Unintended consequences of deploying intranets as an attempt to insulate from cyberattack

Michael Jablonski

Presidential Doctoral Fellow

Transcultural Conflict & Violence Program (2CI)

Georgia State University

Michael Jablonski, J.D. Department of Communication Georgia State University P.O. Box 5060 Atlanta, Georgia 30302-5060 mjablonski@gsu.edu

Presented at the 2013 International Biennial Conference of the Inter-University Seminar on Armed Forces and Society, The Palmer House Hilton in Chicago, Illinois, USA

October 25-27, 2013.

2

Unintended consequences of deploying intranets as an attempt to insulate from cyberattack

Abstract Governments have reacted to the possibility that the global internet may provide

a pathway for intrusion associated with malicious activity by segmenting internal

networks such that portions do not interconnect with networks outside their control.

Networks that function like the internet but with little or no global connectivity –

intranets – are seen as ways to protect information from aggression by isolating

networked users from dangers lurking on the larger system. Intranets, however,

substitute one set of dangers for another. The creation of an intranet fosters a false sense

of security while decreasing the probability that malware on the system can be

expeditiously detected. Infection of a network in the Natanz nuclear enrichment facility

(Iran) by the Stuxnet worm provides a case study demonstrating that intranets distort

the protection calculus applicable to networks. The internet derives protection from a

large volume of users scanning for malware using a large number of diagnostic tools. An

intranet, by contrast, constrains the diversity of techniques employed to monitor

network health. Users employing an intranet must weigh assumed benefits of network

impenetrability against costs associated with decreased surveillance.

Introduction

3

Governments "intervened in the connections of a digital network" at least 566

times between 1995 and 2011.1 In 2010 the OpenNet Initiative (ONI) estimated that

substantial blocking of the Internet affected 32% of all users, approximately 563,018,414

people - a number not including restrictions in UK, Germany, Korea or Nordic

countries.2 By 2012 over 620 million users experienced blockages in connectivity.3

Of these incidents, the most radical intervention results in complete isolation of a

region from access to the Internet. Governments limit communication primarily to

minimize the effect of protest. Egypt and Libya (2011), Nepal (2005), Burma (2007),

China (2009) disconnected from the Internet during protests that started with ethnic

Uyghur residents in Xinjiang province. The rapid transit system in San Francisco

blocked cell phone service on trains during protests in 2011. Britain considered shutting

down cell and network communications during 2011 riots.4 The initial reaction of

governments facing organized protests facilitated by the ability to communicate through

Internet-based systems is to restrict use of the systems.

Communication restrictions derive from an intent to preserve existing power

relations and cultural heritage. A study of factors motivating countries to filter the

Internet identified twelve categories that could be grouped into “protecting political

authority and preserving the public good.”5 The typologies most pertinent to Iran

include protecting national security, protection from propaganda, stifling dissent, and

preserving cultural or religious values. Iran has been aggressive in operations to cut off

1 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?,” 220. 2 York, “More Than Half a Billion Internet Users Are Being Filtered Worldwide.” 3 ONI, “Global Internet Filtering in 2012 at a Glance.” 4 Deibert and Crete-Nishihata, “Global Governance and the Spread of Cyberspace Controls”; Kelly, Cook, and Truong, Freedom on the Internet 2012: A Global Assessment of Internet and Digital Media. 5 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?”.

4

text messaging and SMS services, blocked access to social media, and made

communication of information threatening the government illegal during episodes of

political stress.6 Interfering with communications, it was hoped, would disrupt

protestors by denying to them the use of an effective organizing tool. In 2005 Iran went

further. The country's leadership began exploring possibilities for an internal network

not connected to the worldwide Internet. The success of a pilot program connecting

3,000 schools and 400 businesses led to the investment of $1 billion in 2008 to deploy

“a genuinely halal network, aimed at Muslims on an ethical and moral level,” in the

words of Ali Agha-Mohammadi, the head of economic affairs in the country.7

The significance of disconnecting the company from the Internet is related to the

successful diffusion of Internet-based communication technologies throughout the

country. Iran consistently exhibited superior rates of Internet adoption when compared

to tother developing countries because of its young population (70% under the age of

30) and high literacy (79+%). In the 15 years after 1996 it added well over 32 million

Internet users.8 Pervasive adoption of the new technologies resulted, in large part, from

early policies that imposed few restrictions on its use.

To understand the major shift from policies encouraging use of the Internet to

the current planned network not linked to the Internet, it is necessary to explore the

history of modern Iran and its attitude towards communication. In 1979 Ayatollah

Ruhollah Khomeini came to power following a revolution that overthrew the Pahlavi

regime. Mismanagement of the economy by the Shah, accompanied by politically inept

6 Fathi, “Iran Disrupts Internet Service Ahead of Protests.” 7 Rhoads and Fassihi, “Iran Vows to Unplug Internet.,” n.p. 8 Golkar, “Liberation or Suppression Technologies?”.

5

efforts to suppress growing dissent, fostered a move towards Islam among Iranians. The

Shah left the country shortly after a September 1978 confrontation between government

forces and protestors in Tehran, allowing Khomeini to accept leadership of the

dissidents and assume control of the country. Khomeini instituted a dual system of

government in which elected civil authorities were supervised by a set of unelected

religious structures. Civil authorities administered the government on a day-by-day

basis but all policies were reviewed, if not dictated, by religious authorities.9

Even with heightened censorship following the institution of a religious regime,

the growth of internet use in Iran was astonishing. Over 23 million Iranians, comprising

over 31% of the population, write over 60,000 blogs.10 Government leaders such as

Mahmoud Ahmadinejad, when he was president, and Supreme Leader Ayatollah

Khamenei maintain. So do important clerics.11 The popularity of the network and its

utility to the government mitigate against complete restriction of its use, as in North

Korea. The compromise is to create a robust intranet isolated from the global system.

Iran possessed the capability to delink from the Internet because of its control

over the global gateway through which all Internet traffic enters the country. Iran

requires that all Internet Service Providers connect to the world through the

Telecommunication Company of Iran (TCI), a state-controlled entity, which functions as

the border gateway. TCI further requires that ISPs filter content entering the country

for religious or security purposes.12

9 Daneshvar, Revolution in Iran. 10 Deibert et al., Access Controlled. 11 Lerner, “Connecting the Actual with the Virtual: The Internet and Social Movement Theory in the Muslim World-The Cases of Iran and Egypt.” 12 Schrempf, “Nokia Siemens Networks.”

6

Designers of the Internet believed that distributed technology and decentralized

architecture would protect the network from government regulation.13 The fact that

infrastructure existed in physical space, however, allowed countries to exert influence on

the physical level that effected regulation on the network. States exploited the

dependency of the network on physical space – routers, cables, switches, for example –

to exert control over use. Iran, for example, limited the number of gateways between the

country and the rest of the Internet in order to limit physical entry to places it

controlled.14 Internet censorship in Iran originally consisted of content filtering

augmented by legal action against users. Filtering took place at the ISP as well as in the

central gateway where the domestic network interfaced with the Internet.15 Centralized

filtering is possible because all ISPs operating in the country route through proxy

servers operated by TCI.16 Iran strictly limited the number of gateways into the

country such that the functioning gateway, controlled by the government, acts as an

information border allowing the state to exercise sovereignty over information flow.

Factors driving the decision to create an intranet A variety of factors impelled the Iranian authorities to move away from a policy of

permissive use to one where information flows were extremely controlled. In general

they reflect a fear of forces outside the country. The principle concerns include fear of

cyber attack, a belief that information from outside the country will degrade local

culture, and that uncontrolled communication can facilitate operations by dissidents.

13 Deibert and Crete-Nishihata, “Global Governance and the Spread of Cyberspace Controls.” 14 ONI, Internet Filtering in Iran. 15 Deibert et al., Access Controlled. 16 Kathuria, Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet.

7

Understanding these forces allows for analysis of consequences attendant to removing

the domestic network from the Internet.

Fear of cyberattack

Fear of cyberattack is not a fantasy. Iran holds the distinction of owning the first

industrial control system known to be targeted by a cyber weapon.17 Fear of attack by

malicious software is a significant, but rarely acknowledged, justification for the Iranian

intranet proposal. Iranian officials repeatedly assert that the reason for an insular

intranet is based upon a need to protect the culture, but in private the concern about

cyberattack becomes evident. Saeed Kamali Dehghan, reporting on technology issues in

Iran, wrote in 2011, “Speaking to the Guardian on condition of anonymity, an Iranian

IT expert with close knowledge of the national internet project, which he described as a

corporate-style intranet, said: ‘Despite what others think, intranet is not primarily

aimed at curbing the global internet but Iran is creating it to secure its own military,

banking and sensitive data from the outside world.’”18

At least four different malicious codes - Stuxnet, Flame, Gauss, and DuQu -

infected Iranian networks. Stuxnet, in particular, infected intranets that were not

directly connected to the Internet. Iran responded to the incursions by expediting the

development of its independent intranet.19

17 Falliere, Murchu, and Chien, “W32. Stuxnet Dossier.” 18 Dehghan, “Iran Tightens Online Censorship to Counter US ‘Shadow Internet’,” n.p. 19 Ball and Gottlieb, “Iran Tightens Online Control by Creating Own Network.”

8

Stuxnet, first deployed against Iran at least by 2007, is the most famous of the

malicious codes.20 Variously called a worm or a virus, Stuxnet eventually infected at

least 30,000 computers in Iran running Windows software, including PCs at the

Bushehr nuclear plant.21 The malware incorporated commands specifically designed to

disrupt operations at the Natanz uranium enrichment facility. During 2007 - the year

the Natanz facility began operations - the worm infected the control network at the

Iranian nuclear enrichment facility.22 Iran employs a cascading centrifuge system where

minute amounts of fissionable U-235 in uranium hexafluoride separates from heavier

U-238 during months of spinning. Stuxnet initially recorded information on the normal

operation of centrifuges for 30 days before executing codes that disrupted industrial

operations. The data reflecting normal operation of the system appeared on control

instruments, leading Iranian operators to believe that systems performed normally once

the malicious code started interfering with the machinery.23

Three versions of Stuxnet operated in Iran, with initial deployment in 2007

followed by variants released in June 2009, March 2010, and April 2010. Security

researchers later discovered the existence of a control server for Stuxnet registered on

November 3, 2005. Four servers (smartclick.org, best-advertising.net,

internetadvertising4u.com, and ad-marketing.net) in the US, Canada, France, and

Thailand communicated with the complex of malicious codes. The earliest version of the

virus included codes designed to increase operating pressures in equipment transferring

20 Finkle, “Researchers Say Stuxnet Was Deployed Against Iran in 2007.” 21 Keizer, “Iran Arrests ‘Spies’ after Stuxnet Attacks on Nuclear Program.” 22 Finkle, “Researchers Say Stuxnet Was Deployed Against Iran in 2007.” 23 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon”; Bambauer, “Conundrum.”

9

uranium hexafluoride gas in the Natanz enrichment facility, thereby damaging the

equipment; later versions caused centrifuges in the plant to spin at speeds exceeding the

design limits of the equipment.24

Iran believed that the virus represented a cyberattack by another country.

