One More Time: Iran Isn’t Using Deep Packet Inspection

image Thanks to the Wall Street Journal last week, it’s become common knowledge that Iran is using deep packet inspection technology to track down dissenters online and imprison or even kill them. When such heinous acts are happening in full view of the world, everyone’s looking for a suspect to hang the crime on.  In this instance, the culprit is Nokia.

This scenario shares a lot in common with the movie Conspiracy Theory – including the fact that it’s a work of fiction.

I’ve seen it crop up in a feature at Slate today, the UK.Telegraph mentioned it as well, and dozens of publications parroted last week the WSJ’s claims that Iran’s clampdown was fueled by technology sold to them by Nokia-Siemens.

We talked about this precise thing last week and debunked it definitively on more than one occasion.

In “Iran Probably Isn’t Using Deep Packet Inspection [#iranElection]”:

Based on our analysis last week, and the conversations we had with Craig Sirkin, we still believe Iran’s DPI capabilities are limited at best, and more than likely non-existent.  The whole of the WSJ’s assertions lay in the confirmed fact that Nokia Siemens sold Iran, as a part of a larger telephony package, some “monitoring equipment.”

In “More Details Emerge on Iran’s Internet Censorship”:

It seems that the parts of the rest of the blogosphere weighed in on our analysis on the Iranian IT situation, picking their pet theories we presented late last night.
- Arbor Networks thinks that the networks were taken offline and migrated to low-capacity proxy servers.
- GigaOm’s Stacey Higginbotham agrees, saying that “some unscrupulous equipment vendor who wants to interest the Iranian government in better deep packet inspection equipment” may come along later.

In “How Iran is Blocking the Internet Suggests They Weren’t Prepared for an Election Backlash [#iranElection]”:

“It sounds like they’re just entering domains into a blacklist in a gateway at the country level,” said Sirkin. “They’re just blocking certain domains. It doesn’t sound like they are blocking all web traffic, or else web proxies still using the same port number wouldn’t help.”

In our discussion, Sirkin said something that seemed to fit more with the mindset of the Iranian government than any other theories I’d heard up to that point.

“It’s funny, because this is the cheap and dirty way to do it,” said Sirkin. He went on to explain: “If you were planning on doing this you’d use deep packet inspection to look into the payload of each packet for something that could be identified as a tweet, chat or whatever the traffic type might be. You’d need to have planned your hardware to do that on a national scale, something that would take significant preparation beforehand.”

Essentially, this confirmed the sense that I had started to form when I first started researching the story: that either the government of Iran isn’t that technically savvy, or that they had no idea at all that the citizens of Iran would react with the ingenuity and velocity with which they’ve pursued the ability to communicate their plight.

We hope that this puts the issue to bed. There are some horrible and atrocious acts of oppression taking place in Iran right now, and there’s no reason to hang that around the neck of a telecom firm.

Update: Nokia-Siemens put out a blog post explaining the technology they sold to Iran:

Recent media reports have speculated about Nokia Siemens Networks’ role in providing monitoring capability to Iran. To clarify: Nokia Siemens Networks has provided Lawful Intercept capability solely for the monitoring of local voice calls in Iran. Nokia Siemens Networks has not provided any deep packet inspection, web censorship or Internet filtering capability to Iran.

In most countries around the world, including all EU member states and the U.S., telecommunications networks are legally required to have the capability for Lawful Intercept and this is also the case in Iran. Lawful Intercept is specified in standards defined by ETSI (European Telecommunications Standards Institute) and the 3GPP (3rd Generation Partnership Project).

To fulfill this Lawful Intercept requirement as part of an expansion to provide further mobile connectivity to Iran in the second half of 2008, Nokia Siemens Networks provided TCI, the Iranian national operator, with the capability to conduct voice monitoring of local calls on its fixed and mobile network.

The restricted functionality monitoring center provided by Nokia Siemens Networks in Iran cannot provide data monitoring, internet monitoring, deep packet inspection, international call monitoring or speech recognition. Therefore, contrary to speculation in the media, the technology supplied by Nokia Siemens Networks cannot be used for the monitoring or censorship of internet traffic.

On March 31st, 2009 Nokia Siemens Networks and Perusa Partners Fund I L.P., a private investment firm advised by Munich based Perusa GmbH, successfully closed the sale of Nokia Siemens Networks’ Intelligence Solutions business to Perusa. Nokia Siemens Networks made the decision to exit this business as it primarily addresses customer segments which differ from telecom service providers and is therefore not part of Nokia Siemens Networks core business.

In all countries where it operates the company does business strictly in accordance with the Nokia Siemens Networks Code of Conduct and in full compliance with UN and EU export control regulations and other applicable laws and regulations.

Nokia Siemens Networks provides the mobile technology for millions of people in Iran to communicate with each other and the outside world. Nokia Siemens Networks firmly believes that providing people, wherever they are, with the ability to communicate ultimately benefits societies and brings greater prosperity.

This confirms our suspicions earlier in the week – that the DPI was for the purposes of telephony only.

Update 2: A Friendfeed conversation has broken out on one of John Furrier’s threads.

About Mark 'Rizzn' Hopkins

Mark “Rizzn” Hopkins is the Founding Editor of SiliconANGLE, as well as the creator of and Executive Producer for theCUBE. He’s a Bitcoin early adopter, as well as a blogging, podcasting and social media pioneer. Prior the founding of SiliconANGLE, Hopkins worked as Associate Editor at Mashable during its formative years. Prior to his career in startups and media, he worked as a developer for large corporations like Nokia, IBM, Apple and Cox Communications. Hopkins lives in Dallas, Texas with his wife and two children.