advice from a fake consultant

out-of-the-box thinking about economics, politics, and more... 

Tuesday, June 23, 2009

On Looking Deeper, Or, Things About Iran You Might Not Know

It has been an amazing week in Iran, and you are no doubt seeing images that would have been unimaginable just a few weeks ago.

For most of us, Iran has been a country about which we know very little…which, obviously, makes it tough to put the limited news we’re getting into a proper context.

The goal of today’s conversation is to give you a bit more of an “insider look” at today’s news; and to do that we’ll describe some of the risks Iranian bloggers face as they go about their business, we’ll meet a blogging Iranian cleric, we’ll address the issue of what tools the Iranians use for Internet censorship and the companies that could potentially be helping it along, and then we’ll examine Internet traffic patterns into and out of Iran.

Finally, a few words about, of all things, how certain computer games might be useful as tools of revolution.

The first task for today…let’s talk about blogging:

It turns out that bloggers in Iran risk running afoul of the Press Law of 1986, which, in addition to requiring the licensing of media outlets, reads in part:

Article 6: The print media are permitted to publish news items except in cases when they violate Islamic principles and codes and public rights as outlined in this chapter…

…5. Encouraging and instigating individuals and groups to act against the security, dignity and interests of the Islamic Republic of Iran within or outside the country…
…7. Insulting Islam and its sanctities, or, offending the Leader of the Revolution and recognized religious authorities (senior Islamic jurisprudents);
8. Publishing libel against officials, institutions, organizations and individuals in the country or insulting legal or real persons who are lawfully respected, even by means of pictures or caricatures; and
9. Committing plagiarism or quoting articles from the deviant press, parties and groups which oppose Islam (inside and outside the country) in such a manner as to propagate such ideas (the limits of such offenses shall be defined by the executive by-law)…

… Article 25: If a person, through the press, expressly and overtly instigates and encourages people to commit crimes against the domestic security or foreign policies of the state, as specified in the public penal code, and should his/her action bear adverse consequences, he/she shall be prosecuted and condemned as an accomplice in that crime. However, if no evidence is found on such consequences he/she shall be subject to a decision of the religious judge according to Islamic penal code.

Article 26: Whoever insults Islam and its sanctities through the press and his/her guilt amounts to apostasy, shall be sentenced as an apostate and should his/her offense fall short of apostasy he/she shall be subject to the Islamic penal code.

Article 27: Should a publication insult the Leader or Council of Leadership of the Islamic Republic of Iran or senior religious authorities (top Islamic jurisprudents), the license of the publication shall be revoked and its managing director and the writer of the insulting article shall be referred to competent courts for punishment.


(In Iran, the penalty for apostasy is death.)

Those bloggers who are not licensed can still be prosecuted under the Penal Code, as the OpenNet Initiative reports in an excellent article they’ve just posted on the subject.

In 2008 the Iranian parliament passed a law which provides for the death penalty for bloggers who engage in non-permitted activities, a situation faced today by Yaghub Mehrnahad, who publishes the Mehrnahad blog.

(Interestingly, this blog can be reached in Persian, but an attempt to access the same URL with Google Translate returns this message:

“You are not authorized to view this page

The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.”


More about that later.)

There is also the risk of torture: a problem noted by the BBC at least as far back as 2005.

Ironically, Mohammad Ali Abtabi, a cleric and former Vice-President of Iran whom you may have recently seen on “The Daily Show” maintains a blog in which he does criticize Iranian society on a regular basis, including his assessment of the recent election as “a huge swindling”…which has now caused the authorities to place him under arrest.

So how does Iran manage to control Internet access?

What they aren’t doing is employing the simplest method possible: cutting off all access. This is presumably because of the negative impact on the Iranian economy that would be caused by business being unable to do what they need to do online.

There are several methods being employed, including a requirement that all Internet Service Providers in the country connect to the state-owned Data communication Company of Iran (DCI) for international access, that all ISPs put in place “filtering” and monitoring technologies, and that households be blocked from having access to high-speed Internet connections.

As of this writing the fastest Internet connection now available for an Iranian household is 128k, about double the speed of a dial-up connection…and as you might guess, not fast enough to allow Iranians to use such services as YouTube. A 6MB cable Internet connection, not uncommon in the US, would be roughly 50 times faster. Because of this the total capacity of Iran’s international Internet connections are roughly 12GB per second. Normal traffic is about 5GB per second, which, we are told, is about the same as a mid-size American city.

OpenNet reports that after an initial period of reliance upon foreign monitoring software, the government decided to create an “in-house” capability, and as a result there are locally developed software packages designed to allow access to the actual data packets in messages—meaning that authorities can read such things as e-mails and instant messages after they are sent and before they pass through the DCI “gateway”.

