WEBVTT
00:00:00.390 --> 00:00:09.100
preroll music
00:00:09.100 --> 00:00:13.370
Herald: Good evening, thank
you for joining us tonight,
00:00:13.370 --> 00:00:18.019
here at the CCC in Hamburg.
And also thank you for everyone
00:00:18.019 --> 00:00:20.769
tuning in around the
world via our livestream.
00:00:20.769 --> 00:00:26.919
I'm very, very honored and excited
to introduce our new... next guest,
00:00:26.919 --> 00:00:29.439
Mahsa Alimardani?
laughs
00:00:29.439 --> 00:00:34.620
- it was my attempt to say the name Mahsa
Alimardani - she's an Iranian-Canadian
00:00:34.620 --> 00:00:36.989
researcher and activist.
00:00:36.989 --> 00:00:42.280
Mahsa is finishing her master's
degree and is a research assistant
00:00:42.280 --> 00:00:45.730
at the Deja Active Lab, both at
the university of Amsterdam,
00:00:45.730 --> 00:00:52.199
and her focus is on freedom of
expression and access to information
00:00:52.199 --> 00:00:58.589
in Iran. She's also the editor
of the Global Voices Iran
00:00:58.589 --> 00:01:02.510
and today she will be sharing some
of her research findings with us
00:01:02.510 --> 00:01:08.799
about the censorship situation
in Iran on mobile platforms.
00:01:08.799 --> 00:01:14.590
With that I would like to ask you to
help me welcome Mahsa Alimardani!
00:01:14.590 --> 00:01:23.380
applause
00:01:23.380 --> 00:01:26.920
Mahsa Alimardani: Thank you Sonia,
for the nice introduction,
00:01:26.920 --> 00:01:29.759
and thank you all for
coming to this session,
00:01:29.759 --> 00:01:33.890
I know there's a lot of awesome
computing sessions happening right now.
00:01:33.890 --> 00:01:40.530
And, so, just to introduce you a little
bit to the Iranian internet ecosystem.
00:01:40.530 --> 00:01:46.950
So, there are some realities,
you should know about it.
00:01:46.950 --> 00:01:48.439
decent laughter
00:01:48.439 --> 00:01:53.280
Yes, if you're thinking of traveling to
Iran I'd tell this to everyone: Do go!
00:01:53.280 --> 00:01:56.219
It's awesome, it's amazing,
it's a beautiful country.
00:01:56.219 --> 00:01:59.490
Although, take into consideration
the type of work that you do and
00:01:59.490 --> 00:02:02.109
the type of public profile
you have when you do go.
00:02:02.109 --> 00:02:05.850
If you do go do set up TOR relays
'cause that's really helpful to people
00:02:05.850 --> 00:02:10.410
accessing the internet in Iran.
00:02:10.410 --> 00:02:12.660
And one of the things you should
know that the Iranian internet,
00:02:12.660 --> 00:02:16.550
it's often known as the Filter Net.
00:02:16.550 --> 00:02:20.620
And Filter Net sort of has been the name
ascribed to the internet
00:02:20.620 --> 00:02:23.209
because of the censorship
that happens in Iran.
00:02:23.209 --> 00:02:27.440
I think out of the whole
world Iran would come
00:02:27.440 --> 00:02:31.110
second after China in the terms
of the pervasiveness of censorship
00:02:31.110 --> 00:02:34.569
and internet controls around the world.
00:02:34.569 --> 00:02:38.120
Something that you might not know is
that it is also known as the "Kondnet"
00:02:38.120 --> 00:02:41.450
and "kond" means "slow".
00:02:41.450 --> 00:02:44.970
The fact that the internet
is often throttled in Iran,
00:02:44.970 --> 00:02:47.500
and the speeds are very slow,
00:02:47.500 --> 00:02:51.180
and the fact that it can be very
frustrating sometimes to upload a page
00:02:51.180 --> 00:02:55.019
it also has the name of "Kondnet".
00:02:55.019 --> 00:03:01.250
So, this talk will sort of describe this,
I'll talk on Mobile Censorship
00:03:01.250 --> 00:03:05.230
and how they will focus on that.
I just wanna take a sort of broader view
00:03:05.230 --> 00:03:11.769
and to look at more general
look at internet policy in Iran
00:03:11.769 --> 00:03:14.140
and just before I sort of delve into it...
00:03:14.140 --> 00:03:16.709
The reason why I really
wanted to get this talk at
00:03:16.709 --> 00:03:21.909
a conference like the CCC is
because I know this is a community
00:03:21.909 --> 00:03:26.030
full of lots of different
expertise in terms of
00:03:26.030 --> 00:03:28.049
Digital Security,
in terms of Circumvention.
