The main source for a story in the Wall Street Journal today about Internet monitoring and spying in Iran denies he provided key evidence for the story’s main claim. In addition, one of the story’s co-reporters has a history of writing stories that his sources disavow.
The WSJ story, headlined Iran’s Web Spying Aided By Western Technology, says
Interviews with technology experts in Iran and outside the country say Iranian efforts at monitoring Internet information go well beyond blocking access to Web sites or severing Internet connections.
Instead, in confronting the political turmoil that has consumed the country this past week, the Iranian government appears to be engaging in a practice often called deep packet inspection, which enables authorities to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes, according to these experts.
The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed.
The “monitoring center,” installed within the government’s telecom monopoly, was part of a larger contract with Iran that included mobile-phone networking technology, Mr. Roome said.Now Roome is all over Twitter denying that he said what the WSJ reports. He points to his blog, which says,
Nokia Siemens Networks has not provided any deep packet inspection, web censorship or Internet filtering capability to Iran.He says Nokia Siemens only provides
Lawful Intercept . . . with the capability to conduct voice monitoring of local calls on its fixed and mobile network.Chris Rhoads, the reporter who co-wrote today’s story, also co-wrote a story that painted what I said to support something I didn’t mean. Two other sources for that story, Larry Lessig and Rick Whitt, also felt the same way! So even though the claim that the Iranian government is using the Internet for spying and censorship is consistent with my beliefs, I have to take spokesman Roome’s claim, that Rhoads’ reporting goes beyond what he said, seriously! [Here's that WSJ Story and my blog post on that story.]
Today’s WSJ story raises a second question. First it quotes Roome saying,
“If you sell networks, you also, intrinsically, sell the capability to intercept any communication that runs over them.”But then the story reports (and Roome confirms) that Nokia Siemens
exited the business that included the monitoring equipment, what it called “intelligence solutions,” at the end of March, by selling it to Perusa Partners Fund 1 LP, a Munich-based investment firm, Mr. Roome said. He said the company determined it was no longer part of its core business.So are “intelligence solutions” intrinsic to networks or not?
I would like to think that Iran’s government is raising a danger flag about using deep packet inspection and other forms of Internet monitoring for anti-democratic political suppression. But if you strip away the claims attributed to Roome, which he denies, you’re left with one anonymous Iranian engineer saying,
We didn’t know they could do this much . . . Now we know they have powerful things that allow them to do very complex tracking on the network.and Bradley Anstis, director of technical strategy with Marshal8e6 Inc., an Internet security company in Orange, California, saying (according to the article) that, [Anstis] “and other experts interviewed have examined Internet traffic flows in and out of Iran that show characteristics of content inspection, among other measures.” The article quotes Anstis directly making general claims like
[Iran is] now drilling into what the population is trying to say,and
This looks like a step beyond what any other country is doing, including China.But how would we know? The main source has denied that he said what the story reported, the other two experts are generality-rich and specifics-poor, and one co-reporter has a history of writing stories that his sources disavow.
We can see evidence that Iran is involved in wholesale Internet shutdowns. But where is the evidence that it is doing spying via packet (or header) inspection? My mind is more than open, it is *ready* to see it. Nevertheless, today’s WSJ story isn’t anything more than suggestive; it certainly doesn’t stand on its own.