Cyberwar Iran 2009: Part XV – The Iran-Siemens Affair
"Nokia-Siemens supplied the gun, but is not the one pulling the trigger"
In an article published today (June 22nd, 2009) by The Wall Street Journal and titled "Iran’s Web Spying Aided By Western Technology European Gear Used in Vast Effort to Monitor Communications" the Journal states that
"The Iranian regime has developed, with the assistance of European telecommunications companies, one of the world’s most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale."
In the new resulting Internet heckstorm about this topic, Siemens chose to answer as following:
"Nokia Siemens Networks has provided Lawful Intercept capability solely for the monitoring of local voice calls in Iran. Nokia Siemens Networks has not provided any deep packet inspection, web censorship or Internet filtering capability to Iran."
Allow me to elaborate a little on the truth of the situation. Please do not see this as me taking a side on the issue. This is a purely technological analysis.
Firstly, in most developed countries, there are laws that require, not only allow, that telecommunication providers have system for "lawful intercept". This is true for Iran, it is true for Great Britain and all of the European Union, and it is true for the USA.
The only legal point of view here that could dissent, is the definition of this technology as "dual use" technology. I.e. could this technology be used for a military purpose or not. I am not an expert in this legal field, and do not if this technology qualifies or if the EU has restrictions on the sale of technology marked as such. If many readers request, I will endeavor to clarify this issue.
Secondly, all of those systems, especially those that can "handle" digital information are capable of listening, analysing, reporting, and exerting some control over telephone calls.
Thirdly, Siemens, and in this case specially Nokia-Siemens, as a company, does not have the right to refuse sales based upon political views, however abhorrent, of its customers.
My "problem" with Nokia-Siemens is found for the following statement:
"…The restricted functionality monitoring center provided by Nokia Siemens Networks in Iran cannot provide data monitoring, internet monitoring, deep packet inspection, international call monitoring or speech recognition…"
Allow me to elaborate:
Central monitoring systems as described here, do monitor and do have some control ability over calls. These systems most certainly have the capability to deal with international call monitoring. Those systems, while technically not performing "deep packet inspection" do have the capability to do voice analysis and recognition and it is a technology-trivial matter to add this functionality on.
Today’s 3rd generation cellular technology does not, for the most part, distinguish between voice and data. While some services such as MMS are separate, Nokia-Siemens should clarify that it does deal with data-streams that include both voice and data. They travel on the same channels, and the signalling data for both is handled through the same switches and control software.
As for the term Data Monitoring, since most traffic is seen as data, it does get monitored. Further, to perform some of the services, such as billing for attachments or allowing filtering against malware, you could state that the software does, indeed, do "deep-packet inspection". Data, including data needed for billing, which is kept for some time everywhere that it is collected, does indeed get monitored.
Bottom line: Iran does have a system, at least the one supplied by Nokia-Siemens. Nokia Siemens has no control of how the system is now used beyond whatever technical support agreement it had signed with the Iranian telecommunications company. The responsibility for any repressive use of the tools which are entirely normal for performance monitoring and typical law enforcement lies entirely on the shoulders of the Iranian government.
- Cyberwar: Iran 2009 Part I
- Cyberwar: Iran 2009 Part II
- Cyberwar: Iran 2009 Part III
- Cyberwar: Iran 2009 Part IV
- Cyberwar Iran 2009: Part V
- Cyberwar Iran: 2009 Part VI
- Cyberwar Iran 2009: Part VII
- Cyberwar Iran 2009: Part VIII
- Cyberwar Iran 2009: Part IX
- Cyberwar Iran 2009: Part X
- Cyberwar Iran 2009: Part XI || The Revolution Will Be Uploaded
- Cyberwar Iran 2009: Part XII || The Onion Router - "TOR" and Iran
- Cyberwar Iran 2009: Part XIII || A World ATwitter || Tweets About The Iran Uprising
- Cyberwar Iran 2009: Part XIV - Iran's Disinformation Campaign
- Cyberwar Iran 2009: Part XV - The Iran-Siemens Affair
- Cyberwar Iran 2009: Part XVI - A Formal Declaration of (Cyber)war !
- Cyberwar Iran 2009: Part XVII - Follow the Money
- Cyberwar Iran 2009: Part XVIII - This Just In
- Cyberwar Iran 2009: Part XIX - Return of (Green) Jedi
- Cyberwar Iran 2009: Part XX - The Lebasi-Lebanese Menace
- Cyberwar Iran 2009: Part XV - The Iran-Siemens Affair
- Lawful Intercept(ion) Primer Part I - Introduction
- Lawful Intercept(ion) Primer Part 2 – Why?
