Unintended consequences of deploying intranets as an attempt to insulate from cyberattack
Transcript of Unintended consequences of deploying intranets as an attempt to insulate from cyberattack
Unintended consequences of deploying intranets as an attempt to insulate from cyberattack
Michael Jablonski
Presidential Doctoral Fellow
Transcultural Conflict & Violence Program (2CI)
Georgia State University
Michael Jablonski, J.D. Department of Communication Georgia State University P.O. Box 5060 Atlanta, Georgia 30302-5060 [email protected]
Presented at the 2013 International Biennial Conference of the Inter-University Seminar on Armed Forces and Society, The Palmer House Hilton in Chicago, Illinois, USA
October 25-27, 2013.
2
Unintended consequences of deploying intranets as an attempt to insulate from cyberattack
Abstract Governments have reacted to the possibility that the global internet may provide
a pathway for intrusion associated with malicious activity by segmenting internal
networks such that portions do not interconnect with networks outside their control.
Networks that function like the internet but with little or no global connectivity –
intranets – are seen as ways to protect information from aggression by isolating
networked users from dangers lurking on the larger system. Intranets, however,
substitute one set of dangers for another. The creation of an intranet fosters a false sense
of security while decreasing the probability that malware on the system can be
expeditiously detected. Infection of a network in the Natanz nuclear enrichment facility
(Iran) by the Stuxnet worm provides a case study demonstrating that intranets distort
the protection calculus applicable to networks. The internet derives protection from a
large volume of users scanning for malware using a large number of diagnostic tools. An
intranet, by contrast, constrains the diversity of techniques employed to monitor
network health. Users employing an intranet must weigh assumed benefits of network
impenetrability against costs associated with decreased surveillance.
Introduction
3
Governments "intervened in the connections of a digital network" at least 566
times between 1995 and 2011.1 In 2010 the OpenNet Initiative (ONI) estimated that
substantial blocking of the Internet affected 32% of all users, approximately 563,018,414
people - a number not including restrictions in UK, Germany, Korea or Nordic
countries.2 By 2012 over 620 million users experienced blockages in connectivity.3
Of these incidents, the most radical intervention results in complete isolation of a
region from access to the Internet. Governments limit communication primarily to
minimize the effect of protest. Egypt and Libya (2011), Nepal (2005), Burma (2007),
China (2009) disconnected from the Internet during protests that started with ethnic
Uyghur residents in Xinjiang province. The rapid transit system in San Francisco
blocked cell phone service on trains during protests in 2011. Britain considered shutting
down cell and network communications during 2011 riots.4 The initial reaction of
governments facing organized protests facilitated by the ability to communicate through
Internet-based systems is to restrict use of the systems.
Communication restrictions derive from an intent to preserve existing power
relations and cultural heritage. A study of factors motivating countries to filter the
Internet identified twelve categories that could be grouped into “protecting political
authority and preserving the public good.”5 The typologies most pertinent to Iran
include protecting national security, protection from propaganda, stifling dissent, and
preserving cultural or religious values. Iran has been aggressive in operations to cut off
1 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?,” 220. 2 York, “More Than Half a Billion Internet Users Are Being Filtered Worldwide.” 3 ONI, “Global Internet Filtering in 2012 at a Glance.” 4 Deibert and Crete-Nishihata, “Global Governance and the Spread of Cyberspace Controls”; Kelly, Cook, and Truong, Freedom on the Internet 2012: A Global Assessment of Internet and Digital Media. 5 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?”.
4
text messaging and SMS services, blocked access to social media, and made
communication of information threatening the government illegal during episodes of
political stress.6 Interfering with communications, it was hoped, would disrupt
protestors by denying to them the use of an effective organizing tool. In 2005 Iran went
further. The country's leadership began exploring possibilities for an internal network
not connected to the worldwide Internet. The success of a pilot program connecting
3,000 schools and 400 businesses led to the investment of $1 billion in 2008 to deploy
“a genuinely halal network, aimed at Muslims on an ethical and moral level,” in the
words of Ali Agha-Mohammadi, the head of economic affairs in the country.7
The significance of disconnecting the company from the Internet is related to the
successful diffusion of Internet-based communication technologies throughout the
country. Iran consistently exhibited superior rates of Internet adoption when compared
to tother developing countries because of its young population (70% under the age of
30) and high literacy (79+%). In the 15 years after 1996 it added well over 32 million
Internet users.8 Pervasive adoption of the new technologies resulted, in large part, from
early policies that imposed few restrictions on its use.
To understand the major shift from policies encouraging use of the Internet to
the current planned network not linked to the Internet, it is necessary to explore the
history of modern Iran and its attitude towards communication. In 1979 Ayatollah
Ruhollah Khomeini came to power following a revolution that overthrew the Pahlavi
regime. Mismanagement of the economy by the Shah, accompanied by politically inept
6 Fathi, “Iran Disrupts Internet Service Ahead of Protests.” 7 Rhoads and Fassihi, “Iran Vows to Unplug Internet.,” n.p. 8 Golkar, “Liberation or Suppression Technologies?”.
5
efforts to suppress growing dissent, fostered a move towards Islam among Iranians. The
Shah left the country shortly after a September 1978 confrontation between government
forces and protestors in Tehran, allowing Khomeini to accept leadership of the
dissidents and assume control of the country. Khomeini instituted a dual system of
government in which elected civil authorities were supervised by a set of unelected
religious structures. Civil authorities administered the government on a day-by-day
basis but all policies were reviewed, if not dictated, by religious authorities.9
Even with heightened censorship following the institution of a religious regime,
the growth of internet use in Iran was astonishing. Over 23 million Iranians, comprising
over 31% of the population, write over 60,000 blogs.10 Government leaders such as
Mahmoud Ahmadinejad, when he was president, and Supreme Leader Ayatollah
Khamenei maintain. So do important clerics.11 The popularity of the network and its
utility to the government mitigate against complete restriction of its use, as in North
Korea. The compromise is to create a robust intranet isolated from the global system.
Iran possessed the capability to delink from the Internet because of its control
over the global gateway through which all Internet traffic enters the country. Iran
requires that all Internet Service Providers connect to the world through the
Telecommunication Company of Iran (TCI), a state-controlled entity, which functions as
the border gateway. TCI further requires that ISPs filter content entering the country
for religious or security purposes.12
9 Daneshvar, Revolution in Iran. 10 Deibert et al., Access Controlled. 11 Lerner, “Connecting the Actual with the Virtual: The Internet and Social Movement Theory in the Muslim World-The Cases of Iran and Egypt.” 12 Schrempf, “Nokia Siemens Networks.”
6
Designers of the Internet believed that distributed technology and decentralized
architecture would protect the network from government regulation.13 The fact that
infrastructure existed in physical space, however, allowed countries to exert influence on
the physical level that effected regulation on the network. States exploited the
dependency of the network on physical space – routers, cables, switches, for example –
to exert control over use. Iran, for example, limited the number of gateways between the
country and the rest of the Internet in order to limit physical entry to places it
controlled.14 Internet censorship in Iran originally consisted of content filtering
augmented by legal action against users. Filtering took place at the ISP as well as in the
central gateway where the domestic network interfaced with the Internet.15 Centralized
filtering is possible because all ISPs operating in the country route through proxy
servers operated by TCI.16 Iran strictly limited the number of gateways into the
country such that the functioning gateway, controlled by the government, acts as an
information border allowing the state to exercise sovereignty over information flow.
Factors driving the decision to create an intranet A variety of factors impelled the Iranian authorities to move away from a policy of
permissive use to one where information flows were extremely controlled. In general
they reflect a fear of forces outside the country. The principle concerns include fear of
cyber attack, a belief that information from outside the country will degrade local
culture, and that uncontrolled communication can facilitate operations by dissidents.
13 Deibert and Crete-Nishihata, “Global Governance and the Spread of Cyberspace Controls.” 14 ONI, Internet Filtering in Iran. 15 Deibert et al., Access Controlled. 16 Kathuria, Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet.
7
Understanding these forces allows for analysis of consequences attendant to removing
the domestic network from the Internet.
