CHRI – Bill Claims to Protect “Digital Borders” by Trampling Internet Freedom, Privacy
After repeated denials by Iranian officials about the existence of a bill that would allow an elite branch of the Iranian army to control and monitor all internet content, activities and messaging apps in the country, the Center for Human Rights in Iran (CHRI) has obtained a copy of the pending legislation.
Allowing the General Staff of the Armed Forces (GSAF)—which operates under Supreme Leader Ali Khamenei and is directed by a commander of the Islamic Revolutionary Guard Corps (IRGC)—to control the country’s internet infrastructure would put millions of Iranians at risk of prosecution for various online activities including accessing content on a banned social media app.
CHRI’s analysis of the “Managing Social Messengers Bill” indicates it was written with the following aims:
- Enabling the country’s security and intelligence establishment to easily and effectively censor online content and monitor user activity
- Make it extremely difficult for users in Iran to access non-state approved digital content
- Provide incentives for users to access state-approved online content
- Lay out sentencing guidelines for users or companies convicted of accessing banned online content
The internet and social media apps are heavily restricted and censored in Iran. Some 53 percent of the country’s 80-plus million people had access to the internet in 2017, according to the UN’s International Telecommunication Union—up almost 10 percent from the year before.
As a result of the growing number of Iranians with internet access, state policies and technical initiatives have increasingly focused on strengthening state control over the internet.
This bill is another step in a string of actions taken by the state to legally enable security and intelligence organizations to police internet and messaging app use in Iran.
In 2016, Iran launched the state-controlled National Internet Network (NIN), which has significantly enhanced the government’s ability to restrict, block and monitor internet use in Iran.
A year later, a judicial official banned the use of the country’s most widely used messaging app, Telegram.
Now the state appears intent on closing any potential gateways to Telegram content with a law that could be used to police all digital content in Iran.
The term “social messenger,” as it’s used in the bill, includes messaging apps and social media networks. Telegram was banned in May 2018, forcing its 40 million users to access its content via digital censorship circumvention tools or to move over to state-approved apps.
But as shown in the following paragraphs, the bill’s definition of a social messenger is so broad that it could also be extended to websites, including news and other sites that could be seen as critical of state policies.
Trampling on Internet Freedom and Privacy to Protect “Digital Borders”
The bill, a copy of which was obtained by CHRI, was written by unidentified authors and thus far, Iranian officials have denied its existence. On October 23, 2018, Member of Parliament (MP) Ehsan Ghazizadeh Hashemi, the leader of Parliament’s social media faction, said the bill had not reached Parliament.
“Currently, such a bill has not been introduced to Parliament,” he told reporters at a press conference. “Of course, there have been discussions regarding the country’s bandwidth, and accordingly, the Information and Communications Technology Ministry will be in charge of policy making, but no bill has been introduced to the legislature about the internet.”
But a knowledgeable source told CHRI that the bill is currently being studied in the Parliamentary Committee on Cultural Affairs.
The source, who spoke on the condition of anonymity to protect their personal security, added that the bill is being analyzed by the parliamentary committee as requested by hardline MP Nasrollah Pejmanfar.
CHRI’s investigations revealed that Rouhollah Momen-Nasab, a technical expert, has been used by the committee as a consultant for the bill. On October 29, the Iranian internet and technology magazine, Peivast, tweeted that he had co-authored the bill, but CHRI could not independently confirm this statement.
In an interview with the magazine, Momen-Nasab defended the bill and made statements that were consistent will the bill’s definition of messaging apps.
Momen-Nasab also referred to Hamid Fattahi, the head of the government-controlled Telecommunications Infrastructure Company (TIC), adding, “Mr. Fattahi has repeatedly told us in meetings that he prays to God that someone would take over the responsibility of protecting the country’s digital borders.”
But on October 22, Fattahi tweeted that Iran should not allow control of the internet and social media apps to become a “monopoly.”
“In meetings regarding this bill, the Telecommunications Ministry has submitted legal and technical arguments against such a move to take away the government’s control of the internet’s pathways. We will respect and honor parliamentary legislation and enforce the law, but we should not be creating a monopoly at a time when we are trying to break monopolies and strengthen the resistance economy.”
