For as long as the internet has had a presence in Iran, the state has filtered websites and the content on it. However, internet filtering has undergone a transformation during Rouhani’s first term (2003-2017).
With the launch of the NIN’s National Search Engine, the Iranian government’s ability to filter content has gone from a case-by-case basis to systematic filtering. As discussed in the National Search Engines section of this report, upon detecting any words or phrases that appear on the list of keywords, these national search engines automatically block the content or send the user to fabricated information.
In addition, messaging applications which employ end-to-end encryption, especially those such as the Signal application that do so automatically (with no user input required) have increasingly been blocked, as detailed below. These messaging applications are among the few tools that security and intelligence agencies cannot tap or control through conventional methods, and their inaccessibility to Iranian users has profoundly impacted internet privacy and security in Iran.
In addition to more sophisticated filtering and the blocking of secure messaging applications, authorities have indicated a plan to increase the blocking of social media networks. In a July 18, 2017, meeting with MPs, then Telecommunications Minister Mahmoud Vaezi announced the launch of four domestically produced social media networks—Salam, Soroush, Wispi and BisPhone—as state-endorsed alternatives to foreign-owned social networks currently used in Iran. “We are waiting for our domestic social media operators to give us assurances that they are ready to launch and then we will get rid of foreign social media networks,” he said to the conservative MPs.
The scope of filtering under Rouhani has also been underestimated. In part, as mentioned previously, this is because many filtered sites are still accessible, due
to the inability of Iranian filters to “read” (and thus block) encrypted information. This does not, however, mean that the state has tried to roll back any of its filtering activities under Rouhani. Indeed, Rouhani’s (previous) telecommunications minister Vaezi’s boast that some 7 million websites were filtered during Rouhani’s first term indicates the continuation of robust state filtering efforts.1
The authorities have sought a further transformation, with the development of so- called “Smart Filtering,” designed to filter content selectively as opposed to blocking entire sites. This project was begun during the Ahmadinejad presidency (2005-2013) and has continued under Rouhani. Yet after more than nine years, the project has not had significant success. Because a majority of internet content is transferred between clients and servers in an encrypted manner using SSL security certificates, it is impossible to “read” and thus selectively control its content.
After launching the “smart filtering” project, the filtering of websites and applications is no longer applied at the internet gateway to the country, but rather carried out by Internet Service Provider (ISP) companies. It would appear this is to prevent a slowdown of network speeds inside Iran, since it is no longer necessary to monitor the entire internet traffic in order to block the targeted websites. This development, however, makes it possible for the ISP to implement its own filtering policies for filtering. This is why for the past two years, many ISP’s have not filtered (the officially blocked) Twitter while others continue to filter the application.
The Iranian government has also sought to strengthen its filtering (and online surveillance) capabilities by requiring foreign social media networks to store their Iranian user data in Iran. On August 7, 2017, the country’s Supreme Cyberspace Council (SCC) issued a ruling requiring this, and the requirement that foreign companies have a representative based inside the country. Article 2 of the ruling states, “The operational conditions of the messaging services will be prepared
and compiled under Telecommunications Ministry guidelines by a working group comprised of representatives from the Ministries of Telecommunications, Culture and Islamic Guidance, and Intelligence, as well as the president’s office, the prosecutor general’s office, the Islamic Propagation Organization, the cyber police force, and the Islamic Revolutionary Guard Corps.” So far, no foreign company has complied with this requirement.