Officials detained several individuals suspected of being complicit in the introduction of

the worm on charges of spying.25

Less is known about the other malicious codes than has been disclovered about

Stuxnet. Iran, Lebanon, Syria, the Sudan, and Israeli Occupied territories experienced

infestation by cyber espionage software named "Flame" by its discoverer, Kaspersky

Labs. Flame differs from Stuxnet in that it steals data from computers rather than

injuring industrial equipment although it incorporates much of the same coding.

Kaspersky Labs estimates that Flame is 20 times more complicated than Stuxnet.

Among Flame's tricks, it has the ability to activate a computer's microphone to record

ambient conversations in a room, or grab documents. It may have been operating since

March 2010.26 Gauss operates much like flame but includes a Trojan designed to attack

online banking system, as well as "steal browser history, social network and instant

messaging info and passwords, and searches for and intercepts cookies from PayPal,

Citibank, MasterCard, American Express, Visa, eBay, Gmail, Hotmail, Yahoo, Facebook,

Amazon and some other Middle Eastern banks."27 Gauss infected 2,500 systems in 25

countries, including Iran, although the majority of compromised systems were in

24 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon.” 25 Keizer, “Iran Arrests ‘Spies’ after Stuxnet Attacks on Nuclear Program.” 26 Zetter, “Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers”; Falliere, Murchu, and Chien, “W32. Stuxnet Dossier.” 27 Storm, “Gauss Malware”; GReAT, “Gauss.”

10

Lebanon.28 DuQu, infected computers in Iran, as well as many other places in the world,

in 2010. DuQu does not appear to be directed at Iran although it contains programming

elements that bear the signature of the coders who wrote Stuxnet.29

Iran reacted to the incursion by embarking on a policy to eliminate reliance on

Western software, in part out of fear a backdoor existed allowing outsiders to illegally

access its systems.30

Protection of culture The implementation of restrictive communication in the hopes of protecting

indigenous culture did not originate in Iran. France, for example, imposed

communication restrictions to protect its language even as the commercial world

gravitated to the use of English.31 Iran cites the need to insulate its indigenous culture

from outside influences as a policy legitimizing restrictions. In December 2006, for

example, Iran shut down access to websites such as YouTube and Amazon in order to

“purge the country of Western influence.”32 Total disconnection from the Internet to

prevent cultural contamination from the US, a principle justification claimed by Iran for

its decision, constitutes the ultimate access filter.33

The Iranian exercise of censorship promotes religious beliefs and retention of

power.34 The motivation for implementing information controls in Iran is consistent

with an empirical study of expressions by states for controlling access to the Internet

28 Storm, “Gauss Malware.” 29 Zetter, “Son of Stuxnet Found in the Wild on Systems in Europe.” 30 Deibert et al., Access Controlled. 31 Lichy, “Borders and Frontiers in the Information Age.” 32 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?,” 227. 33 Ghasemilee, “Iran Claims West Is Using Internet for Spying, Creates Its Own ‘halal’ Network.” 34 Ramezanpour, “The Scope and Structure of Censorship in Iran.”

11

which found that “preserving cultural and religious morals” constituted the most cited

justification, especially when officials attributed intervention to preventing the spread of

blasphemous or offensive information challenging the religious and cultural morality of

the state.”35 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital

Networks?,” 227.. Since Iran conflates the religious with the political, government

censorship “targets political content and material that is perceived as offensive to the

standards of Iran’s religious leadership.”36

The Internet was perceived by Iranian religious leaders as allowing its citizens to

access foreign cultural material at odds with cultural beliefs it wanted to inculcate. At

the same time, American policy began to explore the possibilities of applying soft power

to influence the citizens of foreign countries. Joseph Nye applied the term “soft power”

to the demonstration of positive cultural values to citizens of another country as a

strategy to achieve foreign power policy objectives.37 Soft power capitalizes on the

availability of a communication infrastructure that opens new channels for political

activity.38 A soft power policy necessarily promotes values that, in the Iranian case, were

perceived as undermining cultural principles that the Iranian government sought to

strengthen. The government determined that it should limit access to information and

prevent discussion of competing values. A synchronous communication infrastructure,

like applications on the Internet, facilitating citizen discussion may establish a public

sphere.39 The advent of a new public sphere may be perceived as constituting a threat to

35 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?,” 227. 36 Kathuria, Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet, 23. 37 Nye, Soft Power. 38 Negroponte, “Beyond Digital”; Rheingold, The Virtual Community. 39 Papacharissi, “The Virtual Sphere: The Internet as a Public Sphere.”

12

incumbent political actors possessing power in the society. The threat to the power

structure prompts a government like Iran to block information flow to make

communication impossible.40

The development of an intranet by Iran derives from a desire to produce a

homogenous religious state. The Internet challenges homogeneity by promoting cultural

diversity through the ability to access information. Mueller argues that economic

barriers to commerce, including harsh economic rules, must be imposed upon Internet

use for any state to inculcate conservative values in its citizens.41 The Western notion of

state power adopts a specific practice for the interaction of governed and government, as

well as particular understanding of power relations and moral constraints mediating the

interaction.42 In dealing with Iran, the West applies a paradigm in which elected

officials, not religious leaders, are important. The unelected supreme leader and

associated institutions such as the Guardian Council, the judiciary, the Islamic

Revolutionary Guards Corps, and the Basij militia dominate elected officials.43 Electoral

victory does not determine power relationships because, in the Iranian view, sovereignty

does not derive from the people but from religion. Since Iran’s philosophy does not

comport with beliefs held by the rest of the Internet-connected world, it feels pressured.