- Lawful Intercept(ion) Primer Part 3 - How?
An interesting analysis Ariel.
You are actually incorrect about the voice and data streams being combined. They are handled separately.
See here: http://andrewlighten.com/2009/06/23/what-i-do-for-a-job/
Our monitoring capability can only be used on local voice calls.
Hi there,
You are incorrect when saying voice and data are in the one stream. Current Release 99 networks use two seperate traffic paths – Circuit for voice, and Packet for data. Release 4 networks will incorporate all IP.
In current 2G and 3G mobile networks, voice is circuit switched (as opposed to packet switched-Internet traffic), and therefore is not subject to Deep Packet Inspection.
Internet data however, can be subjected to DPI.
Hi,
One more point-to say “..capability to do voice analysis and recognition and it is a technology-trivial matter to add this functionality on…” is certainly not correct.
Doing this type of analysis/monitoring, in real-time is certainly not trivial, as most communications systems are not designed to do this function, instead they are designed to route telephone calls to their intended destination, as quickly and efficiently as possible.
Thank you for correcting me. I appreciate it!
These are in fact dual-use items. The US has uni-lateral controls on the export of such items, requiring an export license to ALL countries. Can be found in the US Commerce Control List, section:
5A980 – Devices primarily useful for the surreptitious interception of wire, oral, or electronic communications; and parts and accessories therefor.
” The responsibility for any repressive use of the tools which are entirely normal for performance monitoring and typical law enforcement lies entirely on the shoulders of the Iranian government.”
Let’s say that you own a business that manufactures industrial furnaces. These furnaces are legitimately used to power factories or heat homes. They can also be used to build gas chambers to efficiently murder innocent men, women and children. Would you sell these furnaces to a regime that you strongly suspect will use them to build gas chambers? And if you did choose to sell them, would you be (at least partly) responsible for the death of those innocent people?
Denying the use of dual-use technology to repressive regimes is neither a novel nor a rare concept. It happens everyday. Unfortunately, in most cases, this has to be enforced via legislation, because corporations cannot be trusted to set aside profits and do the right thing.
Very good point, Shekhar. This is one of the reasons I high-lighted the possibility of dual use. I wonder how many companies can be pointed at for selling dual-use items/technologies to Iran, Iraq, Syria, North Korea, China and other current-flavor-of-the-month axis-related term. The difficulty here is to predict what COULD be done with the technology or item.
As I am Jewish, the gas-chamber metaphor hits home very sharply. I simply do not have an answer . Is it reasonable to demand that Nokia-Siemens would have thought their tools could be used for such purposes? And if so, what makes Iran more (or less) likely to be defined as an “abuser”, whereas a more “western” country would seem more benign performing the same actions.
Ariel, I apologize for inadvertently using the holocaust as an example.
The question is not so much who will abuse technology or how they will abuse it. I think we should just assume the worst and then ask the more important question — “what recourse does the abused individual have?”
In a true democracy, citizens have constitutional protections and access to a strong legal system for defending themselves. In repressive countries like Iran, you have very little recourse if the government has already decided that you are a criminal or a traitor. Frequently, people just “disappear”. No trial, no jury, no nothing.
Nokia-Siemens must have known that in Iran, the potential for abuse was extremely high and legal protections for individuals were superficial at best. In my opinion, they weighed the pros and cons and decided that this deal was too good to pass up. And if they hadn’t sold the technology to the mullahs, someone else would have.
Dear Ariel,
We make a similar analysis at http://network-labs.org/2009/06/should-we-believe-nokiasiemensnetwork’s-denials/ but we also focus on how NSN presents itself as a highly ethical company and how it uses language to obfuscate the implications of its systems.
Best regards,
Diederik
One of the main twitterers reporting on events in Iran has been told government can moniter amount of phone usage to figure out if they are constantly using internet, and therefore come after them.
Is this true?
Are their any ways around, besides very short posts?
Robyn,
Thank you for your question.
Yes, it is true. Not only the quantity, but also the direction of most data and the type of data.
The only way I can think of to bypass this is via regular computers. Short traffic bursts won’t work…
Ariel
Siemens have always been proud of there excellent services of intercepting communications in a lawful way for dictators. Just ask the widows of French freedom fighters during WWII, that had there rendezvous with destiny with the help of high quality German signint equipment.
A murderer comes to your door and asks for a knife to kill some one. you sell him the knife. who is responsible. you just pathetically try to survive if all of us are illiterate, ignorance and have childish thoughts what do you think of US congress? Germans, it is not your first time you sold Chemical weapons to Iraq during Iran Iraq war. you are filthy greedy.