My last blog post hit a nerve. When I wrote it I was vaguely worried about the direction certain reporters and human rights activists were taking in their response to the use of surveillance technology by authoritarian governments. A few days later a new article by Bloomberg appeared that has instantly confirmed and amplified those fears.  If any human rights advocates felt that I was taking “cheap shots” at them, let me ask them now to calmly revisit the issue in the light of this new article, entitled “Israel didn’t know high-tech gear was sent to Iran via Denmark.”

The article exposes the use of bandwidth optimization equipment by an Iranian ISP. The equipment comes from from Israeli company Allot. This is treated as a perfect example of how governments need to crack down on what they are now calling “the digital arms trade.” But when you investigate the actual facts of the case, you find that it proves exactly the opposite.

I titled the first blog “technology as symbol” because it seemed to me that DPI was becoming the activists’ and journalists’ stand-in for actual repression in authoritarian political institutions; the result was to misdirect political energy away from the actual problem and toward domestic vendors, making people in the West feel good but doing next to nothing for the real victims. The new story about Israel and Iran couldn’t have done a better job of exemplifying that act of symbolic substitution.

The core of the story concerns the fascinating revelation that an Iranian ISP is using equipment from an Israeli company, Allot, for bandwidth management. Our research team at deeppacket.info already knew this, as a byproduct of our research on Internet governance and DPI technology. Indeed, I personally found this discovery to be deeply ironical – and oddly reassuring. Here are two countries whose political leaders are at the bleeding edge of geopolitical conflict; both of their governments would eagerly bomb the other’s population and kill thousands of their citizens if they could get away with it. Both of those governments already impose flat-out bans on any and all trade and contact with the other. No situation in which stronger incentives to maintain and enforce trade barriers could be imagined. And yet somehow, an Iranian ISP managed to get some sophisticated bandwidth management equipment from an Israeli vendor, and the vendor probably knew where it was going. Gains from trade managed to overcome deep-seated political, ideological and ethnic divisions.

The point is not just that export controls are leaky, there is a far more important fact here. The Iranian ISP involved uses their Allot-supplied DPI capability for bandwidth management exclusively, not for government-ordered surveillance and repression. This is a separate application than the wiretapping capabilities that are the focus of the Bloomberg series. Indeed, the ISP’s dire need for bandwidth management was caused precisely by the very URL filtering put into place by the hardline Iranian regime. Heavy censorship pushes many ordinary Internet users to use proxies, tunnels and VPNs to surf the web. These technologies prevent the ISP from reaping the efficiencies of caching. As a result, their bandwidth requirements have gone up by 25%, according to an inside source.

And here is where Elgin’s story goes off the rails. He vaguely recognizes that Allot’s DPI equipment is not designed to perform governmental surveillance functions. But that just  doesn’t fit the pre-ordained narrative. So the reporter ignores that fact and claims that because it’s DPI, it is somehow complicit in the Iranian regime’s spying, repression and murder and needs to be stopped. Watch the guilt by association in action:

The product sold by Allot, NetEnforcer, conducts “deep- packet inspection” of networks. The technology has commercial uses, such as helping a mobile network operator prioritize certain types of traffic or eliminating spam. But deep-packet inspection has also been used to snoop into e-mails in countries including Tunisia, even allowing officials to change the contents, Bloomberg News found. It can also prevent activists from using the Web anonymously, leading to arrest and torture in countries such as Iran…

This outrageous equivocation demonizes a generic technological capability because it can be used to do bad things. Saying that Allot’s DPI equipment should be blocked because it uses a form of DPI that can be programmed to do evil is like saying we should halt the trade in mobile telephones because such phones have been used by terrorists to set off bombs in Iraq and Afghanistan. Or if you still don’t get the point, consider rewriting the last sentence from Elgin’s article in this way: “The product sold by Western Digital is a computer hard disk. Computer hard disks have commercial uses. But hard disks have also been used by the Syrian regime to store and access the emails of dissidents, leading to their arrest and torture…”

In the Allot story, the tendency toward symbolic substitution, the need to smite an enemy easily at hand rather than the real one, the need to identify and kill a scapegoat, is too obvious to deny. Allot is now going to get into a lot of trouble in Israel – but the sale of its bandwidth optimization equipment to an Iranian ISP struggling with the traffic loads caused by domestic censorship is not what’s harming the Iranian people. The Iranian ISP involved it is not an agent of the mullahs or the Revolutionary Guard; it is as much a victim of their irrationality as anyone. Indeed, the use of DPI-based bandwidth optimization technology could help dissident Iranian citizens gain faster access to a less-censored Internet using proxies and tunnels.