One response to relieve pressure is to disconnect from the Internet.

The Internet stresses a state in five ways, according to Mueller: the global scope

of communications agnostic of territory; scale allowing a transformative volume of

information; distributive control dissociated from political institutions; creation of new

40 Roberts, Zuckerman, and Palfrey, Circumvention Tool Evaluation. 41 Mueller, Networks and States. 42 Hindess, “Power and Rationality: The Western Concept of Political Community.” 43 Esfandiari, Countries at the Crossroads 2012: Iran.

13

institutions; convergence of media forms changing the polity by altering costs and

opportunities for group action.44 These factors are interrelated. In the case of Iran they

are intimately bound together as the state religion provides the foundation for

governance and culture, at least in the view of religious leaders exercising power.

Sovereignty in Iran derives from religion. As a Shia Islamic state it holds that the

only legitimate source for temporal law is God, who acts through temporal rulers.45

Governance in Iran is based upon the principle of velayat faqih, the rule of the supreme

jurist.46 Velayat faqih developed out of the belief that the 12th Imam, known as Abu al-

Qasim Muhammad or Muhammad al Mahdi, went into hiding to avoid assassination

during the 13th Century but will return as savior to the world. In the absence of this

Hidden Imam, a senior cleric acts with absolute religious and political prerogative.47

Ayatollah Khomeini, after the 1979 revolution, expanded the historical conception of

velayat faqih by interpreting Islamic law as requiring that the foundation of

government be the development, protection, and creation of order consistent with

Islamic principles. Khomeini’s argument stipulated that a government of law must of

necessity be a government of Islamic law since only God possesses sovereignty. As a

result, the ruler administers both religious law and civil justice.48

The Khomeini application of velayat faqih creates difficulties for Western

understanding. It is not merely a merger of religious and civil institutions. Shia, as

incorporated into Iranian governance, holds that the source of civil power derives from

44 Mueller, Networks and States, 4. 45 Omid, Islam and the Post-revolutionary State in Iran. 46 Esfandiari, Countries at the Crossroads 2012: Iran. 47 Arjomand, The Shadow of God and the Hidden Imam. 48 Nasirpour, “Hojatollah Alimohammadi: The Process of Velayat Faqih’s Political Believes’ Development in the Political Fegh of Shiite.”

14

the authority of the Hidden Imam. This contrasts with Western conceptions that power

exercised by civil authority derives from consent of the governed. Iranians, versed in the

structure of velayat faqih, conceive the relationship between government and citizens

differently than observers in the West.

In the US, for example, elections do more than select leaders. Election by ballot

expresses common will empowering the state leaders elected to exercise power.

Elections in Iran have no implications for sovereignty. The melding of religion with the

state in Iran is embodied in its constitution. After the overthrow of the Pahlavi

government, a new system hybridized the 1906 Iranian constitution with that of

France’s Fifth Republic. The resulting document underwent substantial revision to

provide for the for the exercise of power by religious factions.49 Popular elections in

March, 1979 ratified the religious-based constitution, with approval by more than 98%

of voters according to the government.50

The constitution specifically established an Islamic Republic.51 The present state

came into existence as a political movement dedicated to the establishment of a religious

state, a circumstance that has been termed “Islamic activism.”52 The new Iranian

constitution, especially as amended in 1989, invested the government with extensive

powers to mold society in line with Islamic principles. The government assumed powers

to establish laws controlling communication at all levels. The Iranian constitution

addresses freedom of speech negatively through limitations controlling any expression

49 Bakhash, The Reign of the Ayatollahs. 50 Omid, Islam and the Post-revolutionary State in Iran. 51 Const. Iran, “Islamic Republic of Iran Constitution, as Amended,” sec. 1. 52 Lerner, “Connecting the Actual with the Virtual: The Internet and Social Movement Theory in the Muslim World-The Cases of Iran and Egypt.”

15

“detrimental to the fundamental principles of Islam or the rights of the public.”53 The

right to control expression in keeping with Islamic criteria is reaffirmed in Article 175.

The constitution authorizes the state to adopt laws providing for the “inspection of

letters, … the recording and disclosure of telephone conversations, the disclosure of

telegraphic and telex communications, censorship, … eavesdropping, and all forms of

covert investigation.”54 In 1986, the Iranian government exercised its constitutional

powers to control communication by establishing a comprehensive press law prohibiting

the publication of news items violating “Islamic principles and codes and public rights,”

such as “atheistic articles or issues which are prejudicial to Islamic codes, or, promoting

subjects which might damage the foundation of the Islamic Republic” (Art. 6, para. 1);

“Creating discord between and among social walks of life” (Art. 6, para. 4);

“Encouraging and instigating individuals and groups to act against the security, dignity

and interests of the Islamic Republic of Iran within or outside the country….” (Art 6,

para. 5); “Insulting Islam and its sanctities, or, offending the Leader of the Revolution

and recognized religious authorities” (Art. 6, para. 7); “Publishing libel against officials,

institutions, organizations and individuals in the country or insulting legal or real

persons who are lawfully respected, even by means of pictures or caricatures.…” (Art. 6,

para. 8); “or quoting articles from the deviant press, parties and groups which oppose

Islam (inside and outside the country) in such a manner as to propagate such ideas….”

(Art. 6, para. 9).55

53 Const. Iran, “Islamic Republic of Iran Constitution, as Amended,” sec. 24. 54 Ibid., sec. 25. 55 Islamic Republic of Iran, Press Law (Ratified on March 19, 1986) And Its Executive By-law (January 31, 1987).

