• Home
  • Blogs
  • World Watch
World Watch
June 23, 2009 2:38 AM

Dispute Erupts Over Who's Helping Iran Eavesdrop

Posted by Declan McCullagh
(AP Photo/Thibault Camus)
A joint venture of Siemens AG and Nokia Corp., the two large European technology firms, is denying reports that Iran uses its Web-monitoring technology to censor and spy on its citizens' online activities.

Nokia Siemens Networks said on Monday that it has sold telecommunications systems to the Iranian government, but that any built-in monitoring technology was for voice communications and not the Internet. "The lawful intercept capability is purely for local voice calls," spokesman Ben Roome told CBSNews.com. "We don't know who may have provided other Internet technologies to Iran."

The company's denial comes as protests over Iran's disputed election enter their second week, amplified by Twitter-ing from the Iranian diaspora, and cell phone videos showing ongoing street conflicts and the apparent death of young Iranian woman called Neda.

Images and video clips trickling in from the streets of Tehran -- even ones whose authenticity may never be established -- have electrified the West and demonstrated the limits of power that the government is able to wield. Because foreign correspondents are being pressured by authorities and forced to leave, according to journalist advocacy groups, the country's relatively tiny Internet pipe to the outside world is offering a unique glimpse of the situation on the streets.

Iran's Internet restrictions are no secret, of course. As CBSNews.com reported last week, Web sites including Facebook, YouTube.com, and the BBC have been deemed off-limits by government censors, and there have been recurring reports that Twitter.com and Yahoo Messenger have been blocked as well. Except for some hiccups, though, Iran's Internet authorities have chosen not to pull the plug on the nation's connections to the outside world.

The source of the surveillance technology used by Iran's Internet service providers remains an unresolved political question that could prove an embarrassment for any western company linked to Tehran's censorial regime. Few technology executives have forgotten the spectacle of Washington politicians calling Yahoo CEO Jerry Yang to a hearing and denouncing him as "spineless" for doing business in China, or Cisco being dubbed as "collaborating with the Chinese government" for supplying Internet switches and routers.

This recent dispute erupted in the form of a front-page article in Monday's editions of the Wall Street Journal, which claimed that the Iranian government has developed "one of the world's most sophisticated mechanisms for controlling and censoring the Internet" with the help of Nokia Siemens Networks. The headline read: "Iran's Web Spying Aided By Western Technology." (In April, the Washington Times published a similar report that also named Nokia Siemens Networks.)

But Roome, the Nokia Siemens Networks spokesman, said that the newspaper's report was incorrect. He said in a blog post that "Unfortunately, I was unable to clarify for the Wall Street Journal the limited scope of the lawful intercept capability (voice calls only) and rule out... deep packet inspection and Web filtering."

Roome argued that, whatever its faults, even Iran's wiretap-ready mobile phone network has proven vital in spreading word about the political upheaval unfolding amid widespread protests. "Mobile networks in Iran, and the subsequent widespread adoption of mobile phones, have allowed Iranians to communicate what they are seeing and hearing with the outside world," he said. "The proof of this is in the widespread awareness of the current situation."

Complicating the matter is the difficulty of identifying the technology used. It's relatively easy to figure out which Web sites that are off-limits -- groups like Harvard University's Berkman Center for Internet & Society have made a practice of compiling such lists -- but much harder to know what hardware or software is being used to monitor Internet links.

"For the filtering work we are able to verify the actual functionality," said Rob Faris, research director for the Berkman Center. "It's just about impossible to document surveillance with the same level of confidence."

In terms of Web blocking, a Berkman Center report compiled in 2005 said that Iran used Secure Computing's SmartFilter. It quoted the company's chief executive, John McNulty, as saying: "We have been made aware of ISPs in Iran making illegal and unauthorized attempts to use of our software. Secure Computing is actively taking steps to stop this illegal use of our products."

McAfee now owns Secure Computing and sells the software as McAfee SmartFilter. A product description boasts of "a proven repository of more than 25 million blockable websites across more than 90 categories."

"We have never seen any direct evidence or hard proof that Iran has ever used any McAfee or Secure Computing product," McAfee said in an e-mailed statement on Monday. "McAfee complies with all export laws and regulation applicable to its products. Rigorous due diligence was conducted prior to the acquisition of Secure Computing and there was no indication of any contract in Iran or support being provided in Iran." (A U.S. economic embargo restricts trade with Iran.)

More recent reports suggest that Iranian Internet providers have developed or adapted their own Web filtering technology, but shed little light on the question of surveillance.


Watch CBS Videos Online

Compared to a few years ago, traffic analysis and inspection have become more common for Internet providers; their legitimate purposes include detecting malicious activity, prioritizing online phone calls over e-mail, and for mobile providers, charging different fees for different types of data.

Cisco's Service Control Engine series boasts of conducting "deep packet inspection" and "detection and control of virtually any network application, including: Web browsing, multimedia streaming, and peer-to-peer (P2P)." WireShark, free software for intercepting and decoding traffic, can record and display what's taking place on a network. And most modern routers can block or log access to Web sites based on a list of Internet addresses or domain names.

"I don't know how one could actually determine" what Iran is using for surveillance, said Tony Barbagallo, vice president of marketing at WildPackets of Walnut Creek, Calif., which sells Internet monitoring tools including OmniPeek Network Analyzer. "It's pretty easy to conceive that they could be using homegrown technology."

"Our products are used in the United States and elsewhere specifically for lawful intercept," Barbagallo said. "We've actually developed extensions to our products to make it easier to do lawful intercept. Any of our customers with a maintenance contract can download the same products the governments are using."