Fear of cyberattack
Fear of cyberattack is not a fantasy. Iran holds the distinction of owning the first
industrial control system known to be targeted by a cyber weapon.17 Fear of attack by
malicious software is a significant, but rarely acknowledged, justification for the Iranian
intranet proposal. Iranian officials repeatedly assert that the reason for an insular
intranet is based upon a need to protect the culture, but in private the concern about
cyberattack becomes evident. Saeed Kamali Dehghan, reporting on technology issues in
Iran, wrote in 2011, “Speaking to the Guardian on condition of anonymity, an Iranian
IT expert with close knowledge of the national internet project, which he described as a
corporate-style intranet, said: ‘Despite what others think, intranet is not primarily
aimed at curbing the global internet but Iran is creating it to secure its own military,
banking and sensitive data from the outside world.’”18
At least four different malicious codes - Stuxnet, Flame, Gauss, and DuQu -
infected Iranian networks. Stuxnet, in particular, infected intranets that were not
directly connected to the Internet. Iran responded to the incursions by expediting the
development of its independent intranet.19
17 Falliere, Murchu, and Chien, “W32. Stuxnet Dossier.” 18 Dehghan, “Iran Tightens Online Censorship to Counter US ‘Shadow Internet’,” n.p. 19 Ball and Gottlieb, “Iran Tightens Online Control by Creating Own Network.”
8
Stuxnet, first deployed against Iran at least by 2007, is the most famous of the
malicious codes.20 Variously called a worm or a virus, Stuxnet eventually infected at
least 30,000 computers in Iran running Windows software, including PCs at the
Bushehr nuclear plant.21 The malware incorporated commands specifically designed to
disrupt operations at the Natanz uranium enrichment facility. During 2007 - the year
the Natanz facility began operations - the worm infected the control network at the
Iranian nuclear enrichment facility.22 Iran employs a cascading centrifuge system where
minute amounts of fissionable U-235 in uranium hexafluoride separates from heavier
U-238 during months of spinning. Stuxnet initially recorded information on the normal
operation of centrifuges for 30 days before executing codes that disrupted industrial
operations. The data reflecting normal operation of the system appeared on control
instruments, leading Iranian operators to believe that systems performed normally once
the malicious code started interfering with the machinery.23
Three versions of Stuxnet operated in Iran, with initial deployment in 2007
followed by variants released in June 2009, March 2010, and April 2010. Security
researchers later discovered the existence of a control server for Stuxnet registered on
November 3, 2005. Four servers (smartclick.org, best-advertising.net,
internetadvertising4u.com, and ad-marketing.net) in the US, Canada, France, and
Thailand communicated with the complex of malicious codes. The earliest version of the
virus included codes designed to increase operating pressures in equipment transferring
20 Finkle, “Researchers Say Stuxnet Was Deployed Against Iran in 2007.” 21 Keizer, “Iran Arrests ‘Spies’ after Stuxnet Attacks on Nuclear Program.” 22 Finkle, “Researchers Say Stuxnet Was Deployed Against Iran in 2007.” 23 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon”; Bambauer, “Conundrum.”
9
uranium hexafluoride gas in the Natanz enrichment facility, thereby damaging the
equipment; later versions caused centrifuges in the plant to spin at speeds exceeding the
design limits of the equipment.24
Iran believed that the virus represented a cyberattack by another country.
Officials detained several individuals suspected of being complicit in the introduction of
the worm on charges of spying.25
Less is known about the other malicious codes than has been disclovered about
Stuxnet. Iran, Lebanon, Syria, the Sudan, and Israeli Occupied territories experienced
infestation by cyber espionage software named "Flame" by its discoverer, Kaspersky
Labs. Flame differs from Stuxnet in that it steals data from computers rather than
injuring industrial equipment although it incorporates much of the same coding.
Kaspersky Labs estimates that Flame is 20 times more complicated than Stuxnet.
Among Flame's tricks, it has the ability to activate a computer's microphone to record
ambient conversations in a room, or grab documents. It may have been operating since
March 2010.26 Gauss operates much like flame but includes a Trojan designed to attack
online banking system, as well as "steal browser history, social network and instant
messaging info and passwords, and searches for and intercepts cookies from PayPal,
Citibank, MasterCard, American Express, Visa, eBay, Gmail, Hotmail, Yahoo, Facebook,
Amazon and some other Middle Eastern banks."27 Gauss infected 2,500 systems in 25
countries, including Iran, although the majority of compromised systems were in
24 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon.” 25 Keizer, “Iran Arrests ‘Spies’ after Stuxnet Attacks on Nuclear Program.” 26 Zetter, “Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers”; Falliere, Murchu, and Chien, “W32. Stuxnet Dossier.” 27 Storm, “Gauss Malware”; GReAT, “Gauss.”
10
Lebanon.28 DuQu, infected computers in Iran, as well as many other places in the world,
in 2010. DuQu does not appear to be directed at Iran although it contains programming
elements that bear the signature of the coders who wrote Stuxnet.29
Iran reacted to the incursion by embarking on a policy to eliminate reliance on
Western software, in part out of fear a backdoor existed allowing outsiders to illegally
access its systems.30
Protection of culture The implementation of restrictive communication in the hopes of protecting
indigenous culture did not originate in Iran. France, for example, imposed
communication restrictions to protect its language even as the commercial world
gravitated to the use of English.31 Iran cites the need to insulate its indigenous culture
from outside influences as a policy legitimizing restrictions. In December 2006, for
example, Iran shut down access to websites such as YouTube and Amazon in order to
“purge the country of Western influence.”32 Total disconnection from the Internet to
prevent cultural contamination from the US, a principle justification claimed by Iran for
its decision, constitutes the ultimate access filter.33
The Iranian exercise of censorship promotes religious beliefs and retention of
power.34 The motivation for implementing information controls in Iran is consistent
with an empirical study of expressions by states for controlling access to the Internet
28 Storm, “Gauss Malware.” 29 Zetter, “Son of Stuxnet Found in the Wild on Systems in Europe.” 30 Deibert et al., Access Controlled. 31 Lichy, “Borders and Frontiers in the Information Age.” 32 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?,” 227. 33 Ghasemilee, “Iran Claims West Is Using Internet for Spying, Creates Its Own ‘halal’ Network.” 34 Ramezanpour, “The Scope and Structure of Censorship in Iran.”
11
which found that “preserving cultural and religious morals” constituted the most cited
justification, especially when officials attributed intervention to preventing the spread of
blasphemous or offensive information challenging the religious and cultural morality of
the state.”35 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital
Networks?,” 227.. Since Iran conflates the religious with the political, government
censorship “targets political content and material that is perceived as offensive to the
standards of Iran’s religious leadership.”36
The Internet was perceived by Iranian religious leaders as allowing its citizens to
access foreign cultural material at odds with cultural beliefs it wanted to inculcate. At
the same time, American policy began to explore the possibilities of applying soft power
to influence the citizens of foreign countries. Joseph Nye applied the term “soft power”
to the demonstration of positive cultural values to citizens of another country as a
strategy to achieve foreign power policy objectives.37 Soft power capitalizes on the
availability of a communication infrastructure that opens new channels for political
activity.38 A soft power policy necessarily promotes values that, in the Iranian case, were
perceived as undermining cultural principles that the Iranian government sought to
strengthen. The government determined that it should limit access to information and
prevent discussion of competing values. A synchronous communication infrastructure,
like applications on the Internet, facilitating citizen discussion may establish a public
sphere.39 The advent of a new public sphere may be perceived as constituting a threat to
35 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?,” 227. 36 Kathuria, Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet, 23. 37 Nye, Soft Power. 38 Negroponte, “Beyond Digital”; Rheingold, The Virtual Community. 39 Papacharissi, “The Virtual Sphere: The Internet as a Public Sphere.”
12
incumbent political actors possessing power in the society. The threat to the power
structure prompts a government like Iran to block information flow to make
communication impossible.40
The development of an intranet by Iran derives from a desire to produce a
homogenous religious state. The Internet challenges homogeneity by promoting cultural
diversity through the ability to access information. Mueller argues that economic
barriers to commerce, including harsh economic rules, must be imposed upon Internet
use for any state to inculcate conservative values in its citizens.41 The Western notion of
state power adopts a specific practice for the interaction of governed and government, as
well as particular understanding of power relations and moral constraints mediating the
interaction.42 In dealing with Iran, the West applies a paradigm in which elected
officials, not religious leaders, are important. The unelected supreme leader and
associated institutions such as the Guardian Council, the judiciary, the Islamic
Revolutionary Guards Corps, and the Basij militia dominate elected officials.43 Electoral
victory does not determine power relationships because, in the Iranian view, sovereignty
does not derive from the people but from religion. Since Iran’s philosophy does not
comport with beliefs held by the rest of the Internet-connected world, it feels pressured.
One response to relieve pressure is to disconnect from the Internet.
The Internet stresses a state in five ways, according to Mueller: the global scope
of communications agnostic of territory; scale allowing a transformative volume of
information; distributive control dissociated from political institutions; creation of new
40 Roberts, Zuckerman, and Palfrey, Circumvention Tool Evaluation. 41 Mueller, Networks and States. 42 Hindess, “Power and Rationality: The Western Concept of Political Community.” 43 Esfandiari, Countries at the Crossroads 2012: Iran.