16

The statute instituted a system of mandatory licensing, administered by the

Ministry of Islamic Culture and Guidance, for any person seeking to publish

information. Licensees could only be granted to citizens at least 25 years of age holding

either a bachelor’s degree or certification of basic seminary education. The licensee

must not have criminal convictions that “according to the Islamic code, strips him/her

of social rights.”56 Amendments in 2000 and 2009 applied the statute to online

publications. The computer crime statute requires ISPs to keep records of all traffic for

six months and makes them liable for any illegal activity perpetrated by customers.57

The plethora of statutes empowered the government to protect culture by

restricting activity deemed to potentially undermine existing practices. Iranian officials

enthusiastically exercised plenary power to control speech. Reporters Without Borders

found Iran to be the Middle East’s biggest prison for journalists in 2008, based upon the

jailing of 33 journalists and bloggers.58 The number of Internet users jailed for crime

increased significantly after the 2009 legislation. Reporters Without Borders listed 26

journalists and 20 internet users as known to be jailed in 2012, with one internet user

killed.59 Iran joined the list of the ten worst countries in the world in which to be a

blogger.60

The desire to promote a set of religious beliefs set Iran on a cultural collision

course with the West. Western conceptions of sovereignty derived from Enlightenment

56 Ibid. 57 Reporters Without Borders, “Iran”; Ziccardi, Resistance, Liberation Technology and Human Rights in the Digital Age. 58 Reporters Without Borders, “Repression Stepped up yet Again as Iran Becomes World’s Biggest Prison for Journalists.” 59 Ziccardi, Resistance, Liberation Technology and Human Rights in the Digital Age; Reporters Without Borders, “Iran.” 60 Deibert et al., Access Controlled.

17

beliefs that the power of the state depended upon a social contract between the state and

its citizens in which the people agreed to a degree of control by the state in order to

assure common good. Iranian conceptions of sovereignty, as incorporated in the

country's constitution, presented an irreconcilably different basis for sovereignty that

was based upon religious beliefs rather than popular consensus. The Internet served as a

conduit for competing ideas that needed to be reined.

Suppression of dissent

The Internet’s potential for delivery of vast amounts of information to anyone

everywhere inspired predictions of global liberation. Benkler saw networks as tools

capable of introducing unprecedented levels of freedom.61 Lessig warned that the

potential new liberties would dissipate unless users challenged mechanisms of authority

associated with the new technologies.62 Benkler and Lessig, among many others,

accepted Ithiel de Sola Pool’s declaration that “electronic technology is conducive to

freedom.”63 Pool envisioned emancipating possibilities of electronic networks 7 years

before Tim Berners-Lee created the WorldWideWeb browser and supporting software.

Inchoate freedom-enhancing characteristics of electronic networks would not mature,

Pool warned, if regulation suffocated the technology. Mueller later characterized “early,

apolitical visions of Internet freedom” as flawed but revealing new ways of governing.64

Politics cannot be sequestered from networks. The conclusion reached by many scholars

61 Benkler, The Wealth of Networks. 62 Lessig, Code and Other Laws of Cyberspace. 63 Pool, Technologies of Freedom, 231. 64 Mueller, Networks and States, 5.

18

- and governments - was that the Internet and other new systems constituted

transformational technology for social organizing.65

Governments asserted power over the communication tools because the key to

their effectiveness lay in their independent nature. “It is an information infrastructure

mostly independent of the state, and since civil society groups are by

definition social organizations independent of the state, the Internet has

become an important incubator for social movements (radical and secular) and civic

action.”66

The Internet, conversely, may increase the power of governments over social

actors.67 Democratic governments share with autocratic regimes a desire to control

information to the extent that Morozov believes that the greatest threat to

communicative freedom comes from police and intelligence agencies in democratic

governments.68

The Iranian plan to create an intranet separated from the Internet provides the

country with a potential solution to the "dictator's dilemma." The dilemma states that

the provision of low cost telecommunications infrastructure facilitates the creation of a

civil society at the expense of authoritarian governments but that failing to provision the

technologies deprives the state of an important tool for economic expansion.69 In Iran, it

65 Chandler and Cortada, A Nation Transformed by Information; Clark, Globalizing Civic Engagement; Kahn and Kellner, “New Media and Internet Activism”; Kriesberg et al., “Social Movements and Global Transformation”; Lindenberg and Bryant, “Going Global”; Warkentin, Reshaping World Politics; McNutt and Boland, “Electronic Advocacy by Nonprofit Organizations in Social Welfare Policy.” 66 Howard, Agarwal, and Hussain, “When Do States Disconnect Their Digital Networks?,” 223. 67 Braman, Change of State; Goldsmith and Wu, Who Controls the Internet?: Illusions of a Borderless World; Morozov, “Dictatorship.com.”; Zysman and Newman, “The State in the Digital Economy”; Morozov, The Net Delusion. 68 Morozov, “Dictatorship.com.” 69 Morozov, The Net Delusion.

19

is clear that the absence of high speed connections, as the result of high costs, deterred

dissent. The significant cost of speedy connections in Iran deters use of services that rely

upon complex graphics or video, such as YouTube. A private study conducted for the

BBC found that economics severely limited use of high speed connections.70 Howard

demonstrated that political participation increases in countries that experience

decreasing Internet costs.71 An intranet ameliorates the dictator's dilemma somewhat by

facilitating communications within the country while eliminating the ability of potential

dissenters to communicate with external supporters. While dissenters within the

country can participate in discussion and planning, they are subject to surveillance with

a decreased potential of receiving international support.

