Source: Washington Post
Jan 21, 2023
Analysis by Tim Starks with research by Aaron Schaffer - Jan 17, 2023 report
Iran has sought to develop an “unprecedented” mobile surveillance system, and discussed setting up the program with a pair of Western companies, according to research out Monday from the University of Toronto’s Citizen Lab.
Based on hacked documents that Citizen Lab verified were authentic, Iran’s ambitions focused on deeply integrating into mobile business systems. “The surveillance and censorship capabilities resulting from this level of integration with mobile service providers cannot be understated,” the report states.
The document trove, primarily covering a period that began in 2018 and goes through 2021, doesn’t definitively indicate whether Iran partially or fully implemented the system, although discussions “appear to have been well-advanced,” according to the researchers. But it does shed light on Iran’s goals against a backdrop of Iran and other oppressive regimes using strong-arm tactics to stifle protesters.
“These documents clearly do reflect an aspiration for an unprecedented surveillance architecture that would have — based on the Iranian regime’s history of suppressing dissent and human rights — led to further human rights violations,” the authors of the report read.
How it would work
Research on the documents, which the Intercept provided to Citizen Lab, found that the system “would provide the Iranian government with comprehensive information about Iranian subscribers, including personal information of citizens and non-citizens at the time they purchase SIM cards.”
The amount of information Iranian authorities could collect from mobile service providers under the program is sweeping, the researchers found:
“Who’s communicating with whom, for how long, how often, and where.”
Internet usage history and phone call/text history.
The use of phone numbers in specific geographical locations.
Personally identifiable information like birth certificate and passport numbers.
Also unprecedented: The system would allow authorities to make changes to a user’s phone, such as forcing it onto a slower 2G network.
Who else?
The primary source of the emails was Ariantel, an Iranian wireless communications services provider.
But the documents reveal negotiations between Iran and several foreign firms:
PROTEI, a Russia-founded telecommunications vendor.
Telinsol, a U.K.-based satellite communications consultancy.
PortaOne, a Canada-based mobile business and support system firm.
Citizen Lab said the emails appeared “to show Telinsol facilitating purchases to support” Ariantel’s launch. A law firm responded to Citizen Lab’s request for comment by saying Telinsol “flatly denies the allegation that it has been involved in activities that would in any way help digital espionage against Iranian citizens” and threatened possible legal action.
PortaOne initially told Citizen Lab that it “does not provide any products or services to or for use in Iran, it has never done business with Iran, Telinsol or Ariantel.” It later said that it did business with an Ariantel-connected Portuguese company, but later canceled the contract and returned its payment.
In a statement provided to The Washington Post, Ariantel said that "locating individuals and subscribers is not technically possible and all accusations are falsifications."
Neither Telinsol nor PortaOne responded to my requests for comment.
“While businesses may argue that their services are innocuous and not specifically designed for legal interception, this does not absolve them of the responsibility to undertake a human rights due diligence process to identify, prevent, mitigate, and account for how they will address adverse human rights impacts in the context of a potential client,” Citizen Lab’s researchers wrote.
The big picture
Iran has cracked down harshly on domestic protesters who demonstrated in response to the death of Mahsa Amini while she was in the custody of the nation’s Islamic morality police, who enforce the country’s dress code. Those protests began in September and continue.
Tehran said it will use facial recognition technology to identify women not wearing hijabs. It has stepped up internet censorship and blocked access to tech products like WhatsApp and Skype.
The government has been accessing the social media accounts of protesters it has detained, Katie Polglase and Gianluca Mezzofiore reported last month for CNN.
The trend of eavesdropping on protesters hasn’t been limited only to Iran. My colleagues Cate Cadell and Christian Sheppard detailed extensive surveillance of Chinese protesters objecting to that nation’s covid-19 policies in a story earlier this month.
“Dozens of people who took part in the protests have paid heavily for the dissent, subject to intense surveillance measures and aggressive interrogations in police custody, even as Beijing was shifting to unravel the policies,” the story reads. “Protesters in Beijing and Shanghai describe heightened digital surveillance, strip searches, threats against their families, and being forced into physical duress during interrogation.”
Updated, 1/17/2023: to include comment from Ariantel.