13
institutions; convergence of media forms changing the polity by altering costs and
opportunities for group action.44 These factors are interrelated. In the case of Iran they
are intimately bound together as the state religion provides the foundation for
governance and culture, at least in the view of religious leaders exercising power.
Sovereignty in Iran derives from religion. As a Shia Islamic state it holds that the
only legitimate source for temporal law is God, who acts through temporal rulers.45
Governance in Iran is based upon the principle of velayat faqih, the rule of the supreme
jurist.46 Velayat faqih developed out of the belief that the 12th Imam, known as Abu al-
Qasim Muhammad or Muhammad al Mahdi, went into hiding to avoid assassination
during the 13th Century but will return as savior to the world. In the absence of this
Hidden Imam, a senior cleric acts with absolute religious and political prerogative.47
Ayatollah Khomeini, after the 1979 revolution, expanded the historical conception of
velayat faqih by interpreting Islamic law as requiring that the foundation of
government be the development, protection, and creation of order consistent with
Islamic principles. Khomeini’s argument stipulated that a government of law must of
necessity be a government of Islamic law since only God possesses sovereignty. As a
result, the ruler administers both religious law and civil justice.48
The Khomeini application of velayat faqih creates difficulties for Western
understanding. It is not merely a merger of religious and civil institutions. Shia, as
incorporated into Iranian governance, holds that the source of civil power derives from
44 Mueller, Networks and States, 4. 45 Omid, Islam and the Post-revolutionary State in Iran. 46 Esfandiari, Countries at the Crossroads 2012: Iran. 47 Arjomand, The Shadow of God and the Hidden Imam. 48 Nasirpour, “Hojatollah Alimohammadi: The Process of Velayat Faqih’s Political Believes’ Development in the Political Fegh of Shiite.”
14
the authority of the Hidden Imam. This contrasts with Western conceptions that power
exercised by civil authority derives from consent of the governed. Iranians, versed in the
structure of velayat faqih, conceive the relationship between government and citizens
differently than observers in the West.
In the US, for example, elections do more than select leaders. Election by ballot
expresses common will empowering the state leaders elected to exercise power.
Elections in Iran have no implications for sovereignty. The melding of religion with the
state in Iran is embodied in its constitution. After the overthrow of the Pahlavi
government, a new system hybridized the 1906 Iranian constitution with that of
France’s Fifth Republic. The resulting document underwent substantial revision to
provide for the for the exercise of power by religious factions.49 Popular elections in
March, 1979 ratified the religious-based constitution, with approval by more than 98%
of voters according to the government.50
The constitution specifically established an Islamic Republic.51 The present state
came into existence as a political movement dedicated to the establishment of a religious
state, a circumstance that has been termed “Islamic activism.”52 The new Iranian
constitution, especially as amended in 1989, invested the government with extensive
powers to mold society in line with Islamic principles. The government assumed powers
to establish laws controlling communication at all levels. The Iranian constitution
addresses freedom of speech negatively through limitations controlling any expression
49 Bakhash, The Reign of the Ayatollahs. 50 Omid, Islam and the Post-revolutionary State in Iran. 51 Const. Iran, “Islamic Republic of Iran Constitution, as Amended,” sec. 1. 52 Lerner, “Connecting the Actual with the Virtual: The Internet and Social Movement Theory in the Muslim World-The Cases of Iran and Egypt.”
15
“detrimental to the fundamental principles of Islam or the rights of the public.”53 The
right to control expression in keeping with Islamic criteria is reaffirmed in Article 175.
The constitution authorizes the state to adopt laws providing for the “inspection of
letters, … the recording and disclosure of telephone conversations, the disclosure of
telegraphic and telex communications, censorship, … eavesdropping, and all forms of
covert investigation.”54 In 1986, the Iranian government exercised its constitutional
powers to control communication by establishing a comprehensive press law prohibiting
the publication of news items violating “Islamic principles and codes and public rights,”
such as “atheistic articles or issues which are prejudicial to Islamic codes, or, promoting
subjects which might damage the foundation of the Islamic Republic” (Art. 6, para. 1);
“Creating discord between and among social walks of life” (Art. 6, para. 4);
“Encouraging and instigating individuals and groups to act against the security, dignity
and interests of the Islamic Republic of Iran within or outside the country….” (Art 6,
para. 5); “Insulting Islam and its sanctities, or, offending the Leader of the Revolution
and recognized religious authorities” (Art. 6, para. 7); “Publishing libel against officials,
institutions, organizations and individuals in the country or insulting legal or real
persons who are lawfully respected, even by means of pictures or caricatures.…” (Art. 6,
para. 8); “or quoting articles from the deviant press, parties and groups which oppose
Islam (inside and outside the country) in such a manner as to propagate such ideas….”
(Art. 6, para. 9).55
53 Const. Iran, “Islamic Republic of Iran Constitution, as Amended,” sec. 24. 54 Ibid., sec. 25. 55 Islamic Republic of Iran, Press Law (Ratified on March 19, 1986) And Its Executive By-law (January 31, 1987).
16
The statute instituted a system of mandatory licensing, administered by the
Ministry of Islamic Culture and Guidance, for any person seeking to publish
information. Licensees could only be granted to citizens at least 25 years of age holding
either a bachelor’s degree or certification of basic seminary education. The licensee
must not have criminal convictions that “according to the Islamic code, strips him/her
of social rights.”56 Amendments in 2000 and 2009 applied the statute to online
publications. The computer crime statute requires ISPs to keep records of all traffic for
six months and makes them liable for any illegal activity perpetrated by customers.57
The plethora of statutes empowered the government to protect culture by
restricting activity deemed to potentially undermine existing practices. Iranian officials
enthusiastically exercised plenary power to control speech. Reporters Without Borders
found Iran to be the Middle East’s biggest prison for journalists in 2008, based upon the
jailing of 33 journalists and bloggers.58 The number of Internet users jailed for crime
increased significantly after the 2009 legislation. Reporters Without Borders listed 26
journalists and 20 internet users as known to be jailed in 2012, with one internet user
killed.59 Iran joined the list of the ten worst countries in the world in which to be a
blogger.60
The desire to promote a set of religious beliefs set Iran on a cultural collision
course with the West. Western conceptions of sovereignty derived from Enlightenment
56 Ibid. 57 Reporters Without Borders, “Iran”; Ziccardi, Resistance, Liberation Technology and Human Rights in the Digital Age. 58 Reporters Without Borders, “Repression Stepped up yet Again as Iran Becomes World’s Biggest Prison for Journalists.” 59 Ziccardi, Resistance, Liberation Technology and Human Rights in the Digital Age; Reporters Without Borders, “Iran.” 60 Deibert et al., Access Controlled.
17
beliefs that the power of the state depended upon a social contract between the state and
its citizens in which the people agreed to a degree of control by the state in order to
assure common good. Iranian conceptions of sovereignty, as incorporated in the
country's constitution, presented an irreconcilably different basis for sovereignty that
was based upon religious beliefs rather than popular consensus. The Internet served as a
conduit for competing ideas that needed to be reined.
Suppression of dissent
The Internet’s potential for delivery of vast amounts of information to anyone
everywhere inspired predictions of global liberation. Benkler saw networks as tools
capable of introducing unprecedented levels of freedom.61 Lessig warned that the
potential new liberties would dissipate unless users challenged mechanisms of authority
associated with the new technologies.62 Benkler and Lessig, among many others,
accepted Ithiel de Sola Pool’s declaration that “electronic technology is conducive to
freedom.”63 Pool envisioned emancipating possibilities of electronic networks 7 years
before Tim Berners-Lee created the WorldWideWeb browser and supporting software.
Inchoate freedom-enhancing characteristics of electronic networks would not mature,
Pool warned, if regulation suffocated the technology. Mueller later characterized “early,
apolitical visions of Internet freedom” as flawed but revealing new ways of governing.64
Politics cannot be sequestered from networks. The conclusion reached by many scholars
61 Benkler, The Wealth of Networks. 62 Lessig, Code and Other Laws of Cyberspace. 63 Pool, Technologies of Freedom, 231. 64 Mueller, Networks and States, 5.
