 I lead some of the Iran Digital Rights Projects at Article 19, and I'm also a doctorate student at the Oxford Internet Institute, and I'm studying how various communications technologies emerge in Iran's information control space. And if you ever feel like getting in touch with me, my Twitter handle is going to be all over this presentation, so feel free to ping me at that. And just as a disclaimer, it sounds like a little bit of a negative and kind of scary title, tightening the net in Iran. Yes, there are information controls inside of Iran. Iran does definitely have a government and various institutions that do limit certain rights, both online and offline, but this is in no way a presentation to cause Iranophobia and to scare you away from it. If you have no security threats, I always encourage folks to go and discover Iran is a beautiful country. However, the internet might frustrate you as some of the details of my presentation will get into you. Just to give you a little insight into how a series of us folks who work on digital rights in Iran talk about the situation on the internet, Iran's information control space is often known as Filternet, and this is kind of a nickname that was developed for the various emerging policies and frustrations Iranian have with the controlled space there, and I believe it was created by a BBC technology journalist called Nima Akhbaipur, so that's something else that you guys, if you're interested in following up more about what's going on, you can look up the Filternet hashtag in both Persian and English to see some of these developments in real time as people post information and frustrations and complaints online. So, also for more information, the series I lead at Article 19, like I mentioned before, is called Piting the Nets, and Article 19 actually has been leading the way in sort of understanding and translating some of the laws that are coming out regarding internet controls inside of Iran. In fact, we were one of the first organizations to sit down and translate and analyze the very complex and giant quagmire that was the computer crimes laws that Iran drafted and passed in parliament back in 2010, and following up from that, we've been sort of following and understanding the different policy statements and laws regarding the national internet project, which we have in Part 1 of the Piting the Nets Report, Part 2 looks at some of the software and cyber tactics that Iran in government has been developing, especially against journalists and dissidents, and our last report was about the retrospective on basically the controls and crackdowns that were happening, following the winter protests that started at the end of December and continued on until the end of January inside of Iran. So, understanding how this environment works is a little bit complicated as Iran has a very complicated system of governance, and this goes over into internet governance, but some of the technical implementations of this is actually seen in the way that it's structured, and so Iran, the head of state essentially in Iran is the supreme leader who is not an elected official. He is a religious official who's basically put into power by council of guardians, and it's not a democratically elected person, and he is in fact in charge of he has the final say on most policies that happen. So, if you have been following anything related to the nuclear negotiations that occurred between Iran and the European nations in the United States, the government was only able to engage in those negotiations because the supreme leader basically gave the OK for this process to start. If he had said no, they would never have taken place, and a lot of Iran's internet infrastructure has become centralized to the office of the supreme leader, which makes a lot of the lightnings that happen online of particular concern in Iran, and so there is the elected president, and he gets put into office every four years. It's a very similar of a Republican system as the United States, however, there is a different vetting process on how the candidates get selected. So, the president's government basically has a ministry of information communications and technology, and essentially this elected administration is supposed to have control over a lot of the internet infrastructure inside of the country, like the telecommunications company of Iran, which has access and control to all of the international gateways into the country, and they basically govern and control and determine what ISPs have to do and implement a lot of the censorship decisions down to the ISP level. However, something concerning that happened back in 2009 was that Iran has this body called the Revolutionary Guards, and there is this paramilitary organization that sometimes are referred to as a mafia that basically do the bidding of the most conservative and the most hardline elements within the Iranian system, which is to crack down on any dissidents, to crack down on any journalists who might be questioning the system of the Islamic Republic or questioning the Supreme Leader's position, and they're really only accountable to the office of the Supreme Leader, and they're really well known for having one of the biggest intelligence apparatuses in the country. They're known to arrest a lot of dissidents and journalists, and back in 2009, the telecommunications company, which was a publicly owned government institution, wanted to become privatized, and what happened was that the Revolutionary Guards basically bought 51% of the state in the telecommunications company of Iran, which is very concerning. There's a lot of user data, a lot of information related to how internet traffic takes place basically in Iran, and it's in the control and hands of this really problematic and concerning body known as the Revolutionary Guards. And so that's just a little bit insight into how problematic internet governance is in Iran. Something else that actually