A crucial documents from Pakistan’s Inter-Services Intelligence agency, or ISI, calls into question a key tenet of the country’s high-profile prosecution of former Prime Minister Imran Khan.

Khan is still imprisoned while awaiting trial for allegedly mishandling a secret document known as a cypher, which the prosecution claims jeopardised the integrity of the encrypted communication system used by the state’s security apparatus. However, according to an ISI analysis obtained by The Intercept, that claim is completely false. Internally, the agency concluded that leaking the text of a cypher would not jeopardise the system’s integrity, which contradicted public claims made repeatedly by prosecutors.

The main charge levelled against Khan relates to his handling of a diplomatic cable describing a key meeting between US and Pakistani officials in Washington in March 2022. Khan had repeatedly alluded to the existence of a cypher that detailed US pressure on Pakistan to remove him from power in a vote of no confidence. Though he never revealed its full contents, he occasionally quoted statements recorded in it from US officials promising to reward Pakistan for his ouster in public speeches. Khan even waved what he claimed was the printed text of the document at one rally, without revealing its exact contents.

Prosecutors claim Khan jeopardised Pakistani national security by exposing the text of this encrypted document, the contents of which they claim could be used by rival intelligence agencies to crack the code of a variety of other secret Pakistani communications. Through his alleged mishandling of the cypher, Khan “compromised the entire cypher security system of the state and secret communication method of Pakistani missions abroad,” according to a criminal complaint. If found guilty under Pakistan’s Official Secrets Act, the former prime minister faces up to ten years in prison and the death penalty if charged with treason in the case.

The Intercept published the text of the cypher outlining US pressure on Pakistan to remove Khan on August 9, 2023. Shortly after, Pakistan’s own intelligence agency issued a report addressing the issue of how damaging publishing such a text would be.

The ISI’s internal conclusion was unequivocal: there was no threat to Pakistan’s encryption.

Pakistan did not respond to an inquiry for comment.

The Ministry of Foreign Affairs sent an internal request for information to the ISI on August 11, two days after The Intercept story was published. The question is whether revealing the plain text of such a cypher jeopardises the integrity of the system’s encryption. The response, titled “Breach of Crypto Security,” filed by the Inter-Services Intelligence Secretariat under the heading ISI-Policy Matters, determined that, contrary to the current charges against Khan, revealing the text of a cypher poses no risk to the government’s encrypted communications network. “If plain text of an encrypted message (cryptogram)… is leaked, it has no effect on the security of the encryptor,” the August 23 analysis concludes. “Leakage of a plain text message does not compromise the algorithm.”

Concerns about an encryption system’s security are not entirely unfounded. Some encryption systems may be vulnerable to a “plaintext attack,” in which an attacker obtains a copy of both the plain and encrypted versions of a document’s text and uses the two versions to determine the encryption system.

However, in the days following The Intercept’s publication of the secret cypher, the spy agency concluded that the disclosure of the short piece of text alone — without the encryption key — did not pose a risk.

“If plain text of an encrypted message (cryptogram) using DTE is leaked, it has no effect on security of the encryptor due to following,” according to the report, which refers to “an offline encryption device.”

“The encryption algorithm,” it continues, “is designed with the assumption that the plain/cipher text pairs and algorithms are known to the adversary; the security lies in the key’s secrecy.” As a result, the algorithm is not jeopardised by the leakage of a plain text message.”

According to the agency’s analysis, an adversary would need at least 2256 bits of “plain/cipher text data encrypted with the same key” to launch a plaintext attack. That would be more text than not only Khan’s diplomatic cable, but also the total amount of digital storage space available worldwide. In other words, there was never any risk of publishing the cypher’s contents allowing an adversary to crack the state’s encryption system.

“Not Compromised”

The cypher published by The Intercept refers to a meeting on March 7, 2022, between a senior State Department official, Donald Lu, and Pakistan’s then-ambassador to the United States. The document describes a tense meeting in which State Department officials expressed their concerns about Khan’s stance on Russia’s invasion of Ukraine and threatened Pakistan with isolation from the United States and its European allies. According to the cable, Lu tells Pakistan’s ambassador that “all will be forgiven” if Khan is deposed by a vote of no confidence.

On March 8, 2022, the day after the meeting described in the cypher, Khan’s opponents in Parliament took a key procedural step towards a no-confidence vote against him — a vote widely perceived as being orchestrated by Pakistan’s powerful military establishment. Khan was deposed a month later, during which time he attempted to expose US involvement in his demise.

Khan claimed that the meeting described in the cypher demonstrated evidence of a US-led conspiracy against his government. The Intercept published the text of the document in August 2023, which broadly validated his account of that meeting, with portions of it matching word for word what little Khan had quoted from it. (The cypher was obtained by The Intercept from a source within Pakistan’s military, not from Khan.)

According to prosecutors, Khan did not declassify the cypher document while in office, despite the fact that it had become an important part of his political survival. During his presidency, representatives from other branches of government expressed opposition to declassifying the document, including at a crucial March 30 cabinet meeting, arguing that revealing the document’s text would jeopardise Pakistan’s national security.

Khan’s former foreign secretary echoed these claims, claiming that Khan’s government considered revealing the full text to quiet critics who claimed he was fabricating the US pressure, but was told that doing so would jeopardise Pakistan’s encrypted communication systems. Azam Khan, a former aide to the prime minister, reportedly told investigators that the “cypher was a decoded secret document and its contents could neither be disclosed nor discussed in public.”

The allegation that Khan undermined cryptographic security is now a major part of the state security charges levelled against Pakistan’s most popular politician. A conviction on the charges would almost certainly bar Khan from running in future elections, including those scheduled for early next year.

“Regime Change” Cypher

The cypher scandal, and Khan’s claim that it described a “regime change” conspiracy, has gripped Pakistan since his ouster in 2022. In public statements, Khan claimed that foreign powers were attempting “to influence our foreign policy from abroad.” Following his removal, the United States assisted Pakistan in obtaining a generous IMF loan, while Pakistan began producing ammunition for the Ukrainian war. Khan had sought to keep Pakistan neutral in the conflict, which the State Department had reacted angrily to during the meeting described in the cypher.

Pakistan has been gripped by a series of political, economic, and security crises since Khan’s removal. The country has witnessed unprecedented inflation, social unrest, and a wave of terrorist attacks by the Pakistani Taliban. Pakistan’s current army chief, Gen. Asim Munir, visited the United States last week to strengthen ties with US policymakers, despite the fact that the country is nominally led by a civilian caretaker government.

Khan was arrested on August 5, 2023, after being sentenced to three years in prison for political corruption. The High Court later suspended his conviction, but he has remained behind bars ever since due to subsequent charges brought against him for his handling of the cypher.

Khan’s lawyers have called his imprisonment illegal and unconstitutional. The legal proceedings against him have been marred by secrecy, legal irregularities, and allegations of abuse, including violations of his privacy while incarcerated. The media coverage of Khan’s trial has been hampered by strict controls. Despite government suppression, supporters of his party, the Pakistan Tehreek-e-Insaf, continue to hold large rallies across the country.

Pakistan is expected to hold elections early next year, despite the fact that Khan, who polls show would likely win a free vote, is unlikely to participate due to his mounting legal challenges. The charge that Khan’s alleged mishandling of the cypher document risked compromising Pakistan’s encryption systems is prominent among these, despite the ISI’s own internal conclusion that no such risk existed.

There is no public indication that the ISI has turned over this exculpatory evidence to Khan’s defence team while his state secrets trial is still ongoing.