Farsi Version
Download PDF
Accessibility
Text Size
100%

The Monopoly of Internet Infrastructure in Iran: Challenges and Consequences of Restrictions on Access and Cybersecurity

In today’s world, access to the internet is widely regarded as a fundamental human right, significantly impacting economic, social, and cultural development. The internet is not only the primary tool for communication and information exchange but also a platform for innovation, education, and social engagement. The quality, speed, and accessibility of the internet heavily rely on communication infrastructures managed by various entities.

In Iran, the Telecommunication Infrastructure Company (TIC) serves as the main governmental body with nearly complete control over the country’s internet infrastructure. While this state monopoly has contributed to the development of certain infrastructures, it has also led to numerous issues. The lack of competition, rising costs, and tight control over bandwidth and content have limited users’ ability to freely access the internet.

Additionally, cybersecurity challenges in Iran have become increasingly concerning due to weaknesses in infrastructure and a lack of preparedness to address growing threats. Distributed Denial of Service (DDoS) attacks, the “hijacking” of Google IPs, and widespread internet censorship all highlight serious challenges in managing and securing the country’s digital space.

This report provides a comprehensive analysis of Iran’s internet infrastructure and cybersecurity, examining issues such as infrastructure monopolies, extensive control and surveillance, and restrictions on internet access. The objective of this analysis is to shed light on existing weaknesses and provide insights for improving current conditions, enabling Iranian users to enjoy free and secure internet access.

Key Findings of the Report:

  • Monopoly of Internet Infrastructure: The Telecommunication Infrastructure Company (TIC), as the main governmental body, holds a significant monopoly over the management and control of Iran’s internet infrastructure. This monopoly has led to reduced competition, higher prices, and a decline in the quality of internet services.
  • Extensive Control and Surveillance: The government’s control over bandwidth and monitoring of internet communications has severely restricted users’ access to a free internet, pushing them towards using domestic traffic.
  • Cybersecurity Issues: Distributed Denial of Service (DoS) attacks and the “hijacking” of Google IPs have been identified as serious cybersecurity threats in Iran. These incidents highlight the weaknesses in security infrastructure and a lack of preparedness to counter cyber threats.
  • Censorship and Access Restrictions: Widespread internet censorship in Iran, including blocking websites and social media networks, has limited users’ ability to access international information and resources. Additionally, attacks on VPNs have been conducted to prevent circumvention of censorship measures.
  • Restricted Right to Access and Choice: Users’ rights to access a free internet and choose their preferred service providers are severely affected by monopolistic and restrictive policies. Users often face limited options, all of which are under strict government control.

Internet Infrastructure

The internet infrastructure in Iran plays a crucial role in supporting digital services and modern communications, significantly influencing the quality, accessibility, and security of the internet in the country. This infrastructure consists of data transmission networks, data centers, internet service providers (ISPs), and related equipment, all of which are supervised and managed by governmental and semi-governmental entities.

In Iran, the provision, development, and maintenance of this infrastructure are heavily controlled and regulated by law, primarily falling under the jurisdiction of the Telecommunication Infrastructure Company (TIC). This centralization can have detrimental effects on competition, innovation, and the quality of internet services.

The entry points of the internet to Iran, as well as the provision, development, and maintenance of internet infrastructure, are controlled by the TIC, with a minor share managed by the Institute for Research in Fundamental Sciences, formerly known as the Institute for Studies in Theoretical Physics and Mathematics.

  • The Institute for Research in Fundamental Sciences (Formerly the Center for Theoretical Physics)

The internet was first introduced in Iran through academic settings before becoming publicly accessible. The Institute for Research in Fundamental Sciences—formerly known as the Institute for Studies in Theoretical Physics and Mathematics and a government research center under the Ministry of Science, Research, and Technology—continues to play a minor role in facilitating internet access, primarily serving research and educational organizations.

The Center for Theoretical Physics is a prominent scientific and research institution in Iran that operates in various fields, including cybersecurity and internet infrastructure. The center collaborates with both governmental and private entities to conduct multiple research and development projects in security technologies and cyber threat mitigation.

Leveraging its scientific and research expertise, the center is involved in analyzing and evaluating cyber threats as well as developing preventive solutions. However, due to the regulatory and legal constraints in Iran, the center’s activities are also influenced by governmental monopoly and restrictive policies. Therefore, when discussing the monopoly over the internet in Iran, the primary subject of focus remains the “Telecommunication Infrastructure Company (TIC).”

  • The Telecommunication Infrastructure Company (TIC)

The Telecommunication Infrastructure Company (TIC) is the main governmental entity responsible for managing and developing Iran’s communication and internet networks, playing a pivotal role in the regulation and maintenance of the country’s communication infrastructure.

According to the statute of this company, which was established in 2007 by the Cabinet based on Note (4) of Article (7) of the Fourth Development Plan Law enacted in 2004, the TIC acts as the national backbone telecommunications network. It is responsible for the import and distribution of internet bandwidth across the country, as well as the creation and maintenance of long-distance and international infrastructure networks (such as microwave networks, fiber optic networks, telecommunication satellite stations, and inter-provincial and international switching centers). Additionally, the company must provide capacities for the transmission and routing of long-distance and international traffic, supporting and managing all types of “voice, video, and data” traffic required in the country.

Given its monopoly in this domain, TIC has significant influence over the Iranian internet market.

Whenever the monopoly over internet access through this state-owned company is discussed, officials often justify it by claiming that collective purchasing increases Iran’s bargaining power, allowing it to import internet bandwidth at lower prices. However, in reality, this monopoly significantly reduces competition among internet service providers (ISPs), leading to increased prices and diminished service quality.

TIC also holds significant power over monitoring and controlling internet content due to its exclusive control over the flow of traffic before it reaches end-users. For example, TIC manages the differentiation between domestic and international traffic at traffic exchange points (IXPs), which it owns and operates.

IXPs, or Internet Exchange Points, are physical locations where operators and data centers exchange traffic. In Iran, the main incentive for establishing domestic IXPs—aside from economic reasons and improving internet quality—was to prepare the infrastructure for separating domestic and international traffic.

On February 16, 2013, the High Council of Cyberspace issued a resolution (alternate link) titled “Policies Governing the Establishment of Domestic Traffic Exchange Points (IXP) and Differentiation of Domestic Traffic from Traffic Hosted Outside the Country.”

According to this resolution, inter-network connections and data traffic exchanges among all data and internet service providers within the country are prohibited unless conducted via the “Telecommunication Infrastructure Company’s network” or through the “data traffic exchange points” specified in the resolution.

In addition to the differentiation of domestic and international traffic, the implementation of filtering also falls under TIC’s jurisdiction. According to the Deputy Minister of Communications in the twelfth administration, filtering is executed in a distributed manner by ISPs and telecommunication companies providing internet services, under the oversight of TIC.

A comprehensive report reveals that, based on a leaked email from the Prosecutor’s Office titled “Key Measures and Proposals for Organizing Cyberspace,” there was a request to delegate the filtering system to ISPs:

“The handover of filtering systems to access providers and providing the necessary capabilities for direct legal monitoring by the judiciary and the Secretariat of the Working Group for Determining Instances of Criminal Content.”

The second report by the Electronic Commerce Association also refers to this matter as the new policy of the Ministry of Communications under the Ebrahim Raisi administration (2021-24), which has expanded the development of filtering equipment at the access layer and among mobile operators, while also initiating the planning and execution of similar measures for fixed-line operators.

In line with this, a source who spoke to Filterwatc on the condition of anonymity stated,

“Every operator is required to sign a contract with a filtering company and hand over their traffic to that company. However, contractors do not always comply with the client’s directives regarding filtering methods and related issues, as filtering impacts traffic usage, which means reduced revenue for the company. This is why filtering is not uniform across different operators.”

These analyses show that part of the filtering implementation or intentional traffic disruption occurs along the TIC-controlled path to operators and fixed-line communication service providers. The other part occurs in the path from operators and service providers to the end-user, also under the supervision of TIC.

Issues with Infrastructure Monopoly 

The monopoly of internet infrastructure by the Telecommunication Infrastructure Company (TIC) and other government entities has eliminated competition and created numerous challenges for Iran’s internet market.

However, the Iranian government, viewing its cyberspace as an extension of its territorial sovereignty, is unwilling to relinquish this monopoly or transfer ownership of internet infrastructure to private companies.

Even with the current monopoly, there are occasional suggestions about involving the military in some of TIC’s responsibilities as well, such as internet gateway control by the armed forces, as part of the “Protection Plan” (“طرح صیانت”). This plan aims to transfer the control of internet gateways to a “Safe Border Gateway Management Working Group,” which would comprise the head of the National Cyberspace Center, representatives from the General Staff of the Armed Forces, the Islamic Revolutionary Guard Corps’ Intelligence Organization, the Ministry of Intelligence, the Ministry of Communications, the Passive Defense Organization, and the Judiciary.

Indeed, not only is the Iranian government uninterested in dissolving TIC’s monopoly, but for years it has also sought to bring the private information technology sector increasingly under its control. Policymakers of the National Information Network (NIN) have consistently aimed to recruit the private sector into the content and services layer of NIN to establish an ecosystem that aligns with the network’s requirements.

This is the same aspect that the Supreme Council of Cyberspace referred to in its 2020 document, “Comprehensive Plan and Architecture of the National Information Network,” seeking to ensure its alignment with “Iranian-Islamic values.”

Price Increase

Due to the lack of real competition in Iran’s internet market, the cost of internet services is disproportionate to their quality. Furthermore, given the additional expenses users incur for VPNs to access unrestricted internet, the overall cost of free internet access is not economically feasible for them. 

On October 22, 2021, during the thirteenth administration, the 34% tariff increase that was initially applied to mobile internet operators was extended to fixed-line internet services.

This sudden increase came as a shock to internet users across the country. At that time, many experts argued that the Ministry of Communications could have reduced its 8% revenue share from operators (which, according to the Minister of Communications of the Raisi administration, was allocated to fiber-optic development projects) to mitigate the tariff hike.

In its second report released in December 2023, the Electronic Commerce Association conducted an analysis of the inefficient economic model behind internet pricing in Iran. According to this model, the primary reasons for inefficiency are the high cost of bandwidth monopolized by TIC, the imbalance in international bandwidth, and the substantial costs of filtering equipment. 

The report also notes that the “imbalance in international bandwidth” is itself a function of the filtering situation, which, with its decreasing growth, has led to an increased overall cost for bandwidth provision by TIC.

The report further states,

“Although there is no precise evidence on the total cost of filtering equipment in Iran, some experts in the field report that operators must spend around 10 billion tomans for filtering equipment to develop a network capacity of 10 Gbps.”

Many experts, along with the second report by the association, believe that the price increase was not aimed at supporting operators. Instead, it was meant to cover the costs associated with reduced bandwidth and filtering. This issue became especially prominent after platforms like WhatsApp and Instagram were blocked, leading to a significant drop in bandwidth usage and, as a result, reduced revenue for operators and TIC. Over 70% of TIC’s revenue comes from the two largest mobile operators in Iran. The 34% tariff hike was a way to recover the lost income for internet service providers. According to an analysis of TIC’s financial statements by “Peivast,” “network sanitization”—restricting access to high-traffic foreign messaging platforms—was a key factor in the company’s reduced revenue.

Ultimately, this price increase resulted in a growth in TIC’s total revenue for the fiscal year 2023-2024. According to the financial report for 2023-2024, the company’s total revenue from bandwidth services grew by 27% compared to the previous year, reaching a total of 5.8 trillion tomans.

In conclusion, if the provision of bandwidth were open and operators and Fixed Communication Providers (FCPs) were allowed to procure bandwidth independently, they could offer competitively priced and higher-quality services under the supervision of the Communications Regulatory Authority. Consequently, users would have a wider range of options to choose services that best meet their needs and budgets.

Decline in Service Quality

The lack of competition and existing monopoly over internet infrastructure in Iran have led to a noticeable decline in the quality of internet services. Users experience issues such as low speeds, frequent disconnections, and a lack of access to high-quality services.

The monopoly on communication infrastructure provision, which is held solely by one company, exacerbates the vulnerability of the internet network to incidents and crises, ranging from power outages to fires and disruptions in internet entry routes:

  • Power Outages and Data Centers: In recent years, especially during the summer, power outages affecting data centers and BTS (Base Transceiver Station) antennas have led to internet disruptions. This is primarily due to the “lack of adequate backup equipment” provided by TIC. From late spring to late summer this year, the energy crisis reached a level where major data centers experienced power cuts, resulting in significant disruptions to internet access.
  • Nationwide Fixed Internet Outage: In the summer of 2022, the website Zoomit reported a nationwide fixed internet outage from 8:36 to 8:45 on July 25 due to a power outage at TIC.
  • Fires in Communication Hubs: In August 2021 and July 2023, fires in the telecommunication hubs of the Telecommunication Company caused disruptions to both fixed and mobile internet services for multiple operators in southern cities of Tehran province and some other provinces.
  • Disruption in Internet Entry Routes: Numerous times, disruptions in the routes that provide internet access to the country and the “lack of backup routes” have caused users to lose connectivity. The most recent incident occurred on August 28, 2023, when a disruption in the internet entry route from Georgia affected connectivity. Similar widespread disruptions were recorded on November 3 and 4, 2023, due to another disruption in the same route.
  • Widespread Outage on November 18, 2023: A major outage occurred on November 18, 2023, impacting fixed and mobile internet in 14 provinces across the country for over an hour, according to data from IODA (Internet Outage Detection and Analysis). TIC attributed the incident to “a disruption in the transmission network of Tehran province.”

According to IODA data, internet disruptions in Iran in 2023 alone accounted for a total of 60,000 minutes of downtime.

Increased Control and Oversight

The monopoly over internet infrastructure grants governmental entities in Iran the ability to easily monitor internet communications and control the content being transmitted. This situation can lead to serious restrictions on internet freedom and user privacy.

Cybersecurity Issues

Cybersecurity in Iran faces several challenges stemming from weak infrastructure, cyberattacks, and policies aimed at controlling the internet. Some of the key cybersecurity issues include:

  • DDoS Attacks: Distributed Denial of Service (DDoS) attacks are one of the most significant cyber threats affecting Iran’s internet infrastructure. The first TIC report on DDoS mitigation showed that the country’s internet became increasingly insecure under restrictive policies and filtering. Within just 21 months, approximately 430,000 DDoS attacks were launched against 79,000 cyber targets in the country.

For instance, from March 27, 2024, until the end of the Iranian New Year holidays in April of that year, DDoS attacks caused widespread internet disruptions in Iran. According to Cloudflare data, more than 80% of the network was affected, and network experts within Iran reported that packet loss during this period increased by up to 40%.

Discussions with Filterwatchand technical experts in Iran reveal that TIC was the source of the disruption. Since TIC is the sole gateway providing internet services to operators, these operators had no precise solution to resolve the issue. The authorities initially denied the attacks and then restricted access to the global internet (“Iran Access”), which further disrupted the ability of users outside Iran to access domestic content. In response to these attacks, the Electronic Commerce Association suggested in its third report that an active countermeasure would be to increase the DDoS mitigation capacity from 200 Gbps to 1800 Gbps, a ninefold increase, to minimize the impact on user experience.

Impact of DDoS Attacks on User Experience: DDoS attacks create massive amounts of fake traffic, saturating servers and network infrastructure. This exhausts available bandwidth, severely reduces internet speed, and causes frequent disconnections. Additionally, the increase in “latency” or ping significantly slows down the responsiveness of websites and online services (e.g., email, social media, online shopping, e-banking), affecting file uploads and downloads. Overall, DDoS attacks have detrimental effects on daily life, businesses, and the country’s economy. Addressing these attacks requires investing in network infrastructure, enhancing cybersecurity, and fostering international collaboration.

  • “Hijacking” Google IPs: In September 2020, a report by Project Ainita disclosed that TIC had “hijacked” Google’s IP addresses to redirect data traffic through its own routes. This action could have been an attempt to bypass international restrictions or exploit internet traffic for specific purposes.

Impact of Google IP Hijacking: Hijacking Google IPs disrupts traffic routing, leading to significant reductions in internet speed, delays in page loading, and file downloads. In some cases, users may lose complete access to Google services, such as Search, Gmail, and YouTube. This unlawful and harmful action aims to control and restrict online freedoms and can have serious legal and political consequences, undermining trust in Iran’s internet infrastructure among users and international organizations.

Restricting the Right to Access and Choice

The right to internet access and the free selection of service providers are fundamental user rights. However, in Iran, these rights are severely affected by the monopoly over infrastructure and restrictive policies. Limitations on bandwidth and content censorship reduce users’ ability to utilize the internet and restrict their choices.

  • Bandwidth Control

Bandwidth control by governmental entities is one of the primary tools used to limit internet access. These controls degrade internet speed and service quality, forcing users to rely on domestic services with particular restrictions.