Ideological differences

The Iranian decision to construct an intranet along Islamic principles highlights

significant differences between Western ideas of sovereignty and Iran’s conception of

the source of state power. After the Enlightenment, the West conceived of state power as

originating from the will of its citizens. Iran believes that neither the state nor

individuals possess sovereignty, so any power exercised by the state must be religious in

origin. The elimination of individuals from the power equation creates a different

relationship between the state and individuals. Iranian rejection of the centrality of

individual rights forecloses acceptance of an individual’s right to access information.

The Western tradition cannot be reconciled with the Iranian position. The consequence

70 Kathuria, Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet, 56. 71 Howard, The Digital Origins of Dictatorship and Democracy.

20

of the conflict is that Iran exercises extreme information sovereignty in matters if

Internet governance and internal security.

A fundamental difference distinguishes Iran’s conception of sovereignty from

Western practices. Western democracies believe that the state exercises sovereignty as a

consequence of a social contract in which individuals collectively cede some rights to the

state in return for benefits unattainable if individuals acted alone.72 Sovereignty, in the

West, is grounded in a social contract. Iran, by contrast, formed as a Theocratic

Republic incorporating Islamic Shi’a principles in its constitution.73 Sovereignty in the

Iranian scheme resides in God, not individuals or the state, so the devolution of

authority to the state depends not on a social contract but a divine grant.74

The fundamentally distinct views on sources of sovereignty make it difficult for

the cultures to understand each other. The Iranian government does not recognize a

need to balance rights of people and the power of the state since all right and power

originates divinely. The West, conversely, fails to appreciate that the Iranian view of

sovereignty does not address human rights.

The power held by states to exercise sovereignty over information does not itself

authorize the use of that power. The exercise of power by a state competes with

information rights of individuals. Authoritarian regimes tend to resolve the conflict on

the side of the state, while democratic governments – at least in their statements –

recognize individual rights to communicate. The concept of a fundamental right arises

72 Hobbes, The Leviathan: Reprinted from the Edition of 1651.; Mill, On Liberty; Rousseau, Of The Social Contract, Or Principles of Political Right. 73 Shirazi, “The Emancipatory Role of Information and Communication Technology: A Case Study of Internet Content Filtering Within Iran.” 74 Nasirpour, “Hojatollah Alimohammadi: The Process of Velayat Faqih’s Political Believes’ Development in the Political Fegh of Shiite.”

21

from Hobbes who believed that the equality of all individuals arose from natural

freedoms in which every individual possesses a right to everything.75 In order to avoid

the conflict inherent in all asserting such a right, some rights are ceded to a sovereign in

a social contract to assure order. Locke asserted the primacy of individuals as the

repository of natural freedoms. A sovereign’s failure to protect rights justified

overthrowing government because rights sprang from the individual but not from the

state.76 Rousseau distinguished between the sovereign and the government. The people

retained sovereignty, according to Rousseau, which they allowed governments to

exercise according to general will.77 Since individuals held sovereign power, rights could

not be alienated by government. The possibility of state authority overwhelming

individual liberty, according to Mill, could only be checked by individuals establishing

constitutional restraints of government reminding the state that it lacked inherent

authority.78

The idea of fundamental human rights reached its clearest expression in the

Universal Declaration of Human Rights (UDHR) in 1947 and the Vienna World

Conference on Human Rights. Neither declaration explicitly established access to

information or the right to communicate as a right, although Article 19 0f the UDHR

incorporated a right to expression. Jean D’Arcy postulated communication as a

universal right in 1969 when she served as Director of the United Nations Radio and

Visual Services Division. Resolution 4/19 adopted at the UNESCO General Conference

in 1980 asserted the “right of the public, of ethnic and social groups and of individuals

75 Hobbes, The Leviathan: Reprinted from the Edition of 1651. 76 Locke, Second Treatise of Government. 77 Rousseau, Of The Social Contract, Or Principles of Political Right. 78 Mill, On Liberty.

22

to have access to information sources and to participate actively in the communication

process.”79 The right to communicate represented an important claim in the

“Declaration of Principles” issued by the 2003 World Summit on the Information

Society.80

The US coupled freedom of expression to the availability of technology and

information. President Obama spoke of a fundamental human right to freedom of

expression using technology.81 The National Security Strategy of the United States for

2010 dedicated the country to freedom of expression through technological means.82

The US position on the right to communicate mirrored developments in other parts of

the world.83 Philip Weiss wrote that “an international sentiment has emerged clearly

indicating that Internet access is desired by all,” citing a 2009 ruling by the French

Constitutional Council holding “Internet access is a basic human right” as well as a UN

warning that “cutting off Internet access to quell protest is a human rights violation.”84

Consequences of establishing an intranet

The operation of an intranet unconnected to the worldwide Internet results in

five negative consequences for a country. The disconnection provides a false sense of

security for the country because the Internet represents one of many avenues for

introducing malicious software into a country's network. Once an intrusion takes place,

79 Penney, “Open Connectivity, Open Data: Two Dimensions of the Freedom to Seek, Receive and Impart Information.,” 9. 80 Berry, “The World Summit on the Information Society (WSIS).” 81 Jackson, “Obama.” 82 The White House, “National Security Strategy of the United States,” sec. 3. 83 Weiss, “Protecting a Right to Access Internet Content: The Feasibility of Judicial Enforcement in a Non-Neutral Network.” 84 Ibid., 384–5.

23

it is more difficult for a country, however vigilant, to detect the attack. Protection

against malware depends upon cooperative investigation by many actors seeking to

protect the integrity of the Internet. Disconnecting from the global network decreases

both the number of actors analyzing potential malicious code and inhibits the transfer of

information about existing code that would otherwise be available.