This echoes the argument that Nokia Siemens Networks has made: that selling voice-only lawful intercept gear to Iran is acceptable because built-in wiretappability is required in the United States and Europe. Ever since the 1994 Communications Assistance to Law Enforcement Act, U.S. telephone companies have been legally required to make sure their networks can easily be wiretapped by police; in 2006, a federal appeals court upheld the Bush administration's decision to extend those rules to Internet providers.

On the other hand, the United States and Europe tend not to imprison people for criticizing their respective governments, something that responses posted on Nokia Siemens Networks' blog pointed out on Monday. One response asked: "What happens when your 'lawful intercept' capability is sold to regimes which are likely to use it a way which would be considered unlawful under European and U.N. Human Rights conventions -- say to suppress freedom of speech?"

Jay Botelho, WildPackets' director of product management, said the best way for an Iranian Internet provider to monitor its customers would be to use one bank of monitoring equipment for e-mail, another for Web browsing, a third for VoIP calls, and so on. "Using our product, the easiest way to monitor everything is to hook onto an (extra port) port off your main switch," Botelho said. "The problem is that depending on the traffic, that could overload an appliance. But if you slowed everything down, you'd get everything."

That's not a problem in Iran, which has limited connectivity to the outside world, and where download speeds are far slower than what many other countries enjoy. Some Iran watchers have speculated for years that those sluggish connections represented a form of social control -- it dramatically curbs Web video usage, for instance -- and point to a 2006 decree saying that Internet connections should be limited to 128 Kbps (kilobits per second).

The largest Internet provider in Iran is Tehran-based Pars Online, which claims to employ over 400 people. It claims to have three satellite stations that can send data at 155 Mbps (megabits per second), amounting to the size of the virtual pipe connecting much of Iran to the outside world. By contrast, Verizon's FIOS service offers each home subscriber a connection of 50 Mbps for downloads and 20 Mbps for uploads.

Tags:
iran ,
internet ,
filtering ,
censorship ,
surveillance
Topics:
Iran
Share:
  • Share
  • Yahoo! Buzz
  • Mixx

More from World Watch and World on CBSNews.com

Add a Comment
by gold_standard June 23, 2009 12:14 PM EDT
I worked on the network monitoring equipment that the FBI, CIA, and NSA uses to monitor phone systems (calls, texting, and internet) when I worked for Tektronix. How good is it? It takes 1 second to tap a phone call anywhere in the world.

You are seriously stupid if you think you have any online privacy. Big brother is watching you and can know everything you do if you draw attention to yourself. I know that I am already on their list, and you might be surprised to be yourself.
Reply to this comment
by whitemale08 June 23, 2009 10:45 AM EDT
Why should we be worried about that?

I thought the American SUCKER loves BIG BROTHER!

Goldman Sucks steals trillions and we do nothing!
Reply to this comment
by connunism June 23, 2009 10:43 AM EDT
Let there be no doubt that Republicon evangelical white trash from Dixie are helping the Iranian mullahs.
Reply to this comment
by antoniof123 June 23, 2009 9:33 AM EDT
What a mess we have made of the world. Thank you greed over people, thank you profit over ethics and morals.
Reply to this comment
by wyodutch June 23, 2009 8:37 AM EDT
So what?
.
We Americans stand by, slack-jawed and empty-eyed as our own government builds a massive surveillance network to keep it's eye on We, The People.
.
I'm supposed to give a hoot that the Iranian government has done the same thing???
Reply to this comment
by mrs_trepidatious June 23, 2009 8:48 AM EDT
When we do it under a republican president it is good.
by Kuei1248 June 23, 2009 11:43 AM EDT
I'll second that. Looks like an easy opportunity for americans to point thier fingers away from themselves.
by tmittelstaed June 23, 2009 7:55 AM EDT
Much ado about nothing. If an Iranian citizen uses a web browser to upload a picture, text, movie or whatever that the authorities don't like, and the website is using a decent SSL certificate, it's impossible for wiretapping to figure out what content is being sent. All they can do is tell that Mr. X sent data to Site Y, and if they don't like Site Y they can confiscate Mr X's computer and try to figure out what is on it - but when thousands of Iranians are doing this all day long, the logistics of doing this are impossible.

Wiretapping of computers ONLY works if you can get at the data ON THE COMPUTER ITSELF BEFORE it is transmitted to the website. That is why we have so many viruses - because they have to infect the PC to get at the credit card number or whatever. They can't get the credit card number by sniffing an encrypted channel.

If Iran's ISP are actually successfully spying on Iranian citizens who are using SSL-enabled (ie: https:) websites, then they are doing it via back-doors that are in the Windows OS (or whatever OS) that the computer is running. It would be simple and easy to do - when the Iranian citizen signs up for the ISP they are told to load some software on their PC to connect to the ISP - and almost certainly most of them are going to do it since they aren't technologists.

Iran is stuffed to the gills with pirated software that was localized by Microsoft for the U.A.E. M.S. localizes it for the UAE and sells it to the UAE then it goes right into Iran. Since so many Iranians are kept dirt-poor by their government, they cannot afford to buy legal copies even if they wanted to.

There's also a similar transfer of processors into Iran. The Iranian government is building supercomputers out of off-the-shelf AMD processors using Linux clusters, there's been many stories about this. Iran makes some of their own chips too - enough to also pirate motherboard designs and build their own computers. There's tremendous opportunity for the Iranian government to spy, all they would have to do is have the Iranian computer makers insert hardware backdoors into the computers they are selling.

The point is that blaming big rich networking companies for assisting spying makes for great press but the reality is that any spying that takes place HAS to be done at the PC level - and it's almost certainly done by software loaded on the PC by the Iranian computer user, who was lied to and told they had to load the software to be able to surf the web.
Reply to this comment

About World Watch

Extra reporting, analysis and more from CBS foreign desks across the globe.

Add to your favorite news reader
google
yahoo
msn