00:03:28.049 --> 00:03:31.319
So, bringing awareness and sort
of knowledge in focus on Iran
00:03:31.319 --> 00:03:34.810
I think is kind of exciting
in a community like this
00:03:34.810 --> 00:03:39.530
'cause a lot of help and
a lot of aid can go towards
00:03:39.530 --> 00:03:43.420
access to internet in Iran
from a group of people like you.
00:03:43.420 --> 00:03:48.819
So: just a broad look at what the internet
infrastructure's like in Iran is.
00:03:48.819 --> 00:03:53.340
The Ministry of Information,
Communication and Technology (ICT)
00:03:53.340 --> 00:03:55.939
runs the Telecommunications
Company of Iran
00:03:55.939 --> 00:04:01.150
and this company is also responsible
00:04:01.150 --> 00:04:05.989
for the main ISP of Iran which is the
Data Communication Company of Iran.
00:04:05.989 --> 00:04:11.390
So, in effect they control all
internet traffic that goes into Iran
00:04:11.390 --> 00:04:16.269
and all ISP's both private and
government are controlled through
00:04:16.269 --> 00:04:19.630
the Data Communication Company of Iran.
00:04:19.630 --> 00:04:24.670
So this company in effect becomes
the point where filtering can occur
00:04:24.670 --> 00:04:29.590
and the blocking of pages or
the blacklisting of keywords occurs.
00:04:29.590 --> 00:04:33.160
Oftentimes the Telecommunications
Company uses proxy servers
00:04:33.160 --> 00:04:39.540
for surveillance by logging all
unencrypted internet traffic that goes on
00:04:39.540 --> 00:04:43.600
in Iran which is why it's really important
for pages that are being used
00:04:43.600 --> 00:04:47.130
especially by Iranians if not
everywhere else in the world
00:04:47.130 --> 00:04:51.440
to have https for all
Mobile Applications to be using
00:04:51.440 --> 00:04:54.900
encryption technology
and things like that.
00:04:54.900 --> 00:04:58.340
Now, all of these things
are really concerning as it is
00:04:58.340 --> 00:05:04.530
the fact that the government has so
much access to data over the internet.
00:05:04.530 --> 00:05:08.920
What's even more concerning
is looking at this chart here.
00:05:08.920 --> 00:05:14.570
So this is the overall view
of the institutions responsible
00:05:14.570 --> 00:05:17.760
for internet policy in Iran.
And you see at the very top
00:05:17.760 --> 00:05:22.070
there is the Supreme Leader. Although
Iran does have no active president,
00:05:22.070 --> 00:05:25.690
ultimately, the Supreme Leader
has the Veto Power
00:05:25.690 --> 00:05:30.680
and is in effect really
the official Head Of State.
00:05:30.680 --> 00:05:35.700
And so while the ministry of ICT is part
of the elected administration
00:05:35.700 --> 00:05:40.190
the Supreme Leader has ultimate power.
And what is particularly
00:05:40.190 --> 00:05:44.770
concerning here is while we have
the ministry of ICT here on the right
00:05:44.770 --> 00:05:48.350
and then you have the Telecommunications
Company. And then you have
00:05:48.350 --> 00:05:53.410
the ISP provider in Iran. You then
have the Revolutionary Guards
00:05:53.410 --> 00:05:57.270
which are a para-military
organization in Iran
00:05:57.270 --> 00:06:00.850
who are not accountable
to the elected government.
00:06:00.850 --> 00:06:04.400
They're ultimately only accountable
to the Supreme Leader.
00:06:04.400 --> 00:06:09.630
They own the largest share of the
Telecommunications Company of Iran.
00:06:09.630 --> 00:06:14.000
This is particularly concerning because
a group like the Revolutionary Guards
00:06:14.000 --> 00:06:18.350
are the ones who are oftentimes
responsible for
00:06:18.350 --> 00:06:23.520
various surveillance programs,
for arrests of dissidents.
00:06:23.520 --> 00:06:28.500
One of their offshoots, the Basij
were the ones on the streets,
00:06:28.500 --> 00:06:31.810
arresting and beating up protesters
during the 2009 Green Movement.
00:06:31.810 --> 00:06:35.910
So the fact that they have access to
this kind of data it's very concerning
00:06:35.910 --> 00:06:43.730
in why things like digital security are of
the upmost importance in Iran.
00:06:43.730 --> 00:06:47.720
Just a little brief overview of why
00:06:47.720 --> 00:06:51.390
this sort of history started in Iran.
It's not always been like this.
00:06:51.390 --> 00:06:57.430
This started during the Reformer's era
in Iran which were the late 90ies.
