Iran Probably Isn’t Using Deep Packet Inspection [#iranElection]

image …Or at least they’re not using particularly sophisticated Deep Packet Inspection.  That’s the opinion of those of us in SA Labs today, after re-examining the data we collected last week and looking over the new behaviors being identified in the efforts by the Iranian Ministry of Information to block communications by their citizens.

The Wall Street Journal says differently, though, in a piece put out this morning:

The Iranian government appears to be engaging in a practice often called deep-packet inspection, which enables authorities to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes, according to these experts.

The monitoring capability was provided, at least in part, by a joint venture of SiemensAG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed.

The "monitoring center," installed within the government’s telecom monopoly, was part of a larger contract with Iran that included mobile-phone networking technology, Mr. Roome said.

Based on our analysis last week, and the conversations we had with Craig Sirkin, we still believe Iran’s DPI capabilities are limited at best, and more than likely non-existent.  The whole of the WSJ’s assertions lay in the confirmed fact that Nokia Siemens sold Iran, as a part of a larger telephony package, some “monitoring equipment.”

While that term could mean any number of things, we ran with the assumption that it must mean Deep Packet Inspection utility.  We asked around and found as much as we could regarding Nokia’s DPI equipment. The closest thing to the DPI equipment the WSJ describes is a system sold by Nokia actually made by Theta Networks, which is a system designed to run on mobile networks, only.

I spoke with a former co-worker at Nokia who’s still with the company, and while he didn’t work personally with Nokia’s DPI product and service line-up, he told me that he’d “be deeply surprised if Nokia sold DPI stuff that worked on anything but mobile."

Since the bulk of the Internet traffic we’re seeing coming out of Iran is far to volumuous to be simply mobile traffic (and that most people don’t access Facebook, Twitter and YouTube from mobile devices), along with the anecdotal reports of broadband access being curtailed, we’re lead to believe that DPI isn’t the culprit here.

We still have some calls out to some sales engineers at Nokia that we don’t expect to be returned until some time tomorrow, but as it now stands, the WSJ’s analysis seems vastly overblown, and we stand by our original analysis from last week.