18
- and governments - was that the Internet and other new systems constituted
transformational technology for social organizing.65
Governments asserted power over the communication tools because the key to
their effectiveness lay in their independent nature. “It is an information infrastructure
mostly independent of the state, and since civil society groups are by
definition social organizations independent of the state, the Internet has
become an important incubator for social movements (radical and secular) and civic
action.”66
The Internet, conversely, may increase the power of governments over social
actors.67 Democratic governments share with autocratic regimes a desire to control
information to the extent that Morozov believes that the greatest threat to
communicative freedom comes from police and intelligence agencies in democratic
governments.68
The Iranian plan to create an intranet separated from the Internet provides the
country with a potential solution to the "dictator's dilemma." The dilemma states that
the provision of low cost telecommunications infrastructure facilitates the creation of a
civil society at the expense of authoritarian governments but that failing to provision the
technologies deprives the state of an important tool for economic expansion.69 In Iran, it
65 Chandler and Cortada, A Nation Transformed by Information; Clark, Globalizing Civic Engagement; Kahn and Kellner, “New Media and Internet Activism”; Kriesberg et al., “Social Movements and Global Transformation”; Lindenberg and Bryant, “Going Global”; Warkentin, Reshaping World Politics; McNutt and Boland, “Electronic Advocacy by Nonprofit Organizations in Social Welfare Policy.” 66 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?,” 223. 67 Braman, Change of State; Goldsmith and Wu, Who Controls the Internet?: Illusions of a Borderless World; Morozov, “Dictatorship.com.”; Zysman and Newman, “The State in the Digital Economy”; Morozov, The Net Delusion. 68 Morozov, “Dictatorship.com.” 69 Morozov, The Net Delusion.
19
is clear that the absence of high speed connections, as the result of high costs, deterred
dissent. The significant cost of speedy connections in Iran deters use of services that rely
upon complex graphics or video, such as YouTube. A private study conducted for the
BBC found that economics severely limited use of high speed connections.70 Howard
demonstrated that political participation increases in countries that experience
decreasing Internet costs.71 An intranet ameliorates the dictator's dilemma somewhat by
facilitating communications within the country while eliminating the ability of potential
dissenters to communicate with external supporters. While dissenters within the
country can participate in discussion and planning, they are subject to surveillance with
a decreased potential of receiving international support.
Ideological differences
The Iranian decision to construct an intranet along Islamic principles highlights
significant differences between Western ideas of sovereignty and Iran’s conception of
the source of state power. After the Enlightenment, the West conceived of state power as
originating from the will of its citizens. Iran believes that neither the state nor
individuals possess sovereignty, so any power exercised by the state must be religious in
origin. The elimination of individuals from the power equation creates a different
relationship between the state and individuals. Iranian rejection of the centrality of
individual rights forecloses acceptance of an individual’s right to access information.
The Western tradition cannot be reconciled with the Iranian position. The consequence
70 Kathuria, Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet, 56. 71 Howard, The Digital Origins of Dictatorship and Democracy.
20
of the conflict is that Iran exercises extreme information sovereignty in matters if
Internet governance and internal security.
A fundamental difference distinguishes Iran’s conception of sovereignty from
Western practices. Western democracies believe that the state exercises sovereignty as a
consequence of a social contract in which individuals collectively cede some rights to the
state in return for benefits unattainable if individuals acted alone.72 Sovereignty, in the
West, is grounded in a social contract. Iran, by contrast, formed as a Theocratic
Republic incorporating Islamic Shi’a principles in its constitution.73 Sovereignty in the
Iranian scheme resides in God, not individuals or the state, so the devolution of
authority to the state depends not on a social contract but a divine grant.74
The fundamentally distinct views on sources of sovereignty make it difficult for
the cultures to understand each other. The Iranian government does not recognize a
need to balance rights of people and the power of the state since all right and power
originates divinely. The West, conversely, fails to appreciate that the Iranian view of
sovereignty does not address human rights.
The power held by states to exercise sovereignty over information does not itself
authorize the use of that power. The exercise of power by a state competes with
information rights of individuals. Authoritarian regimes tend to resolve the conflict on
the side of the state, while democratic governments – at least in their statements –
recognize individual rights to communicate. The concept of a fundamental right arises
72 Hobbes, The Leviathan: Reprinted from the Edition of 1651.; Mill, On Liberty; Rousseau, Of The Social Contract, Or Principles of Political Right. 73 Shirazi, “The Emancipatory Role of Information and Communication Technology: A Case Study of Internet Content Filtering Within Iran.” 74 Nasirpour, “Hojatollah Alimohammadi: The Process of Velayat Faqih’s Political Believes’ Development in the Political Fegh of Shiite.”
21
from Hobbes who believed that the equality of all individuals arose from natural
freedoms in which every individual possesses a right to everything.75 In order to avoid
the conflict inherent in all asserting such a right, some rights are ceded to a sovereign in
a social contract to assure order. Locke asserted the primacy of individuals as the
repository of natural freedoms. A sovereign’s failure to protect rights justified
overthrowing government because rights sprang from the individual but not from the
state.76 Rousseau distinguished between the sovereign and the government. The people
retained sovereignty, according to Rousseau, which they allowed governments to
exercise according to general will.77 Since individuals held sovereign power, rights could
not be alienated by government. The possibility of state authority overwhelming
individual liberty, according to Mill, could only be checked by individuals establishing
constitutional restraints of government reminding the state that it lacked inherent
authority.78
The idea of fundamental human rights reached its clearest expression in the
Universal Declaration of Human Rights (UDHR) in 1947 and the Vienna World
Conference on Human Rights. Neither declaration explicitly established access to
information or the right to communicate as a right, although Article 19 0f the UDHR
incorporated a right to expression. Jean D’Arcy postulated communication as a
universal right in 1969 when she served as Director of the United Nations Radio and
Visual Services Division. Resolution 4/19 adopted at the UNESCO General Conference
in 1980 asserted the “right of the public, of ethnic and social groups and of individuals
75 Hobbes, The Leviathan: Reprinted from the Edition of 1651. 76 Locke, Second Treatise of Government. 77 Rousseau, Of The Social Contract, Or Principles of Political Right. 78 Mill, On Liberty.
22
to have access to information sources and to participate actively in the communication
process.”79 The right to communicate represented an important claim in the
“Declaration of Principles” issued by the 2003 World Summit on the Information
Society.80
The US coupled freedom of expression to the availability of technology and
information. President Obama spoke of a fundamental human right to freedom of
expression using technology.81 The National Security Strategy of the United States for
2010 dedicated the country to freedom of expression through technological means.82
The US position on the right to communicate mirrored developments in other parts of
the world.83 Philip Weiss wrote that “an international sentiment has emerged clearly
indicating that Internet access is desired by all,” citing a 2009 ruling by the French
Constitutional Council holding “Internet access is a basic human right” as well as a UN
warning that “cutting off Internet access to quell protest is a human rights violation.”84
Consequences of establishing an intranet
The operation of an intranet unconnected to the worldwide Internet results in
five negative consequences for a country. The disconnection provides a false sense of
security for the country because the Internet represents one of many avenues for
introducing malicious software into a country's network. Once an intrusion takes place,
79 Penney, “Open Connectivity, Open Data: Two Dimensions of the Freedom to Seek, Receive and Impart Information.,” 9. 80 Berry, “The World Summit on the Information Society (WSIS).” 81 Jackson, “Obama.” 82 The White House, “National Security Strategy of the United States,” sec. 3. 83 Weiss, “Protecting a Right to Access Internet Content: The Feasibility of Judicial Enforcement in a Non-Neutral Network.” 84 Ibid., 384–5.
23
it is more difficult for a country, however vigilant, to detect the attack. Protection
against malware depends upon cooperative investigation by many actors seeking to
protect the integrity of the Internet. Disconnecting from the global network decreases
both the number of actors analyzing potential malicious code and inhibits the transfer of
information about existing code that would otherwise be available.
Cutting off the Internet forces potential dissenters to seek other means of
communication, usually facilitating face-to-face meetings that improve trust and
cooperation. Iranian dissenters seeking an Internet connection will become increasingly
dependent on technology supplied by the West, such as the Internet-in-a-suitcase
created by the US. Reliance on circumvention technology both increases the trust
dissenters exhibit for foreign actors and creates a dependence on suppliers outside of
the country.
Finally, restrictions on the transfer of information remove Iran from processes
that facilitate the diffusion of innovation. By becoming insular, the country must
increasingly rely upon its own capacity to develop new technologies.
False sense of security
The variety of malicious code that has infected systems in Iran created a belief
that removing the country's information network from the Internet creates a safer
environment for communication. While the Internet is a notorious route for the
introduction of malicious code, it is not the only one. Increased understanding of safe
computing techniques, combined with software tools that allow users to scan systems
24
for potential malware, diminish (but do not eliminate) the Internet as a route for
cyberattack.
The Stuxnet worm infected the Iranian nuclear industrial intranet through a USB
device, not through a direct Internet connection.85 The large number of portable drives
that can be connected to systems through USB ports creates avenues for the
introduction of malicious code. The intrusion worked because the operators of the
Natanz plant did not believe that the Siemens industrial control devices that they used
could be compromised and because the system was not connected to the Internet.
A direct connection to the Internet is not necessary for code to be downloaded.
Any system that can be ported from one network to another can function as an Internet
connection if any one of the systems connects. Stuxnet, for example, was not only
introduced by a USB device but the drive that performed the infection transmitted the
virus to every other system to which it subsequently connected. 86 The worm then
worked through zero day exploits in Microsoft Internet Explorer and Windows software,
as well as a Siemens control system used in the enrichment plant.87
Implementing a security scheme thought to be effective creates a sense of
complacency when the user fails to detect problems.88 Organizations that operate
networks behind firewalls exhibit a tendency to ignore applications level security
protocols in the belief that the firewall will protect against intrusion. No one technique
insures security. Organizations must implement security praxis in order to maintain the
85 Falliere, Murchu, and Chien, “W32. Stuxnet Dossier.” 86 Fisk, “Cyber Security, Building Automation, and the Intelligent Building.” 87 Nicholson et al., “SCADA Security in the Light of Cyber-Warfare.” 88 Hulme, “A False Sense of Security?”.
25
integrity of networks. Belief in the saliency of an action taken to protect a system
undermines organizational commitment to other security practices.89
Subsequent events in Iran evidence a tendency towards unwarranted confidence
in network security systems. For example, the Iranian minister of intelligence, Heydar
Moslehi, asserted that the country had taken steps to insure infrastructure protection. "I
assure all citizens that the intelligence apparatus currently has complete supervision on
cyberspace and will not allow any leak or destruction of our country's nuclear
activities."90
Decreased ability to detect intrusions
The authors of the Stuxnet codes, generally presumed to be American and Israeli,
incorporated several features designed to make detection difficult. The code recorded
data typical of normal machinery operation that was sent to machine operators in order
to mask the malfunction. The virus installed instructions that randomly closed valves
not associated with the intended sabotage in order to further disguise the source of the
problem.91 The virus used digital signing keys stolen from RealTek and JMicron, further
hindering detection by making it look like valid software.92
Although Stuxnet began diffusing at least by November 15, 2007, when it was
uploaded to the VirusTotal online scanner to check for malicious activity, it was not
identified as a cyberweapon until June 2010 when VirusBlokAda in Belarus identified
89 Grochow, “Firewalls’ False Sense Of Security.” 90 Keizer, “Iran Arrests ‘Spies’ after Stuxnet Attacks on Nuclear Program.” 91 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon.” 92 Nicholson et al., “SCADA Security in the Light of Cyber-Warfare.”
26
it.93 VirusTotal operates a free website that amalgamates information from more than
three dozen antivirus programs so that users can check a suspected file against known
malicious code. The original version of the worm contained coding to cease
communicating on January 11, 2009. It incorporated relatively modest replication
mechanisms, which made it more difficult to detect. The subsequent versions relied
upon four zero day exploits. The use of zero day exploits allowed the code to replicate
quickly once it escaped the Iranian intranet.94
The infection of thousands of computers by Stuxnet when it escaped the intranet
facilitated its detection. "If the virus had been written to only infect a small subset of
machines, then it may have gone undetected."95 The global malware surveillance
structure increases the probability of detection because multiple analysts bring different
tools and approaches to the problem of identifying malicious code. The Iranian
cyberattacks demonstrate the utility of a multi-level global surveillance system. There is
no evidence that Iran discovered, or even suspected, that Stuxnet interfered with its
industrial processes. The International Atomic Energy Agency (IAEA) monitored the
replacement of centrifuges in its cascade during 2010. IAEA determined that normal
operations required the replacement of 800 centrifuges a year but that the number of
actual replacements soared to around 2000 in a couple of months when it is now known
that the virus controlled the equipment.96
93 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon”; Nicholson et al., “SCADA Security in the Light of Cyber-Warfare.” 94 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon.” 95 Nicholson et al., “SCADA Security in the Light of Cyber-Warfare,” 430. 96 Zetter, “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History.”
27
The discovery of Stuxnet after it escaped the Iranian intranet was accomplished
through the efforts of multiple security firms. On June 17, 2010 VirusBlokAda, a security
firm in Belarus, discovered the virus in a computer owned by one of its clients. A global
security firm with headquarters in Bratislava, Slovakia, and Kosice - ESET - detected
one of the stolen trusted program certificates used to disguise the malicious code.
Symantec reverse-engineered the code. The German security firm GSMK identified the
most-probable target of the virus.97 Kaspersky Lab, a Russian security firm, uncovered
the Flame virus.98
Iran cannot on its own provide the level of surveillance or duplicate the multiple
approaches that the global cybersecurity community focused on the complex of
malicious code that infected Iran's computer networks. Disconnecting the intranet from
the Internet deprives the intranet of a vital resource for detecting malware. Iran, of
course, claimed that it had discovered and countered the threat, but the announcement
was made after the outside security firms released significant analyses of the codes.
Removing the domestic network from the Internet decreases the ability of the intranet
operator to maintain system security.
Increased effectiveness of dissidents
Disconnecting from the Internet tends to increase the effectiveness of dissidents
as they are forced to meet each other in a fashion that increases organizational trust.
Young elites throughout the Middle East embraced the new communication
97 Ibid. 98 Zetter, “Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.”
28
technologies that became available with infrastructure improvements that made
domestic use of the Internet possible.99 The Middle East led the world in growth of
internet use from 2000-2005, according to the World Bank, with Iran exhibiting a
2900% growth in Internet penetration.100
Potential participants in an organization must share identity to utilize the
mobilization structure. Identity takes two forms. Internal recognition by members of the
organization means the members identify themselves as participants; external
recognition by groups outside the movement contemplates some degree of social
realization that the movement exists.101 Collective identity emerges when movement
members share objectives, the potentialities for achieving shared objectives, and the
obstacles to successful action. Trust depends on shared information transmitted either
in person or online.102
Collective identity fosters trust.103 Mayer, Davis, and Schoorman define trust as
“willingness of a party to be vulnerable to the actions of another party based on the
expectations that the other will perform a particular action important to the trust or,
irrespective of the ability to monitor or control that other party.”104 Trust represents an
affective bond that endures over time.105 Motivating participants to act in the presence
of strong disincentives like danger, inconvenience, potential embarrassment, or
99 Alterman, “IT Comes of Age in the Middle East: Focus on IT and Diplomacy.” 100 Shirazi, “The Emancipatory Role of Information and Communication Technology: A Case Study of Internet Content Filtering Within Iran.” 101 Della Porta and Diani, Social Movements. 102 Melucci, Nomads of the Present. 103 Della Porta and Diani, Social Movements. 104 Schoorman, Mayer, and Davis, “An Integrative Model of Organizational Trust,” 712. 105 Goodwin, The Social Movements Reader.
29
excessive commitment of time requires trust between members.106 Keck and Sikkink
propose that the saliency of any networked movement depends not only on the number
of members but on both the number of exchanges and degree of trust between
members.107 While formation of collective identity benefits from online information
Melucci, Nomads of the Present., little evidence exists for the proposition that online
communication encourages relationship building and trust.108 Development of trust
requires a relationship more intimate than can be experienced online. The most salient
contact leading to the formation of trust between actors is face-to-face discussion.109
The effect of disconnecting from the Internet was exemplified in Egypt when the
Mubarek government attempted to disrupt communications by protestors through
suspension of the Internet. The effort resulted in an increase in the number of
protestors.110 An intranet disconnected from the global Internet - especially one under
government surveillance - fosters communication on a personal level. The increased
reliance on personal connections would tend to foster the development of strong ties
between activists. The existence of strong ties fosters mobilization among dissidents
sharing an ideological commitment to change the entrenched government.111 The result
of disconnecting from the Internet could be increased activity by dissidents.
Increased reliance on the West by dissidents Disconnecting the intranet from the Internet forces activists to develop new ways
to connect to the world. During the Tahrir Square occupation in Egypt during 2011, for
106 Della Porta and Diani, Social Movements. 107 Keck and Sikkink, Activists Beyond Borders. 108 Melucci, Nomads of the Present. 109 Diani, “Social Movement Networks Virtual and Real”; Handy, “Trust and the Virtual Organization.” 110 El Hamamsy, “BB = BlackBerry or Big Brother.” 111 McAdam, McCarthy, and Zald, Comparative Perspectives on Social Movements.
30
example, a variety of tools appeared to circumvent the government's attempt to
disconnect from the Internet. Google and Twitter worked together to develop a speak-
to-tweet program.112 Protestors used a variety of applications and proxy sites to
maintain connections.113
The US has developed technologies to establish networks that circumvent
censorship.114 The National Security Strategy of the United States supported the use
and distribution of circumvention technologies “to facilitate freedom of expression,
expand access to information, increase governmental transparency and accountability,
and counter restrictions on their use.”115 Iran responded by criminalizing the
distribution of circumvention technologies while acting to limit their effectiveness.116 US
programs promoting Internet freedom through the use of these technologies, moreover,
targets China and Iran while ignoring US allies operating extensive filtering programs.117
Indeed, Iran's escalation of the soft war by proposing to build an intranet was in part a
reaction to American efforts to facilitate circumvention.118.
As it becomes more difficult to connect to the Internet, the availability of US
technology to circumvent the ban will become increasingly important. US foreign policy
acknowledges the deployment of such technologies. The US began “working in more
than 40 countries to help individuals silenced by oppressive governments” by providing
technology to circumvent controls on information, according to former Secretary of
112 Ladhani, “Egypt: First Cut Off the Internet!”. 113 El Hamamsy, “BB = BlackBerry or Big Brother.” 114 Glanz and Markoff, “U.S. Underwrites Internet Detour Around Censors Abroad.” 115 The White House, “National Security Strategy of the United States,” 39. 116 Kathuria, Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet. 117 Mueller, “China and Global Internet Governance: A Tiger by the Tail.” 118 Dehghan, “Iran Tightens Online Censorship to Counter US ‘Shadow Internet’.”
31
State Clinton.119 The US developed a technology allowing users to avoid blocked
gateways by establishing cell phone networks that can be used for Internet access.120
Google consulted with the State Department and the US Agency for International
Development about developing tools to circumvent Iranian monitoring of email. One
proposal, for example, considered establishing an encrypted email system that would be
activated by a using a particular search term.121
The Chaos Computer Club, a hacking group in Germany, developed a USB tool
that allowed journalists to circumvent Internet controls in China by accessing the TOR
network. The International Broadcasting Bureau, an agency of the US government,
funded the development of software by Dynamic Internet Technologies that employed
multiple open routers to avoid Chinese censorship.122 The technology could be applied
to Iran.
Provisioning circumvention technologies to Iranian citizens would increase
reliance on Western technology by dissidents. The net effect of the disconnect would be
to force network users seeking an Internet connection to actively engage with Western
providers. Enhanced contact with the West represents an effect contrary to the one that
motivated the disconnect in the first instance.
Inefficiencies/lack of innovation Iran initially encouraged development of Internet-related activity within the
country because it viewed the Internet as a technology to stimulate innovation. A quick
119 Clinton, “Secretary of State Hillary Rodham Clinton Delivers Remarks on Internet Freedom at the Newseum,” n.p. 120 Dehghan, “Iran Tightens Online Censorship to Counter US ‘Shadow Internet’.” 121 Albertson, “Secret Google Meeting Targeted Internet Freedom in Iran.” 122 Bradbury, “Routing Around Censorship.”
32
way to increase the degree of innovation in the country seemed to be an intelligent
policy because technological development in Iran collapsed after the Iran-Iraq war. The
government believed that the internet could provide a quick route to economic
expansion.123 The state at that time exercised little control over network technology or
online activity. Permissiveness was rooted in a policy to use technology to enhance the
authority of government.124
Iran appears to have abandoned its goal of quick transformation through global
communication, opting instead to facilitate a domestic agenda that provides for the
control of information. The consequence is that the potential for innovation decreases.
The availability of information from around the world constitutes an important input for
innovation. By restricting the availability of this raw material, Iran inhibits its potential
for sustaining industrial and scientific endeavors on a par with the rest of the world.
Conclusion Isolating internal networks from the Internet requires technical expertise and
creativity but is not unprecedented. The US military utilizes a worldwide system
connected to the Internet for secure communications. Called the Secret Internet
Protocol Router Network, it functions as a worldwide network for sensitive
communication. A somewhat less secure system, the Non-Classified Internet Protocol
Router Network, employs the internet for logistics communication.125 Cuba operates a
dual network that allows one system to connect to the Internet while a different intranet
123 Rahimi, “Cyberdissent: The Internet in Revolutionary Iran.” 124 Lerner, “Connecting the Actual with the Virtual: The Internet and Social Movement Theory in the Muslim World-The Cases of Iran and Egypt.” 125 Brewin and Verton, “DOD Leaders Mull Internet Disconnect.”
33
handles most communication within the country.126 Even the US considered legislation
that would augment the President’s authority under the Communications Act of 1934 to
throw a hypothetical “kill switch” in case of cyberattack.127
The technical feasibility of operating an intranet disconnected from the Internet
does not mean that it makes for good policy. Iran has a history of exquisitely controlling
information flows. Internet censorship as implemented in Iran began with a complex,
decentralized system of agencies with overlapping authority. New governmental
organizations charged with controlling information on the network, such as the Cyber
Army and Cyber Police, exercised authority that overlapped the jurisdiction of
incumbent regulators. The government shifted to a more centralized system in 2012
with the creation of the Supreme Cyberspace Council.128
The creation of a domestic network isolated from the Internet represents a dream
for Iran consistent with its mission to promote religious beliefs. "Any attempt by a
country to make an intranet is doomed to failure" in the view of Cedric Leighton, a
retired deputy director at the National Security Agency.129 The best that Iran can
achieve is a two-tier system with elements not connected to the Internet. The Internet
already consists of zones where access is restricted or controlled.130
Severely restricting Internet access through the implementation of an intranet
does not resolve problems motivating the disconnection, cyberattack is still possible
126 Riesman, “Iran’s Network in a Bottle.” 127 Bambauer, “Conundrum.” 128 CGCSblog, “Iran’s Internet Censorship.” 129 Ball and Gottlieb, “Iran Tightens Online Control by Creating Own Network,” n.p. 130 Lessig, “Reading the Constitution in Cyberspace.”
34
using non-obvious routes to insertion of malicious code, such as through the use of USB
drives. The fact that a system is nominally disconnected from the Internet will lead to a
false sense of security that has been shown to create vulnerabilities. The lack of
international surveillance of the intranet deprives its operators of a robust system of
global malware protection. Finally, social effects of the disconnect would include
increased reliance on Western technology to circumvent the blockage.
Bibliography
Albertson, Mark. “Secret Google Meeting Targeted Internet Freedom in Iran.” Examiner.com, September 4, 2013. http://www.examiner.com/article/secret-google-meeting-targeted-internet-freedom-iran.
Alterman, J.B. “IT Comes of Age in the Middle East: Focus on IT and Diplomacy.” Foreign Service Journal 82, no. 12 (2005): 36–42.
Arjomand, Said Amir. The Shadow of God and the Hidden Imam: Religion, Political Order, and Societal Change in Shi’ite Iran from the Beginning to 1890. Chicago: University of Chicago Press, 1984.
Bakhash, Shaul. The Reign of the Ayatollahs: Iran and the Islamic Revolution. Rev. ed. New York: Basic Books, 1990.
Ball, James, and Benjamin Gottlieb. “Iran Tightens Online Control by Creating Own Network.” The Guardian, September 25, 2012, sec. World news. http://www.guardian.co.uk/world/2012/sep/25/iran-state-run-internet.
Bambauer, Derek. “Conundrum.” Minnesota Law Review 96 (2011): 584. Benkler, Yochai. The Wealth of Networks: How Social Production Transforms Markets
and Freedom. New Haven [Conn.]: Yale University Press, 2006. Berry, John W. “The World Summit on the Information Society (WSIS): A Global
Challenge in the New Millennium.” Libri 56, no. 1 (2006): 1–15. Bradbury, Danny. “Routing Around Censorship.” Network Security 2011 (May 2011): 5–
8. Braman, Sandra. Change of State: Information, Policy, and Power. Cambridge, Mass.:
MIT Press, 2006. Brewin, Bob, and Daniel Verton. “DOD Leaders Mull Internet Disconnect.” CNN.com.
Sci-Tech, April 20, 1999. http://www.cnn.com/TECH/computing/9904/20/dod.disconnect.idg/index.html.
35
CGCSblog. “Iran’s Internet Censorship: New Infographic Illuminates Administrative Maze.” The Annenberg School for Communication. The Center for Global Communication Studies (CGCS), March 27, 2013. http://cgcsblog.asc.upenn.edu/2013/03/27/irans-internet-censorship-new-infographic-illuminates-administrative-maze/.
