Clearly it's easy to write a policy that drives encryption research and development away. How would one pull these technologies into a country? Easy -- ban pornography and start randomly searching people's personal data storage. However unintentionally, the Sudanese government is creating a strong internal demand for technical privacy controls. The people subject to these new quarantine and search laws are rather affluent by Sudanese standards and clearly have access to foreign sources of data and software. It would be foolish to assume they would not take steps to protect their data. If Sudanese people with resources are forced to commission or create their own security tools, those tools will likely be made available in both English and Arabic-language versions -- another step forward for the spread of security and privacy tools.

As Sudanese nationals and visitors become more comfortable with the security of their own data -- and count on others protecting their data -- the expectation of secure data storage and communications will surely insinuate itself in financial transactions and other areas of business. Perhaps the level of invasiveness into portable data storage will even have a positive effect on the deployment and improvement of GSM and third-generation data services. I doubt it's what the policy-makers had in mind, but I'll bet the effect over the next few years is the best thing ever to happen to computer security in Sudan.

Jon Espenschied has been at play in the security industry for enough years to become enthusiastic, blas', cynical, jaded, content and enthusiastic again. He is currently a senior security consultant in Seattle, where his advice has been ignored by CEOs, auditors and sysadmins alike.