is to go over a very brief history of how things have shaped over the years, the internet really took off back in the early 2000s in Iran when Persian scripts became formalized through unicode processes, and so you saw the emergence of the Persian blogosphere, and in the early 2000s you had an administration or a president who was known as the reformist and known quite as liberal and was very popular, his name was Khatami. And during this time the press was really emerging and was really finding its wings, and so you had a lot of reformist newspapers, a lot of opinion pieces, a lot of questioning of the system, and so the hard line elements like the Revolutionary Guards that I mentioned before started cracking down, and there was this huge migration from traditional print media onto the internet, and so the internet became this great space for freedom of expression for a lot of different writers and journalists to start emerging, and so it took a long time for the government to really understand the space and understand how to control it, and so it wasn't really until 2009, so we had some censored websites like BBC Persian that were censored in the early 2000s and we had some select major news websites that were writing in Persian that were kind of challenging the status quo in Iran being targeted and filtered, but there was no real mechanism or process for this until 2009 when there was this big protest movement called the Green Movement, and it was in response to the fact that a huge demographic or chunk of the population in Iran believed that the election was fraudulent and the actual preferred reformist candidates were sidelined because of a agenda by the Supreme Leader, and they put into place a very populist and hard line president known as Mahmoud Ahmadinejad, and if you guys are following Iranian politics at all earlier in the past five, six years, you probably would have noticed just him making the rounds on the international circuit because he was a bit of a caricature of a crazy politician, crazy Middle Eastern politician. Anyways, during that protest movement that wanted to challenge Ahmadinejad's reelection in 2009, there was a huge movement and mobilization of a lot of people towards these reformists and moderate candidates, and even before the election took place, it seemed that the establishment was getting really scared and worried about what kind of activities were happening online, and so you had one of the favorite candidates, Nusavi, whose campaign colors really defined the Green Movement, his campaign colors were green. You had a lot of people within his campaign getting a lot of support. There was massive Facebook groups that were promoting that campaign, and there was some of the initial activities on Twitter were related to these campaigns, and so before the election day even happened, the government went and censored Facebook and Twitter in anticipation of any mobilization. When the elections actually took place, we saw mass mobilization on the streets. Obviously, excuse me, there is an interphone going off in the background, so I apologize for that, but it will go off in a second. There is mass mobilization, obviously, offline and online, and it led to the government cracking down and shutting off the internet for a period of 30 minutes, too, and an hour, and after this, the system realized the power of the internet and things really started to get rolling, and you see all of the efforts to centralize all of the different institutions and infrastructures to the offices of the Supreme Leader after 2009, and so things like the computer crime laws that were being drafted very leisurely before 2009, it picked up speed, and by 2010 it was voted into law in parliament, and it set the tone for a lot of the things that we see happen online, things like making encryption illegal came out in this document. Article 10 of the cyber crime law says that concealing changing passwords or encoding data that can deny access of authorized individuals to data, computer and telecommunications systems, which essentially means that it's illegal and criminal not to have any back doors in anything that you do online, which is really problematic because most technologies that exist, if you have an iPhone, you're using encryption, so it provides these really vague laws that allow the government to basically crack down if they have an excuse or a desire to do so. The computer crime law also centralize and put into place the process of implementing filtering, and so there is a committee that's determined, that is passed for determining offensive contents, and this law basically says that this committee is within the judiciary, it has in the multi-agency body of various stakeholders in the government that from within the administration of the rare honey cabinet and some supreme leader's office and various other experts who have to sit down and determine whether websites or things like that should be blocked. So this took place in 2010 and it's kind of an interesting process that has been all of these different policies and it's something that I did a few years ago with one of my colleagues at the University of Amsterdam, which I was previously, was to sit down and see how the progression of these policies was kind of playing out in aesthetically because in your run when you want to go and access a site that has been blocked by the government you end up getting onto a redirect page and the government basically populates the redirect page with whatever content they want and so just to give you some insight into how this has reflected into censorship policy I have a little video to show you for a few minutes. Can you hear it now? Oh no. Hold on. My headphones are blue too. It's going to take a while. Hi. My many many apologies. The different policies related to these laws and regulations evolve as norms of what constitutes as filtered content becomes more entrenched with Iran from the inception of