Chandler, Alfred D., and James W. Cortada. A Nation Transformed by Information: How Information Has Shaped the United States from Colonial Times to the Present. Oxford; New York: Oxford University Press, 2000.
Clark, John. Globalizing Civic Engagement: Civil Society and Transnational Action. London: Routledge, 2003.
Clinton, Hillary. “Secretary of State Hillary Rodham Clinton Delivers Remarks on Internet Freedom at the Newseum.” United States Department of State, January 21, 2010. http://www.state.gov/secretary/rm/2010/01/135519.htm.
Const. Iran. “Islamic Republic of Iran Constitution, as Amended.” Islamic Republic of Iran Constitution, 1979. http://www.iranonline.com/iran/iran-info/government/constitution.html.
Daneshvar, Parviz. Revolution in Iran. Houndmills, Basingstoke, Hampshire : New York: Macmillan Press ; St. Martin’s Press, 1996.
Dehghan, Saeed Kamali. “Iran Tightens Online Censorship to Counter US ‘Shadow Internet’.” The Guardian, July 13, 2011. http://www.guardian.co.uk/world/2011/jul/13/iran-tightens-online-censorship.
Deibert, Ronald J., and Masashi Crete-Nishihata. “Global Governance and the Spread of Cyberspace Controls.” Global Governance 18, no. 3 (2012): 339–361.
Deibert, Ronald J., John Palfrey, Rafal Rohozinski, and Jonathan Zittrain. Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. Information Revolution and Global Politics. Cambridge, Mass: MIT Press, 2010.
Della Porta, Donatella, and Mario Diani. Social Movements: An Introduction. Malden MA: Blackwell, 2006.
Diani, M. “Social Movement Networks Virtual and Real.” Information Communication & Society 3, no. 3 (2000): 386–401.
El Hamamsy, Walid. “BB = BlackBerry or Big Brother: Digital Media and the Egyptian Revolution.” Journal of Postcolonial Writing 47, no. 4 (September 2011): 454–466. doi:10.1080/17449855.2011.590325.
Esfandiari, Golnaz. Countries at the Crossroads 2012: Iran. Countries at the Crossroads. Freedom House, 2012. http://www.freedomhouse.org/report/countries-crossroads/2012/iran.
Falliere, Nicolas, Liam O. Murchu, and Eric Chien. “W32. Stuxnet Dossier.” Symantec Security Response., February 2011. http://www.h4ckr.us/library/Documents/ICS_Events/Stuxnet%20Dossier%20(Symantec)%20v1.4.pdf.
Fathi, Nazila. “Iran Disrupts Internet Service Ahead of Protests.” The New York Times. February 11, 2010, New York edition, sec. International / Middle East.
Finkle, Jim. “Researchers Say Stuxnet Was Deployed Against Iran in 2007.” Reuters. February 26, 2013. http://www.reuters.com/article/2013/02/26/us-cyberwar-stuxnet-idUSBRE91P0PP20130226.
36
Fisk, David. “Cyber Security, Building Automation, and the Intelligent Building.” Intelligent Buildings International 4, no. 3 (July 2012): 169–181. doi:10.1080/17508975.2012.695277.
Ghasemilee, Sara. “Iran Claims West Is Using Internet for Spying, Creates Its Own ‘halal’ Network.” Al Arabiya News, March 10, 2012. http://english.alarabiya.net/articles/2012/03/10/199814.html.
Glanz, James, and John Markoff. “U.S. Underwrites Internet Detour Around Censors Abroad.” The New York Times, June 12, 2011, sec. World. http://www.nytimes.com/2011/06/12/world/12internet.html.
Goldsmith, Jack L., and Tim Wu. Who Controls the Internet?: Illusions of a Borderless World. New York: Oxford University Press, 2006. Table of contents http://www.loc.gov/catdir/toc/ecip0519/2005027404.html Publisher description http://www.loc.gov/catdir/enhancements/fy0635/2005027404-d.html Contributor biographical information http://www.loc.gov/catdir/enhancements/fy0723/2005027404-b.html.
Golkar, Saeid. “Liberation or Suppression Technologies? The Internet, the Green Movement and the Regime in Iran.” International Journal of Emerging Technologies and Society 9, no. 1 (2011).
Goodwin, Jeff. The Social Movements Reader : Cases and Concepts. Malden MA: Blackwell Pub., 2003.
GReAT. “Gauss: Nation-state Cyber-surveillance Meets Banking Trojan.” Securelist.com, August 9, 2012. http://www.securelist.com/en/blog/208193767/Gauss_Nation_state_cyber_surveillance_meets_banking_Trojan.
Grochow, Jerrold. “Firewalls’ False Sense Of Security.” Computerworld 39, no. 9 (February 28, 2005): 23–23.
Handy, Charles. “Trust and the Virtual Organization.” Harvard Business Review 73, no. 3 (May 1995): 40–50.
Hindess, Barry. “Power and Rationality: The Western Concept of Political Community.” Alternatives: Global, Local, Political 17, no. 2 (April 1, 1992): 149–163. doi:10.2307/40644737.
Hobbes, Thomas. The Leviathan: Reprinted from the Edition of 1651. Harmondsworth, Eng.: Penguin, 1651.
Howard, Philip N. The Digital Origins of Dictatorship and Democracy : Information Technology and Political Islam. Oxford; New York: Oxford University Press, 2010.
Howard, Philip N., Sheetal D. Agarwal, and Muzammil M. Hussain. “When Do States Disconnect Their Digital Networks? Regime Responses to the Political Uses of Social Media.” The Communication Review 14, no. 3 (July 2011): 216–232. doi:10.1080/10714421.2011.597254.
Hulme, George V. “A False Sense of Security?” CIO 25, no. 2 (October 15, 2011): 18–20. Islamic Republic of Iran. Press Law (Ratified on March 19, 1986) And Its Executive By-
law (January 31, 1987), 1986. http://www.parstimes.com/law/press_law.html. Jackson, David. “Obama: ‘Violence Is Not the Answer’ in Egypt.” USATODAY.COM,
January 28, 2011. http://content.usatoday.com/communities/theoval/post/2011/01/obama-violence-is-not-the-answer-in-egypt/1.
37
Kahn, Richard, and Douglas Kellner. “New Media and Internet Activism: From the ‘Battle of Seattle’ to Blogging.” New Media & Society 6, no. 1. What’s Changed About New Media? (February 2004): 87–95. doi:10.1177/1461444804039908.
Kathuria, Karl. Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet. Toronto: Citizen Lab At Munk School Of Global Affairs, October 11, 2011. http://citlabdocs:[email protected]/CanadaCentre2011.pdf.
Keck, Margaret E., and Kathryn Sikkink. Activists Beyond Borders : Advocacy Networks in International Politics / Margaret E. Keck and Kathryn Sikkink. Ithaca, N.Y. : Cornell University Press, 1998., 1998.
Keizer, Greg. “Iran Arrests ‘Spies’ after Stuxnet Attacks on Nuclear Program.” Computerworld, October 2, 2010. http://www.computerworld.com/s/article/9189218/Iran_arrests_spies_after_Stuxnet_attacks_on_nuclear_program.
Kelly, Sanja, Sarah Cook, and Mai Truong. Freedom on the Internet 2012: A Global Assessment of Internet and Digital Media. Washington, DC: Freedom House, 2012. http://www.freedomhouse.org/sites/default/files/FOTN%202012%20FINAL.pdf.
Kriesberg, Louis, Jackie Smith, Charles Chatfield, and Ron Pagnucco. “Social Movements and Global Transformation.” In Transnational Social Movements and Global Politics: Solidarity Beyond the State, 3–18. Syracuse NY: Syracuse University Press, 1997.
Ladhani, Noorin. “Egypt: First Cut Off the Internet!” Social Policy 41, no. 1 (2011): 54–54.
Lerner, Melissa Y. “Connecting the Actual with the Virtual: The Internet and Social Movement Theory in the Muslim World-The Cases of Iran and Egypt.” Journal of Muslim Minority Affairs 30, no. 4 (December 2010): 555–574. doi:Article.
Lessig, Lawrence. Code and Other Laws of Cyberspace. Basic Books, 2000. ———. “Reading the Constitution in Cyberspace.” Emory Law Journal 45 (1996): 869. Lichy, Jessica. “Borders and Frontiers in the Information Age.” Global Business
Languages 14 (January 2009): 3–16. Lindenberg, Marc., and Coralie. Bryant. “Going Global: Transforming Relief and
Development NGOs.” 288. Bloomfield CT: Kumarian Press, 2001. Locke, John. Second Treatise of Government. Project Gutenberg, 1690.
http://www.gutenberg.org/files/7370/7370-h/7370-h.htm. McAdam, Doug, John D. McCarthy, and Mayer N. Zald. Comparative Perspectives on
Social Movements: Political Opportunities, Mobilizing Structures, and Cultural Framings. New York: Cambridge Univ Press, 1996.
