Iranian Internet Freedom and Cyber Security at RightsCon
Fundamental Changes in Content Delivery: Opportunities and Challenges
On the first day of the RightsCon conference, hundreds of participants from around the world shared their insights on various panels focused on freedom of expression on the Internet and cyber security. Some of the sessions on March 30, 2016 included “Forgotten Right; Remembering Freedom of Expression,” “Balancing Creative Freedoms With Protected Rights,” and “The Changing Ecosystem of Media Delivery.”
During the “Changing Ecosystem of Media Delivery” session, Nazli Kamvari, who works at the Persian-language Radio Zamaneh, listed the various platforms her Amsterdam-based organization uses to deliver content to its audience. Gary Thatcher, the director of external liaison at the U.S. Broadcasting Board of Governors (BBG), and Sepideh Farsi, an Iranian filmmaker based in Paris, also talked about the various challenges facing their profession.
By beaming interfering waves to block foreign satellite broadcasts, the Islamic Republic was paying a price, namely by being denied access to satellite broadcasting services for its programs, said Thatcher.
Signal jamming is routinely carried out by Iranian authorities as a means to block all but state-approved broadcasts from reaching Iranian citizens.
Removing Economic Sanctions, Continuing Human Rights Sanctions
Washington’s policy towards Iran’s human rights record has not changed in the aftermath of the 2015 nuclear deal, said Emily Norris, who works at the State Department’s Office of Iranian Affairs. The United States is maintaining its sanctions against Iranian human rights abusers and supports international efforts to monitor Iran’s behavior towards its citizens, she added.
The widespread use of the internet and social media by Iranian protesters after the country’s hotly contested 2009 presidential elections prompted the Obama administration to remove sanctions on technology exports, such as iPhones and computers furnished with the latest operating systems, said Jamal Abdi, the policy director of the National Iranian American Council (NIAC).
The Obama administration has issued special licenses allowing Iranians to access Google’s Play Store, which has enabled users to download apps that improve access to uncensored information, said Peter Harrell, a former deputy assistant secretary at the State Department’s Counter Threat Finance and Sanctions agency. Harrell added that while there is still room for improved regulations that would give Iranians better access to technology, the U.S. will maintain sanctions on companies trying to sell equipment to the Iranian government to oppress its citizens.
The former State Department official also pointed out that the strict enforcement of sanctions on Iran by the U.S. government has had a chilling effect on companies potentially interested in dealing with the Islamic Republic. As a result, many companies have not resumed offering free services to the country, despite the removal of some sanctions following the signing of the nuclear deal in 2015.
Phishing and Malware: Supporting Victims
Members of this panel, which attracted many participants, particularly Iranians, included researcher on Iran’s Internet policies Colin Anderson, ICHRI’s Internet freedom researcher Amir Rashidi, Citizen Lab’s Internet security expert John Scott-Railton, and Electronic Frontier Foundation’s director on freedom of expression Jillian C. York.
John Scott-Railton gave an overview of Citizen Lab’s report on systematic phishing attacks against Iranian Internet users. He said recent attacks have differed from earlier ones in that they have also targeted Gmail accounts that have two-step verification features.
Amir Rashidi of ICHRI discussed the cyber attacks that took place during February’s elections in Iran. For example, he noted when the candidacy of the late Ayatollah Ruhollah Khomeini’s grandson, Hassan Khomeini, was rejected, many Iranian journalists were sent an email with a PowerPoint attachment. Rashidi also received it.
“The email contained only one line that said, ‘Urgent news: Hassan Khomeini’s statement in reaction to his disqualification.’ No one thought about the fact that news items are not shared within PowerPoint files and as a result many users who activated this file lost control of their [email] account,” said Rashidi.
Panelists shared the view that major Internet companies have an important role to play in improving security for their users. Rashidi noted that users have limited resources to learn Internet security techniques, such as email encryption, and therefore it is up to technology companies to directly introduce better security measures.
He added that there are also companies, such as Twitter, which have yet to resume services to Iranians users that would improve user security since the lifting of technology sanctions, even though such services were permissible. Rashidi said that companies needed to be be better educated regarding the technology tools and services that were permitted, so that unnecessarily blocked sales did not undermine the security of Internet users in Iran.
Security Now: How do Iranians Evade Sophisticated Targeted Attacks?
Participants on this panel agreed that major technology companies have a crucial role to play in increasing user security for people in countries like Iran, where the government strictly controls the Internet. Informing people about how to use sophisticated passwords to protect their information has had limited success, said the panelists. Instead, major technology companies should introduce two-step verification tools to protect user security. The panelists also noted that some Internet companies, such as social media giant Twitter, were not offering this feature to Iranians due to sanctions.
Hundreds of Firms Seeking to Boost Internet Access Around the World
RightsCon 2016 conference participants in San Francisco have attended a number of talks on efforts to widen the Internet’s reach in various parts of the world, particularly in Africa and South America. The discussions have focused on developing local networks and facilitating offline access.
Despite the various challenges faced by countries seeking to expand online connectivity, Internet access has come to be viewed as a basic necessity—as important as public utilities, food, housing, and education, said panelists speaking on the expanding borders of the Internet. Other topics debated by the panel included governmental authority in cyberspace, and the relevant laws and relations between the state and Internet companies.
Digital Activism: Promises and Challenges
Firuzeh Mahmoudi, the director of United for Iran, introduced Gershad, an app that helps Iranians spot and avoid morality police units, on March 31, 2016 at the RightsCon annual conference in San Francisco, California.
“This app is used as a map in various Iranian cities with up-to-date information of the last location of the Ershad morality police units,” said Mahmoudi.
“People can use the app to mark places in the city where the units have been stationed so that other users could be warned and change their route,” she added.
Iran’s notorious morality police (Gasht-e-Ershad), a branch of the security forces co-directed by the Revolutionary Guards and Interior Ministry, routinely subject Iranian men and especially women to harassment and arrests for alleged inappropriate public behavior.
This week the International Campaign for Human Rights in Iran (ICHRI) will be covering the RightsCon annual conference (March 30-April 1) in San Francisco, California.
In addition to posting regular updates on this page, we will be live tweeting from our Twitter page. Users can use the #RightsCon hashtag when tweeting at us if they would like us to pose their questions to conference participants.
Since 2011, the RightsCon international conference has been organized annually by Access Now to discuss issues related to freedom of expression and human rights on the Internet, including cyber security and privacy concerns. Participants include civil society activists and human rights organizations.
This year’s gathering includes the following four panels on Iran, hosted by the ASL 19 organization:
* Bridging the Gap Between Circumvention Tool Developers and Civil Society
* Iran Deal and the Future of Tech Sanctions
* Rapid Response to Support Victims of Phishing & Malware Attacks
* Security Now: How do Iranians Evade Sophisticated Targeted Attacks
The Campaign will be a panelist on the “Security Now” session to discuss Iran’s cyberspace activities against citizens and civil activists, and share ideas on improving cyber security for Iranians