The Elgin article is a powerful testimonial to how easily the momentum of this movement can blind advocates and misdirect and mislead their followers. Let me reiterate – for I already said it in the first piece – that Western corporations and their shareholders do have a moral obligation to refrain from actively pursuing business opportunities with dictatorships when those opportunities involve supplying products and services specifically designed to aid their crimes and repression. But very few technologies are constructed so as to be only usable for crime and repression A few cases of complicity are obvious, such as the Italian company that actively exploited a dictator’s desire to break into dissidents’ communications. Most cases, however, are not obvious; the technology may be part of a general infrastructure that can aid the oppressed citizens more than it strengthens the government. Or it might do both at the same time. The definition of the controlled technology will never be simple when ICTs are involved. It is therefore incumbent upon human rights activists to be extremely accurate about what and who they target. The Allot case is an example of a complete failure to do that.

Two other concerns led to Thursday’s post. Both were reinforced by the Bloomberg news article.  1. One was that the activists involved in this controversy were starting to characterize information technology – all information technology – as weaponry and basing their policy models on that equation. In the latest Bloomberg article, the weaponization of ICT has become open and explicit. Marietje Schaake, a Dutch member of the European Parliament, now calls it “the digital arms trade.” And here is Brett Solomon, who purports to be an activist for Internet freedom: “Technology can be used as a weapon and should be treated with the same care and sold with the same due diligence.”

This kind of talk makes me angry. For the past five years, some of us have  been challenging the rampant securitization of the Internet by a cyber-military-industrial complex still looking for a replacement for the Cold War. The key rhetorical and political ploy used by these forces is to equate the diffusion and ubiquity of information technologies with weapons proliferation, and thus to equate an open and free information infrastructure with national weakness. The implication is that empowering civil society with access to information technology is dangerous, and needs to be checked and regulated by the state. Such an approach is routinely used by cyber-nationalists to limit and block access, and to justify surveillance and interception of communications. Indeed, if the metaphor is accepted it can only lead in that direction.

If self-styled Internet freedom activists are adopting the same mindset as Michael McConnell, the battle for Internet freedom is lost. Surely, it must be gratifying for Solomon and Schaake to posture as saviors of the Iranian people and other victims of repressive regimes. But in fact they are advocating policies targeted at western equipment  manufacturers; nothing they do to them will have a major impact on those regimes. In the meantime, their acceptance of critical premises and assumptions of the militarizers will reinforce a global tendency to restrict and control the Internet and information technology.

2. In the original blog post I worried about the way this push for controlling information technology could actually increase worldwide surveillance of uses and users. Unfortunately, that worry is now confirmed. The Bloomberg writers are now openly pushing a policy line  that “Many companies selling surveillance equipment that connects to the Internet have the ability to monitor their own customers, and governments could require them to do so while tightening export laws.”

Wonderful. Let’s get all the world’s governments to link the use of ICT equipment to a globalized surveillance capability, so they can make sure you are authorized to use it. That will surely solve the problems of surveillance and repression! What could possibly go wrong with that scenario?

Revealingly, the same reporter who filed this story, Ben Elgin, interviewed me during its preparation. We had an extensive discussion of how compulsory reporting back to vendors was both circumventable and, if implemented, raised as many questions about  unauthorized surveillance and human rights violations as it answered. But those concerns were clearly not what the reporter wanted to hear. Nothing about that appeared in the report. I also tried to remind this reporter of the bad old days when information technology was explicitly and legally treated as a weapon – that is, when cryptography was monopolized by the U.S. government and regulated heavily under its trade in munitions laws. That meant not only that ordinary people and businesses were completely denied access to the privacy and security that cryptography enabled, but also that research in that area was classified and its circulation carefully guarded. Even presenting mathematical papers dealing with the topic was subject to surveillance and restriction. Somehow, none of those precedents made it into Elgin’s story.

The uncritical equation of information technology with weaponry; the uncritical acceptance of heightened surveillance as the answer to the problem; the refusal to even consider and discuss possible problems with the suggested policy proposals; all indicate a movement that has gotten carried away with its own rhetoric and become heedless to possible error or unintended consequences.