McNutt, John G., and Katherine Mary Boland. “Electronic Advocacy by Nonprofit Organizations in Social Welfare Policy.” Nonprofit & Voluntary Sector Quarterly 28, no. 4 (December 1999): 432–451.
Melucci, Alberto. Nomads of the Present : Social Movements and Individual Needs in Contemporary Society / Alberto Melucci. Edited by John Keane and Paul Mier. Philadelphia : Temple University Press, 1989., 1989.
Mill, John Stuart. On Liberty. London: The Walter Scott Publishing Co., Ltd., 1859. http://www.gutenberg.org/files/34901/34901-h/34901-h.htm.
38
Morozov, Evgeny. “Dictatorship.com.” New Scientist 209, no. 2802 (March 5, 2011): 30–31.
———. The Net Delusion: The Dark Side of Internet Freedom. PublicAffairs, 2011. Mueller, Milton L. “China and Global Internet Governance: A Tiger by the Tail.” In
Access Contested: Security, Identity, and Resistance in Asian Cyberspace, edited by Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain, 177–194. Cambridge MA: MIT Press, 2011. http://books.google.com/books?hl=en&lr=&id=In97BDvSBXwC&oi=fnd&pg=PP2&dq=%22the+event+gets+under+way,+an+of%EF%AC%81cial+from+the+United+Nations%E2%80%94the%22+%22and+a+security+guard.+The+banner+is+placed+on+the+%EF%AC%82oor+while+discussions%22+%22YouTube.+Press+inquiries+begin,+and+soon+there+are+stories+and+posts+about+the%22+&ots=9a1vINarED&sig=l6AGEx8pErtmW2D-uE6ZChQzpSM.
———. Networks and States: The Global Politics of Internet Governance. Information Revolution and Global Politics. Cambridge, Mass: MIT Press, 2010.
Nasirpour, Sanaz. “Hojatollah Alimohammadi: The Process of Velayat Faqih’s Political Believes’ Development in the Political Fegh of Shiite.” Politics and Religion 3, no. 2 (2009): 293–295.
Negroponte, N. “Beyond Digital.” Wired, 1998. Nicholson, A., S. Webber, S. Dyer, T. Patel, and H. Janicke. “SCADA Security in the
Light of Cyber-Warfare.” Computers & Security 31, no. 4 (June 2012): 418–436. doi:10.1016/j.cose.2012.02.009.
Nye, Joseph S. Soft Power. New York: PublicAffairs, 2004. Omid, Homa. Islam and the Post-revolutionary State in Iran. New York: St. Martin’s
Press, 1994. ONI. “Global Internet Filtering in 2012 at a Glance.” OpenNet Initiative, April 3, 2012.
https://opennet.net/blog/2012/04/global-internet-filtering-2012-glance#footnote1_1m6w9x9.
———. Internet Filtering in Iran. OpenNet Initiative, June 16, 2009. https://opennet.net/sites/opennet.net/files/ONI_Iran_2009.pdf .
Papacharissi, Zizi. “The Virtual Sphere: The Internet as a Public Sphere.” New Media & Society 4 (2002): 9–27.
Penney, Jonathon W. “Open Connectivity, Open Data: Two Dimensions of the Freedom to Seek, Receive and Impart Information.” Victoria University of Wellington Law Review (June 2, 2012): 1–59.
Pool, Ithiel de Sola. Technologies of Freedom. Cambridge, Mass.: Belknap Press, 1983. Rahimi, Babak. “Cyberdissent: The Internet in Revolutionary Iran.” Middle East Review
of International Affairs Journal 7, no. 3 (2003): 101–115. Ramezanpour, Ali Asghar. “The Scope and Structure of Censorship in Iran.” Freedom
House. Gozaar: A Forum on Human Rights and Democracy in Iran, April 11, 2008. http://www.gozaar.org/english/articles-en/The-Scope-and-Structure-of-Censorship-in-Iran.html.
Reporters Without Borders. “Iran.” The Enemies of Internet, March 12, 2013. http://surveillance.rsf.org/en/iran/.
———. “Repression Stepped up yet Again as Iran Becomes World’s Biggest Prison for Journalists.” Reporters Without Borders, June 21, 2009. http://en.rsf.org/iran-repression-stepped-up-yet-again-as-21-06-2009,33474.
39
Rheingold, Howard. The Virtual Community. Cambridge, MA: Addison-Wesley, 1993. Rhoads, Christopher, and Farnaz Fassihi. “Iran Vows to Unplug Internet.” Wall Street
Journal - Eastern Edition 257, no. 124 (May 28, 2011): A1–A12. Riesman, Abraham. “Iran’s Network in a Bottle.” BostonGlobe.com, July 15, 2012.
http://www.bostonglobe.com/ideas/2012/07/14/iranian-government-building-internet-all-its-own/60eT7aC7P563vc4ti8auIN/story.html.
Roberts, Hal, Ethan Zuckerman, and John Palfrey. Circumvention Tool Evaluation. Cambridge MA: B e r k m a n C e n t e r f o r I n t e r n e t & S o c i e t y, 2011. https://cyber.law.harvard.edu/sites/cyber.law.harvard.edu/files/2011_Circumvention_Tool_Evaluation_1.pdf.
Rousseau, Jean-Jacques. Of The Social Contract, Or Principles of Political Right. Translated by G.D.H. Cole. World Public Library Collection. Project Gutenberg Consortia Center, 1762. http://ebooks.gutenberg.us/WorldeBookLibrary.com/socon.htm.
Schoorman, F.D., R.C. Mayer, and J.H. Davis. “An Integrative Model of Organizational Trust: Past, Present, and Future.” The Academy of Management Review ARCHIVE 32, no. 2 (2007): 344–354.
Schrempf, Judith. “Nokia Siemens Networks: Just Doing Business – or Supporting an Oppressive Regime?” Journal of Business Ethics 103, no. 1 (April 9, 2011): 95–110. doi:10.1007/s10551-011-0844-7.
Shirazi, Farid. “The Emancipatory Role of Information and Communication Technology: A Case Study of Internet Content Filtering Within Iran.” Journal of Information, Communication & Ethics in Society 8, no. 1 (March 2010): 57.
Storm, Darlene. “Gauss Malware: Nation-state Cyber-espionage Banking Trojan Related to Flame, Stuxnet.” Computerworld, August 9, 2012. http://blogs.computerworld.com/security/20816/gauss-malware-nation-state-cyber-espionage-banking-trojan-related-flame-stuxnet.
The White House. “National Security Strategy of the United States,” May 2010. , http://www.whitehouse.gov/sites/default/!les/rss_viewer/ national_security_strategy.pdf.
Warkentin, Craig. Reshaping World Politics: NGOs, the Internet, and Global Civil Society. Lanham MD: Rowman & Littlefield Publishers, 2001.
Weiss, Philip F. “Protecting a Right to Access Internet Content: The Feasibility of Judicial Enforcement in a Non-Neutral Network.” Brooklyn Law Review 77 (October 1, 2011): 383.
York, Jillian. “More Than Half a Billion Internet Users Are Being Filtered Worldwide.” OpenNet Initiative, January 19, 2010. http://opennet.net/blog/2010/01/more-halfa- billion-internet-users-are-being-filtered-worldwide.
Zetter, Kim. “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History.” Wired.com. Threat Level, July 11, 2011. http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/.
———. “Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.” Wired.com. Threat Level, May 28, 2012. http://www.wired.com/threatlevel/2012/05/flame/.
40
———. “Son of Stuxnet Found in the Wild on Systems in Europe.” Wired.com. Threat Level, October 18, 2011. http://www.wired.com/threatlevel/2011/10/son-of-stuxnet-in-the-wild/.
———. “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon.” Wired.com. Threat Level, February 26, 2013. http://www.wired.com/threatlevel/2013/02/new-stuxnet-variant-found/.
Ziccardi, Giovanni. Resistance, Liberation Technology and Human Rights in the Digital Age. Law, Governance and Technology Series 7. Dordrecht: Springer, 2013.
Zysman, John, and Abraham Newman. “The State in the Digital Economy.” In The State after Statism: New State Activities in the Age of Liberalization, edited by Jonah D. Levy, 211–300. Cambridge, Mass: Harvard University Press, 2006.