There has been a conversation regarding the role of Western equipment suppliers in all of this; and it is alleged that a Nokia/Siemens joint venture (Nokia/Siemens Networks) has sold to the Iranians equipment that is used to monitor the Internet use of Iranian citizens. The company denies this, however.

They also want you to know that the joint venture has been sold to a third party, and that, as their press release tells us: “providing people, wherever they are, with the ability to communicate ultimately benefits societies and brings greater prosperity”.

Another method of blocking access is to deny connections to certain sets of IP addresses, and this is why, presumably, I could not access the translated version of the “Mehrnahad” blog. This method would also allow the Iranians to block access to and from inside the country to sites like the BBC, Google, and Blogspot.

There is a way around “address blocking” which involves setting up “relays” and “bridges” that can be accessed by people in Iran—and this is something you yourself can do that can be of considerable benefit to Iranians trying to reach out to the rest of us.

The Iranian Government is also trying to locate and isolate those with Twitter accounts that are set to the Tehran time zone…and you can help make that process tougher by either setting up a Twitter account and setting the time zone to Tehran, or changing your existing account’s time zone.

The next few minutes are going to get a bit geeky, and for this I apologize in advance.

In order for your computer to use certain services that involve communicating with other computers the operating system utilizes a series of “ports” (this is all in the software, so don’t bother looking at the back of the machine to find them).

Some quick examples: the TCP/IP connection your computer is using to access the Internet is through Port 80 and the FTP service runs on Port 21.

There are two kinds of ports—TCP and UDP—and there is no reason to explain here why or how they differ.

There are thousands of ports, the ports used are usually specific to a particular service, and there are giant lists of assigned ports that everyone can access. A service can (and usually does) use more than one port for two-way communication with a computer, which is why the Federal Emergency Management Agency Information System uses TCP Port 1777 and UDP Port 1777.

The routing data that packets of information display as they travel through the Internet includes the port that the packet is seeking to access…and that data is accessible to all routers…and if you controlled the gateway through which all inbound and outbound Internet traffic was passing through you could block packets that seek to utilize certain ports.

Experts are suggesting that this is exactly what is happening today in Iran, with more than 80% of traffic bound for ports using the Adobe Flash Player being blocked, nearly 75% of the POP Service (e-mail) traffic being blocked, and roughly 70% of traffic bound for ports used by “proxy servers” being intercepted. (Proxy servers, by the way, are the same type of connections we discussed earlier that you can set up at home to help Iranians trying to reach the Internet.)

Voice over IP (VoIP), the Internet “telephone” service, is proving to be a troublesome issue for censors, as it has legitimate business purposes and is difficult to censor without either having someone listening on the other end of the line or installing a monitoring system worthy of the National Security Agency.

Interestingly, with the exception of the few hours immediately following the vote, the amount of Internet blockage, overall, seems to be fairly close to what it was just before the voting. However, the amount of “instability” has been highly variable, suggesting that certain blocks of IP addresses have been temporarily “withdrawn” from the Internet’s address structure, for want of a better term, and then once again made known to that same addressing infrastructure.

It is suggested that this may be because the Iranian Government has been able to institute a sufficient level of monitoring on those address blocks so as to make them comfortable with again allowing the users of those addresses access to the Internet.

In one of the oddest developments I’ve heard so far, there are reports that certain communications protocols used by some games are not being blocked. We will not go into specifics here, but it seems strange indeed that the video game your mother didn’t want you playing all day might actually be a tool for surreptitious communication.

And with all that said, let’s wrap it up for today.

Here’s what we’ve learned: it is indeed hazardous to be a blogger in Iran.

Despite the fact that it can get you tortured or get you the death penalty, there are those who take the risk—including a former Vice-President who now finds himself under arrest.

We can help Iranian citizens by installing software on our own computers that helps them obtain uncensored Internet access, and about 1/3 of that traffic is getting through.

The regime is not attempting to permanently shut down all Internet traffic—and in fact, that would be a cure that might be as bad as the disease.

The Iranian Government, instead, is developing and operating a sophisticated system of Internet blocking, but it is not perfect…and there are odd connections that could be used that most people would never think of as useful for the purpose.

Finally, a Western company is accused of selling equipment to Iran that could be used for Internet monitoring, but the company in question denies that the gear they sold Iran can perform the tasks the accusers say it can.

It is rare indeed to be able to see two revolutions taking place at the same time--but as you’re watching the news from the newest Iranian Revolution…keep an eye on the news of the Internet Revolution as well.

WARNING—Self-promotion ahead: I am competing for a Netroots Nation scholarship, and I was not selected in the first round of voting. There are two more chances to be selected…with an announcement due this week...so even if you’ve done so before, I still have to ask you to stop by the Democracy for America site and click on the “Add your support” link to offer your support for me again. Thanks for your patience, and we now return you to your regular programming.

No comments: