This report investigates Internet control and surveillance in Iran, drawing on analysis of over 80,000 leaked emails pertaining to the Working Group for Determining Instances of Criminal Content (WGDICC) from 2014 to 2022. The WGDICC is a judicial body that operates under Iran’s Attorney General’s Office and filters and censors the Internet in Iran.
The emails were leaked in November 2022 by a group known as Anonymous Iran Ops and published on their Telegram channel. Additionally, this report relies on the information from Miaan Group’s trusted sources at Iranian tech companies who spoke to us on condition of anonymity.
This report’s findings come amid a context in which the Iranian government is pursuing a “national internet” project to tighten its grip on the online activities of its citizens. This project, known as the National Information Network (NIN), aims to create an online environment that favors local services and apps over international ones, by limiting their availability, speed, or affordability.
The NIN poses a serious threat to Iranians’ Internet freedoms, as it grants the government more power over the internet infrastructure, online content, and users’ personal data and online behaviors. However, the NIN relies on Iranian-developed services, from messaging apps to ride sharing apps, being hosted on servers inside the country. Importantly, sanctions have obliged this need by legally prohibiting Iranian developers from utilizing international Internet tools and platforms. In other words, they have left Iranians no choice but to use insecure domestic platforms and data infrastructure in line with the Iranian government’s objectives.
Against this backdrop, the following are the main actors and entities that participate in the Iranian government’s Internet control and suppression efforts. Below this, we present a list of recommendations from Miaan Group for how the US and EU governments, as well as multilateral institutions such as the UN, can best support Internet freedom in Iran:
- Attorney General’s Office: This is a powerful judicial body that is responsible for prosecuting and punishing crimes, including those related to the Internet. It oversees the WGDICC, which filters and censors the Internet in Iran, and collaborates with various companies and technologies to develop surveillance and repression tools. The Attorney General’s Office also plays a role in shaping and implementing Iran’s digital policy, and has been involved in international engagements on cybersecurity and Internet governance. The Attorney General’s Office has been accused of violating human rights, suppressing dissent, and interfering in personal matters of dress and appearance.
- Working Group for Determining Instances of Criminal Content (WGDICC): The Internet in Iran is filtered and censored by this judicial body, which operates under the supervision of the Attorney General’s Office. The WGDICC has an internal structure that consists of 12 members representing various bodies of the Islamic Republic, and is required to report its activities to the heads of three branches of the state and the Supreme National Security Council every six months. The WGDICC collaborates with various companies and technologies to develop surveillance and repression tools, such as Satra (Audiovisual Regulatory Authority), Yar Sharif Technologies Tuning Company, Niafam, Yaftar, and Douran Group.
- The Supreme Council of Cyberspace (SCC): A pivotal entity in Iran’s digital landscape, playing a crucial role in the formulation and implementation of the country’s Internet and digital policies. Established by Iran’s Supreme Leader, the SCC functions as the highest-level policymaking body for cyberspace in Iran, tasked with managing, overseeing, and coordinating all cyber activities and strategies. Composed of various members from governmental, academic, and private sectors, it has the authority to regulate and supervise Iran’s Internet infrastructure and activities. This includes areas such as information security, e-commerce, digital services, and cybercrime prevention, making the SCC a key player in shaping Iran’s digital future.
- Deputy Technical Deputy of Cyberspace Affairs of the Attorney General’s Office: The Deputy Technical Deputy of Cyberspace Affairs of the Attorney General’s Office is a key figure in Iran’s digital policy. This role is currently held by Javad Babaei (since April 26, 2020), whose previous position was as the Head of the Cybercrime Prosecution Office. Babaei coordinates the activities of various organizations and companies that work in this field. He also oversees the development of the Attorney General’s Portal, a website that lets citizens report online crimes. However, the leaked emails reveal that he collaborates with the UN and travels abroad for this purpose, despite being involved in Internet suppression. For example, Mehdi Amiri, the Technical Manager of his office, has played a prominent role in selecting Iranian representatives for the UN on cybersecurity and Internet governance issues, with the help of the “Cyberspace Developers Population (Pak).”
- Satra (Audiovisual Regulatory Authority): SATRA operates under the supervision of the IRIB, which is supervised by the Supreme Leader. This organization was established in 2016 in an attempt to monitor all online audio and video content published in Iran. In fact, this organization performs a similar role to the Ministry of Islamic Guidance in relation to online content. Satra has taken on numerous digital projects for the government, including the creation of an Internet blocking and censoring system for foreign websites and the development of the Attorney General’s Portal. It was also revealed that Satra had a central role in the development of the “Smart Internet Blocking and Censoring” project.
- Rasoul Jalili: He is an appointed member of the SCC by the Supreme Leader and the president of Sharif University of Technology. In his roles, Jalili has played an instrumental role in shaping Iran’s digital policy. He has spearheaded several initiatives including the conception of the Sharif Opening Plan. This controversial plan proposes a tiered Internet access system that would discriminate Internet access among individuals based on their professional and social statuses, thereby violating net neutrality principles and restricting information accessibility for a vast majority of Iranians. Furthermore, Jalili’s involvement extends to the development of facial recognition and content Internet blocking and censoring tools for the WGDICC, demonstrating his significant influence over Iran’s digital landscape. Through strategic promotion of companies carrying the “Sharif” name, Jalili has sought to foster a sense of trust and legitimacy among the public.
- Yar Sharif Technologies Tuning Company: This company was created by Rasoul Jalili with a primary purpose of assisting in the research and development of tools required by the Attorney General’s Office, including the development of an “Electronic Evidence Documentation System.” This company is involved in the creation of tools that can capture screenshots of chats, gather information on virtual accounts, and detect false information. The company also provides training programs for collecting evidence against detainees and developing third-party applications with capabilities to collect users’ private information.
- Iranian military forces: The Iranian military forces, especially the Islamic Revolutionary Guards Corps (IRGC), are actively involved in formulating and proposing workflow solutions pertaining to the Internet, as well as implementing Internet censorship and surveillance measures. They also participate in training programs for collecting evidence against detainees and developing third-party applications with capabilities to collect users’ private information. They have also attempted to militarize the Internet through measures such as the user protection parliamentary bill and increasing pressure on the SCC, but they have faced strong resistance from civil society activists who launched a campaign opposing the bill.
- The Supreme National Defense University (SNDU): This institution plays a major role in Iran’s efforts toward Internet suppression and the militarization of cyberspace. Established by the Iranian Armed Forces, the SNDU is instrumental in the development and implementation of strategies pertaining to national security, including in the digital realm. The university contributes significantly to the formulation of Internet control tactics and tools, making it a cornerstone in Iran’s infrastructure of Internet suppression.
- Additionally the WGDICC collaborates with various companies and technologies to develop surveillance and repression tools, such as:
- Niafam: This is a knowledge-based company that provides web-based solutions for organizations, such as intelligent portal systems, content management systems, online chat systems, customer relationship management systems, and online support systems. It also offers professional SEO services and custom software development. The leaked emails reveal Niafam’s willingness to cooperate with the Attorney General’s Office to launch an organizational portal with special capabilities. The proposed features include facial recognition and identification of individuals depicted in news images, aimed at enhancing the generated content.
- Yaftar: This is a company that has been working on an image analysis system since 2014 with the aim of identifying instances of “bad Hejab” and “nudity” in women’s images. The company also has a long-term plan to develop web crawler systems to collect data from search engines such as Google, Yahoo, and Bing with the aim of proactive censorship.
- Douran Group: The Douran Group specializes in software and computer network services. It is a Internet blocking and censoring contractor named in the leaked emails. The company was sanctioned by the US Treasury Department for “censorship or other activities that limit freedom of expression or assembly.” Douran has also established contracts with Internet providers to provide censorship equipment traffic analysis tools.
- Gap Messenger: This is a cross-platform encrypted cloud-based messenger that offers various features such as chat, group creation, channel creation, voice and video calls, wallet, bot platform, game and entertainment services, and online store creation. However, this messenger has engaged in censorship and provided user information to the Attorney General’s Office. The CEO of Gap Messenger holds British citizenship and has established another company in England.
This report concludes that Iran’s digital policy is driven by a strategic intent to control and regulate the Internet, which is evident in their efforts to develop sophisticated surveillance tools, initiate tiered Internet access, and implement legal VPN services. Iranian authorities also aim to increase control over Internet access and exert influence in international forums and the United Nations.
