If you're not an expert in Internet surveillance, and you've been following the Iranian protests, this post is for you.
It's widely recognized that Iran employs systems of Internet restriction and monitoring to keep its people from engaging in activities it deems subversive, and much has been made of that restriction (recently in a Wall Street Journal story on the communications network sold to Iran by Siemens and Nokia--a story later refuted by the companies). With so much information coming to us from Iran via YouTube and Twitter, and yet all the talk of monitoring, there's a fundamental discrepancy in the discussion: if Iran puts so much effort into monitoring its citizens, how come we keep seeing cell phone videos of protests and violence; how is so much information coming to us via Twitter?
And, more broadly, how does Internet surveillance work? How can the government restrict, monitor, or find you if you're doing something illegal/subversive?
As for the broader set of questions, Internet monitoring is done at multiple levels. Routers in homes have software that can restrict and track traffic--for consumers to use, for instance, to keep their kids from visiting websites and chat rooms deemed inappropriate. They also have software that lets users track when computers attempt to access those sites--monitoring, as opposed to blocking them.
That level of monitoring and restriction exists in most network systems, big and small--college dormitories, offices, Internet service providers (the companies you get your Internet from), and, in Iran's case especially, the government.
So, in the U.S., Iran, and everywhere in the world, data on emails, websites visited, Instant Messenger conversations, tweets, YouTube uploads, blog posts, comments on blogs--and, outside the Internet, data on cell phone conversations, texts, video and picture messages--it's all available. The government can find it, down to the IP address--the address of your specific computer or router--associated with Internet activity like comments on blogs, emails, etc.
In Iran, monitoring software (it is thought) allows government officials to look at a website or tweet and see the IP address it came from. All Internet traffic in and out of Iran travels through one portal--the Telecommunications Company of Iran (TCI)--though there are several service providers (ISPs) that operate below it. This makes it easier for Iran's government to monitor traffic.
But if the Iranian government can get the IP addresses of people engaging in certain kinds of activity online, why haven't we heard of the government knocking on people's doors and arresting them for subversive YouTube videos, emails, and tweets?
The answer is twofold.
For one, it takes a few steps to get a person's physical address. The first step is usually to figure out what service provider it came from. In the U.S., the next step for, say, an FBI agent tracking down a suspected Internet criminal, would be to obtain a warrant and get the ISP to hand over the billing info associated with that IP address. The Iranian government presumably wouldn't have to do that, but the government still can't look directly at an IP address and know, instantly, which door to knock on. They have to go to the billing department of the ISP and get a young data entry employee to look it up for them.