00:06:57.430 --> 00:07:02.680
This was a period where
relative to the Iranian context
00:07:02.680 --> 00:07:08.320
which is a Islamic theocracy there was
more progressive politics
00:07:08.320 --> 00:07:12.980
and the hardline elements which aren't
often accountable to the electorate
00:07:12.980 --> 00:07:18.860
in Iran kind of clashed with the
Reformer's Government that was in power
00:07:18.860 --> 00:07:22.430
and so the surge in Reformer's
jounalists that were
00:07:22.430 --> 00:07:26.220
in traditional print media meant
that they could start migrating online
00:07:26.220 --> 00:07:31.350
in the early 2000's, late 90ies, when
blogging was becoming really popular
00:07:31.350 --> 00:07:36.620
and the technology to use Persian unicode
was becoming more pervasive.
00:07:36.620 --> 00:07:39.680
During this time the government
sort of realized that there's
00:07:39.680 --> 00:07:43.370
this space that's not
being controlled at all.
00:07:43.370 --> 00:07:47.460
And so filtering of pages
started early on in 2001
00:07:47.460 --> 00:07:52.420
but there was no real systematic
procedure for this filtering.
00:07:52.420 --> 00:07:57.070
So they came up with the
Cybercrimes Law in 2006.
00:07:57.070 --> 00:08:01.530
But that sort of lay
floating around until 2009
00:08:01.530 --> 00:08:05.360
when the internet became
a really big deal because,
00:08:05.360 --> 00:08:09.440
I'm sure some of you have
heard of the Twitter Revolution
00:08:09.440 --> 00:08:12.919
which sort of came out after 2009
Green Movement. And it was at that point
00:08:12.919 --> 00:08:17.390
- when Iranians were coming out en masse
onto the streets protesting
00:08:17.390 --> 00:08:21.300
what they claimed to be a fraudulent
election - that the Iranian Government
00:08:21.300 --> 00:08:25.760
shut down the internet. And so
after this period they codified
00:08:25.760 --> 00:08:31.170
the Cybercrimes Law to sort of ensure
a more systematic way of filtering
00:08:31.170 --> 00:08:35.780
various pages including Twitter
and Facebook, that came out of it.
00:08:35.780 --> 00:08:38.960
And then following this you
had the Revolutionary Guard's
00:08:38.960 --> 00:08:43.770
establishment of Gerdab which is
a Cyber Command Center
00:08:43.770 --> 00:08:47.960
which is now responsible for
the arrest of many different bloggers
00:08:47.960 --> 00:08:52.860
and activists in Iran. And then in 2011
00:08:52.860 --> 00:08:56.180
because there wasn't enough
control over the internet
00:08:56.180 --> 00:09:01.320
they set up the FATA, a police force,
from the police forces.
00:09:01.320 --> 00:09:06.020
While they do sort of take care
of things like cybercrime
00:09:06.020 --> 00:09:10.320
in terms of banking, in identity theft,
they also are responsible
00:09:10.320 --> 00:09:15.680
for the arrests of various bloggers.
There was one popular case in 2012
00:09:15.680 --> 00:09:21.690
of Sattar Beheshti, who had public
dissident posts against the government.
00:09:21.690 --> 00:09:26.880
And then finally in 2012
the Supreme Leader who has
00:09:26.880 --> 00:09:31.580
quite a grand name of its own decided
to setup a very Sci-fi-esque body
00:09:31.580 --> 00:09:37.110
- at least in the English language -
called the Supreme Council of Cyberspace.
00:09:37.110 --> 00:09:40.150
audience amused
00:09:40.150 --> 00:09:45.690
This body basically would be responsible
for all of the Internet Policy
00:09:45.690 --> 00:09:49.920
in Iran. And this really marked
a turning point in Iran where
00:09:49.920 --> 00:09:56.710
cyberspace and internet became
a key issue of National Security;
00:09:56.710 --> 00:09:59.770
not only were there concerns
of cyber attacks from the United States
00:09:59.770 --> 00:10:04.470
and Israel, there was also
big concerns of dissidents
00:10:04.470 --> 00:10:08.240
and various movements that could
sort of emerge through Social Media
00:10:08.240 --> 00:10:13.400
and the blogs. And so all the
decision making would occur through
00:10:13.400 --> 00:10:17.380
the members that they decided to appoint
to this council. And it's a mixed bag
00:10:17.380 --> 00:10:25.610
of different ministers as well as
unelected officials and experts.
00:10:25.610 --> 00:10:30.080
Over the years they've had various
different programs to try to control
00:10:30.080 --> 00:10:34.610
the internet and most recently
in last March they came up with
00:10:34.610 --> 00:10:39.680
another grand sounding
program called Spider.
00:10:39.680 --> 00:10:45.260
Spider was a project of the Revolutionary
Guards where they sort of
00:10:45.260 --> 00:10:50.490
talked about doing blanket surveillance
over all Social Media activities,
00:10:50.490 --> 00:10:53.380
activities of Iranians which technically
00:10:53.380 --> 00:10:59.540
- if any of you know anything about
how Facebook or how Twitter works -
00:10:59.540 --> 00:11:06.100
it's quite hard. If posts are private
it's hard to delve into them.
