My last blog post hit a nerve. When I wrote it I was vaguely worried about

the direction certain reporters and human rights activists were taking in their

response to the use of surveillance technology by authoritarian governments. A

few days later a new article by Bloomberg appeared that has instantly confirmed

and amplified those fears.  If any human

rights advocates felt that I was taking “cheap shots” at them, let me ask them now

to calmly revisit the issue in the light of this new article, entitled

“Israel didn’t know high-tech gear was sent to Iran via Denmark.”

The article exposes the use of bandwidth optimization equipment by an Iranian ISP. The equipment comes from from

Israeli company Allot. This is treated as a perfect example of how governments need to crack down on what they are now calling “the digital arms trade.” But when you investigate the actual facts of the case, you find that it proves exactly the opposite. 

I titled the first blog “technology as symbol” because

it seemed to me that DPI was becoming the activists’ and journalists’ stand-in

for actual repression in authoritarian political institutions; the result was

to misdirect political energy away from the actual problem and toward domestic vendors,

making people in the West feel good but doing next to nothing for the real

victims. The new story about Israel and Iran couldn’t have done a better job of exemplifying that act

of symbolic substitution.

The core of the story concerns the fascinating revelation that an Iranian

ISP is using equipment from an Israeli company, Allot, for bandwidth

management. Our research team at deeppacket.info already knew this, as a

byproduct of our research on Internet governance and DPI technology.

Indeed, I personally found this discovery to be deeply ironical – and oddly

reassuring. Here are two countries whose political leaders are at the bleeding

edge of geopolitical conflict; both of their governments would eagerly bomb the

other’s population and kill thousands of their citizens if they could get away

with it. Both of those governments already

impose flat-out bans on any and all trade and contact with the other. No

situation in which stronger incentives to maintain and enforce trade barriers could

be imagined. And yet somehow, an Iranian ISP managed to get some sophisticated

bandwidth management equipment from an Israeli vendor, and the vendor probably knew

where it was going. Gains from trade managed to overcome deep-seated political,

ideological and ethnic divisions.

The point is not just that export controls are leaky, there is a far more

important fact here. The Iranian ISP involved uses their Allot-supplied DPI capability

for bandwidth management

exclusively, not for government-ordered surveillance

and repression. This is a separate application than the wiretapping

capabilities

that are the focus of the Bloomberg series. Indeed, the ISP’s dire need

for

bandwidth management was caused precisely by the very URL filtering put

into

place by the hardline Iranian regime. Heavy censorship pushes many

ordinary Internet

users to use proxies, tunnels and VPNs to surf the web. These

technologies prevent

the ISP from reaping the efficiencies of caching. As a result, their

bandwidth requirements have gone up by 25%, according to an inside

source.

And here is where Elgin’s story goes off the rails. He vaguely

recognizes

that Allot’s DPI equipment is not designed to perform governmental

surveillance functions. But that just doesn’t fit the pre-ordained

narrative.

So the reporter ignores that fact and claims that because it’s DPI,

it is somehow complicit in the Iranian regime’s spying, repression and

murder

and needs to be stopped. Watch the guilt by association in action:

The product sold by Allot, NetEnforcer, conducts

“deep- packet inspection” of networks. The technology has commercial uses, such

as helping a mobile network operator prioritize certain types of traffic or

eliminating spam. But deep-packet inspection has also been used to snoop into

e-mails in countries including Tunisia, even allowing officials to change the

contents, Bloomberg News found. It can also prevent activists from using the

Web anonymously, leading to arrest and torture in countries such as Iran…

This outrageous equivocation demonizes a generic technological capability because

it can be used to do bad things. Saying that Allot’s DPI equipment should be

blocked because it uses a form of DPI that can be programmed to do evil is like

saying we should halt the trade in mobile telephones because such phones have

been used by terrorists to set off bombs in Iraq and Afghanistan. Or if you

still don’t get the point, consider rewriting the last sentence from Elgin’s

article in this way: “The product sold by Western Digital is a computer hard disk.

Computer hard disks have commercial uses. But hard disks have also been used by

the Syrian regime to store and access the emails of dissidents, leading to their

arrest and torture…”

In the Allot story, the tendency toward symbolic substitution, the need to

smite an enemy easily at hand rather than the real one, the need to identify

and kill a scapegoat, is too obvious to deny. Allot is now going to get into a

lot of trouble in Israel – but the sale of its bandwidth optimization equipment

to an Iranian ISP struggling with the traffic loads caused by domestic censorship

is not what’s harming the Iranian people. The Iranian ISP involved it is not an

agent of the mullahs or the Revolutionary Guard; it is as much a victim of their

irrationality as anyone. Indeed, the use of DPI-based bandwidth optimization

technology could help dissident Iranian citizens gain faster access to a less-censored

Internet using proxies and tunnels.

