Monday, June 22, 2009
Iran's web spying aided by Western technology
The Wall Street Journal
European Gear Used in Vast Effort to Monitor Communications
By CHRISTOPHER RHOADS in New York and LORETTA CHAO in Beijing
ImageThe Iranian regime has developed, with the assistance of European telecommunications companies, one of the world's most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale.
Interviews with technology experts in Iran and outside the country say Iranian efforts at monitoring Internet information go well beyond blocking access to Web sites or severing Internet connections.
Instead, in confronting the political turmoil that has consumed the country this past week, the Iranian government appears to be engaging in a practice often called deep packet inspection, which enables authorities to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes, according to these experts.
The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed.
The "monitoring center," installed within the government's telecom monopoly, was part of a larger contract with Iran that included mobile-phone networking technology, Mr. Roome said.
"If you sell networks, you also, intrinsically, sell the capability to intercept any communication that runs over them," said Mr. Roome.
The sale of the equipment to Iran by the joint venture, called Nokia Siemens Networks, was previously reported last year by the editor of an Austrian information-technology Web site called Futurezone.
The Iranian government had experimented with the equipment for brief periods in recent months, but it had not been used extensively, and therefore its capabilities weren't fully displayed -- until during the recent unrest, the Internet experts interviewed said.
"We didn't know they could do this much," said a network engineer in Tehran. "Now we know they have powerful things that allow them to do very complex tracking on the network."
Deep packet inspection involves inserting equipment into a flow of online data, from emails and Internet phone calls to images and messages on social-networking sites such as Facebook and Twitter. Every digitized packet of online data is deconstructed, examined for keywords and reconstructed within milliseconds. In Iran's case, this is done for the entire country at a single choke point, according to networking engineers familiar with the country's system. It couldn't be determined whether the equipment from Nokia Siemens Networks is used specifically for deep packet inspection.
All eyes have been on the Internet amid the crisis in Iran, and government attempts to crack down on information. The infiltration of Iranian online traffic could explain why the government has allowed the Internet to continue to function -- and also why it has been running at such slow speeds in the days since the results of the presidential vote spurred unrest.
Users in the country report the Internet having slowed to less than a tenth of normal speeds. Deep packet inspection delays the transmission of online data unless it is offset by a huge increase in processing power, according to Internet experts.
Iran is "now drilling into what the population is trying to say," said Bradley Anstis, director of technical strategy with Marshal8e6 Inc., an Internet security company in Orange, Calif. He and other experts interviewed have examined Internet traffic flows in and out of Iran that show characteristics of content inspection, among other measures. "This looks like a step beyond what any other country is doing, including China."
China's vaunted "Great Firewall," which is widely considered the most advanced and extensive Internet censoring in the world, is believed also to involve deep packet inspection. But China appears to be developing this capability in a more decentralized manner, at the level of its Internet service providers rather than through a single hub, according to experts. That suggests its implementation might not be as uniform as that in Iran, they said, as the arrangement depends on the cooperation of all the service providers.
The difference, at least in part, has to do with scale: China has about 300 million Internet users, the most of any country. Iran, which has an estimated 23 million users, can track all online communication through a single location called the Telecommunication Infrastructure Co., part of the government's telecom monopoly. All of the country's international links run through the company.
Separately, officials from the U.S. embassy in Beijing on Friday met with Chinese officials to express concerns about a new requirement that all PCs sold in the China starting July 1 be installed with Web-filtering software.
If a government wants to control the flow of information across its borders it's no longer enough to block access to Web sites hosted elsewhere. Now, as sharing online images and messages through social-networking sites has become easy and popular, repressive regimes are turning to technologies that allow them to scan such content from their own citizens, message by message.
Human-rights groups have criticized the selling of such equipment to Iran and other regimes considered repressive, because it can be used to crack down on dissent, as evidenced in the Iran crisis. Asked about selling such equipment to a government like Iran's, Mr. Roome of Nokia Siemens Networks said the company "does have a choice about whether to do business in any country. We believe providing people, wherever they are, with the ability to communicate is preferable to leaving them without the choice to be heard."
Countries with repressive governments aren't the only ones interested in such technology. Britain has a list of blocked sites, and the German government is considering similar measures. In the U.S., the National Security Agency has such capability, which was employed as part of the Bush administration's "Terrorist Surveillance Program." A White House official wouldn't comment on if or how this is being used under the Obama administration.
The Australian government is experimenting with Web-site filtering to protect its youth from online pornography, an undertaking that has triggered criticism that it amounts to government-backed censorship.
Content inspection and filtering technology are already common among corporations, schools and other institutions, as part of efforts to block spam and viruses, as well as to ensure that employees and students comply with computer-use guidelines. Families use filtering on their home computers to protect their children from undesirable sites, such as pornography and gambling.
Internet censoring in Iran was developed with the initial justification of blocking online pornography, among other material considered offensive by the regime, according to those who have studied the country's censoring.
Iran has been grappling with controlling the Internet since its use moved beyond universities and government agencies in the late 1990s. At times, the government has tried to limit the country's vibrant blogosphere -- for instance, requiring bloggers to obtain licenses from the government, a directive that has proved difficult to enforce, according to the OpenNet Initiative, a partnership of universities that study Internet filtering and surveillance. (The partners are Harvard University, the University of Toronto, the University of Cambridge and the University of Oxford.)
Beginning in 2001, the government required Internet service providers to install filtering systems, and also that all international connections link to a single gateway controlled by the country's telecom monopoly, according to an OpenNet study.
Iran has since blocked Internet users in the country from more than five million sites in recent years, according to estimates from the press-freedom group Reporters Without Borders.
In the 2005 presidential election, the government shut down the Internet for hours, blaming it on a cyberattack from abroad, a claim that proved false, according to several Tehran engineers.
Several years ago, research by OpenNet discovered the government using filtering equipment from a U.S. company, Secure Computing Corp. Due to the U.S. trade embargo on Iran, in place since the 1979 Islamic revolution overthrew the U.S.-backed shah, that was illegal. Secure Computing, now owned by McAfee Inc., at the time denied any knowledge of the use of its products in Iran. McAfee said due diligence before the acquisition revealed no contract or support being provided in Iran.
Building online-content inspection on a national scale and coordinated at a single location requires hefty resources, including manpower, processing power and technical expertise, Internet experts said.
Nokia Siemens Networks provided equipment to Iran last year under the internationally recognized concept of "lawful intercept," said Mr. Roome. That relates to intercepting data for the purposes of combating terrorism, child pornography, drug trafficking and other criminal activities carried out online, a capability that most if not all telecom companies have, he said.
The monitoring center that Nokia Siemens Networks sold to Iran was described in a company brochure as allowing "the monitoring and interception of all types of voice and data communication on all networks." The joint venture exited the business that included the monitoring equipment, what it called "intelligence solutions," at the end of March, by selling it to Perusa Partners Fund 1 LP, a Munich-based investment firm, Mr. Roome said. He said the company determined it was no longer part of its core business.
-- Ben Worthen in San Francisco, Mike Esterl in Atlanta and Siobhan Gorman in Washington contributed to this article.