Policy Monitor

Policy Monitor – August 2021

Eisa Zarepour is confirmed as Iran's ICT Minister, while yet another Iranian app faces backlash amid concerns over user privacy violations.

In August Ebrahim Raisi took office after being sworn in. His inauguration comes at a tense time in Iran, following a major wave of protests which came in response to significant water shortages in Khuzestan in July, which spread across multiple provinces in the country and was accompanied by an Internet shutdown, in addition to the significant public dissatisfaction with the proposed, highly dangerous “User Protection and Core Online Services” Bill. 

So far the focus has been on Raisi’s cabinet appointments, all but one of whom were approved by the conservative majority Majles in late August. On the list of approved candidates was Eisa Zarepour, Iran’s newest ICT Minister, replacing Mohammad Javad Azari-Jahromi. However, no new appointments were made to the Supreme Council for Cyberspace (SCC) in August, including the post of SCC Secretary. 

Other developments in August include major privacy violations by the state backed Iranian “super app” Rubika, which is accused of creating user profiles without users’ consent, by allegedly copying details from Instagram. This is yet another attempt by an Iranian social media platform to gain a user base inside the country through illicit means, resulting in a large number of complaints from Iranian social media users. 

This report is supplemented by our Network Monitor which documents the latest internet disruptions and shutdowns in Iran. 

Eisa Zarepour Confirmed as Raisi’s ICT Minister 

 

Eisa Zarepour is confirmed as Iran’s ICT Minister under the Raisi administration

On 25 August Eisa Zarepour was confirmed as President Raisi’s ICT Minister following a vote in the Majles. His role also gives him a seat on the Supreme Council for Cyberspace (SCC) and the Committee for Determining Instances of Criminal Content (CDICC). 

Prior to being appointed ICT Minister, Zarepour worked as the Head of Statistics and Information Technology at the Judiciary, which he was appointed to by Raisi when he served as Iran’s Chief Justice. Zarepour had also previously served as the Head of the Centre for Communication and Digital Media Development at the Ministry for Culture and Islamic Guidance under President Mahmoud Ahmadinejad. He is named as a founding Board Member of the “Society for the Expansion of Clean Cyberspace “(Persian:جمعیت توسعه‌گران فضای مجازی پاک) who claim to support a “clean, healthy, and safe online space.” The organisation also lists SCC members as its current Board Members. 

While it is too early to get a full view of Zarepour’s policy positions, his arrival into office comes at an especially consequential time, as the dangerous “User Protection and Core Online Services” bill is making progress through Majles. However, much of his work agenda is set out by SCC resolutions such as the requirement to prioritise “the completion of the National Information Network (NIN) within the next four years.”  Unlike his predecessor, Zarepour does not currently have any “official” social media accounts.

Filterwatch will publish a full analysis on the new Raisi government and Iran’s internet in the coming weeks. 

Income Tax on for “Influencers” Comes into Force 

On 16 August Iran’s National Tax Administration announced that a new tax on advertising revenue applying to social media accounts with more than 500,000 followers had come into force. The measure was first announced in February 2021 within the budget for this Iranian calendar year.

Administrators of such accounts are able to self-declare, however Iran’s National Tax Administration is also set to identify the individuals that the tax measures apply to, and to make the list of applicable parties publicly available, according to the announcement. 

It is unclear how successful this new tax measures will be, and while it is set to apply to all platforms, it does not state how it will deal with the issue on those which are filtered. Details are also lacking concerning any potential penalties should accounts fail to comply with the new tax.

Major Privacy Concerns Among Users as Unauthorised Accounts Appear on Iranian Social Media App Rubika 

On 15 August a large number of Iranian social media users including celebrities, sports personalities, and public figures reported seeing accounts and profiles which they had not created on the Iranian Instagram analogue Rubino, which is a component of the Iranian state backed social media “super app” Rubika. The accounts appeared to have made use of information from Instagram profiles to create mirror profiles on Rubino. Some of these unauthorised accounts were even described to be showing a verified icon on the platform. 

In a statement Rubika claimed that these accounts were likely created by other users, though the app requires a phone number for creating an account. Initially users were able to check if an account had been created in their name via a weblink, however the feature was eventually disabled, forcing users to download the app in order to check for the copied accounts. 

Two days later, on 17 August Rubika tweeted that it will suspend accounts that have been inactive for a month, or which have multiple usernames. It also said it would launch a “report violations page” which users can report pages without needing to download the app, so that duplicate accounts can be reviewed and removed. However, this page is yet to be launched as of the time of writing. 

Meanwhile, Iran’s Cyber Police (FATA), announced that they will investigate the “unauthorised use of personal user data and creation of accounts without [users’] consent.”  Iran’s Audio Visual Regulatory Authority (SATRA), which operates under Islamic Republic of Iran Broadcasting (IRIB), also announced that it had “suspended the app’s license last year” due to “extensive violations.” In response, Rubika claims not to have a license from SATRA which can be revoked as  it is “not an Internet Protocol Television (IPTV) to require a license from SATRA, apart from during a six month period in 2018/9 when [Rubika] had a license for streaming movies and TV series, however the license was not extended.” 

SATRA has been making attempts to act as a content moderation body for some time, including investigating Rubika in March for hosting  an “unauthorised music video” and setting out “guidelines” for election campaigning online. 

This is not the first time an Iranian app has created unauthorised user accounts. In 2018, the messaging app Soroush appeared to create accounts for users without their consent in a similar way, although Soroush denied any involvement. These concerning developments on Rubika represent yet another attempt by domestic apps to expand their user base by seriously violating users rights – a dynamic that Filterwatch has previously warned about. Such practices should be halted immediately, investigated transparently, and those responsible should be held accountable. Additionally, Iranian domestic platforms should invest in improving privacy and security measures to better protect their users’ data.

On 19 August, Rubika and search engine Zarebin were removed from the Google Play Store. Both applications are part of the mobile operator Hamrah-e-Aval (MCI), which is majority-owned by the Telecommunication Company of Iran (TCI). 

In response, the National Centre for Cyberspace (NCC) condemned the move by Google for its lack of notice or means for appeal. They added that they would pursue the matter through international channels and relevant courts to seek “damages” for the actions. 

The lack of an explanation from Google is indeed problematic, as it does not provide users with important information about potential harms or risks of using the apps, should their removal be due to such concerns. The sudden takedown also provides space for Iranian officials to further advance their localisation narratives, by arguing that international infrastructure such as the Google Play Store creates an impossible operating environment for Iranian app developers. 

Iranian Students Polling Agency: Nearly Half of Iran’s Internet Users Rely on International Messaging and Social Media Platforms 

 

 According to a poll by the Iranian Students Polling Agency (ISPA) on 31 August, 48.4% of 1,570 respondents declared that they only use international social media and messaging platforms such as Telegram and Instagram while 27% of respondents stated that they did not use either domestic or international platforms. 22.8% of respondents stated they used both domestic and international platforms, however only 1.8% stated that they only use domestic platforms such as Soroush, Rubika, and Gap. 

Domestic platforms have consistently struggled to gain a user base in Iran due to a variety of factors, including widespread user mistrust due to their limited security and privacy measures. The low uptake of these apps and services Iranian users,unfortunately and worryingly, does not reduce the risks posed to them, as the platforms employ hostile measures to force users to make accounts on these platforms. The recent cases of privacy breaches on Rubika and iGap further highlight such issues.

Irancell Announces Free Internet Package for Journalists

On 8 August Irancell, Iran’s largest mobile operator, announced free internet packages for journalists in celebration of “Journalists’ Day.” The 200GB free internet package is to be given to journalists using Irancell, as identified through a list provided by the ICT Ministry for last year’s internet gift package. It is unclear whether the package covers both domestic and international internet traffic.

 

Footage from CCTV Cameras inside Iran’s Evin Political Prison Released Online 

On 22 August a group known as “Ali’s Justice” (Persian: عدالت علی) released video footage appearing to be from CCTV cameras inside the notorious Evin political prison in Tehran. The group claims to have accessed the data by hacking the prison’s system. The identity of the “hacker group” remains unknown and it has not been confirmed if the leaked footage has indeed been obtained through hacking efforts. 

The footage shows disturbing mistreatment and abuse of inmates by prison staff and guards – conditions which countless former inmates have already testified to. 

In response, the Head of Iran’s Prisons Organisation, Mohammad Mehdi Haj Mohammad tweeted that he “accepts responsibility for the unacceptable behavior [shown in Evin prison] ” and will “work towards preventing their repeat.” On 24 August Iran’s recently appointed Head of Judiciary, Gholamhossein Mohseni Eje’i also issued an order for the treatment of prisoners, especially those inside Evin “to be investigated.” According to reports from state media, two people have been “arrested” and six others are “wanted” in connection with the treatment of prisoners in the videos. 

On 29 August the Judiciary’s First Deputy, Mohammad Mosadegh claimed that “much of the footage has been edited” and is “unrelated to the prison.” 

Iran’s FATA Police Issues Warning  Against Fraudulent Satellite Services 

On 2 August Colonel Ali Niknafas, Technical Deputy at Iran’s Cyber Police, FATA, warned Iranians against “fraudulent advertising” for satellite internet equipment and accounts and to “report any such advertising to FATA Police.” 

The warning comes following a surge in interest in satellite internet services, fueled by the hype surrounding the Starlink project, which some people hope could bring an end to internet shutdowns and censorship in countries like Iran. 

However, Starlink, or any other satellite internet providers do not currently offer services to Iran, therefore Iranian users should be aware of any fraudulent claims about being able to purchase legitimate satellite internet equipment in the country. 

Filterwatch has already written about why satellite internet is unlikely to bring an end to Iran’s internet restrictions and shutdowns. 

Individual Arrested in Alborz Province for “Blasphemy in Cyberspace” 

On 18 August one person was arrested in Alborz province by Islamic Revolutionary Guard Corps (IRGC) forces for “blasphemy in cyberspace.” the identity of the individual was not disclose.

Iran’s Communications Regulatory Authority: “100% of Villages Connected to Communication Services” 

According to a report released by the Communications Regulatory Authority (CRA) on 22 August all villages with over 20 families are connected to communication services. 

The CRA also announced that the country’s domestic IP network capacity is 28,214 GB/s and the international bandwidth capacity is 5,489 GB/s. The report also added that the length of fiber optic cables have reached a total of 71,257km. 

There are currently 84,196,828 mobile network subscribers which places the penetration rate at over 100% while there are 10,600,050 fixed broadband subscribers, placing the penetration rate at 12.62% showing the majority of the country relies on mobile internet connections. 

Iran’s ICT Minister: “All Government Data Hosted Inside the Country” 

According to a tweet from former ICT Minister Mohammad-Javad Azari Jahromi on 1 August “all eGovernment data” is hosted inside the country, compared to 40% of government data being hosted inside the country in 2013/14. 

E-Government expansion has been a major priority in recent years, and slow progress has been made in advancing projects related to e-Government services. Filterwatch has already written about Iran’s e-Government projects and their impact on digital rights.