Iran Election Guide

Donate to EAWV





Or, click to learn more

Search

Entries in Telegraph (1)

Monday
Jan112010

Iran & Twitter: Myth v. Reality of Security and "Deep Packet Inspection"

The minor storm over Telegraph journalist and blogger Will Heaven's recent posts on social media and the ongoing unrest in Iran, has brought much discussion of the pros and cons of reposting Iranian activists' comments on Twitter and Facebook. To get to the heart of the issue, however, one needs to take a look at Heaven's assumptions regarding Deep Packet Inspection.

On his blog post of 29 December Heaven stated:
It is now thought that the Iranian Revolutionary Guard is using Deep Packet Inspection to check Facebook messages and tweets for “anti-regime” keywords. Once this is done, they are able to pinpont the location of online protesters using their IP addresses. Then it’s just a knock on the door and a confiscated laptop for evidence.

But is the use of DPI to punish dissent really this simple?



  • Firstly, Heaven bases his comments about the IRG's use of Deep Packet Inspection --- provided by Nokia Siemens Networks --- on a Wall Street Journal article which actually says (possibly after amendment), "It couldn't be determined whether the equipment from Nokia Siemens Networks is used specifically for deep packet inspection".

  • In a press release issued in response to the article, Nokia Siemens Networks stated that they have "not provided any deep packet inspection, web censorship, or Internet filtering capability to Iran."

  • Nokia Siemens Networks' head of media relations Ben Roome has followed up, for example with this comment in The Huffington Post in which he says that the WSJ "clarified its original report" and re-asserts, "We have not provided any Internet technology, let alone DPI to Iran".

  • Further research  turns up a blog post which points out that, with Roome's denial of the original claim, the WSJ article is left to rely on an anonymous Iranian engineer who says, "We didn't know they could do this much ... Now we know they have powerful things that allow them to do very complex tracking on the network" and Bradley Anstis, CEO of an internet security company, who says "Iran is now drilling into what the population is trying to say ... This looks like a step beyond what any other country is doing, including China."  Neither of these comments are anywhere near as specific or certain as Heaven's contention that IRG can search for keywords then "pinpont the location of online protesters using their IP addresses. Then it’s just a knock on the door and a confiscated laptop for evidence." (The blog post raises many other interesting questions and is well worth a read.)


So the question for me is: what does Will Heaven know about Deep Packet Inspection that we don't? He states in his Telegraph article of 29 December:
Using a state-of-the-art method called "Deep Packet Inspection", data packages sent between protesters are now automatically broken down, checked for keywords, and reconstructed within milliseconds. Every Tweet and Facebook message, in other words, is firmly on the regime's radar.

This dramatic conclusion is now based on a single article which was corrected over six months ago after refutation by one of the key actors. Even if this wasn't the case, there is nothing in the article which indicates that Deep Packet Inspection provides the "knock on the door" capability that Heaven portrays.

On Friday Heaven described the Iranian regime's use of DPI as "prolific" but linked only to his article of 29 December, which in turn linked to his blog post of December 29, which linked to the WSJ. Perhaps Heaven knows far more about Iranian use of DPI than he has up to now revealed, but so far he is repeating a a single, hazy assertion as fact.