It has been just over four months since Mahsa Jina Amini, a young Kurdish woman died while in the custody of Iran’s so-called morality police after being arrested for her “improper hijab.” The tragic story of her death has reverberated across the globe and it has ignited one of the biggest waves of protests in the history of the Islamic Republic. The movement, under the Kurdish slogan of ژن، ژیان، ئازادی (Jin, Jîyan, Azadî), or Woman, Life, Freedom in English, has been described as bearing both revolutionary and feminist hallmarks, but has also united people across class and ethnic lines.
As the movement – with its ebbs and flows – continues, the government response has followed its usual pattern of use of unlawful, disproportionate, and brutal use of violence and lethal force against protestors, and intensified internet restrictions. So far at least 525 protestors have been killed, 71 of whom are children, while 19,545 people have been arrested and 4 people have been executed according to the Human Rights Activists News Agency (HRANA) and these figures continue to rise almost daily. Ethnic minority Kurds and Balouchis have been bearing much of the death toll. Of those arrested, at least 88 are said to be journalists according to the Committee to Protect Journalists (CJP) and others include prominent digital rights activists inside Iran, some of whom were later released, but many others have been, and remain imprisoned.
The internet and communication platforms play a vital role in allowing for information to flow inside and out of the country and are even more important during protests and politically sensitive periods, both for assisting communication inside the country, and for allowing information to reach outside of Iran’s borders to inform and document the events taking place inside the country. In yet another predictable and practiced response to the current protests, the government has been using ‘digital curfews’, localized internet shutdowns, and throttling or blocking international platforms to silence protestors.
For a number of years, the Iranian government has been carefully planning towards its aim of replicating the restrictions it places on its people offline in the online world, while attempting to balance these restrictions in ways to maintain the economic benefits of the internet. Each politically sensitive period, protest, or demonstration acts as a catalyst and a testing ground for implementing the latest phase of Iran’s digital authoritarianism policies, while enhancing and expanding existing measures. During the current protests, we have seen the rise of ‘internet or digital curfews,’ more signs of layered/tiered filtering, and evidence of digital surveillance and monitoring being used by the authorities, and the expansion of the use of more typical internet censorship methods. This report provides a roundup of these developments and the state of digital rights in Iran since the start of the protests in September 2022. The aim of this report is to provide a snapshot of some of the key themes from the last few months. Filterwatch hopes to provide more indepth research on some of the topics discussed below in the near future.
The Violation of Women’s Rights Online and Offline: The Blurring of the Lines
It was the tragic death of Mahsa Jina Amini in the custody of Iran’s so called Morality Police, serving as a reminder of the persistent systemic oppression of women’s rights and the rights of other minorities that sparked the wave of protests that are ongoing. The slogan Woman, Life, Freedom has come to represent the movement, placing the issues of women’s rights at its center. While the oppression of women in physical spaces is well documented, we are increasingly witnessing the same oppression being replicated online and being assisted by technology using surveillance tools, increasing the intensity of the enforcement of the restrictions placed on women inside Iran in public spaces.
Some of these issues persisted long before the start of the current wave of protests. Filterwatch and Taraaz published the “Human Rights and Digitization of Public Spaces in Iran” report in 2022, which highlighted how digital platforms, such as a bike sharing app enforced gender segregation policies by not allowing users to register as female and restricting the use of bikes to “women’s only” parks. Since the conclusion of our research and just weeks prior to the protests breaking out, Mohammad-Saleh Hashemi-Golpayagani, the Head of the Morality Association revealed in an interview that the institution “uses facial recognition technology to identify inappropriate and unusual movements”, including “ failure to observe hijab laws.” He also added “citizens are identified through a cross-check against a database of images from national ID cards so that legal measures can be taken, including fines and arrests.” Smart national ID cards require biometric information from individuals including a photo which is held by the government. The Human Rights Activists in Iran has reported registering 1,701 Hijab related women’s rights violations in 2022 .
The extent of the use of facial recognition technology in Iran is unclear, making it difficult to estimate how many people have been impacted or prosecuted through the use of the technology and where the technology originates. So far there has been evidence that Tiandy, a Chinese video surveillance company, has been working with the Iranian Revolutionary Guard Corps (IRGC), police, and the military. A number of other Chinese technology companies producing surveillance technology have also been found to have links with Iran.
