User authentication

USER AUTHENTICATION PROCESS: The NIN was designed to require users to authenticate themselves with personal in-formation before accessing content. This process has yet to be implemented.

As the NIN has become operational under the Rouhani administration, significant new state capabilities have been developed that facilitate state access to users’ accounts.

For example, the requirement for all users in Iran to have a single, unique identifier for accessing the internet, which is planned for the third and last phase of the NIN (expected to be undertaken during Rouhani’s second term, 2017-2021), will significantly compromise user privacy. Nasrollah Jahangard, deputy minister
of communications, said at the opening of the first phase of the NIN that user authentication will be a requirement in this network, adding: “All connections, whether fixed or mobile (phone), will have a single identity, and if the user lacks the identification, it will not be possible to provide him/her with service.”

While this authentication process does not yet exist, after this phase is launched, all users will have to enter the network with their National Identification Number, making their activities identifiable. Because their online activities will be saved, if intelligence and judicial authorities wish, they can access a log of their activities.

Jahangard denied this, saying, “Authentication of users does not mean that we are monitoring the data exchanged by them.” Yet his claim is not accurate; NIN access via National Identification Numbers will allow Iranian authorities to monitor the online activities and the information exchanges of users.