Cutting off the Internet forces potential dissenters to seek other means of

communication, usually facilitating face-to-face meetings that improve trust and

cooperation. Iranian dissenters seeking an Internet connection will become increasingly

dependent on technology supplied by the West, such as the Internet-in-a-suitcase

created by the US. Reliance on circumvention technology both increases the trust

dissenters exhibit for foreign actors and creates a dependence on suppliers outside of

the country.

Finally, restrictions on the transfer of information remove Iran from processes

that facilitate the diffusion of innovation. By becoming insular, the country must

increasingly rely upon its own capacity to develop new technologies.

False sense of security

The variety of malicious code that has infected systems in Iran created a belief

that removing the country's information network from the Internet creates a safer

environment for communication. While the Internet is a notorious route for the

introduction of malicious code, it is not the only one. Increased understanding of safe

computing techniques, combined with software tools that allow users to scan systems

24

for potential malware, diminish (but do not eliminate) the Internet as a route for

cyberattack.

The Stuxnet worm infected the Iranian nuclear industrial intranet through a USB

device, not through a direct Internet connection.85 The large number of portable drives

that can be connected to systems through USB ports creates avenues for the

introduction of malicious code. The intrusion worked because the operators of the

Natanz plant did not believe that the Siemens industrial control devices that they used

could be compromised and because the system was not connected to the Internet.

A direct connection to the Internet is not necessary for code to be downloaded.

Any system that can be ported from one network to another can function as an Internet

connection if any one of the systems connects. Stuxnet, for example, was not only

introduced by a USB device but the drive that performed the infection transmitted the

virus to every other system to which it subsequently connected. 86 The worm then

worked through zero day exploits in Microsoft Internet Explorer and Windows software,

as well as a Siemens control system used in the enrichment plant.87

Implementing a security scheme thought to be effective creates a sense of

complacency when the user fails to detect problems.88 Organizations that operate

networks behind firewalls exhibit a tendency to ignore applications level security

protocols in the belief that the firewall will protect against intrusion. No one technique

insures security. Organizations must implement security praxis in order to maintain the

85 Falliere, Murchu, and Chien, “W32. Stuxnet Dossier.” 86 Fisk, “Cyber Security, Building Automation, and the Intelligent Building.” 87 Nicholson et al., “SCADA Security in the Light of Cyber-Warfare.” 88 Hulme, “A False Sense of Security?”.

25

integrity of networks. Belief in the saliency of an action taken to protect a system

undermines organizational commitment to other security practices.89

Subsequent events in Iran evidence a tendency towards unwarranted confidence

in network security systems. For example, the Iranian minister of intelligence, Heydar

Moslehi, asserted that the country had taken steps to insure infrastructure protection. "I

assure all citizens that the intelligence apparatus currently has complete supervision on

cyberspace and will not allow any leak or destruction of our country's nuclear

activities."90

Decreased ability to detect intrusions

The authors of the Stuxnet codes, generally presumed to be American and Israeli,

incorporated several features designed to make detection difficult. The code recorded

data typical of normal machinery operation that was sent to machine operators in order

to mask the malfunction. The virus installed instructions that randomly closed valves

not associated with the intended sabotage in order to further disguise the source of the

problem.91 The virus used digital signing keys stolen from RealTek and JMicron, further

hindering detection by making it look like valid software.92

Although Stuxnet began diffusing at least by November 15, 2007, when it was

uploaded to the VirusTotal online scanner to check for malicious activity, it was not

identified as a cyberweapon until June 2010 when VirusBlokAda in Belarus identified

89 Grochow, “Firewalls’ False Sense Of Security.” 90 Keizer, “Iran Arrests ‘Spies’ after Stuxnet Attacks on Nuclear Program.” 91 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon.” 92 Nicholson et al., “SCADA Security in the Light of Cyber-Warfare.”

26

it.93 VirusTotal operates a free website that amalgamates information from more than

three dozen antivirus programs so that users can check a suspected file against known

malicious code. The original version of the worm contained coding to cease

communicating on January 11, 2009. It incorporated relatively modest replication

mechanisms, which made it more difficult to detect. The subsequent versions relied

upon four zero day exploits. The use of zero day exploits allowed the code to replicate

quickly once it escaped the Iranian intranet.94

The infection of thousands of computers by Stuxnet when it escaped the intranet

facilitated its detection. "If the virus had been written to only infect a small subset of

machines, then it may have gone undetected."95 The global malware surveillance

structure increases the probability of detection because multiple analysts bring different

tools and approaches to the problem of identifying malicious code. The Iranian

cyberattacks demonstrate the utility of a multi-level global surveillance system. There is

no evidence that Iran discovered, or even suspected, that Stuxnet interfered with its

industrial processes. The International Atomic Energy Agency (IAEA) monitored the

replacement of centrifuges in its cascade during 2010. IAEA determined that normal

operations required the replacement of 800 centrifuges a year but that the number of

actual replacements soared to around 2000 in a couple of months when it is now known

that the virus controlled the equipment.96

93 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon”; Nicholson et al., “SCADA Security in the Light of Cyber-Warfare.” 94 Zetter, “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon.” 95 Nicholson et al., “SCADA Security in the Light of Cyber-Warfare,” 430. 96 Zetter, “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History.”

27

The discovery of Stuxnet after it escaped the Iranian intranet was accomplished

through the efforts of multiple security firms. On June 17, 2010 VirusBlokAda, a security

firm in Belarus, discovered the virus in a computer owned by one of its clients. A global

security firm with headquarters in Bratislava, Slovakia, and Kosice - ESET - detected

one of the stolen trusted program certificates used to disguise the malicious code.

