Internet Surveillance And Iran: A Primer

If you're not an expert in Internet surveillance, and you've been following the Iranian protests, this post is for you.

It's widely recognized that Iran employs systems of Internet restriction and monitoring to keep its people from engaging in activities it deems subversive, and much has been made of that restriction (recently in a Wall Street Journal story on the communications network sold to Iran by Siemens and Nokia--a story later refuted by the companies). With so much information coming to us from Iran via YouTube and Twitter, and yet all the talk of monitoring, there's a fundamental discrepancy in the discussion: if Iran puts so much effort into monitoring its citizens, how come we keep seeing cell phone videos of protests and violence; how is so much information coming to us via Twitter?

And, more broadly, how does Internet surveillance work? How can the government restrict, monitor, or find you if you're doing something illegal/subversive?

As for the broader set of questions, Internet monitoring is done at multiple levels. Routers in homes have software that can restrict and track traffic--for consumers to use, for instance, to keep their kids from visiting websites and chat rooms deemed inappropriate. They also have software that lets users track when computers attempt to access those sites--monitoring, as opposed to blocking them.

That level of monitoring and restriction exists in most network systems, big and small--college dormitories, offices, Internet service providers (the companies you get your Internet from), and, in Iran's case especially, the government.

So, in the U.S., Iran, and everywhere in the world, data on emails, websites visited, Instant Messenger conversations, tweets, YouTube uploads, blog posts, comments on blogs--and, outside the Internet, data on cell phone conversations, texts, video and picture messages--it's all available. The government can find it, down to the IP address--the address of your specific computer or router--associated with Internet activity like comments on blogs, emails, etc.

In Iran, monitoring software (it is thought) allows government officials to look at a website or tweet and see the IP address it came from. All Internet traffic in and out of Iran travels through one portal--the Telecommunications Company of Iran (TCI)--though there are several service providers (ISPs) that operate below it. This makes it easier for Iran's government to monitor traffic.

But if the Iranian government can get the IP addresses of people engaging in certain kinds of activity online, why haven't we heard of the government knocking on people's doors and arresting them for subversive YouTube videos, emails, and tweets?

The answer is twofold.

For one, it takes a few steps to get a person's physical address. The first step is usually to figure out what service provider it came from. In the U.S., the next step for, say, an FBI agent tracking down a suspected Internet criminal, would be to obtain a warrant and get the ISP to hand over the billing info associated with that IP address. The Iranian government presumably wouldn't have to do that, but the government still can't look directly at an IP address and know, instantly, which door to knock on. They have to go to the billing department of the ISP and get a young data entry employee to look it up for them.

Perhaps more significantly, the Iranian people are sophisticated techies, and they employ methods of encryption and trickery to avoid the Iranian regime's Internet blockages.

"One of the things that's unique about Iran is that it's actually a very tech savvy country," said Rafal Rohozinsky, a principal founder of the OpenNet Initiative, a group that seeks to investigate and expose Internet filtering and restriction worldwide, and currently a principal of The SecDev Group.

In the 1970s, Iran had the largest concentration of mainframe computers outside the U.S., and IBM had a full division in Tehran, Rohozinsky said.

"Engineering, computer engineering, and computer science has been kept up" there, he said. "It's part of the middle class engineering ethos."

"They're obviously looking for channels to get around the blockages that have been put in place by the Iranian government," Rohozinsky said.

One of those means is encryption--programs and services that mask the content of Internet activity. Monitoring people who use encryption, one can tell that they're sending an email, for instance, but it's unclear what's in the email.

Two popular encryption services are Psiphon and Tor, specializing in delivering multimedia content (like videos recorded on cell phones and uploaded to YouTube) and browsing/IM/email anonymity, respectively.

Iran blocks sites, such as YouTube, that are deemed controversial. To get around that, Iranians have used proxy sites--dummy sites with different addresses that, in effect, take browsers to YouTube. There's a strong chance that work is being done by the tech-savvy Iranian diaspora, Rohozinsky said, "Iranians outside Iran who have the savvy to create such a proxy and email family and friends back in Iran and say, 'Here, use my proxy.'"

Iranian browsers get out past the government's choke-hold on traffic by requesting the fake address; then, they upload videos to YouTube.

In other words, it's not as if the government can track all Iranian traffic to YouTube: because it already blocks that traffic, Iranians are already obscuring their use of the site.

The Iranian government would have to not only foil the proxy's trickery, it would then have to break the encryption of services like Psiphon, identify the content as subversive, obtain the ISP or IP address, go to the ISP's billing department and get the address of the user, and then knock on the door.

With encryption software, tweets are hard to track. Twitterers have user names, but for Iranians, they're likely anonymous, not connected to any real email address.

Further complicating matters is that Iran, according to OpenNet, restricts high-speed access (the kind of connection needed to upload video, for instance) to businesses and universities. In a dormitory, for instance, there could be hundreds of users with the same IP address, depending on how the dorm's router is set up.

The two Internet security/monitoring experts I talked to also pointed out that the Islamic regime might have bigger problems on its hands than Twitter and YouTube. There are people marching in the streets, and it may not have time to go through the process of finding Twitterers, breaking down their doors and clubbing or arresting them.

That may be true, but as far as the West is concerned, those sites are the world's link to Tehran.