The phrase “resistance economy,” touted by Supreme Leader Ali Khamenei, refers to Iran’s attempts to offset the impact of sanctions by strengthening and safeguarding domestic industries.
In the following paragraphs, CHRI provides a chapter by chapter analysis of the Managing Social Messengers Bill, which has been under discussion in Iran’s Parliament since late August 2018.
Chapter One: Trampling Internet Freedom to Secure “Digital Borders”
The bill consists of 33 articles contained in four chapters. Its stated aim is to clarify legal parameters for the state’s use, production and access to traffic or data stored on social media applications.
But the bill’s definition of a social media app is so broad that it could be used to include news and other websites that permit visitors to post comments. According to the bill, social messengers are defined as:
“User-based systems that provide platforms for interactions and the collection, broadcast and publication of social information for the purpose of establishing personal or group communications and providing online services such as financial payments and multimedia content.”
The bill considers any messaging app that is more than 50 percent Iranian-owned and based in the country a “domestic” app.
All domestic and non-domestic messengers would be required to register in Iran and operate under the supervision of an oversight committee that would be vested with the power of giving messengers operational licenses as well as the ability to ban them.
The committee would be comprised of various governmental and military agencies as well as individuals that consult with those entities, including:
1- Chairman of the National Cyberspace Center, 2- Assistant Communications Minister or authorized representative, 3- Assistant Islamic Guidance Minister or authorized representative, 4- Assistant Intelligence Minister or authorized representative, 5- Assistant Prosecutor General or authorized representative, 6- A member of Parliamentary Committee on Cultural Affairs, 7- A representative of the Islamic Republic of Iran Broadcasting (IRIB), 8- A representative of Islamic Revolutionary Guard Corps (IRGC), 9- A representative of the Islamic Propagation Organization, 10- A representative of the Police, 11- A representative of the Passive Defense Organization PDO), 12- A representative of domestic messengers apps, 13- A representative from the Shia seminary schools.
Currently, the Supreme Cyberspace Council (SCC), the highest state authority in internet policy-making, and the Working Group for Determining Instances of Criminal Content (WGDICC), the principal body charged with making internet content filtering (censorship) decisions, investigate anything seen as a violation of Iran’s internet policies and laws.
It’s thus unclear why the bill proposes creating a parallel organization—staffed by many of the individuals already working for the SCC and WGDICC—to fulfill the same duties.
Chapter Two: Military to Control All Digital Content in Iran
In chapter two, titled “Data Protection,” control of the country’s internet infrastructure is officially transferred from the TIC, which operates under the Telecommunications Ministry, to the GSAF.
Reza Bagheri-Asl, the deputy head of the Information Technology Organization (ITO), which also operates under the Telecommunications Ministry, said in an interview on October 27, “There have been some discussions about this but the version of the bill being discussed in Parliament right now does not include that provision.”
However, the bill’s Article 12 clearly states: “Protection of digital borders and the country’s cyber defense and the prevention of illegal exploitation of incoming and outgoing online data will be carried out by the relevant authorities under the central control of the GSAF. The extent and limits of responsibilities will be proposed by the GSAF and approved by the exalted Commander of the Armed Forces [Supreme Leader Ali Khamenei].”
A note attached to this article also grants the Intelligence Ministry, which operates under President Hassan Rouhani, as well as the GSAF the ability to determine what kind of data should be protected and how.
Currently, all of Iran’s incoming and outgoing internet traffic, as well the purchase of international bandwidth, internet data distribution, as well as internet security protocols are exclusively managed by the TIC, a government entity.
But the TIC is only in charge of technical aspects and must follow policies set by the SCC under the direct control of the supreme leader.
Allowing the military to control Iran’s internet infrastructure would enable it to do so without the minimal checks and balances—such as parliamentary approval—that the TIC must deal with before it implements policy changes.
The bill justifies this military control by claiming to protect Iran’s “digital borders,” an abstract concept that could be extended to anything in cyberspace.
Chapter Three: Supporting the Growth and Use of Domestic Messengers
According to the bill’s Article 19, the Telecommunications Ministry would be required to price the cost of accessing international internet content and bandwidth, as well as access rights to foreign messaging apps, at twice the current rate in Iran.
Raising the price of international internet data was suggested in August 2018 by Telecommunications Minister Mohammad Javad Azari Jahromi as a way to end what he called “wholesale internet” and replace it with “fair usage.”
But the telecommunications minister’s pricing model discriminates against those who want to access foreign content and apps by charging them double the price of state-approved content.
Article 20 of the bill also requires the Telecommunications Ministry to double the bandwidth (which would improve and increase access speeds) of domestic messengers without doing the same for foreign messengers.
This would require the Telecommunications Ministry to either host the state-approved domestic messengers or reduce the traffic bandwidth allowance of foreign apps.
State-approved domestic app developers are also eligible for state benefits such as interest-free loans without any reporting requirements.
According to the Note to Article 21, non-state-approved messaging apps would also be prohibited from providing financial services or facilitating transactions (such as allowing users to purchase a product or service) through Iranian banks.
Article 23 also bans cryptocurrencies (digital currencies that enable commerce and transactions to occur within the app) even though the SCC’s secretary, Abolhassan Firouzabadi, announced in September 2018 that President Hassan Rouhani’s government had agreed to allow them.
According to Article 24, all smartphones sold in Iran must also come pre-loaded with domestic messaging apps or they cannot be legally sold: “Import and activation permits for smartphones will be issued by the oversight committee on condition that effective domestic messengers are pre-installed.”
The bill does not specify what makes domestic messengers “effective” but the existence of this article raises privacy concerns because the pre-sale app installations would have to be carried out by phone producers or vendors who would have to unseal device packages before selling them.
The bill makes no mention of who should be allowed to access these personal devices or offer and personal security guarantees.
Due to the fact that Iran’s technological infrastructure is state-controlled and its servers are inside the country, state authorities have access to all personal user accounts, allowing intelligence and security agencies to monitor unencrypted personal communications at will.
There is a long history, documented by the UN and many rights organizations, of the Islamic Republic using this access to conduct online surveillance, unlawfully enter accounts, and retrieve information, despite the fact that such privacy is ostensibly protected in Iran’s Constitution.
This content is then used to prosecute critics of the state on various national security-related charges in judicial proceedings lacking any semblance of due process. Intelligence and security agencies work hand-in-hand with Iran’s Judiciary to conduct such operations, and many individuals have been imprisoned in Iran on the basis of such unlawfully obtained online content.
If the bill becomes law, Iranian citizens who purchase mobile phones in Iran would not only be getting devices pre-loaded with state-approved apps, they would also be communicating and sharing information on platforms completely open to surveillance by state agencies.
Chapter Four: Punishing Internet Freedom
According to Article 27 of the bill, accessing a messaging app that has been banned by the state is punishable by six months to two years in prison.
This chapter also makes it extremely difficult for users to access banned online content or apps via circumvention tools such as virtual private networks (VPNs).
A survey conducted by the Iranian Students Polling Agency (ISPA) in July 2018 showed that 79 percent of Telegram’s 40 million users in Iran continued to access content on the app after it was filtered via circumvention tools or through Iranian domestic versions of the app, Telegram Talaeii (Telegram Gold)and Hotgram.
These domestic apps (based on the open-source Telegram client app) have built-in circumvention tools that enable users to access content on the original Telegram app.
If this bill is passed, the 30 million Iranians currently using Telegram Talaeii and Hotgram would be at risk of prosecution for simply using the apps.
Companies could also be punished for allowing users to access foreign or banned messaging apps. According to Article 30, “If agencies violate the law and provide access to foreign messaging apps, violators will be punished according to Articles 749 and 751 of the Islamic Penal Code.”
According to Article 749, internet service providers could be shut down if they deliberately fail to filter content banned by the state. The owners could also face imprisonment (up to three years) and fines (maximum of one billion rials) for doing so through negligence or by mistake.
This article appears aimed at severely restricting or eliminating the use of domestic apps Telegram Talaeii and Hotgram.