the very first version of the page whereby users are told in the name of God according to the Computer Crimes Act access to this website requested is not possible. The message that users are viewing a censorship page is toned down in the next version whereby users are only told that the links they are viewing are some of the registered links. Within version two we also see the payvana.ir website creating pages related to internet policy. The third version of payvana.ir continues with the theme of religious references with a poem featured that states if you listen to the words of the poet Sadi he says he consents to require the consent of him. Immediately to the right of this users see the text in the name of God and the merciful as if to subtly tell users that the censorship they are experiencing is by the will of God. These religious references are continued in version four whereby the main feature of the page is a changing image that makes references to traditional holidays and events maintaining the theme of allusions to Shia Islam and national imams. Marking the festival of Imad Reza, asking users to click on a link to submit ideas for the festival. Version five of payvana.ir brings attention to the Islamic nature of censorship. The links featured here are perhaps the most related to state propaganda in comparison to the other versions. While the previous version did not display any links the previous versions of payvana.ir featured the popular Persian language blogging platform, however this version omits the website. The omission of the main image in version five makes it hard to establish a firm connection between the previous and following versions. This finding is in line with the notion that archives of web pages are not always successful in capturing all of the content. However further research shows that this version still made use of images regarding Shia Islam. The asset degree movement internet controls in Iran from 2009 until 2012 reports by the open-ed initiative has captured and saved the version of payvana.ir as it was on the 25th of October 2012. This image features ceramic writings. The last two iterations of the website in version six and seven are very similar in design. The sudden change in design was explained by an anonymous source to make filtering more pleasant or rather to appear as a subtle part of the Iranian internet experience rather than one presented with indoctrinating aspects of the government. The significant change that comes in version seven however is the prominent feature of the internet policy links. Concluding we can say that this historiography of the payvana.ir website demonstrates the timeline of the beginning of the heightened internet controls from the inception of the page 2010 to the present day. The changes in the page essentially demonstrate the evolution of the way the Iranian state represents censorship policies. The notions of religious motifs decrease over time whereas the focus on internet policy becomes more present by the last iteration of the page. This is a brief welcome to how policies have tried to become more streamlined and centralized over the years. Some of the things that we've been noticing have been different programs that have been trying to further control online. One of the projects that we have been following especially in terms of seeing how various activists and users at risk inside of Iranian civil society and within human rights groups within the diaspora have been affected is one program that a body within the revolutionary guards named as Gairdab has developed and they publicized it very highly I think in efforts of trying to create intimidation amongst Iranian internet users especially any activists or journalists doing any kind of dissident writing is the spider program and I can get a little bit into it later on but basically the spider program it was publicized as having control over all of the user's data anything you do on social media is basically being monitored and which I think as many technologists would know is very difficult unless you're actually working with the platforms and most of the social media platforms that Iranians are using on that are not local they are foreign platforms like Facebook, Instagram and Iran or telegraph and unless they are cooperating directly with these companies that's very hard to do however they have had other tactics of doing this which is actually through physically seizing things so there was a whole roundup of arrests that happened back in 2015 where there were various fashion models being rounded up inside of Iran who were Instagram celebrities and they arrested them and basically through interrogations they forced them to hand over passwords and so these really popular Instagram pages that Iranians followed all of a sudden were taken over and had this had the page say through the spider program of scared dogs these pages have been essentially taken over but really they were through physical seizures we also have been seeing the development of the national information network over the years and sometimes known as the Halal Internet and this began under the Ahmadinejad Administration but again it was sort of part of a grander policy set in place by the Supreme Council of Cyberspace which at its head is the Supreme Leader and this is basically the main aim of the national internet network some people have feared that it is being built to cut Iran off from international traffic and to make them reliance on a domestic internet in the same way that North Korea administers its online activities however part of the reason for creating this was to protect Iranian infrastructure from cyber attacks from actual threats from Israel and the US and things like the sex attacks actually did have real consequences for Iranian economy and for Iranian institutions and so as part of national security in some ways it does make sense however it does actually have real consequences for control