IRAN: Iran's Web Spying Aided By Western Technology

The Iranian regime has developed, with the assistance of European
telecommunications companies, one of the world's most sophisticated
mechanisms for controlling and censoring the Internet, allowing it to
examine the content of individual online communications on a massive
scale.

Interviews with technology experts in Iran and outside the country
say Iranian efforts at monitoring Internet information go well beyond
blocking access to Web sites or severing Internet connections.

The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed.

The "monitoring center," installed within the government's telecom
monopoly, was part of a larger contract with Iran that included
mobile-phone networking technology, Mr. Roome said.

"If you sell networks, you also, intrinsically, sell the capability
to intercept any communication that runs over them," said Mr. Roome.

The sale of the equipment to Iran by the joint venture, called Nokia
Siemens Networks, was previously reported last year by the editor of an
Austrian information-technology Web site called Futurezone.

The Iranian government had experimented with the equipment for brief
periods in recent months, but it had not been used extensively, and
therefore its capabilities weren't fully displayed -- until during the
recent unrest, the Internet experts interviewed said.

"We didn't know they could do this much," said a network engineer in
Tehran. "Now we know they have powerful things that allow them to do
very complex tracking on the network."

Deep
packet inspection involves inserting equipment into a flow of online
data, from emails and Internet phone calls to images and messages on
social-networking sites such as Facebook and Twitter. Every digitized
packet of online data is deconstructed, examined for keywords and
reconstructed within milliseconds. In Iran's case, this is done for the
entire country at a single choke point, according to networking
engineers familiar with the country's system. It couldn't be determined
whether the equipment from Nokia Siemens Networks is used specifically
for deep packet inspection.

All eyes have been on the Internet amid the crisis in Iran, and
government attempts to crack down on information. The infiltration of
Iranian online traffic could explain why the government has allowed the
Internet to continue to function -- and also why it has been running at
such slow speeds in the days since the results of the presidential vote
spurred unrest.

Users in the country report the Internet having slowed to less than
a tenth of normal speeds. Deep packet inspection delays the
transmission of online data unless it is offset by a huge increase in
processing power, according to Internet experts.

Iran is "now drilling into what the population is trying to say,"
said Bradley Anstis, director of technical strategy with Marshal8e6
Inc., an Internet security company in Orange, Calif. He and other
experts interviewed have examined Internet traffic flows in and out of
Iran that show characteristics of content inspection, among other
measures. "This looks like a step beyond what any other country is
doing, including China."

China's vaunted "Great Firewall," which is widely considered the
most advanced and extensive Internet censoring in the world, is
believed also to involve deep packet inspection. But China appears to
be developing this capability in a more decentralized manner, at the
level of its Internet service providers rather than through a single
hub, according to experts. That suggests its implementation might not
be as uniform as that in Iran, they said, as the arrangement depends on
the cooperation of all the service providers.

The
difference, at least in part, has to do with scale: China has about 300
million Internet users, the most of any country. Iran, which has an
estimated 23 million users, can track all online communication through
a single location called the Telecommunication Infrastructure Co., part
of the government's telecom monopoly. All of the country's
international links run through the company.

Separately, officials from the U.S. embassy in Beijing on Friday met
with Chinese officials to express concerns about a new requirement that
all PCs sold in the China starting July 1 be installed with
Web-filtering software.

If a government wants to control the flow of information across its
borders it's no longer enough to block access to Web sites hosted
elsewhere. Now, as sharing online images and messages through
social-networking sites has become easy and popular, repressive regimes
are turning to technologies that allow them to scan such content from
their own citizens, message by message.

Human-rights groups have criticized the selling of such equipment to
Iran and other regimes considered repressive, because it can be used to
crack down on dissent, as evidenced in the Iran crisis. Asked about
selling such equipment to a government like Iran's, Mr. Roome of Nokia
Siemens Networks said the company "does have a choice about whether to
do business in any country. We believe providing people, wherever they
are, with the ability to communicate is preferable to leaving them
without the choice to be heard."

Countries with repressive governments aren't the only ones
interested in such technology. Britain has a list of blocked sites, and
the German government is considering similar measures. In the U.S., the
National Security Agency has such capability, which was employed as
part of the Bush administration's "Terrorist Surveillance Program." A
White House official wouldn't comment on if or how this is being used
under the Obama administration.

The Australian government is experimenting with Web-site filtering
to protect its youth from online pornography, an undertaking that has
triggered criticism that it amounts to government-backed censorship.

Content inspection and filtering technology are already common among
corporations, schools and other institutions, as part of efforts to
block spam and viruses, as well as to ensure that employees and
students comply with computer-use guidelines. Families use filtering on
their home computers to protect their children from undesirable sites,
such as pornography and gambling.

Internet censoring in Iran was developed with the initial
justification of blocking online pornography, among other material
considered offensive by the regime, according to those who have studied
the country's censoring.

Iran has been grappling with controlling the Internet since its use
moved beyond universities and government agencies in the late 1990s. At
times, the government has tried to limit the country's vibrant
blogosphere -- for instance, requiring bloggers to obtain licenses from
the government, a directive that has proved difficult to enforce,
according to the OpenNet Initiative, a partnership of universities that
study Internet filtering and surveillance. (The partners are Harvard
University, the University of Toronto, the University of Cambridge and
the University of Oxford.)

Beginning in 2001, the government required Internet service
providers to install filtering systems, and also that all international
connections link to a single gateway controlled by the country's
telecom monopoly, according to an OpenNet study.

Iran has since blocked Internet users in the country from more than
five million sites in recent years, according to estimates from the
press-freedom group Reporters Without Borders.

In
the 2005 presidential election, the government shut down the Internet
for hours, blaming it on a cyberattack from abroad, a claim that proved
false, according to several Tehran engineers.

Several years ago, research by OpenNet discovered the government
using filtering equipment from a U.S. company, Secure Computing Corp.
Due to the U.S. trade embargo on Iran, in place since the 1979 Islamic
revolution overthrew the U.S.-backed shah, that was illegal. Secure
Computing, now owned by McAfee Inc., at the time denied any knowledge
of the use of its products in Iran. McAfee said due diligence before
the acquisition revealed no contract or support being provided in Iran.

Building online-content inspection on a national scale and
coordinated at a single location requires hefty resources, including
manpower, processing power and technical expertise, Internet experts
said.

Nokia Siemens Networks provided equipment to Iran last year under
the internationally recognized concept of "lawful intercept," said Mr.
Roome. That relates to intercepting data for the purposes of combating
terrorism, child pornography, drug trafficking and other criminal
activities carried out online, a capability that most if not all
telecom companies have, he said.

The monitoring center that Nokia Siemens Networks sold to Iran was
described in a company brochure as allowing "the monitoring and
interception of all types of voice and data communication on all
networks." The joint venture exited the business that included the
monitoring equipment, what it called "intelligence solutions," at the
end of March, by selling it to Perusa Partners Fund 1 LP, a
Munich-based investment firm, Mr. Roome said. He said the company
determined it was no longer part of its core business.

• 24 Intelligence
• 104 Globalization
• 106 Money & Politics
• 116 Human Rights
• 124 War & Disaster Profiteering