Search Mailing List Archives
[liberationtech] on the traceability of circumvention tools
r.deibert at utoronto.ca
Fri Sep 17 08:36:19 PDT 2010
On 16-Sep-10, at 10:54 PM, Mehdi Yahyanejad wrote:
> On Sep 16, 2010, at 1:04 PM, Behdad Esfahbod wrote:
>> Thanks Mehdi for starting this thread. I'll reply in more detail
>> later, but
>> wanted to single-out this part:
>> On 09/16/10 00:31, Mehdi Yahyanejad wrote:
>>> However, circumvention tools are not illegal in Iran
>> I'm fairly sure (and I mean 99% sure) that this is incorrect. I'll
>> dig out
>> the laws tonight.
> I had already verified this by looking it up in the Iranian law for
> cyber crimes.
> It has no mention of circumvention tools being illegal. In fact, it
> doesn't make the act of visiting blocked websites illegal.
> I haven't seen any reports of anyone getting arrested for using
> these tools.
> I don't know about the case for downloads. In many countries, there
> are laws against downloading child pornography or bomb making
> manuals. The case for downloads might not be covered by cyber crime
> laws and could fall in other parts of criminal law.
> One thing related to the circumvention tools is illegal: building
> them or distributing them.
> This has been put into effect. A number of VPN resellers have been
> rounded up in the past.
I do believe there is a specific law in Iran that forbids the
production and distribution of circumvention technologies that was
passed as part of the Iran Cyberspace Law in June 2009 by the Guardian
Council; And I've seen reports from the Iranian press of dozens of
people being arrested for production and use of circumvention
technologies. I'm not sure if they are accurate reports or not, but
there are many reports.
More fundamentally, however, whether there is a specific law or not is
really beside the point. In countries like Iran, the law is applied
in a vague and sometimes arbitrary way such that anyone at anytime can
ostensibly be arrested or charged under a variety of laws pointed to
ex post facto to justify those actions. This is happening in dozens
of countries around the world. It happened, and is happening, to
Hoder. People in repressive and authoritarian regimes live in a
climate of such uncertainty, which works very much in the favor of the
state. Take a look, for example, at the way in which copyright
violations were used as an excuse by Russian authorities to seize
computers from NGOs and opposition groups (the most recent of which
was reported on by the New York Times.)
I do believe that Medhi is correct about the fact that all
circumvention technologies are subject to discovery with the present
capabilities available to authorities at the carrier grade level and
using a variety of DPI techniques that are now widely available and
marketed to regimes like Iran. (This is why the Nokia-Siemens case is
so important and interesting, as is the RIM controversy too, but
that's a bit off topic.) In the case of Iran, the TCI has close
connections to the revolutionary guard and engineering capabilities
(both home grown and purchased from abroad) are quite sophisticated.
Hell, they're probably monitoring this list for all we know.
Of course, one can and should drive up the costs of making such
systems discoverable in various ways, and all of this underscores the
importance of avoiding sensationalistic hype about promises that can't
be met about security and anonymity. But let's not also set ourselves
up for failure by advocating that only completely undiscoverable,
anonymous tools should be employed by users in these jurisdictions.
Using circumvention technologies is ultimately a political act in such
cases, carrying inherent risks similar to those that are taken in a
variety of circumstances for people living in repressive regimes. As
long as people understand the risks of the threat environment in which
they live, and those associated with the technologies they use, then
really it is their choice as to what they want to do. The onus on
us who advocate, produce, or propagate these technologies is to try to
make sure those risks and choices are clearly spelled out for them.
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> Should you need to change your subscription options, please go to:
Ronald J. Deibert
Director, The Citizen Lab
Munk School of Global Affairs
University of Toronto
r.deibert at utoronto.ca
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech