Opposition activists in Iran are beginning to deploy a new weapon in the cyber war against the regime that they hope will defeat extensive government efforts to block popular mobilization on the Internet inside Iran.
Called “Haystack” – and carrying the motto “Good luck finding that needle” – an encryption software custom-made for Iran in San Francisco is the first anti-censorship technology to be licensed by the US government for export to Iran.
“There has never been a tool built from the ground up specifically to address the way in which the regime does its Internet filtering,” says Austin Heap, co-creator of the software. “We really hope that Haystack will be a one-to-one match for how the regime implements censorship.”
After disputed presidential elections last June that crowned Mahmoud Ahmadinejad with a second term, Internet and social networking sites like Twitter and Facebook played a crucial role in helping protesters organize weeks of unrest and demonstrations that were often met with violence.
As the opposition Green Movement brought hundreds of thousands of Iranians onto the streets to reverse what they considered a rigged election, multiple crackdowns left scores dead, thousands under arrest, and a trail of charges of abuse and rape in custody.
Iranian security forces launched an aggressive and largely successful campaign to shut down the ability of cyber-savvy Iranians to communicate easily with each other on social networks or post and read opposition news on the web – a method that appeared to initially catch the regime off guard, prompting some to call the most serious internal crisis since 1979 a “Twitter Revolution.”
“We need this software,” says a young professional in Tehran sympathetic to the opposition. “If it works, it would be a new lifeline. We have nothing now. We hear stories about people being faced with a printout of their SMS [text messages] and e-mails during interrogation; that fear runs in the society.”
Iran’s law-enforcement chief announced last November the creation of a “cyber police” division to hunt and stop opposition activism online. Also led by elements of the Revolutionary Guard, known as Sepah, Iranian agents are reported to have sent intimidating warnings to individual Iranians from Sweden to Los Angeles who expressed pro-opposition views, and forced some citizens entering Iran to reveal passwords and open their Facebook and other accounts upon arrival at the airport in Tehran.
Attacks that temporarily disabled Twitter and hacked Iranian opposition websites in December yielded a page that declared they were “hacked by the Iranian Cyber Army” and used religious imagery and references frequently employed by the Islamic Republic, though there was no explicit government connection.
“The government is fighting the free flow of information … so fighting this blockage is the first and most critical step … required to bring about change,” says the professional in Tehran. “[Haystack] would definitely revitalize activism. People have no source of information they can trust anymore. This would again open up sources … which they could sift through at their own will and get the info they want. It would help rebuild the networks that suffered greatly after the major Sepah crackdowns.”
Rebuilding those networks is the challenge for the creators of Haystack, who say they have carefully studied how China, Iran, and other censoring nations have sought to block Internet access – and what techniques can defeat them.
Haystack first provides high-grade encryption of data, similar to that used when accessing a bank website. It then hides that data inside other normal data streams and makes it look like normal Internet traffic itself, so the original data is as difficult to detect and stop as finding – as advertised – a needle in a haystack.
“As much as we are trying to help people get around [censorship], there’s a counter-part to our organization inside the regime trying to make sure that we are not successful, and they’re just growing,” says Mr. Heap, who is director of the non-profit Censorship Research Center that was set up in San Francisco to handle Haystack.
No. 2 Internet censor
Iran is “not China, but probably No. 2 or 3 on the [censorship] sophistication list,” says Mr. Heap, whose board of advisers is three-fourths Persian. Iranian authorities “have been at this for a long time, using both technology from outside Iran – from Nokia Siemens [Networks] – [and] also technology that’s homegrown. They’ve put a lot of government resources behind their Internet filtering.”
Keeping the Internet under control has been a tough job in a nation of 23 million Internet users. A 2008 report by the Berkman Center for Internet and Society at Harvard University counted some 60,000 Persian-language blogs, and found that “given the repressive media environment in Iran today, blogs may represent the most open public communications platform for political discourse.”
Iranians “are one of the most tech-savvy – if not the most tech-savvy – group of people anywhere in the region,” says Heap. “I’m not someone who’s going to run around saying ‘Twitter Revolution.’ This isn’t about government toppling. This isn’t about regime change. It’s simply, from where we all stand, an issue of open communications, free speech. The impact is really hard to guess.”
The result nevertheless, he says, is a “cat and mouse game” that means constant updating, learning, and sometimes acting and counterattacking in the course of an hour or two.
But some likely users inside Iran say they are as hopeful of Haystack’s potential as they are wary that the software will not measure up—or that it will be compromised by the government’s cybersleuths.
“[Haystack] would breathe new life into our semi-dead communication network. But people have learned not to trust anything very easily [so] they will be hesitant at first to use any software on their computers,” says the professional. “But if they see this is endorsed by the reputable outside world, it could change.”
“My guess is that should the infrastructure be laid, along with proper assurances that this is coming from a legitimate source, and not some hoax by Sepah, people will find it and use it,” adds the source in Tehran. “I’m suspicious, too. I think Sepah would quickly infest the net with clones of this software, with spyware inside.”
But the utility for Iran’s embattled opposition is undeniable, he says: “For now the most important thing for us is to be able to connect the great number of like-minded but dispersed people. Connecting the dots … that would again give the opposition the power of the masses.”