However, while the use of surveillance technologies such as facial recognition are becoming prevalent, it is important to bear in mind that other, older types of technologies can also be repurposed for surveillance measures. In the past, Iran’s police force used cameras to identify those not complying with hijab laws inside vehicles and would threaten them with legal action or fines via SMS messages under the ”Monitoring Plan“ (طــرح ناظــر). While details around the types of technologies employed for this process are limited, this example could be demonstrating the function creep of existing technologies such as speed and traffic control cameras also being used for other surveillance functions.
Other Modes of Mass Surveillance and Monitoring
The use of technology for surveillance and control in Iran is still shrouded in secrecy but these protests have provided rare glimpses into the extent to which Iranian authorities are capable of digital surveillance and oppression. A report by The Intercept based on documents released to them them showed evidence of the Communications Regulatory Authority (CRA) using a system known as “SIAM” to locate, downgrade network connections, gain access to call logs, among other functions, to surveil users, the functions especially threatening to those attending protests. Based on information shared with Filterwatch, a significant number of arrests have taken place after protestors returned home, and not at protest locations. This implies the use of surveillance, identification, and tracking of attendees, though the exact methods used remain unclear.
Predictably, the use of circumvention tools spiked during internet shutdowns and in response to increased online censorship, which impacted two major platforms, Instagram and WhatsApp, in September (detailed below). While the extent to which those inside Iran are able to successfully use circumvention tools to gain accessed to blocked content and services, and the government’s success in censoring them is not clear – in part due to the technical nature of circumvention tools – the sudden scramble for finding any reliable connection to the global internet can become an opportunity exploiting users.
In January this year, an investigation by Bitdefender revealed that SecondEye, a monitoring tool developed in Iran, was deployed via trojanized installers in 20SpeedVPN – an Iran based VPN – to spy on users, in a campaign that began in May 2022. Many of the victims were based in Iran, with a small number also in the US and Germany. SecondEye is said to be able to compromise user privacy by accessing sensitive information such as documents, images, crypto-wallets, and passwords. With the intensified internet restrictions, there is greater demand for VPNs and circumvention tools inside Iran, and finding safe and reliable VPN connections is becoming a major challenge. Users now have to take greater risks to find a functional circumvention tool, leaving them exposed to greater risk of being impacted by malware and spyware through these tools.
Internet Shutdowns: The Rise of ‘Digital Curfews’ and Strategic Localized Shutdowns
Shutting down the internet is a tactic commonly deployed by the Iranian government as an attempt to quash protests, restrict the flow of information across and out of the country, and to conceal human rights violations. The first and only nationwide near-total internet shutdown in Iran took place in November 2019 which followed the protests sparked by the sudden announcement of significant fuel price increases; the near total internet shutdown lasted for around a week.
While we have not seen a nationwide internet shutdown since the events of 2019, localized internet shutdowns – limited to areas of protests, demonstrations, or clashes between security forces and civilians have been deployed numerous times since. We have seen evidence of localized shutdowns during protests that took place in 2020, 2021, and early 2022 in Sistan and Baluchistan, Khuzestan, Tehran.The protests since September 2022 have met a similar fate.
Protests began at around 16 September 2022, which is when internet shutdowns were first observed in the evenings. Protests often peaked at night, so the imposition of evening shutdowns – starting at around 4pm local time – continued, forming a pattern that is being referred to as a “digital curfew.”
Other localized shutdowns were also implemented in protest areas such as in Kurdistan province. These shutdowns mostly affected mobile internet connections on major network providers such as Irancell, MCI, and RighTel. According to latest figures from the CRA, Iran’s mobile internet penetration rate is at over 100% while fixed broadband rates remain below 15%.
During some of the recent wave of internet shutdowns, some domestic content and services remained online via the National Information Network (NIN). Gradually, we are seeing connections be restricted to NIN services instead of being entirely cut off, though this has been an inconsistent and slow process.
A few reasons can be attributed to the use of localized and mobile-only internet shutdowns as a tactic of oppression instead of nationwide shutdowns. First is the issue of cost: despite the fact that the NIN is designed to limit the economic damage of internet shutdowns, nationwide internet shutdowns can still have a crippling effect on a country’s economy. While limited connectivity remained during the 2019 shutdown to allow for certain public services and government functions, according to Top10VPN in 2019, the economic impact of internet shutdowns cost Iran $611.7 million. As such, by limiting the geographic scope and duration of its shutdowns and limiting them to mobile data the authorities are likely trying to minimize impact on the economy. Nonetheless, in 2022, especially in light of the protests since September, the Iranian economy lost $773M as a result of internet disruptions and shutdowns. Later in this report, we will also look at the pressure internet shutdowns place on Iran’s tech sector and internet companies.
The second is that localized internet shutdowns can be more difficult to detect, and often take more time for traditional internet measurement tools to be able to report them. This also makes it a more desirable option for the authorities to avoid scrutiny especially inside the country.
Who Is Responsible for Ordering Internet Shutdowns?
Officials have been quick to use “national security” justifications for internet shutdowns and throttling, claiming the measures as necessary to quell the “unrest.” This includes President Ebrahim Raisi, who in his speech on 7 December at the University of Tehran claimed that the internet restriction is due to the “interference of the enemies and insecurities created [by them].”
The National Security Council (NSC) was responsible for ordering the November 2019 internet shutdowns in November 2019 as revealed by the then ICT Minister, Mohammad Javad Azari-Jahromi, therefore leaving the decision making for nationwide-level internet shutdowns rest with the NSC.
Based on information previously passed on to Filterwatch, since November 2019, internet shutdowns at provincial-levels can be requested by governors but this needs to be approved by the Interior Minister who chairs the NSC. If there are requests for internet shutdowns in multiple provinces at the same time then the President will need to approve the order. According to Filterwatch’s source the internet shutdown in Sistan and Baluchestan in February 2021 appears to have been implemented according to the process.
A Financial Drain: The Cost of Internet Shutdowns
The highest cost of internet shutdowns is the restriction it places on human rights, however, constant disruptions to internet connection also cause heavy losses for the tech sector and businesses relying on online services. As noted above according to TopVPN, in 2022, internet shutdowns cost Iran $773m, ranking second in terms of economic impact after Russia. The cost in 2021 is said to have been $2m.
Some of the biggest financial hits have been taken by Iran’s telecommunications network operators. Starting in December 2022, major network operators such as RighTel, Shatel. Irancell, and Mobinet reported major losses to the Communications Regulatory Authority (CRA) and the ICT Minister. The losses include between 30% to 60% loss in bandwidth use, and around at least 20% loss in income.
Other online businesses, such as the Iranian navigation app, Balad, also reported facing significant challenges shortly after the internet restrictions began, which the company blamed on the “current conditions”. The platform announced numerous layoffs, and the future survival of the platform is now in question. Though it is difficult to know how well the platform was performing prior to the recent protests and the accompanying restrictions, undeniably these events have made an already difficult operating environment much worse.
Businesses and individuals who relied on Instagram for business and marketing have very likely have also been affected. Though it is difficult to calculate the exact impact on Instagram businesses, in 2021 the then Government Spokesperson, Ali Rabei, mentioned that around one million people would have their income affected if Instagram was blocked. In early 2022 an Iranian research organization, Beta (Persian: بررسی و تحلیل اطلاعات – بتا), reported that 9 million people run businesses via Instagram. These figures are widely different and cannot be independently verified by Filterwatch, nonetheless the blocking of Instagram in 2022 almost certainly resulted in a loss in income for a significant number of people even using conservative government estimates.
While the government continues to deny it has implemented extensive internet disruptions and restrictions since September 2022, it still announced a number of support packages for “digital businesses,” including loans,- a likely response to the growing reports of decline of online businesses as a result of recent restrictions.
The negative financial impact of these internet shutdowns on businesses and individuals relying on the internet for their livelihoods is undeniably important, but this issue can have other knock on effects on digital rights in Iran. The country’s private tech sector, who have maintained some independence from the government, are enduring major financial burdens. However, the current state of the internet means that these companies must now look to government loans and other support packages to ensure their survival.The full extent of the digital rights impact of this reliance is hard to predict at this point, but these circumstances create conditions under which the government could more easily leverage its position to pressure tech companies to hand over user data. Another concern is that business and staff alike would limit any criticisms of government policies to avoid jeopardizing government assistance and contracts
The Fate of WhatsApp and Instagram
Instagram and WhatsApp, the two Meta owned applications, were among the very few international social media and messaging platforms that were not blocked in the country. That changed amidst the recent shutdowns and protests, with the National Security Council blocking the platforms on 21 September. NSC member Colonel Gholamreza Jalili, Head of the Civil Defence Organisation, justified the blocking by alleging the “involvement of these platforms in the protests.”
Various government officials have expressed a clear desire for blocking Instagram during the past few years, with the discussions coming to a head during the latter years of the previous government under Rouhani. In February 2021, during the last months of Rouhani’s presidency, the then ICT Minister Jahromi was summoned by the Culture and Media Court over non-compliance with an “order to filter Instagrams.”
The frequent attacks on the use of Instagram by Iranians – especially from conservative officials – naturally raised major anxieties among those inside Iran. The platform is not only an important social and communication tool, it is also vital for the livelihood of many who rely on it as a business and marketing tool. In June 2022, amid heightened anxiety, ICT Minister Eisa Zarepour was forced to deny rumors that the government planned to block Instagram
The September 2022 protest provided a perfect opportunity to block the platform and blame it on the “unrest” fueled by “foreign influence” via international platforms. This follows the same pattern of another messaging app which was once the most popular in Iran. Telegram was blocked in 2017 during the period of protests before being briefly unblocked, and blocked again for a final time via a court order in 2018. Though internet users in Iran can retain some access to some of these blocked platforms via VPNs, the authorities exploit opportunities after a platform is made unavailable to lure users onto insecure platforms. This followed the filtering of Telegram and the rise of the Telegram clone or client apps such as ‘Telegram Talaei’ or ‘Golden Telegram’ and ‘Hotgram’ which were suspected of being linked to government authorities, therefore, giving authorities control and access over user data.
The Tale of the National Centre for Cyberspace’s Letter to Meta
The Iranian government used the opportunity to open communication channels with WhatsApp and Instagram’s parent company, Meta, via a letter from the National Centre for Cyberspace (NCC) in October 2022. In the letter, the NCC asked Meta to cooperate on content moderation measures in line with Iranian law as a condition for unblocking the platform. A few weeks prior, a joint public statement released by the Intelligence Ministry and the Islamic Revolutionary Guard Corps’s Intelligence Agency accused Meta of targeting Iranians with “false news” and “violent content.” These claims came despite Meta’s initial, and now overturned decision to take down content on Instagram with the protest slogan “death to Khamenei [Iran’s Supreme Leader].”
Meta does have local offices in a number of countries across the world and has also worked alongside various governments, however, the company rejected compliance with conditions set by Iran in a statement released via BBC Persian stating that they “they believe in online access for everyone, including Iranians,” and that the company is “proud that people are using Instagram to document and support the protests.”
Iran had already made clear via resolutions from the SCC, and the various iterations of the so called “User Protection Bill” that it has has ambitions to follow in the footsteps of other countries in the region to have local representatives from major social media companies in Iran who would be required to comply with Iran’s laws. Of course, the range of sanctions impacting businesses operations and the deteriorating human rights situation set Iran apart from other countries with local representatives, therefore Meta’s response is not surprising. Instead it is likely that officials will now use this opportunity instead to justify their continued filtering of the two platforms which remains in place to date.
After the publication of Meta’s response in October, in January Meta’s Oversight Board overturned the decision to take down a post containing the slogan “death to Khamenei” on Instagram given that the slogan “is a rhetorical, political slogan, not a credible threat.”
The Rise and Lies of Iran’s Domestic Messaging Apps
Iran’s domestic messaging apps have long been in planning and development given that they form a vital, user-facing component of the National Information Network (NIN). Some of these apps have been in receipt of government loans to support their development and growth and have direct and indirect links with government bodies. These domestic messaging apps, such as Rubika, Bale, Gap, Eita, and Soroush, have gained more attention in recent years as users have been forced to download these apps to access certain services, such as e-government and banking functions. A number of incentives such as free or cheaper internet traffic compared to international platforms have been used to boost the app’s user base in light of sluggish organic growth. These apps are more vulnerable to government control that can allow for access to data and surveillance on users. There have also been several documented instances of privacy breaches in relation to these apps, such as in the case of Rubika copying user profiles from Instagram without users knowledge and consent.
In fact the importance of these apps to the government was demonstrated as in October 2022 when the Google play Store blocked Rubika from the app store due to “security concerns,” Iranian authorities retaliated with blocking multiple Google services such Google Maps, Translator, Firebase, APIs, the Play Store, Chat, and even Font and many others.
