For over a decade commentators have highlighted the economic potential of Iran’s digital economy, and since President Rouhani’s election in 2013 many have feted a boom in online business. Everything from the growth of the ride-sharing app Snapp, to the emergence of apps offering home-cooked meal deliveries illustrate that online innovators are ready to take on the challenge of meeting Iranian consumers’ needs.
Historically, Iran’s low connectivity rates and strict internet controls posed major obstacles to the growth of this industry, with the sector’s growth being stymied for a number of years. But owing in part to the Rouhani government’s investment in high-speed internet infrastructure, over the last six years Iran’s digital sector has established itself as a core pillar of the national economy. In this time, access to mobile internet has become almost universal in urban centres, and internet speeds have drastically improved.
These conditions have permitted Iran’s young tech entrepreneurs to thrive, especially in light of sustained support offered to the sector by President Rouhani and his start-up-obsessed ICT Minister Mohammad-Javad Azari Jahromi.
Such support has included the Startup Action Plan, which was ratified by Rouhani’s cabinet on 19 May 2019. The plan aims to provide start-ups with financial incentives, including a three-year tax break and the provision of co-working spaces to young companies.
But for all the economic opportunities this growth affords, the state’s entanglements with the sector frequently fall short in offering businesses and users the protections they need, while overreaching in other areas — in places seemingly co-opting technologists into the state’s surveillance apparatus.
In this edition of Filterwatch, we explore some of the ways that the Iranian government and start-up community should be doing more to ensure that users’ digital rights are protected. We’ll also flag up some of our growing concerns about the state’s apparent appropriation of the tech sector for its own purposes, and discuss how leaders in the tech sector might be able to push back.
Data Leaks and the Need For Proper Regulation
Despite recent growth, and the support of the current administration, we’d argue that if privacy and security are not centred in the expansion of government and digital services in Iran, then they could soon be viewed more as threats to citizens’ lives than as opportunities. Last month, two incidents highlighted these challenges within Iran’s startup community.
The first was Google’s removal of Iranian ‘client apps’ — Iranian versions of Telegram — from their app store. Citing the threat they pose to the privacy and security of Android users, two apps called ‘Talagram’ and ‘Hotgram’ were removed. Both were among the better known examples of a group of apps which used Telegram’s API to provide users with continued access to the platform after its ban in April 2018.
These apps were protected from filtering by Iranian authorities, and in return they blocked access to a number of profiles including foreign-based media organisations such as BBC Persian. Human rights groups (including Small Media and the Center for Human Rights in Iran) consistently raised concerns over the surveillance threats posed to app users. On a number of occasions Iranian officials indicated that these apps have the support of the government.
This incident highlights Iran’s strategy of outsourcing surveillance duties to small private enterprises — something that may expand further as a result of Iran’s ambitious eGovernment plans. These actions create a divide between those who collaborate with the government and in return receive favourable terms and support, and those who protect their independence but subsequently expose themselves to greater levels of obstruction.
The second incident highlights another vulnerability in Iran’s digital business community — the failure to safeguard consumer data. In April it came to light that a dataset containing the information of around 300,000 drivers of the ride-sharing company Tap30 had been made available online. It did not take long before Tap30 was made to publicly admit the dataset had been stolen from their system. Although similar data leaks have taken place around the world, what is astonishing in this instance is the lack of clear judicial procedure mandating for the state to investigate such an incident.
Although Iran’s proposed Data Protection Bill proposes an Office of Data Protection, such an office will only restore trust in private companies’ handling of data if it acts as a exercises meaningful regulatory powers, and dispenses with existing nebulous loopholes and exemptions for privacy on the basis of national security.
A Mixed Record — Jahromi’s Privacy Agenda
Since being appointed ICT Minister following Rouhani’s reelection in 2017, Jahromi has tried to make a name for himself as a young minister in step with Iran’s vibrant startup community. But he hasn’t always been in entrepreneur’s good books.
Jahromi first came under fire from the entrepreneurial community in April 2018, when he was accused of failing to stop the filtering of Telegram. But we’d argue that Jahromi has failed the digital economy community on two other fronts as well — both of which threaten to suffocate the tech sector in the long-term.
Firstly, Jahromi has failed to deliver a regulatory system that can help build trust in Iran’s digital businesses. The public’s lack of faith in domestic businesses to securely host their private information was evident during the initial push for the widespread adoption of domestic messaging apps. So much so that Iran’s Supreme Leader in issued a fatwa in support of users’ online privacy in April 2018.
Jahromi reacted by announcing the fast-tracking of his Data Protection and Privacy Bill through the Iranian Parliament. Although it was initially announced that the process would only take a couple of months before being presented to parliament for a vote, to this day — almost a year after the bill was proposed — it has failed to receive approval from Rouhani and his cabinet, as thus has not yet been considered by MPs. Even if it were to be successfully fast-tracked, the draft version of the bill fails to counter the most intrusive elements of the 2010 Cyber Crimes Law, and will therefore do little to limit the government’s powers to spy on citizens through domestic service providers.
Which leads us onto the second issue: the fact that the Rouhani administration (and Jahromi in particular) is using Iran’s private sector to develop the country’s surveillance infrastructure — a move that it is bound to chip away at public trust in domestic tech companies. Indeed, a great deal of public attention has been placed on the government’s financing of domestic tech companies involved in the creation of domestic messaging apps and forked versions of Telegram. In spite of these challenges, paths do exist towards the development of trust in Iran’s tech sector — but it will ultimately fall to key industry players to take the lead on this.
The Need for Leadership — Tech Companies and the Privacy Debate
The vast majority of Iranian tech startups are not implicated in Iran’s surveillance structure, nor are they set up to benefit from highly restrictive filtering regimes. As a result, tech startups could play a leading role in defining and protecting digital rights in Iran.
With government plans to expand Iran’s eGovernment services significantly in the coming years, there is a possibility that more private firms will be called upon to deliver services that could in turn become part of the country’s surveillance infrastructure.
Because of this, private companies have an important role to play in shaping Iranian digital rights. There are two main ways they can do this: firstly, by refusing to work with government projects linked to surveillance. And secondly, by improving their own data protection beyond the requirements of Jahromi’s proposed bill.
Some tech companies have already illustrated willingness on this front. On 14 April, Hamid Bazargar, the CEO of Tehran-based taxi company Maxim, denied Tehran City Council access to the company’s raw user data, stating that the privacy of its users is a red line they are unwilling to cross.
As long as tensions with the US do not catastrophically limit the growth of Iran’s digital sector, then the digitalisation of the economy will continue. Iranian officials are already discussing ambitious plans relating to smart cities and the Internet of Things. Such projects could deliver excellent value to Iranian citizens and the Iranian economy, or they could lead to unprecedented data gathering by the state in collaboration with new digital businesses (or a mixture of the two).
The startup communities’ willingness to stand up for digital rights at this early stage could have a dramatic impact on the realisation of citizens’ right to privacy. If the tech community fails to demand the establishment of an effective regulatory body that is capable of developing public trust in the private sector, then it is likely that many Iranian users will continue to opt for international service providers wherever possible.
Fresh Opportunities — How to Boost Iran’s Stuttering Tech Sector
In a report published earlier this year, we highlighted six pieces of legislation that are slated to come under parliamentary consideration in the near future. However, it seems increasingly likely that all of these will be put to a final vote in Iran’s next parliament, rather than the current one.
Although the new legislation may offer some new privacy protections, none of the proposed bills go as far as to roll back the intrusive Cyber Crime Law of 2010. In fact, as we outline in our report, if the bills are passed without major amendments then they could end up further undermining citizens’ digital rights, and stifling the country’s nascent tech sector.
During Iran’s 2016 parliamentary elections the pro-reform list used the threat of the filtering of Telegram as a wedge issue, to help boost support among voters opposed to online censorship. The upcoming parliamentary election provides another such opportunity for tech entrepreneurs and the digital sector to raise their concerns about the inactivity and the counter-productive actions of policymakers when it comes to developing much-needed safeguards for privacy and cybersecurity in the digital economy.
For more of Small Media’s work on the internet policy landscape in Iran, check out the rest of Filterwatch — either here on Medium, or on our website.
Written by Kaveh Azarhoosh // Edited by James Marchant
