet slowdown was “absolutely absurd”.

Advertisement

“Whether it is a case of ignorance or wilful misinformation is not for me to say,” he told Al Jazeera. While VPNs consume a marginally greater bandwidth than regular connections, “it is simply not possible for a VPN to impact the wider network beyond the device where it is installed”.

Meanwhile, Arturo Filasto, co-founder of OONI, said that the internet degradation data collected by his organisation was “very inconsistent” with the government narrative that a submarine cable cut could alone have caused the internet disruption suffered by the country.

“If that were the case, you would not see failures affecting only specific services but rather, many services indiscriminately,” Filasto explained. “What we see in the data is consistent with the hypothesis of this being the result of the rollout of newly acquired technology.”

Advertisement

Expanding internet control

Over the years, the Pakistani government has expanded its control over the internet, using both technological means and legislation to regulate what users can access and consume.

But the latest attempt at a firewall comes at a time when the government has been accused by critics of particularly targeting former Prime Minister Khan’s Pakistan Tehreek-e-Insaf (PTI) – the country’s most popular political party.

Ironically, Khan’s PTI government itself had authorised the purchase of the Sandvine WMS and was accused of censorship during its time in government, between August 2018 and April 2022.

Advertisement

According to Freedom House, a political advocacy group based in Washington, DC, during that time, Pakistan’s net freedom score hovered between 27 and 25 out of 100.

Its latest 2024 Freedom on the Net report shows no improvement, with Pakistan scoring 27 out of 100, maintaining its “not free” status.

However, since Khan was removed from power two years ago through a parliamentary vote of no confidence, the party has faced a crackdown. Khan has spent 15 months behind bars facing numerous charges, and his party has faced mass arrests of leaders and workers, as well as online restrictions.

Advertisement

In December last year, PTI held a “virtual rally” as part of its election campaign, drawing more than 5 million views across social media platforms, with imprisoned Khan delivering a four-minute speech which was generated with the help of artificial intelligence.

Internet users reported service outages during livestreaming of the speech, a disruption confirmed by NetBlocks, an internet tracking company. The party’s website remains inaccessible in Pakistan at the time of writing.

On November 24, PTI supporters launched a protest march towards Islamabad to seek Khan’s release from jail, during which the government once again restricted access to VPNs while shutting down mobile internet services across the country.

WhatsApp multimedia services were also disrupted, leaving disgruntled users unable to download photos and videos, or exchange voice notes without VPNs. The restriction on services was also confirmed by Netblocks in a message on X.

Advertisement

Digital rights activist Farieha Aziz linked the “tremendous secrecy” and “palpable sense of urgency” surrounding the deployment of Pakistan’s new firewall system to the country’s political climate.

“This rush seems tied to the current political environment, aimed at controlling the flow of information and narrative building,” Aziz told Al Jazeera.

The urgency behind these secretive firewall trials also comes at a time when Pakistan’s powerful military has described threats from what it calls “digital terrorism”.

The military, which has governed the country directly for more than three decades and continues to wield significant political and social influence, introduced the term earlier this year.

Inter-Services Public Relations (ISPR), the military’s media wing, claimed that “politically motivated and vested digital terrorism” was being used to spread despondency within the country.

“It is to sow discord among national institutions, especially the armed forces, and the people of Pakistan by peddling blatant lies, fake news, and propaganda,” the military said in a press release in May this year.

Former Prime Minister Imran Khan and his political party are considered adept at using social media to push their narrative and have faced a government crackdown, with raids on their offices as well as arrests of social media workers [Akhtar Soomro/Reuters]
The military’s statement was widely interpreted as an allusion to PTI, a party which is considered technologically the savviest in the country and whose supporters often dominate social media narratives.

Party supporters have been targeted for running “anti-state digital campaigns” while raids on PTI offices, including its headquarters in Islamabad, have resulted in arrests on charges of “digital terrorism” and “false propaganda” via social media.

However, Aziz argued that the concept of “digital terrorism” had no legal standing.

