[liberationtech] on the traceability of circumvention tools

Ronald Deibert r.deibert at utoronto.ca
Fri Sep 17 08:36:19 PDT 2010 

On 16-Sep-10, at 10:54 PM, Mehdi Yahyanejad wrote:

>
> On Sep 16, 2010, at 1:04 PM, Behdad Esfahbod wrote:
>
>> Thanks Mehdi for starting this thread.  I'll reply in more detail  
>> later, but
>> wanted to single-out this part:
>>
>> On 09/16/10 00:31, Mehdi Yahyanejad wrote:
>>> However, circumvention tools are not illegal in Iran
>>
>> I'm fairly sure (and I mean 99% sure) that this is incorrect.  I'll  
>> dig out
>> the laws tonight.
>>
>
> I had already verified this by looking it up in the Iranian law for  
> cyber crimes.
> It has no mention of circumvention tools being illegal. In fact, it  
> doesn't make the act of visiting blocked websites illegal.
> I haven't seen any reports of anyone getting arrested for using  
> these tools.
>
> I don't know about the case for downloads. In many countries, there  
> are laws against downloading child pornography or bomb making  
> manuals. The case for downloads might not be covered by cyber crime  
> laws and could fall in other parts of criminal law.
>
> One thing related to the circumvention tools is illegal: building  
> them or distributing them.
> This has  been put into effect. A number of VPN resellers have been  
> rounded up in the past.
>

I do believe there is a specific law in Iran that forbids the  
production and distribution of circumvention technologies that was  
passed as part of the Iran Cyberspace Law in June 2009 by the Guardian  
Council;  And I've seen reports from the Iranian press of dozens of  
people being arrested for production and use of circumvention  
technologies. I'm not sure if they are accurate reports or not, but  
there are many reports.

More fundamentally, however, whether there is a specific law or not is  
really beside the point.  In countries like Iran, the law is applied  
in a vague and sometimes arbitrary way such that anyone at anytime can  
ostensibly be arrested or charged under a variety of laws pointed to  
ex post facto to justify those actions.  This is happening in dozens  
of countries around the world.  It happened, and is happening, to  
Hoder. People in repressive and authoritarian regimes live in a  
climate of such uncertainty, which works very much in the favor of the  
state.  Take a look, for example, at the way in which copyright  
violations were used as an excuse by Russian authorities to seize  
computers from NGOs and opposition groups (the most recent of which  
was reported on by the New York Times.)

I do believe that Medhi is correct about the fact that all  
circumvention technologies are subject to discovery with the present  
capabilities available to authorities at the carrier grade level and  
using a variety of DPI techniques that are now widely available and  
marketed to regimes like Iran.  (This is why the Nokia-Siemens case is  
so important and interesting, as is the RIM controversy too, but  
that's a bit off topic.)  In the case of Iran, the TCI has close  
connections to the revolutionary guard and engineering capabilities  
(both home grown and purchased from abroad) are quite sophisticated.   
Hell, they're probably monitoring this list for all we know.

Of course, one can and should drive up the costs of making such  
systems discoverable in various ways, and all of this underscores the  
importance of avoiding sensationalistic hype about promises that can't  
be met about security and anonymity.  But let's not also set ourselves  
up for failure by advocating that only completely undiscoverable,  
anonymous tools should be employed by users in these jurisdictions.   
Using circumvention technologies is ultimately a political act in such  
cases, carrying inherent risks similar to those that are taken in a  
variety of circumstances for people living in repressive regimes.  As  
long as people understand the risks of the threat environment in which  
they live, and those associated with the technologies they use, then  
really it is their choice as to what they want to do.    The onus on  
us who advocate, produce, or propagate these technologies is to try to  
make sure those risks and choices are clearly spelled out for them.

regards
rd






>
>
>> behdad
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

Ronald J. Deibert
Director, The Citizen Lab
Munk School of Global Affairs
University of Toronto
r.deibert at utoronto.ca
http://deibert.citizenlab.org/
twitter.com/citizenlab




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20100917/42732a05/attachment.html>

More information about the liberationtech mailing list