online and I'll explain a little bit about one of the major concerns and how it's related to telegram a little bit later on the Iranian government especially this administration of Hassan Rouhani has done a lot to try to promote policies that basically present the facts that they want to do more efficient or productive forms of censorship that can put in place morals online without making the internet this cumbersome place full of hurdles so they were basically saying they want Iranians to access Facebook they just don't want them to access the immoral content on Facebook and so they started advertising the fact that they're spending millions of dollars on this process of intelligence censorship and again Iranian policies oftentimes put a lot of effort into the PR as opposed to the technological realities of what they're doing and so they were saying that the best engineering schools were working on processing intelligent filtering across the internet and the only real life result of all of this work was the advertisement and the current budget they were putting into this was back in 2015 it was discovered that intelligent filtering was being rolled out on Instagram and users started reporting how this was happening and through some work I did with a colleague we kind of passed through and through across all of these different Persian Instagram pages we kind of figured out what pages the government were targeting they were mainly fashion and cultural pages, things really related to women and how women were being presented online and we also discovered that the only way that the government was able to technically implement this was because of a fault that lay in Instagram's own in Instagram technology which was the fact that the platform wasn't encrypted and thus the Iranian government wasn't able to individually block pages the platform was encrypted and using a TTS on the browser version but the mobile application had not yet rolled out encryption and this was part and parcel because they just hadn't had time to implement this yet and so through work with my colleague we alerted this to Facebook and got into discussions with them and soon afterwards around the same time in May 2015 Instagram rolled out mobile encryption Iran's grand intelligent filtering project kind of was dismantled and didn't really amount to very much which I think underlined some of the grander things that happened in terms of internet policy and reality which is a lot of grand statements and gestures that don't really amount to very much again I didn't show this slide before but this was the grand hacking attempts that they had so this is a page a fashion page current fashion blogger that was seized and basically this Instagram feed here which was taken over through arrest and interrogation which also consequently tried to request from me on Instagram as well it says that through the spider program they can't with these and taken over other attempts by the government to try to control what's going on online has been obviously a lot of attention on telegram and I'll get to it a little bit further down but back in 2016 they implemented a new policy where they asked panels that had over 5000 followers had to go and register with the Ministry of Culture and Islamic Guidance sometimes known as Eishad and basically the administrators had to give over their personal information and this through some of the work I've been doing with article 19 we've tracked over 8 arrests that have used the legislation process to crack down on various groups so in the lead up to the 2017 election where President Rouhani was re-elected there were a number of telegram channels that were moderate or reformist oriented so these are the political factions that are a little bit on the left and they were supporting Hassan Rouhani who has a lot of tensions with card line elements within the Iranian system there were roundups of a lot of these administrators that were promoting his work by the Revolutionary Guards and a lot of their information was found and accessed through this registration process which is quite problematic the government also through the registration process attached a bot to the channel so they were able to monitor who was following the various channels on telegram which is highly problematic for a lot of security reasons just to go over some of the political context in Iran and I alluded to the fact that politics is a little bit complicated in Iran and this affects how internet policy played out as well President Hassan Rouhani came into office in 2013 with a lot of promises about how he was going to improve internet access and some of those promises and values came to fruition with the fact that things like internet bandwidth did actually increase throughout the first term of this president there's a lot of small towns and villages that didn't have access to the internet the suddenly will be connected and so a lot of this infrastructural work for access was being improved under this president however he also did make a lot of promises about how they weren't going to be more platforms and so one of the biggest achievements previously up until April was the fact that his administration was able to stop members of various heartline institutions in Iran which is the judiciary from blocking telegram and so telegram and Instagram was one of the only four in social media that was not blocked in Iran however some concerning things that have happened was the fact that about a year ago after his re-election he put into place a new minister of ICT his name is Obey Daroumi and a lot of especially human rights organizations became very concerned about the fact that this moderate and popular president who was elected during both elections on a mandate of reform and progress and living up to rights was putting into place this individual and he had a history of working with Iran's intelligence apparatus there were a number of different activists