Tech giants deny helping Iran eavesdrop

A joint venture of Siemens AG and Nokia is denying reports that Iran uses its Web-monitoring technology to censor and spy on its citizens' online activities.
Written by Declan McCullagh, Contributor
A joint venture of Siemens AG and Nokia Corp., two large European technology firms, is denying reports that Iran uses its Web-monitoring technology to censor and spy on its citizens' online activities.

Nokia Siemens Networks said Monday that it has sold telecommunications systems to the Iranian government but that any built-in monitoring technology was for voice communications and not the Internet.

"The lawful intercept capability is purely for local voice calls," spokesman Ben Roome said in an interview. "We don't know who may have provided other Internet technologies to Iran."

The company's denial comes as protests over Iran's disputed election enter their second week, amplified by a href="http://blogs.zdnet.com/collaboration/?p=655">Twittering from the Iranian diaspora and cell phone videos showing ongoing street conflicts and the apparent death of young Iranian woman called Neda.

Images and video clips trickling in from the streets of Tehran--even ones whose authenticity may never be established--have electrified the West and demonstrated the limits of power that the government is able to wield. Because foreign correspondents are being pressured by authorities and forced to leave, according to journalist advocacy groups, the country's relatively tiny Internet pipe to the outside world is offering a unique glimpse of the situation on the streets.

Iran's Internet restrictions are no secret, of course. As CNET News reported last week, Web sites including Facebook, YouTube.com, and the BBC have been deemed off-limits by government censors, and there have been recurring reports that Twitter.com and Yahoo Messenger have been blocked as well. Except for some hiccups, though, Iran's Internet authorities have chosen not to pull the plug on the nation's connections to the outside world.

The source of the surveillance technology used by Iran's Internet service providers remains an unresolved political question that could prove an embarrassment for any Western company linked to Tehran's censorial regime. Few technology executives have forgotten the spectacle of Washington politicians calling Yahoo CEO Jerry Yang to a hearing and denouncing him as "spineless" for doing business in China, or Cisco being dubbed as "collaborating with the Chinese government" for supplying Internet switches and routers.

This recent dispute erupted in the form of a front-page article in Monday's editions of The Wall Street Journal, which claimed that the Iranian government has developed "one of the world's most sophisticated mechanisms for controlling and censoring the Internet" with the help of Nokia Siemens Networks. The headline read: "Iran's Web Spying Aided By Western Technology." (In April, the Washington Times published a similar report that also named Nokia Siemens Networks.)

But Roome, the Nokia Siemens Networks spokesman, said that the newspaper's report was incorrect. He said in a blog post, "Unfortunately, I was unable to clarify for the Wall Street Journal the limited scope of the lawful intercept capability (voice calls only) and rule out...deep packet inspection and Web filtering."

Roome argued that, whatever its faults, even Iran's wiretap-ready mobile phone network has proven vital in spreading word about the political upheaval unfolding amid widespread protests. "Mobile networks in Iran, and the subsequent widespread adoption of mobile phones, have allowed Iranians to communicate what they are seeing and hearing with the outside world," he said. "The proof of this is in the widespread awareness of the current situation."

Complicating the matter is the difficulty of identifying the technology used. It's relatively easy to figure out which Web sites that are off-limits--groups like Harvard University's Berkman Center for Internet & Society have made a practice of compiling such lists--but much harder to know what hardware or software is being used to monitor Internet links.

"For the filtering work we are able to verify the actual functionality," said Rob Faris, research director for the Berkman Center. "It's just about impossible to document surveillance with the same level of confidence."

In terms of Web blocking, a Berkman Center report compiled in 2005 said that Iran used Secure Computing's SmartFilter. It quoted the company's chief executive, John McNulty, as saying: "We have been made aware of ISPs in Iran making illegal and unauthorized attempts to use of our software. Secure Computing is actively taking steps to stop this illegal use of our products."

McAfee now owns Secure Computing and sells the software as McAfee SmartFilter. A product description boasts of "a proven repository of more than 25 million blockable websites across more than 90 categories."

"We have never seen any direct evidence or hard proof that Iran has ever used any McAfee or Secure Computing product," McAfee said in an e-mailed statement on Monday. "McAfee complies with all export laws and regulation applicable to its products. Rigorous due diligence was conducted prior to the acquisition of Secure Computing and there was no indication of any contract in Iran or support being provided in Iran." (A U.S. economic embargo restricts trade with Iran.)

More recent reports suggest that Iranian Internet providers have developed or adapted their own Web filtering technology, but shed little light on the question of surveillance.

Watch CBS Videos Online

Compared with a few years ago, traffic analysis and inspection have become more common for Internet providers; their legitimate purposes include detecting malicious activity, prioritizing online phone calls over e-mail, and for mobile providers, charging different fees for different types of data.

Cisco's Service Control Engine series boasts of conducting "deep packet inspection" and "detection and control of virtually any network application, including: Web browsing, multimedia streaming, and peer-to-peer (P2P)." WireShark, free software for intercepting and decoding traffic, can record and display what's taking place on a network. And most modern routers can block or log access to Web sites based on a list of Internet addresses or domain names.

"I don't know how one could actually determine" what Iran is using for surveillance, said Tony Barbagallo, vice president of marketing at WildPackets of Walnut Creek, Calif., which sells Internet monitoring tools including OmniPeek Network Analyzer. "It's pretty easy to conceive that they could be using homegrown technology."

"Our products are used in the United States and elsewhere specifically for lawful intercept," Barbagallo said. "We've actually developed extensions to our products to make it easier to do lawful intercept. Any of our customers with a maintenance contract can download the same products the governments are using."

This echoes the argument that Nokia Siemens Networks has made: that selling voice-only lawful intercept gear to Iran is acceptable because built-in wiretappability is required in the United States and Europe. Ever since the 1994 Communications Assistance to Law Enforcement Act, U.S. telephone companies have been legally required to make sure their networks can easily be wiretapped by police; in 2006, a federal appeals court upheld the Bush administration's decision to extend those rules to Internet providers.

On the other hand, the United States and Europe tend not to imprison people for criticizing their respective governments, something that responses posted on Nokia Siemens Networks' blog pointed out on Monday. One response asked: "What happens when your 'lawful intercept' capability is sold to regimes which are likely to use it a way which would be considered unlawful under European and U.N. Human Rights conventions -- say to suppress freedom of speech?"

Jay Botelho, WildPackets' director of product management, said the best way for an Iranian Internet provider to monitor its customers would be to use one bank of monitoring equipment for e-mail, another for Web browsing, a third for VoIP calls, and so on. "Using our product, the easiest way to monitor everything is to hook onto an (extra port) port off your main switch," Botelho said. "The problem is that depending on the traffic, that could overload an appliance. But if you slowed everything down, you'd get everything."

That's not a problem in Iran, which has limited connectivity to the outside world, and where download speeds are far slower than what many other countries enjoy. Some Iran watchers have speculated for years that those sluggish connections represented a form of social control--it dramatically curbs Web video usage, for instance--and point to a 2006 decree saying that Internet connections should be limited to 128 Kbps (kilobits per second).

The largest Internet provider in Iran is Tehran-based Pars Online, which claims to employ over 400 people. It claims to have three satellite stations that can send data at 155 Mbps (megabits per second), amounting to the size of the virtual pipe connecting much of Iran to the outside world. By contrast, Verizon's FIOS service offers each home subscriber a connection of 50 Mbps for downloads and 20 Mbps for uploads.

This article was originally published on CNET News.

Editorial standards