00:11:06.100 --> 00:11:13.070
Anyways, so what is key to understanding
about the internet climate right now
00:11:13.070 --> 00:11:17.920
is that there is a moderate president
Rohani who came into power
00:11:17.920 --> 00:11:21.680
on a platform of many
different progressive policies
00:11:21.680 --> 00:11:25.140
one of which was Internet Freedom.
00:11:25.140 --> 00:11:29.120
And so they've had many
different progressive moments.
00:11:29.120 --> 00:11:35.350
They shut down the hardline judiciary's
attempts to block Whatsapp e.g.
00:11:35.350 --> 00:11:40.370
and they've promised not to really
shut down any other platform
00:11:40.370 --> 00:11:44.790
or censor anything unless there is
a legitimate replacement for them
00:11:44.790 --> 00:11:48.180
and this is a quote by
the minister of ICT.
00:11:48.180 --> 00:11:51.960
But at the same time
they've been trying to cater to
00:11:51.960 --> 00:11:55.620
some of the hardline elements
and try to sort of balance out
00:11:55.620 --> 00:11:59.720
their Internet Freedom policies with
programs like intelligent filtering,
00:11:59.720 --> 00:12:04.490
which would mean not blocking
entire platforms outright but
00:12:04.490 --> 00:12:08.970
blocking individual pages.
00:12:08.970 --> 00:12:14.800
This program... about 66 Mio. Dollars
has been spent on this program
00:12:14.800 --> 00:12:20.650
from the ICT budget. And overall
it's been a bit of a failure.
00:12:20.650 --> 00:12:26.010
I worked on a piece of research
with Frederic Jacobs that sort of
00:12:26.010 --> 00:12:30.650
underlined how the intelligent filtering
on Instagram, which was
00:12:30.650 --> 00:12:35.320
the most tangible,
resolved of this form of control.
00:12:35.320 --> 00:12:39.060
was only occuring because
Instagram had failed to release
00:12:39.060 --> 00:12:44.980
the https on the Mobile API.
So they were able to enable
00:12:44.980 --> 00:12:50.060
intelligent filtering on the mobile
application but not on the browser.
00:12:50.060 --> 00:12:53.360
Later on people found out that there was
still disruptions and images
00:12:53.360 --> 00:12:58.680
weren't loading to Instagram even
after Instagram enabled https
00:12:58.680 --> 00:13:04.000
over the Mobile API. And it turned out that
this was just collateral damage
00:13:04.000 --> 00:13:08.020
from the fact that some of the
images on Instagram were also hosted
00:13:08.020 --> 00:13:13.630
on Facebook which is
outright blocked in Iran.
00:13:13.630 --> 00:13:17.540
So right now we're about to go
up to a election in Iran.
00:13:17.540 --> 00:13:20.870
It's in February,
it's the Parliamentary Elections.
00:13:20.870 --> 00:13:26.110
And typically during these
sensitive moments in Iran
00:13:26.110 --> 00:13:29.840
they start playing around
with the internet and
00:13:29.840 --> 00:13:32.730
this happened in 2013. There was
00:13:32.730 --> 00:13:36.990
a significant throttling of the internet
leading up to the elections.
00:13:36.990 --> 00:13:40.160
And right now there have been
some things spotted although
00:13:40.160 --> 00:13:44.910
it's speculation whether or not
it's related to the elections at all.
00:13:44.910 --> 00:13:50.600
Some websites with foreign
SSL certificates are being blocked.
00:13:50.600 --> 00:13:54.410
There was one example of a
popular blogger based in Iran
00:13:54.410 --> 00:13:58.910
named Jadi who has a
SSL certificate from Cloudflare
00:13:58.910 --> 00:14:04.720
and his website was blocked.
And you'll notice that local certificates
00:14:04.720 --> 00:14:08.120
won't be blocked because ultimately
they're controlled by the government.
00:14:08.120 --> 00:14:13.440
This is a diagram formed by Smallmedia
that sort of explains how
00:14:13.440 --> 00:14:17.200
the certificate authorities are ultimately
in the hands of the government
00:14:17.200 --> 00:14:21.150
and data could potentially be shared.
00:14:21.150 --> 00:14:26.500
There is also throttling of TLS in
November and the best example of this
00:14:26.500 --> 00:14:36.300
was over TOR direct connections which,
you see, experienced a significant drop.
00:14:36.300 --> 00:14:41.730
The shift towards mobile applications
and the fact that Iranians are
00:14:41.730 --> 00:14:45.490
increasingly accessing the web through
their phones means that there's been
00:14:45.490 --> 00:14:50.040
sort of a increased focus by
the government on mobile apps.
