Iran's Web Spying Aided By Western Technology

Publisher Name: 
Wall Street Journal

The Iranian regime has developed, with the assistance of European
telecommunications companies, one of the world's most sophisticated mechanisms
for controlling and censoring the Internet, allowing it to examine the content
of individual online communications on a massive scale.

Interviews with technology experts in Iran and outside the country say
Iranian efforts at monitoring Internet information go well beyond blocking
access to Web sites or severing Internet connections.

Instead, in confronting the political turmoil that has consumed the country
this past week, the Iranian government appears to be engaging in a practice
often called deep packet inspection, which enables authorities to not only block
communication but to monitor it to gather information about individuals, as well
as alter it for disinformation purposes, according to these experts.

The monitoring capability was provided, at least in part, by a joint venture
of Siemens AG, the
German conglomerate, and Nokia Corp., the
Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman
for the joint venture, confirmed.

The "monitoring center," installed within the government's telecom monopoly,
was part of a larger contract with Iran that included mobile-phone networking
technology, Mr. Roome said.

"If you sell networks, you also, intrinsically, sell the capability to
intercept any communication that runs over them," said Mr. Roome.

The sale of the equipment to Iran by the joint venture, called Nokia Siemens
Networks, was previously reported last year by the editor of an Austrian
information-technology Web site called Futurezone.

The Iranian government had experimented with the equipment for brief periods
in recent months, but it had not been used extensively, and therefore its
capabilities weren't fully displayed -- until during the recent unrest, the
Internet experts interviewed said.

"We didn't know they could do this much," said a network engineer in Tehran.
"Now we know they have powerful things that allow them to do very complex
tracking on the network."

Deep packet inspection involves inserting equipment into a flow of online
data, from emails and Internet phone calls to images and messages on
social-networking sites such as Facebook and Twitter. Every digitized packet of
online data is deconstructed, examined for keywords and reconstructed within
milliseconds. In Iran's case, this is done for the entire country at a single
choke point, according to networking engineers familiar with the country's
system. It couldn't be determined whether the equipment from Nokia Siemens
Networks is used specifically for deep packet inspection.

All eyes have been on the Internet amid the crisis in Iran, and government
attempts to crack down on information. The infiltration of Iranian online
traffic could explain why the government has allowed the Internet to continue to
function -- and also why it has been running at such slow speeds in the days
since the results of the presidential vote spurred unrest.

Users in the country report the Internet having slowed to less than a tenth
of normal speeds. Deep packet inspection delays the transmission of online data
unless it is offset by a huge increase in processing power, according to
Internet experts.

Iran is "now drilling into what the population is trying to say," said
Bradley Anstis, director of technical strategy with Marshal8e6 Inc., an Internet
security company in Orange, Calif. He and other experts interviewed have
examined Internet traffic flows in and out of Iran that show characteristics of
content inspection, among other measures. "This looks like a step beyond what
any other country is doing, including China."

China's vaunted "Great Firewall," which is widely considered the most
advanced and extensive Internet censoring in the world, is believed also to
involve deep packet inspection. But China appears to be developing this
capability in a more decentralized manner, at the level of its Internet service
providers rather than through a single hub, according to experts. That suggests
its implementation might not be as uniform as that in Iran, they said, as the
arrangement depends on the cooperation of all the service providers.

The difference, at least in part, has to do with scale: China has about 300
million Internet users, the most of any country. Iran, which has an estimated 23
million users, can track all online communication through a single location
called the Telecommunication Infrastructure Co., part of the government's
telecom monopoly. All of the country's international links run through the
company.

Separately, officials from the U.S. embassy in Beijing on Friday met with
Chinese officials to express concerns about a new requirement that all PCs sold
in the China starting July 1 be installed with Web-filtering software.

If a government wants to control the flow of information across its borders
it's no longer enough to block access to Web sites hosted elsewhere. Now, as
sharing online images and messages through social-networking sites has become
easy and popular, repressive regimes are turning to technologies that allow them
to scan such content from their own citizens, message by message.

Human-rights groups have criticized the selling of such equipment to Iran and
other regimes considered repressive, because it can be used to crack down on
dissent, as evidenced in the Iran crisis. Asked about selling such equipment to
a government like Iran's, Mr. Roome of Nokia Siemens Networks said the company
"does have a choice about whether to do business in any country. We believe
providing people, wherever they are, with the ability to communicate is
preferable to leaving them without the choice to be heard."

Countries with repressive governments aren't the only ones interested in such
technology. Britain has a list of blocked sites, and the German government is
considering similar measures. In the U.S., the National Security Agency has such
capability, which was employed as part of the Bush administration's "Terrorist
Surveillance Program." A White House official wouldn't comment on if or how this
is being used under the Obama administration.

The Australian government is experimenting with Web-site filtering to protect
its youth from online pornography, an undertaking that has triggered criticism
that it amounts to government-backed censorship.

Content inspection and filtering technology are already common among
corporations, schools and other institutions, as part of efforts to block spam
and viruses, as well as to ensure that employees and students comply with
computer-use guidelines. Families use filtering on their home computers to
protect their children from undesirable sites, such as pornography and
gambling.

Internet censoring in Iran was developed with the initial justification of
blocking online pornography, among other material considered offensive by the
regime, according to those who have studied the country's censoring.

Iran has been grappling with controlling the Internet since its use moved
beyond universities and government agencies in the late 1990s. At times, the
government has tried to limit the country's vibrant blogosphere -- for instance,
requiring bloggers to obtain licenses from the government, a directive that has
proved difficult to enforce, according to the OpenNet Initiative, a partnership
of universities that study Internet filtering and surveillance. (The partners
are Harvard University, the University of Toronto, the University of Cambridge
and the University of Oxford.)

Beginning in 2001, the government required Internet service providers to
install filtering systems, and also that all international connections link to a
single gateway controlled by the country's telecom monopoly, according to an
OpenNet study.

Iran has since blocked Internet users in the country from more than five
million sites in recent years, according to estimates from the press-freedom
group Reporters Without Borders.

In the 2005 presidential election, the government shut down the Internet for
hours, blaming it on a cyberattack from abroad, a claim that proved false,
according to several Tehran engineers.

Several years ago, research by OpenNet discovered the government using
filtering equipment from a U.S. company, Secure Computing Corp. Due to the U.S.
trade embargo on Iran, in place since the 1979 Islamic revolution overthrew the
U.S.-backed shah, that was illegal. Secure Computing, now owned by McAfee Inc.,
at the time denied any knowledge of the use of its products in Iran. McAfee said
due diligence before the acquisition revealed no contract or support being
provided in Iran.

Building online-content inspection on a national scale and coordinated at a
single location requires hefty resources, including manpower, processing power
and technical expertise, Internet experts said.

Nokia Siemens Networks provided equipment to Iran last year under the
internationally recognized concept of "lawful intercept," said Mr. Roome. That
relates to intercepting data for the purposes of combating terrorism, child
pornography, drug trafficking and other criminal activities carried out online,
a capability that most if not all telecom companies have, he said.

The monitoring center that Nokia Siemens Networks sold to Iran was described
in a company brochure as allowing "the monitoring and interception of all types
of voice and data communication on all networks." The joint venture exited the
business that included the monitoring equipment, what it called "intelligence
solutions," at the end of March, by selling it to Perusa Partners Fund 1 LP, a
Munich-based investment firm, Mr. Roome said. He said the company determined it
was no longer part of its core business.

-- Ben Worthen in San Francisco, Mike Esterl in Atlanta and Siobhan Gorman in
Washington contributed to this article.


AMP Section Name:Technology & Telecommunications