Arseh Sevom — Reports from the Islamic Republic of Iran about internet speeds, work to create a parallel cyber Iran, and the growing success of filtering systems paint a picture of desperate efforts to exert control over the population. Iran is not alone in its efforts. North Korea has their own “intranet” called Kwang Myong (“light” or “hope, fair, just, open”). The North Korean version duplicates external content it deems acceptable. Iran’s new closed intranet is expected to do the same, in a cyber version of what the state already does in traditional media by cherry-picking content from international sources and editing or translating it in ways that often distort the original meaning.
In this article, Walid Al-Saqaf, a journalist and cyber-activist experienced in combating censorship in his native Yemen speaks to Hooman Askary of Arseh Sevom about his own experience building circumvention tools and the efforts of the Islamic Republic of Iran to circumvent the internet.
Al-Saqaf developed the web presence for Yemen’s first English-language newspaper, the Yemen Times. The newspaper was founded by his father in 1990. After his father died in a suspicious car accident that was never investigated.
When asked if he considered himself a journalist or an activist, Al-Saqaf answered, “[I]f you need to have a cause, then the cause is freedom, democracy and human rights. You cannot just work without a cause…So promoting those human values is what I feel is closest to me as an objective than to simply run a business or to manage software. In my opinion a journalist can be an activist. I would say that it is even in their blood. Because you reveal information that others may find threatening and that is the way you expose wrongdoings.”
Interview by Hooman Askary
Breaking and Bending Censorship
Arseh Sevom asked about the work Al-Saqaf has done on Alkasir (https://alkasir.com/), which is built to circumvent internet filtering. He explained:
“The name of ‘Alkasir’ [in Arabic: اَلکَسیر] refers to bending or breaking censorship. Basically the software is a program that allows people in countries like Iran, China, Syria and Yemen to circumvent censorship on websites. It is mainly a method that allows a user to bypass a firewall. Every authoritarian government — especially in our region of the world — has a restrictive firewall policy on internet traffic, so if you access certain websites then you will find them blocked. This firewall is circumvented through the use of a certain tunneling protocol with encryption that allows the users to bypass without the authorities knowing what is going on in the background, they may know that there is something going on but they cannot recognize that it is a circumvention instance right on the spot.”
Iranians Reaching Out via Circumventors
At the end of 2011, Iranians were the most active Alkasir users, with Syrians second. According to Al-Saqaf, this number reflects the censorship regime in both countries and not the number of actual internet users in either.
As oppressive nations step up their cyber efforts, circumvention tools like Alkasir struggle to keep pace. Al-Saqaf explains that the Iranian governments efforts to look into every single piece of information flowing through its internet pipelines has slowed the internet there to a near standstill. “Basically what the Iranian government is trying to do now is to go through every single traffic header of every single individual accessing any sort of resource on the internet which amounts to tremendous hardware, software and capacity. I was surprised that they do that because even China cannot manage that. Yet, it is not sustainable. How much can you keep on tracking, monitoring, and preventing access?“
Deep Packet Inspections
As many in Iran have reported, speeds are so low that the internet is effectively off on many days. One reason is deep packet inspection (http://en.wikipedia.org/wiki/Deep_packet_inspection#Iran). Al-Saqaf explains:
“The idea behind this is if you access a certain protocol or a particular service, then the Iranian government actually goes into the header or the inner traffic and analyzes them bits by bits to check what is going through and then compare that to a stack of black list arguments and if it matches it closes the network, that has caused a tremendous internet slowdown in Iran. It is too much effort, yet despite all this people are still passing through.“
Sources who asked to remain unnamed have told us that more and more hackers/engineers are taking work developing the state intranet. “The money is good,” Arseh Sevom was told. “They cannot afford to turn it down.” Al-Saqaf adds, “[O]n the technical level, they [the state] are using firewall experts and engineers who are keeping up to date with all the new technologies out there to implement censorship.” The Islamic Republic of Iran’s monopoly on internet access makes censorship and deep packet inspection easier. “So in both areas the regime is doing it: in terms of monopoly and preventing businesses from reaching out to the international internet backbone and on the other hand, within their control, they are now taking it to the second step by means of hiring technicians who are capable of thwarting many circumvention tools,” Al-Saqaf says.
To get access to Alkasir visit: www.alkasir.com or send an email to firstname.lastname@example.org.
Walid: There are ways for digital finger prints not to be registered in the beginning, which is the idea. Sometimes you have a log that is cleared on a rotation basis and sometimes you just do not have a log. That is a technology used for instance now in chat rooms, it is called “Off The Record” or OTR and the idea behind it is you do not keep anything, anywhere. Anything that comes goes through, like a stream of water. Nothing remains where it is so you cannot go back, locate it, and use it against anyone. Now if you mean to ask what cyber activists can do, I should say there are many techniques and I can show you a few of them. There is a very popular organization called ‘Tactical Tech’ (http://www.tacticaltech.org/) and they have a particularly impressive package called ‘NGO in a box’ (https://security.ngoinabox.org/) and it basically sums up all the dos and don’ts when you are online: cyber security, protection methods and the list goes on and on with various means and schemes. But the main idea behind it is that no matter what you do you cannot guarantee safety of activists. There is simply no absolutist way because you are to guarantee someone’s security you will jeopardize someone else’s. However, there is always relative security (as with everything else in our world). In this case the best way to keep yourself as secure as possible is to eliminate the weakest link, and the weakest link is the human mind. If you have the best and most advanced technology but you do not have qualified people to use it, people who are trained, people who are aware of the dangers, then the technology or the facilities of programs are not enough. So if you need to invest in something heavily then that should be in training people and keeping them aware of the dangers and so forth. If there is a human element then you need to inform this element, this weakest link, of the ways to escape the worst case scenarios. This reminds me of a colleague in Liberia who was given training by his organization not on computer literacy but on ways to dodge bullets! My point is many times it is a matter of life and death and it differs from region to region.
AS: But what can others in a group do when their colleague or peer is captured?
Walid: It is always best not to keep passwords with one person, so if it is big organization or group, it is highly recommended to have them with at least two people. That way it is possible for the second person to very quickly change the passwords. This did actually happen in recent past, a single precaution that eliminated a lot of danger to other members in a group.
AS: Do you have any message for Iranian activists who are going to read this?
Walid: Certainly, I would say do not give up your fight, keep on pursuing it. Make your dream your daily resolution. I am sure that you learn from mistakes of the past, see what you have not done properly in the events that happened in the past and see how to overcome them in the future. Communicate with your counterparts in the Arab world and see how you can collaborate, not only could you learn from them but you can also teach them, as I see activists in Iran much more mature in many ways. Eventually if you keep faithful to your objectives and your inner very strong beliefs that you need freedom, you will reach your goal ultimately. Hopefully it would be a break from the past for the whole region because we see Iran, Saudi Arabia and some other countries are remaining behind and if you move forward then the whole region could rise.
AS: And a quick message to the Iranian cyber-activists….
Walid: Stay safe! Try to use the different schemes of protection for activism and cyber-activism in particular and know that it is an unwinnable war for the regime and it is just a matter of time before they give up, so keep pursuing and pushing for better international resolutions and decisions for protection of the internet. Because your role in Iran is vital for the international community because we see Iranian cyber-activists as a reflection of what the internet could do in its present form and what it should do in the future so if you demand that the internet not be censored or be changed then your voice could be heard positively as far as the Atlantic or Pacific oceans.