00:14:50.040 --> 00:14:54.779
In order to sort of talk to this they've been
coming up with local alternatives
00:14:54.779 --> 00:14:59.070
like WeChat has Dialog which sort of
you can see from the interface
00:14:59.070 --> 00:15:07.290
that this local version is imitating that
application. Instagram had Lenzor.
00:15:07.290 --> 00:15:11.300
But you kind of see that it's not
working as effectively because
00:15:11.300 --> 00:15:15.250
if you look at the Cafe Bazaar Stats,
which is a platform where Iranians
00:15:15.250 --> 00:15:20.430
download their apps, Lenzor
only has about 50000 users
00:15:20.430 --> 00:15:24.400
while Instagram has
more than 9 Mio.
00:15:24.400 --> 00:15:28.720
Viber had another imitation
out called Salam.
00:15:28.720 --> 00:15:34.470
Salam was speculated to be
developed by the Basij.
00:15:34.470 --> 00:15:40.170
So popular apps right now have...
there's Whatsapp and there's Viber
00:15:40.170 --> 00:15:44.410
and Telegram in terms of
chats and communication.
00:15:44.410 --> 00:15:50.180
Telegram is the most popular right now
and that's mainly because
00:15:50.180 --> 00:15:53.610
Viber has been heavily
tampered with and
00:15:53.610 --> 00:15:58.110
a lot of people don't trust Viber anymore
because the media has sort of
00:15:58.110 --> 00:16:02.839
disparaged it in connection with Israel
and the Israeli Defense Forces (IDF).
00:16:02.839 --> 00:16:07.970
And Whatsapp the second most
popular app has been experiencing
00:16:07.970 --> 00:16:12.370
lots of network disruptions.
And so with this increasing shift
00:16:12.370 --> 00:16:17.180
towards Telegram the media
has been focusing on also
00:16:17.180 --> 00:16:21.910
highlighting that Telegram is
a place of moral corruption.
00:16:21.910 --> 00:16:26.029
This is a picture from a semi-official
news source, FARS News,
00:16:26.029 --> 00:16:32.330
sort of depicting how someone could be
dramming in Telegram.
00:16:32.330 --> 00:16:37.250
So Telegram in Iran is really
controversial not only because
00:16:37.250 --> 00:16:40.050
the government's really
concerned about it but
00:16:40.050 --> 00:16:45.670
it had a really confusing
and weird relationship with Iran.
00:16:45.670 --> 00:16:50.210
Starting in August, Bots and Stickers
started getting censored in Iran.
00:16:50.210 --> 00:16:55.100
And the Bots and Stickers are one of the
reasons why Telegram is really popular
00:16:55.100 --> 00:16:59.839
in Iran because the Bots allowed Iranians
to access content on the internet
00:16:59.839 --> 00:17:04.270
without using a VPN
and the Stickers are oftentimes fun
00:17:04.270 --> 00:17:09.920
and kind of rude and in Persian
which not a lot of apps have.
00:17:09.920 --> 00:17:14.079
And so it's really popular.
But these got censored in August.
00:17:14.079 --> 00:17:16.140
And the ministry announced that
the censorship was occuring
00:17:16.140 --> 00:17:21.920
because of cooperation with Telegram,
but Telegram was very quick to deny this.
00:17:21.920 --> 00:17:27.929
Pavel Durov came up and said that they
had not entered in to any agreements.
00:17:27.929 --> 00:17:32.490
On top of that there's a respected community
of security experts have really
00:17:32.490 --> 00:17:37.270
critizised the cryptography and
the security behind Telegram.
00:17:37.270 --> 00:17:40.270
And this is especially worrysome
when you hear things like
00:17:40.270 --> 00:17:45.679
30% of Telegram data is now being
stored in Iran which was a
00:17:45.679 --> 00:17:49.550
announcement by the ministry of ICT
in Iran. But then again
00:17:49.550 --> 00:17:55.080
Telegram was very quick to deny this,
again, saying that this is 100% bullshit.
00:17:55.080 --> 00:18:00.670
laughter
And so the Telegram story continues.
00:18:00.670 --> 00:18:05.550
I think it was in late November,
00:18:05.550 --> 00:18:09.830
Pavel Durov made a announcement
saying that the ministry of ICT
00:18:09.830 --> 00:18:15.820
had come to him demanding spying and
censorship capabilities from Telegram
00:18:15.820 --> 00:18:18.850
which is really weird because
beforehand they thought they were
00:18:18.850 --> 00:18:22.350
working together. And there's all sorts of
conspiracy theories about
00:18:22.350 --> 00:18:26.750
how Pavel Durov got on a plane and went
to Tehran to meet with the minister Vaezi.
