National Email
Developing national email providers has also been a component of government efforts to control and access online content and activities. In 2012, Reza Taghipour, Minister of Telecommunication in the Ahmadinejad administration, wrote letters to his deputy and the Central Bank of Iran insisting on the use of domestic email services. He noted that Article 46 regarding informational security objectives in the law concerning the five-year development plan called for banks and communication operators to stop using email services such as Yahoo, Gmail, and Outlook and to instead use nationally-hosted email programs listed by Iran’s Internet National Development Management Center.
This Center issued a list of agencies that offered (national) email services, and all government offices were required to use such email services, for example those ending with “iran.ir,” “post.ir,” and “.chmail.” Moreover, in order to register for the email services, users were required to give their National ID number (similar to, for example, a social security number in the United States), their address, and their phone number.
The implications of this were not lost on the citizenry of Iran, and largely explain the failure of this initiative, which, unlike the national SSL certificates, was relatively easy to discern. Government control over all aspects of the national email service, including, critically, storage of all account information on government servers inside the country (which the government has full access to), means that the government has full access to the account—the authorities can read the body of the email, access any attachments, and see any contacts. In addition, these national email services are not securely encrypted. While some of them do not use valid international SSL security certificates, others do not use any SSL certificate at all. As a result these accounts are completely open—not only to the government but to hackers as well. Moreover, the requirement that users of these national email services provide their national ID number (as well as address and phone number) means that all anonymity is gone. Once a user provides this information, they have effectively identified themselves to the government. For those engaged in political or social activism, state access to their email content would have catastrophic consequences given the government’s record of imprisoning those who engage in online activism.
To date, the government has been notably unsuccessful in this aspect of the National Network. For example, when the government required banks to open accounts only for individuals who listed a national email account, the banks found that individuals simply refused to open accounts at those institutions. The banks subsequently dropped the requirement of a national email account.