The Elgin article is a powerful testimonial to how easily the momentum of

this movement can blind advocates and misdirect and mislead their followers. Let me reiterate – for I already said it in the

first piece – that Western corporations and their shareholders do have a moral

obligation to refrain from actively pursuing business opportunities with dictatorships

when those opportunities involve supplying products and services specifically designed to aid

their crimes and repression. But very few technologies are constructed so as to be only usable for crime and repression

A few cases of complicity are obvious, such as the Italian company that

actively exploited a dictator’s desire to break into dissidents’

communications. Most cases, however, are not obvious; the technology may be part of a

general infrastructure that can aid the oppressed citizens more than it strengthens

the government. Or it might do both at the same time. The definition of the controlled technology will never be simple when ICTs are involved. It

is therefore incumbent upon human rights

activists to be extremely accurate about what and who they target. The

Allot case is an example of a complete failure to do that.

Two other concerns led to Thursday's post. Both were reinforced by the Bloomberg news article.

1. One was that the activists involved in this controversy were starting to characterize information technology – all information

technology – as weaponry and basing their policy models on that equation. In

the latest Bloomberg article, the weaponization of ICT has become open and explicit. Marietje

Schaake, a Dutch member of the European Parliament, now calls it “the digital

arms trade.” And here is Brett Solomon, who purports to be an activist for

Internet freedom: “Technology can be used as a weapon and should be treated

with the same care and sold with the same due diligence.”

This kind of talk makes me angry. For the past five years, some of us have

been challenging the rampant securitization of the Internet by a

cyber-military-industrial complex still looking for a replacement for the Cold

War. The key rhetorical and political ploy used by these forces is to equate

the diffusion and ubiquity of information technologies with weapons proliferation, and thus to equate an open and free information infrastructure with national

weakness. The implication is that empowering civil society with access to information technology

is dangerous, and needs to be checked and regulated by the state. Such an

approach is routinely used by cyber-nationalists to limit and block access, and to justify

surveillance and interception of communications. Indeed, if the metaphor is accepted

it can only lead in that direction. 

If self-styled Internet freedom activists are adopting the same mindset as Michael

McConnell, the battle for Internet freedom is lost. Surely, it must be

gratifying for Solomon and Schaake to posture as saviors of the Iranian people and other victims of

repressive regimes. But in fact they are advocating policies targeted at

western equipment

manufacturers; nothing they do to them will have a major impact on those regimes. In the meantime, their acceptance of critical

premises and assumptions of the militarizers will reinforce a global tendency to restrict and control the

Internet and information technology.

2. In the original blog post I worried about the way this push for

controlling information technology could actually increase worldwide

surveillance of uses and users. Unfortunately, that worry is now confirmed. The

Bloomberg writers are now openly pushing a policy line that “Many companies selling

surveillance equipment that connects to the Internet have the ability to

monitor their own customers, and governments could require them to do so while

tightening export laws.”

Wonderful. Let’s get all the world’s governments to link the use of ICT

equipment to a globalized surveillance capability, so they can make sure you

are authorized to use it. That will surely solve the problems of surveillance

and repression! What could possibly go wrong with that scenario?

Revealingly, the same reporter who filed this story, Ben Elgin, interviewed

me during its preparation. We had an extensive discussion of how compulsory

reporting back to vendors was both circumventable and, if implemented, raised as many questions about unauthorized

surveillance and human rights violations as it answered. But those concerns were

clearly not what the reporter wanted to hear. Nothing about that appeared in

the report.

I also tried to remind this reporter of the bad old days when information

technology was explicitly and legally treated as a weapon – that is, when

cryptography was monopolized by the U.S. government and regulated heavily under

its trade in munitions laws. That meant not only that ordinary people and

businesses were completely denied access to the privacy and security that cryptography

enabled, but also that research in that area was classified and its circulation

carefully guarded. Even presenting mathematical papers dealing with the topic was

subject to surveillance and restriction. Somehow, none of those precedents made

it into Elgin’s story.

The uncritical equation of information technology with weaponry; the

uncritical acceptance of heightened surveillance as the answer to the problem; the

refusal to even consider and discuss possible problems with the suggested

policy proposals; all indicate a movement that has gotten carried away with its

own rhetoric and become heedless to possible error or unintended consequences.