00:18:26.750 --> 00:18:30.230
Noone really knows what happened,
all speculations and rumours.
00:18:30.230 --> 00:18:35.230
Anyways, he comes out with this
announcement and then a few weeks later
00:18:35.230 --> 00:18:40.120
it's like: "Oh, that was a fake email",
which is really odd and concerning
00:18:40.120 --> 00:18:45.740
and no other internet company has ever
had anything happen like this.
00:18:45.740 --> 00:18:49.960
He said that he received the fake email,
the ministry didn't actually contact him.
00:18:49.960 --> 00:18:54.470
He never released the email.
It's all very strange and it led to
00:18:54.470 --> 00:19:01.150
several advocacy organizations asking
for more transparency from Telegram.
00:19:01.150 --> 00:19:06.580
But Telegram continues to be one of the
most popular apps in Iran.
00:19:06.580 --> 00:19:09.710
What's notable about Telegram is that that
sort of sets a precedent for other
00:19:09.710 --> 00:19:14.300
internet companies inside of Iran
especially as we move towards the removal
00:19:14.300 --> 00:19:19.740
of sanctions. And companies like Facebook
and Twitter will be able to do business
00:19:19.740 --> 00:19:24.850
with Iran potentially. And so noting these
kinds of behaviours and sort of holding
00:19:24.850 --> 00:19:29.890
them to account is really important.
00:19:29.890 --> 00:19:33.540
One last application that sort of
gaining ground in Iran and that
00:19:33.540 --> 00:19:38.040
highlights one of the sort
of habits of Iranians is
00:19:38.040 --> 00:19:47.030
Bisphone. Bisphone is this local app and
Security Researcher Kevin Miston
00:19:47.030 --> 00:19:50.250
who I don't know if he's here [in the
hall] or not, but he's somewhere here
00:19:50.250 --> 00:19:55.380
in the venue, has done some really cool
work into looking what exactly Bisphone is
00:19:55.380 --> 00:20:01.980
'cause it's sort of this rising app
that's gaining a lot of popularity.
00:20:01.980 --> 00:20:05.580
It apparently has connections, the
developers are loosely connected to
00:20:05.580 --> 00:20:12.770
the government. It turns out that the
actual data collection over the ISPs is
00:20:12.770 --> 00:20:18.450
connected to Iran's Telecommunications
Company. Which is very concerning but
00:20:18.450 --> 00:20:25.920
Smallmedia recently did a report asking
Iranians what they thought about the
00:20:25.920 --> 00:20:30.340
security of the apps that they use and the
tendency is that they either don't know
00:20:30.340 --> 00:20:34.460
or it doesn't really
factor in as a big issue.
00:20:34.460 --> 00:20:40.640
So security is a very low
priority for Iranians even though
00:20:40.640 --> 00:20:43.760
it should be higher on their list.
They generally tend to go for
00:20:43.760 --> 00:20:48.740
usability and fun features.
This kind of brings me
00:20:48.740 --> 00:20:52.500
to the take aways of this talk which is:
Internet control in Iran is
00:20:52.500 --> 00:20:58.660
quite pervasive, but it's not as
sophisticated as they would like.
00:20:58.660 --> 00:21:00.900
It's especially important now
'cause there's been more arrests
00:21:00.900 --> 00:21:05.660
of various bloggers, various people
who work in the Tech industry in Iran.
00:21:05.660 --> 00:21:08.910
This might be particularly
problematic as we move towards
00:21:08.910 --> 00:21:13.730
the Parliamentary Elections.
00:21:13.730 --> 00:21:17.809
If you do particular research,
if you do any collection of data
00:21:17.809 --> 00:21:23.260
and circumvention tools I think this is a
very exciting time to be looking at Iran's
00:21:23.260 --> 00:21:27.109
internet ecosystem. Thank you!
00:21:27.109 --> 00:21:38.230
applause
00:21:38.230 --> 00:21:42.970
Herald: Thank you, we have 5
minutes now for question/answers.
00:21:42.970 --> 00:21:51.380
So if you have questions for Mahsa
please go to one of the 4 microphones.
00:21:51.380 --> 00:21:55.320
And I would like to ask you to
please say your question slowly
00:21:55.320 --> 00:21:58.090
into the microphone because
it's being recorded.
00:21:58.090 --> 00:22:00.390
audience mumbles amused
00:22:00.390 --> 00:22:08.610
Question: Shall I start?
H: Ok we'll start with, yes, that microphone.
00:22:08.610 --> 00:22:15.929
Q: So one thing first as a statement
not a question. If you are in Iran, do not
00:22:15.929 --> 00:22:20.540
ever use your banking, whatever banking...
Mahsa: whispering Who's talking?
00:22:20.540 --> 00:22:24.480
Q: ...without VPN. And then... because
they're gonna block it. You're gonna
00:22:24.480 --> 00:22:29.820
have to go back to your bank and reopen
it. But the question is: Do you know...
