June 22, 2009 11:45 PM PDT
Tech giants deny helping
by Declan McCullagh
A joint venture of Siemens AG and Nokia Corp., two large European technology firms, is denying reports that
Nokia Siemens Networks said Monday that it has sold telecommunications systems to the Iranian government but that any built-in monitoring technology was for voice communications and not the Internet.
"The lawful intercept capability is purely for local voice calls," spokesman Ben Roome said in an interview. "We don't know who may have provided other Internet technologies to
The company's denial comes as protests over Iran's disputed election enter their second week, amplified by Twittering from the Iranian diaspora and cell phone videos showing ongoing street conflicts and the apparent death of young Iranian woman called Neda.
Images and video clips trickling in from the streets of Tehran--even ones whose authenticity may never be established--have electrified the West and demonstrated the limits of power that the government is able to wield. Because foreign correspondents are being pressured by authorities and forced to leave, according to journalist advocacy groups, the country's relatively tiny Internet pipe to the outside world is offering a unique glimpse of the situation on the streets.
Iran's Internet restrictions are no secret, of course. As CNET News reported last week, Web sites including Facebook, YouTube.com, and the BBC have been deemed off-limits by government censors, and there have been recurring reports that Twitter.com and Yahoo Messenger have been blocked as well. Except for some hiccups, though,
The source of the surveillance technology used by
This recent dispute erupted in the form of a front-page article in Monday's editions of The Wall Street Journal, which claimed that the Iranian government has developed "one of the world's most sophisticated mechanisms for controlling and censoring the Internet" with the help of Nokia Siemens Networks. The headline read: "
But Roome, the Nokia Siemens Networks spokesman, said that the newspaper's report was incorrect. He said in a blog post, "Unfortunately, I was unable to clarify for the Wall Street Journal the limited scope of the lawful intercept capability (voice calls only) and rule out...deep packet inspection and Web filtering."
Roome argued that, whatever its faults, even
Complicating the matter is the difficulty of identifying the technology used. It's relatively easy to figure out which Web sites that are off-limits--groups like Harvard University's Berkman Center for Internet & Society have made a practice of compiling such lists--but much harder to know what hardware or software is being used to monitor Internet links.
"For the filtering work we are able to verify the actual functionality," said Rob Faris, research director for the
In terms of Web blocking, a
McAfee now owns Secure Computing and sells the software as McAfee SmartFilter. A product description boasts of "a proven repository of more than 25 million blockable websites across more than 90 categories."
"We have never seen any direct evidence or hard proof that
More recent reports suggest that Iranian Internet providers have developed or adapted their own Web filtering technology, but shed little light on the question of surveillance.
Compared with a few years ago, traffic analysis and inspection have become more common for Internet providers; their legitimate purposes include detecting malicious activity, prioritizing online phone calls over e-mail, and for mobile providers, charging different fees for different types of data.
Cisco's Service Control Engine series boasts of conducting "deep packet inspection" and "detection and control of virtually any network application, including: Web browsing, multimedia streaming, and peer-to-peer (P2P)." WireShark, free software for intercepting and decoding traffic, can record and display what's taking place on a network. And most modern routers can block or log access to Web sites based on a list of Internet addresses or domain names.
"I don't know how one could actually determine" what Iran is using for surveillance, said Tony Barbagallo, vice president of marketing at WildPackets of Walnut Creek, Calif., which sells Internet monitoring tools including OmniPeek Network Analyzer. "It's pretty easy to conceive that they could be using homegrown technology."
"Our products are used in the
This echoes the argument that Nokia Siemens Networks has made: that selling voice-only lawful intercept gear to
On the other hand, the
Jay Botelho, WildPackets' director of product management, said the best way for an Iranian Internet provider to monitor its customers would be to use one bank of monitoring equipment for e-mail, another for Web browsing, a third for VoIP calls, and so on. "Using our product, the easiest way to monitor everything is to hook onto an (extra port) port off your main switch," Botelho said. "The problem is that depending on the traffic, that could overload an appliance. But if you slowed everything down, you'd get everything."
That's not a problem in
The largest Internet provider in
Declan McCullagh, CBSNews.com's chief political correspondent, chronicles the intersection of politics and technology. He has covered politics, technology, and
©2009 CBS Interactive Inc.
Donations can be sent to the
"The master class has always declared the wars; the subject class has always fought the battles. The master class has had all to gain and nothing to lose, while the subject class has had nothing to gain and everything to lose--especially their lives." Eugene Victor Debs