who said that he would actively involve in their interrogation he was arrested in 2009 he also worked within the intelligence to help build up online surveillance systems within various intelligence apparatuses inside of the country he was an engineer he was mainly promoted because of the fact that he's quite young and he's going to be very innovative and he has this kind of tarnished path that was concerning a lot of people in terms of what he was going to do when he was put into place he did say that he was going to try his best to keep things acceptable and not censored what he said he was going to do this by trying to establish connections and ties to the telegram administrators so famously during the Iran protests that were happening in December and January Darumi was tweeting at the founder of telegram and asking him to take down certain channels that were extremely popular and were helping with mobilizing the protests he alluded to the fact that they were violating telegram terms of use by inciting violence and so we have this very problematic individual pursuing these problematic policies including the national information network which I'll get into a little bit because it has a lot to do with the situation of telegram in Iran and so it's almost impossible to talk about the Iranian Internet and not talk about telegram and this has been part of my fascination for the past few years I started really following the impact of telegram on communications in Iran during the 2016 parliamentary elections that happened in Iran because at that point you had something like in terms of reformists and moderates being very successful during that election and this was seen largely in the fact that you had a lot of reformists and moderate members of parliament being very savvy in their use of telegram and so they had videos and they had campaign materials that went viral on the platform and so it was then that you could really see the impact of localization and in terms of political clout that this platform could have and why did this platform have so much clout? Well it's kind of developed as this really unique and indigenous tool to Iran because back in 2015 I mean how Iranians come to use their tools I think essentially has a lot to do with localization and usability and so previously you had Viber that was extremely popular and I think it had a lot to do with the way it was designed Iranians could easily share stickers with funny messages and Persian like there's tons of sticker packs and things like that it's really fun and so in 2015 there was a massive campaign done by the government and various other media to discredit Viber for having ties with the Israeli government and Iran started swaddling Viber connections so there was a massive migration of these Viber users onto telegram and at that time telegram hadn't started its public channel functionality and so you had all of these users go on to there and then they realized they could also use it as a social media so there's private messaging and then it becomes a social media platform and so telegram has basically become ubiquitous with internet use because of this ability to communicate freely get content freely so you have something like BBC Persian which is lost inside of Iran but you can get all of the content from BBC Persian you can get videos from news broadcasts on this on censored platform for a while there was a lot of speculation on why telegram wasn't being censored and Facebook and Twitter were being censored that's mainly speculation which I won't get into but the reality of the fact is that you have about 40 million users on telegram and you have something like 45 to 50 million users online in Iran so it had huge impact and since 2015 the running government has come to many deliberations on whether or not it should have been censored or not and so it really became a heightened crisis with the protest movement and we saw, like I said before the minister reached out to Pavel Durov asked to do content takedowns which initially Pavel Durov did respond to and did remove that one channel I think through various reactions so Pavel Durov stopped responding to any of those content takedowns and took a very firm stance on wanting to encourage internet freedom inside of Iran but basically through the national information project or the national information network Iran has been trying to pursue this goal of trying to localize all of the data and content that curves on the internet to inside the country and so there were numerous attempts by the government to try to create alternatives for all these foreign platforms so you had things like a network that was trying to be an alternative to telegram wasn't very successful they tried to create various alternatives to telegram over the years and they weren't able to be very successful so they created all these different ultimatums but they hoped that telegram would be responsive to and so in 2016 they gave them an ultimatum that said that if they don't move their servers to Iran within a year they would be censored so a year came and passed and they weren't censored but however during the summer of 2017 what did happen was that telegram moved its content delivery network to inside of Iran and they announced that they did this in order to make it more efficient and they were going in to download and upload content because Iran has the biggest user base of telegram users and so the government kind of presented this as telegram complying with their demands to localize and bring data inside of the country obviously this wasn't enough Iran came out with well the supreme council of cyberspace came out with a new directive that was ordering every single platform that wished not to be censored in Iran to comply with various data laws which meant that Iranian users must have all of their information on service inside of the country which essentially would mean that the government would have access to those