00:22:29.820 --> 00:22:33.590
how much do you know about the
relationships with other governments like
00:22:33.590 --> 00:22:38.460
foreign governments or foreign companies
on the filters, there were... and like
00:22:38.460 --> 00:22:41.790
further developments. Because I know from
Rohde&Schwarz like a year ago,
00:22:41.790 --> 00:22:48.440
when I was there, they were talking about
the relationship with the filters in
00:22:48.440 --> 00:22:54.840
I-don't-know Syria, maybe. And that they're
not officially related but they were used?
00:22:54.840 --> 00:23:02.480
Mahsa: Yeah, I'm not a particular expert
on Syria but I do know that they have
00:23:02.480 --> 00:23:06.390
exchanged technology and knowledge with
the Syrian Government 'cause they are
00:23:06.390 --> 00:23:10.210
very close with the Assad Regime.
00:23:10.210 --> 00:23:16.110
Q: I meant more specifically like
companies in Europe and in the US.
00:23:16.110 --> 00:23:19.929
M: Yeah, so because of sanctions
I know the US don't really...
00:23:19.929 --> 00:23:26.160
I do know Europe... is...
does work, but I know
00:23:26.160 --> 00:23:31.600
the country that they turn to most for
censorship technology would be China.
00:23:31.600 --> 00:23:36.040
And I know that in the past that they
heavily relied on Chinese technology
00:23:36.040 --> 00:23:40.460
for censorship and surveillance material
but recently they've been shifting towards
00:23:40.460 --> 00:23:45.679
local vendors and using more
locally grown technology.
00:23:45.679 --> 00:23:50.179
Although it's hard to say. I don't have
direct insight into what technology
00:23:50.179 --> 00:23:56.410
and where it's coming from. Maybe you
have more insight and can tell me.
00:23:56.410 --> 00:24:00.980
H: Thank you, next question, please.
00:24:00.980 --> 00:24:05.700
Q: Thank you to bring us the awareness
that we have to fight for our freedom
00:24:05.700 --> 00:24:08.540
in internet or also to fight
leaders which try to...
00:24:08.540 --> 00:24:14.400
H: Could you get a little closer to
the microphone, please!
00:24:14.400 --> 00:24:19.130
Q: My question was: When you go back to
Iran, do you have any repression or
00:24:19.130 --> 00:24:20.900
problems?
M: Do I personally?
00:24:20.900 --> 00:24:27.770
Q: Yes. personally.
M: I haven't gone back to Iran since 2010
00:24:27.770 --> 00:24:31.070
because I do things like come and
talk here on a recorded video
00:24:31.070 --> 00:24:37.430
audience amused
I generally don...
00:24:37.430 --> 00:24:45.140
applause
00:24:45.140 --> 00:24:50.000
Q: It was my question exactly, and you
should be aware that it's no democratic
00:24:50.000 --> 00:24:52.809
there so if they catch you they do
whatever they want with you.
00:24:52.809 --> 00:24:57.679
It's not, like, we control the police...
M: Yeah, I mean that's also another point
00:24:57.679 --> 00:25:02.820
I wanna make: There's a lot of
awesome unknown people doing work
00:25:02.820 --> 00:25:08.120
and doing research and activism on the
Iranian internet that remain anonymous
00:25:08.120 --> 00:25:13.260
and use pseudonyms and can't do
things like come here and talk, so
00:25:13.260 --> 00:25:16.780
that's a decision I've made. There's other
people doing really amazing work that you
00:25:16.780 --> 00:25:21.750
probably will never see
on a platform like this.
00:25:21.750 --> 00:25:28.669
applause
00:25:28.669 --> 00:25:33.529
H: Okay, may I ask on the next
question, please. Thank you.
00:25:33.529 --> 00:25:37.540
Q: Yeah, thanks for the great talk! I have
a question about the certificate authorities
00:25:37.540 --> 00:25:43.049
there in the Iranian State. You said that
foreign certificate authorities are
00:25:43.049 --> 00:25:48.720
blocked by the governmental filters.
With your demonstration of one site...
00:25:48.720 --> 00:25:55.720
of this blogger. Are there any certificate
authorities in Iran not connected to
00:25:55.720 --> 00:26:00.760
the government, or not... are forced to
giving the private key to the government,
00:26:00.760 --> 00:26:06.330
so that maybe foreign sites could just
adjust their certificate to an Iranian
00:26:06.330 --> 00:26:12.570
free or libre CA and so could do an
access for the people there?