The Hassan Rouhani  administration (2013-21)  was the only presidential administration that publicly disclosed the country’s bandwidth capacity in their reports. Before the end of his second term n, the Communications Regulatory Authority reported in June 2021 that the country’s international bandwidth capacity was 5,489 Gbps. However, with the commencement of the Raisi administration, official and transparent data on the nation’s bandwidth were not released. It was only in August 2023, through the financial report of TIC, that it was announced that foreign capacity purchases had increased compared to the previous year, bringing the total bandwidth capacity to 11.4 Tbps.

The financial report of the Telecommunication Infrastructure Company TIC indicates an increase in the purchase of foreign capacity and announces a figure of 114 Tbps for internet bandwidth

One of the consistent demands of Iranian operators has been the increase of international bandwidth and greater transparency regarding it. In November 2021, some Iranian operators reported that the reason for the decreased internet speed was the shortage of international bandwidth in the country. According to them, because the Supreme Council of Cyberspace did not grant permission to TIC to purchase global bandwidth, the company was unable to distribute additional capacity to internet service providers. Consequently, these providers were forced to reduce internet speeds to manage user demand and prevent excessive consumption.

Policies aimed at limiting bandwidth and the lack of transparency regarding its capacity are implemented to increase control and oversight over users’ internet activities. These policies can violate users’ rights to access open information.

  • Censorship

Internet censorship in Iran is extensive, encompassing the filtering of websites, social media, and various online services. This censorship has restricted Iranian users’ access to global content, forcing them to rely on limited domestic resources. Such limitations not only hinder access to information but also negatively impact education, research, and development in the country.

Content restriction policies or filtering in Iran do not follow a transparent structure, but Filterwatchhas, in various reports, attempted to shed light on different filtering methods through various sources:

  • Filterwatch’sDomestic Sources: Including technology and IT industry researchers who spoke anonymously.
  • Leaked Emails from the Working Group for Determining Instances of Criminal Content: Hacked and released by the group “Anonymous.”

In brief, in 2001, Ali Khamenei, the Supreme Leader of Iran, first announced the “General Policies of Computerized Information Networks.” Following this, the Islamic Republic established entities to monitor internet content and user activities. In 2006, the government of Mahmoud Ahmadinejad issued the “Regulations for Organizing Internet Site Activities,” requiring all websites to register with the Ministry of Culture and Islamic Guidance.

The creation of policy-making entities to handle content deemed unacceptable by the government intensified with the passing of the Computer Crimes Law in 2009 and the formation of the “Working Group for Determining Instances of Criminal Content.”

Officially, internet filtering and censorship in Iran, which officials refer to as “cleansing,” are carried out by the Working Group for Determining Instances of Criminal Content, a judicial body operating under the Attorney General’s Office.

The filtering committee collaborates with various companies and tech experts to develop monitoring and repression tools. Some of these companies include SATRA (the Regulatory Organization for Audio and Visual Media), Tuning Technologies Yar Sharif, Niafam, Yafthar, and Doran Group. Additionally, entities like the Supreme National Security Council and the National Cyberspace Center have the authority to filter platforms, and in certain cases, judicial orders can lead to the direct filtering of platforms, such as the blocking of the Telegram app in May 2018 by order of Bijan Ghasemzadeh Sangroudi, a judge at the Culture and Media Court, which affected all Iranian users.

As mentioned in the first part of this report, the execution of filtering is distributed across operators and telecommunication companies that provide internet services, under the supervision of TIC.

  • Attacks on VPNs

In response to the widespread use of VPNs by users to circumvent censorship, governmental entities periodically target these tools. The attacks involve blocking VPN servers, reducing connection speeds, and even launching DDoS attacks against the VPN servers. These actions reflect the government’s broad efforts to maintain control over the internet and prevent users from accessing filtered content. There are also suspicions about attempts to disrupt VPN encryption protocols, as the government aims to promote its own “legal VPNs.”

In June and July 2022, TIC aggressively targeted encryption protocols used by VPNs like Psiphon and Google Outline. This action severely reduced internet speeds. A month later, Mehdi Salem, then head of the Ministry of Communications’ Information and Public Relations Center, denied government involvement, stating that the ministry did not cause any disruption to the internet and was only seeking to prevent the “illegal sale of VPNs.” Mehdi Salem added,

“We have monitored a significant portion of the complaints, and some of the companies claiming deliberate disruption on the internet are those selling VPNs, which is illegal. We are not obligated to support illegal activities.”

author avatar
Narges Keshavarznia
Text Size
100%