Users inside Iran have understandably been weary of these apps, due to privacy and security concerns, as well functionalities and users numbers on international apps making them more favorable, keeping user numbers on domestic messaging apps comparatively much lower.
The recent internet restrictions and the blocking of WhatsApp and Instagram have put the last two remaining international messaging apps available in Iran out of reach without reliance on a VPN. This has provided a perfect opportunity for the promotion of domestic apps, which is in fact forcing those inside to download and use these apps out of sheer necessity. The ICT Minister, Eisa Zarepour even commented in December that there are plans make all domestic messaging apps interoperable in yet another attempt to boost user numbers and intensify control of users in the name of providing reliable services.
It is difficult to gain an accurate picture of user numbers for these apps, however, in December, Eita reported 15.8 million monthly active users and 9.2 million daily users, Rubika reported around 70 million registered users – an extremely high number given that there are an estimated 71.94 million internet users inside the country – and Soroush plus reported 3.5 million users, and Balad with 3.3. Million users. Compared to 2021 figures provided by the NCC, the platforms do paint a picture of growth.
Whatever the exact user numbers on these domestic platforms are, it is expected that domestic messaging apps will experience a rise in user numbers. Whether this is out of necessity in light of the blocking of international platforms, lower costs, or the fact that they can remain functional during an internet shutdown if the NIN remains connected, resulting in a boost in Iran’s internet localisation process.
In the medium to long term, what is likely to follow the rise in users relying on domestic apps is intensified content moderation efforts in line with national legislation, likely via Iran’s Cyber Police, FATA, and the Islamic Republic of Iran Broadcasting (IRIB). The two organisations have a track record of monitoring domestic and international platforms and demanding content takedowns and prosecutions based on users online activities.
What Does the Future Hold?
Those inside Iran continue to brave the streets in the face of violent and brutal crackdowns by the authorities in one of the most diverse and sustained protests we have witnessed in Iran for some time. During times of crisis, we have seen the government respond with accelerating the implementation of, or testing the conditions for yet another phase or component of its plan towards digital totalitarianism.
During the November 2019 protests, we saw glimpses of how the NIN is set to function: allowing for the ability to keep domestic services online while shutting down international services. Each internet shutdown that has been implemented since is yet another example of testing the efficacy of internet shutdowns and further contraction of Iran’s internet.
During the current wave of protests, we have already seen the next stages of creating conditions to force users onto domestic platforms through the blocking of WhatsApp and Instagram. However, significant steps are being taken towards realizing yet another one of Iran’s ambitions: layered or tiered filtering. Filterwatch has written about the initial glimpses into this system during the Rouhani administration. What layered filtering seeks to achieve is to further control individual’s access to the international services by only giving government approved individuals access to “legal VPNs” while the remaining individuals will only have access to domestic and the limited unblocked international content and services. This is an attempt at a more comprehensive and sustained method of internet restriction that is also able to preserve the benefits of access to the global internet for specific sections of society, while still maintaining government control over this access.
While legal VPNs have not yet been rolled out – in fact they have been years in the planning – another vital step is to crack down against users relying on other available VPNs. Under Iran’s Computer Crimes Law, the distribution of VPNs is unlawful though to date, the enforcement of this law has been limited. However this January it was announced that the ICT Ministry is to identify, remove, and refer to the Judiciary any developers, sellers, and distributors of “unauthorized VPNs” which can result in a prison sentence or a fine. The effective criminalisation of the sale of VPNs is a clear step towards making space for any government sanctioned or controlled use of VPNs and a step towards the realization of layered filtering.
Layered filtering or internet access has already been put into practice on a small scale, for example some journalists still had internet access and access to Twitter – which is otherwise blocked inside Iran – during the November 2019 shutdown, the Supreme Leader, MPs and other politicians are also present blocked platforms such as Twitter and Instagram. More recently, the ICT Ministry also announced “better quality internet” for programmers. Despite this, rollout to the wider public is likely to be slow and take some time, as it will likely require the rollout of government systems for applying for VPNs, ID verification systems, and measures to monitor the use of these VPNs, all of which sound ambitious, and perhaps even impossible. However, learning from past developments on internet policy in Iran – such as work on the NIN – should make clear to us that no ambition is too far out of reach to slow down Iran’s quest for digital totalitarianism.