00:26:12.570 --> 00:26:17.110
M: That's a really good question. I don't
think I have the knowledge or expertise
00:26:17.110 --> 00:26:22.950
to fully answer it. But I will point you
towards the Smallmedia report that
00:26:22.950 --> 00:26:27.600
really delved into this. They did like
months of research. I think the person
00:26:27.600 --> 00:26:31.490
you would probably wanna talk to
would be Amin Sabeti. I could only
00:26:31.490 --> 00:26:38.040
sort of guess and I'm not sure if
it's broadly done on every website,
00:26:38.040 --> 00:26:42.080
'cause there's obviously a lot of websites
using foreign SSL certificates that
00:26:42.080 --> 00:26:47.020
are not blocked, but if it's sensitive
it's more likely to get blocked in Iran.
00:26:47.020 --> 00:26:52.090
Q: Thank you very much.
H: Thank you, are there any questions
00:26:52.090 --> 00:26:56.530
from the internet?
looking out for Signal Angel
00:26:56.530 --> 00:27:01.290
Yes? Aah, ok. The internet, please!
Signal Angel: So, question.
00:27:01.290 --> 00:27:04.760
Since there seems to be a lot
of trouble politically-wise,
00:27:04.760 --> 00:27:09.520
is there a hacker scene in Iran? Like
there is in Europe or in the USA?
00:27:09.520 --> 00:27:15.710
M: Yeah, yeah there is a hacker scene
and there's a, like an emerging
00:27:15.710 --> 00:27:20.610
open source community doing a lot of
cool work. Yeah, totally the scene exists.
00:27:20.610 --> 00:27:24.789
I'm sure a lot of them would
have loved to have been here.
00:27:24.789 --> 00:27:30.630
H: And the internet, again!
S: A lot of people in Iran, I know,
00:27:30.630 --> 00:27:34.660
use VPNs. Have you heard of VPN providers
cooperating with the government?
00:27:34.660 --> 00:27:42.429
M: Yeah, that's another big security
concern that I didn't cover in this talk,
00:27:42.429 --> 00:27:47.250
w hich is like using VPNs is ubiquitous,
basically, in Iran. Even
00:27:47.250 --> 00:27:51.600
members of the government use it.
I think there was even a photo of...
00:27:51.600 --> 00:27:55.730
someone in one of the ministries, they
had Psiphon on their desktop and
00:27:55.730 --> 00:27:59.530
it was pictured on a famous photo that
went viral. But one of the concerns is
00:27:59.530 --> 00:28:04.090
like, the government is actually providing
their own VPN so they can access data
00:28:04.090 --> 00:28:08.850
and what people are connecting to
through their own backdoored VPNs.
00:28:08.850 --> 00:28:16.799
H: We have one more question, and that's
here in the back, please. You, yeah.
00:28:16.799 --> 00:28:22.020
Q: Hi, so I have... I was wondering
if you have concrete cases
00:28:22.020 --> 00:28:27.559
about government monitoring data or
00:28:27.559 --> 00:28:32.960
using that as evidence in court cases.
00:28:32.960 --> 00:28:37.770
Because we have always been
speculating that these guys
00:28:37.770 --> 00:28:43.350
will go through the messages that we send
and then they're gonna use it against us.
00:28:43.350 --> 00:28:46.960
But we have never been able
to prove it. Do you have
00:28:46.960 --> 00:28:50.809
any kind of cases study on that?
M: There is the one really famous one that
00:28:50.809 --> 00:28:56.259
I'm sure you've heard of,
the Sony-Ericsson case
00:28:56.259 --> 00:29:00.809
- I think I'm getting the company right -
back in 2009 where they tracked
00:29:00.809 --> 00:29:05.280
through the cell phone company.
So that's the most concrete case.
00:29:05.280 --> 00:29:09.419
But I suppose there aren't
that many known,
00:29:09.419 --> 00:29:15.990
and that's one of the problems with
installing sort of a culture of digital
00:29:15.990 --> 00:29:20.000
security in Iran. Because most people
are afraid of physical surveillance,
00:29:20.000 --> 00:29:24.210
this thing that if they're arrested and
they take their computers physically
00:29:24.210 --> 00:29:30.419
- that's the actual concern, not so much
using encrypted email or encrypted chat.
00:29:30.419 --> 00:29:35.500
So that might be part of it.
I'm sure there are. I couldn't
00:29:35.500 --> 00:29:39.340
name them to you right now but the most
famous would be from 2009 when they were
00:29:39.340 --> 00:29:45.110
working with Ericsson.
Q: Thank you.
00:29:45.110 --> 00:29:54.200
H: Ok, thank you!
applause
00:29:54.200 --> 00:29:58.280
H: And with that one more warm applause
for Mahsa. Thank you so much for
00:29:58.280 --> 00:30:01.390
coming today, Mahsa, thank you!
00:30:01.390 --> 00:30:05.900
postroll music
00:30:05.900 --> 00:30:08.350
created by c3subtitles.de in 2016