servers and to that data when the directive did come on April 30th that gave the final order to block telegram permanently they alluded to the fact that telegram wasn't complying with the Iranian directive and they I mean there was a bunch of other reasons but that was one of the concerns it must be strange though to be talking about telegram at a security conference because I know that telegram doesn't have the best reputation among photographers there are a lot of problems with telegram obviously it's not end to end encrypted by default and had the Iranian government actually asked for the servers to be located inside of Iran and they had actual encryption by default and wouldn't necessarily have been a huge concern however they could potentially have access to this information there have been other security concerns with the fact that there have been numerous SMS hacks on a lot of journalists and activists inside of the country where elements within Iran's intelligence have been able to access these accounts through these types of attacks we've also seen lots of targeting of various different members of civil society inside of Iran who are using telegram and telegram hasn't been very proactive in making sure that they are taking care of the security of this giant user base inside of this country full of so many at risk users so there is that kind of element of criticism to be had for telegram what is most concerning however right now besides the fact that we can spend a lot of time criticizing telegram security there's even bigger kind of concern right now which are the alternatives that the Iranian government are pushing onto Iranians they are not being entirely successful in doing this however they have policies for like university students if they want to get any updates or information about what's happening with their courses or programs or their departments they are being forced to go on to the alternatives to the alternative to telegram which is government developed platform which is exactly like telegram it functions the same way with the channel they have to get onto these platforms now to get access to that information and it's been audited by different researchers so even the government officials who have their channels on these platforms researchers have been able to look into some of the back end of the platform and they can like uncover the phone numbers the personal phone numbers of these different officials and so there's a lot of holes in this and obviously the data has given the fact that encryption this kind of security it's not even legal inside of Iran to rush the platform all of the data can be easily accessed by Iranian officials so these kinds of privacy precautions they go to the wind when it comes to these platforms there have been a numerous amount of projects that are trying to find alternatives to telegram so when telegram was blocked in Russia which was about a week prior to the block in Iran, Havel Durav came out and said that he was putting some of his own money into developing projects to this censorship and so he actually gave an amount of funding to Iranian internet researchers who are activists based in London who I know personally and they created a platform called Telegram BR now one of the reasons why I really like coming to the conferences and talking to rooms of technologists and security researchers is because the Iranian internet environment is such a volatile area and I love to mobilize these audiences so these really well-intentioned funds who created this platform that now has over a million users and it's extremely useful is a platform that should be audited and should take good security precautions so I really urge any security engineers here to go on the Telegram BR code on Hithub audit it and make sure that these alternatives for Iranian access to communication are as secure as possible and that kind of brings me to my last point which is discussing a little bit about how you talk about security in Iran and it's one of the projects I work on with various networks of Iranians outside who work on human rights and who are often who have the Iranian government as an adversary during this type of work which is sort of the culture of security security is often seen as a very low priority and I mean given the fact that you have something like Telegram that arose it's a hugely popular tool over so many other alternatives that a lot of people within the cryptography and security communities would recommend over it kind of shows that usability and design and features rank much higher than security features and so yeah digital security is not so much a huge concern physical security is often seen much more important although your online security feeds into the physical threats as well for example if you are not taking care of your digital hygiene and you go into your interrogation to compromise your case and how you're treated when you're physically detained so how a lot of different trainers and technologists approach this field I think is really important and these kind of one size fit all recommendations don't always work I know a lot of folks have been saying oh well it's good that Telegram is locked so you can go use a more secure alternative like Signal and you should always use Tor as your circumvention tool and so just one of the last points I wanted to leave this talk on is yeah don't always use Signal or use Tor think about the context as technologists that various users are operating in and yeah try to help and improve the technological environment with that note I will say thank you and my apologies again for not being able to be there in person and thank you so much for letting me ramble on alright thank you very much so as we mentioned earlier I think it's going to be easier to continue this discussion over on Twitter so your handle is here and for those of you who are on site we will reconvene here in about 15 minutes thank you very much