5 January 2012
The dream of dictatorships – to control communications within their borders – has got harder and harder as the internet has become more and more pervasive. Fifteen years ago, cutting off the internet was easy: internet providers used modems and you could simply seize them. Now it’s more complex: smartphones may even be able to connect to telephone data services across borders. A determined person can get a message out in all sorts of ways: one of the smartest is to hide coded data inside the pixels of what looks like a perfectly innocent photograph, a method called steganography.
The Iranian government’s latest controls, in which it is demanding that internet cafes take the personal details of anyone using them, are calculated not to stamp out anonymous use of the internet, but to dissuade the far larger body of average people from any thought of dissent. As Patrick McGuinness says in The Last Hundred Days, his semi-autobiographical novel about the last days of Ceauçescu’s communist Romania, in a society where you know that you are being watched, eventually you will watch yourself, and save the authorities the trouble.
Monitoring the free internet is too big a task for any government. But by using the threat of monitoring, Iran’s administration can free itself to focus on words or phrases, or people, it knows to distrust.
But Iran’s government has been taking other steps too to discover dissidents and track their movements. It may be following North Korea’s lead in creating an “intranet” – an internet that works only inside its borders. Only a few thousand people in North Korea have any connectivity to the outside world.
Iran seems to be looking to protect its most valuable information from the wider internet, fearing a repeat of the Stuxnet computer virus attack of 2010 – though that was brought into the country via infected USB sticks from Russia, which were plugged into the nuclear network. An intranet wouldn’t stop that.
The government is also trying other methods to monitor dissent. Last year, an Iranian hacker broke into one of companies that issues “digital certificates” – a sort of seal indicating that a site is what it says it is. Among the false – but to a receiving computer, completely real – certificates that the hacker created was one for Google’s webmail product, Gmail. A few months later, the certificate was discovered being used in Iran to fool people who were accessing Gmail into thinking that their connection was secure; in fact any suitably equipped hacker could have monitored their emails. Significantly, a dissident would be more likely than the average Iranian citizen to use Gmail.
In response, some outside groups have tried to set up methods to let people inside Iran bypass the filtering being used on the computing and telephone networks. The so-called “internet in a suitcase” project, backed by the US government, is designed to carry systems that would let people create their own ad-hoc wireless phone networks, eventually linking out of the country to services such as satellite internet providers or mobile phone networks across borders.