“This term was coined in a political context and holds no legal validity. The narrative being built around it suggests that it’s more about controlling political discourse than addressing any genuine cybersecurity threats,” she said.

Turning to China

None of this is entirely new, say analysts. During the PTI’s tenure in government – the party was widely seen as close to the military at the time – numerous critics were arrested for their views on social media.

Websites and pages were blocked, and social media platforms were pressured to remove content deemed to violate the “integrity, security and defence of Pakistan”, among other reasons.

Under Khan, both the PTI government and the military began using the phrase “fifth-generation warfare”, suggesting that “anti-state propaganda” was being spread against Pakistan on social media, necessitating a robust digital defence. It was a precursor to the concept of “digital terrorism”.

But some things have changed.

Previously, Pakistan relied heavily on Western technology for regulating its internet, using hardware and software solutions from companies like Sandvine, FinFisher, and Netsweeper. However, facing pressure from digital rights groups, many of these companies stopped providing services to Pakistan, leaving fewer options available.

As Pakistan’s ties with China, its neighbour and closest ally, further strengthened, particularly following the launch of the $62bn China-Pakistan Economic Corridor (CPEC) infrastructure project, China has also emerged as its new technological partner.

During the last few years, the idea of replicating China’s Great Firewall – its sophisticated internet censorship and surveillance system – also began to take hold within Pakistan’s security establishment.

Any firewall is only as good as its ability to stop leakages. Like China, where only government-approved VPNs can legally be used to get around online barriers, Pakistan, too, is moving towards banning the use of “illegal” VPNs.

In its written response to Al Jazeera in September, the PTA said it was “in touch with stakeholders to adopt a viable solution to facilitate legitimate VPN usage while fulfilling its obligations under our laws”.

However, in early November, several VPN services became inaccessible in Pakistan for a few hours before being restored. PTA, the regulator, did not directly address the sudden outage, or the resumption.

Then, on November 15, the Interior Ministry asked the PTA in a letter to “block illegal VPNs” across the country, saying they were being used to “facilitate violent activities” as well as to access “pornographic and blasphemous content”, both of which are banned in the country.

“Of late, an alarming fact has been identified, wherein VPNs are used by terrorists to obscure and conceal their communications,” the letter by the ministry, seen by Al Jazeera, said.

Economic risks

While the vendors behind Pakistan’s new firewall remain unconfirmed, analysts agree that the country’s internet infrastructure is centralised and fairly restrictive.

According to Ilyas, the academic, Pakistan’s censorship capabilities were modest before the latest disruptions began.

“But the new system, rumoured to be deployed this year, is a lot less transparent and far more disruptive to productivity and user experience,” he said.

Ali, the Sydney-based cybersecurity expert, explained that while many countries deploy web monitoring systems, they do so with legal oversight.

“Countries like the US or UK use similar systems, but they often have legal guardrails – such as court orders and procedural checks – to protect privacy and freedom of speech,” he said.

Experts say there is little guarantee that Pakistan will ensure similar safeguards while using its new firewall.

For a country striving to improve its struggling economy with export revenue from its growing IT industry, the implications of a more intrusive firewall are economically significant, too.

Any system that disrupts internet services, hampers business operations or raises privacy concerns could pose a serious threat to both private individuals and the broader business community, digital rights activist Aziz said.

“Pakistani businesses rely on global platforms for services like web hosting, and many have contracts requiring confidentiality. If the new system inspects network traffic, blocks VPNs, or imposes a registration regime, it could create more obstacles,” she warned.

Pakistan then risks being perceived as an unstable and unattractive market for investment, she said – precisely at a time when Prime Minister Sharif and his team have been desperately wooing countries like Saudi Arabia, China and the United Arab Emirates for big-ticket projects.

“Lack of transparency, invasive technology and regressive policies are creating an environment where there is no guarantee of service, the rule of law is weak, and even court actions don’t necessarily lead to relief,” Aziz said.

“This doesn’t bode well.”

Source: Al Jazeera

Advertisement