Symantec reverse-engineered the code. The German security firm GSMK identified the

most-probable target of the virus.97 Kaspersky Lab, a Russian security firm, uncovered

the Flame virus.98

Iran cannot on its own provide the level of surveillance or duplicate the multiple

approaches that the global cybersecurity community focused on the complex of

malicious code that infected Iran's computer networks. Disconnecting the intranet from

the Internet deprives the intranet of a vital resource for detecting malware. Iran, of

course, claimed that it had discovered and countered the threat, but the announcement

was made after the outside security firms released significant analyses of the codes.

Removing the domestic network from the Internet decreases the ability of the intranet

operator to maintain system security.

Increased effectiveness of dissidents

Disconnecting from the Internet tends to increase the effectiveness of dissidents

as they are forced to meet each other in a fashion that increases organizational trust.

Young elites throughout the Middle East embraced the new communication

97 Ibid. 98 Zetter, “Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.”

28

technologies that became available with infrastructure improvements that made

domestic use of the Internet possible.99 The Middle East led the world in growth of

internet use from 2000-2005, according to the World Bank, with Iran exhibiting a

2900% growth in Internet penetration.100

Potential participants in an organization must share identity to utilize the

mobilization structure. Identity takes two forms. Internal recognition by members of the

organization means the members identify themselves as participants; external

recognition by groups outside the movement contemplates some degree of social

realization that the movement exists.101 Collective identity emerges when movement

members share objectives, the potentialities for achieving shared objectives, and the

obstacles to successful action. Trust depends on shared information transmitted either

in person or online.102

Collective identity fosters trust.103 Mayer, Davis, and Schoorman define trust as

“willingness of a party to be vulnerable to the actions of another party based on the

expectations that the other will perform a particular action important to the trust or,

irrespective of the ability to monitor or control that other party.”104 Trust represents an

affective bond that endures over time.105 Motivating participants to act in the presence

of strong disincentives like danger, inconvenience, potential embarrassment, or

99 Alterman, “IT Comes of Age in the Middle East: Focus on IT and Diplomacy.” 100 Shirazi, “The Emancipatory Role of Information and Communication Technology: A Case Study of Internet Content Filtering Within Iran.” 101 Della Porta and Diani, Social Movements. 102 Melucci, Nomads of the Present. 103 Della Porta and Diani, Social Movements. 104 Schoorman, Mayer, and Davis, “An Integrative Model of Organizational Trust,” 712. 105 Goodwin, The Social Movements Reader.

29

excessive commitment of time requires trust between members.106 Keck and Sikkink

propose that the saliency of any networked movement depends not only on the number

of members but on both the number of exchanges and degree of trust between

members.107 While formation of collective identity benefits from online information

Melucci, Nomads of the Present., little evidence exists for the proposition that online

communication encourages relationship building and trust.108 Development of trust

requires a relationship more intimate than can be experienced online. The most salient

contact leading to the formation of trust between actors is face-to-face discussion.109

The effect of disconnecting from the Internet was exemplified in Egypt when the

Mubarek government attempted to disrupt communications by protestors through

suspension of the Internet. The effort resulted in an increase in the number of

protestors.110 An intranet disconnected from the global Internet - especially one under

government surveillance - fosters communication on a personal level. The increased

reliance on personal connections would tend to foster the development of strong ties

between activists. The existence of strong ties fosters mobilization among dissidents

sharing an ideological commitment to change the entrenched government.111 The result

of disconnecting from the Internet could be increased activity by dissidents.

Increased reliance on the West by dissidents Disconnecting the intranet from the Internet forces activists to develop new ways

to connect to the world. During the Tahrir Square occupation in Egypt during 2011, for

106 Della Porta and Diani, Social Movements. 107 Keck and Sikkink, Activists Beyond Borders. 108 Melucci, Nomads of the Present. 109 Diani, “Social Movement Networks Virtual and Real”; Handy, “Trust and the Virtual Organization.” 110 El Hamamsy, “BB = BlackBerry or Big Brother.” 111 McAdam, McCarthy, and Zald, Comparative Perspectives on Social Movements.

30

example, a variety of tools appeared to circumvent the government's attempt to

disconnect from the Internet. Google and Twitter worked together to develop a speak-

to-tweet program.112 Protestors used a variety of applications and proxy sites to

maintain connections.113

The US has developed technologies to establish networks that circumvent

censorship.114 The National Security Strategy of the United States supported the use

and distribution of circumvention technologies “to facilitate freedom of expression,

expand access to information, increase governmental transparency and accountability,

and counter restrictions on their use.”115 Iran responded by criminalizing the

distribution of circumvention technologies while acting to limit their effectiveness.116 US

programs promoting Internet freedom through the use of these technologies, moreover,

targets China and Iran while ignoring US allies operating extensive filtering programs.117

Indeed, Iran's escalation of the soft war by proposing to build an intranet was in part a

reaction to American efforts to facilitate circumvention.118.

As it becomes more difficult to connect to the Internet, the availability of US

technology to circumvent the ban will become increasingly important. US foreign policy

acknowledges the deployment of such technologies. The US began “working in more

than 40 countries to help individuals silenced by oppressive governments” by providing

technology to circumvent controls on information, according to former Secretary of

112 Ladhani, “Egypt: First Cut Off the Internet!”. 113 El Hamamsy, “BB = BlackBerry or Big Brother.” 114 Glanz and Markoff, “U.S. Underwrites Internet Detour Around Censors Abroad.” 115 The White House, “National Security Strategy of the United States,” 39. 116 Kathuria, Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet. 117 Mueller, “China and Global Internet Governance: A Tiger by the Tail.” 118 Dehghan, “Iran Tightens Online Censorship to Counter US ‘Shadow Internet’.”

31

State Clinton.119 The US developed a technology allowing users to avoid blocked

gateways by establishing cell phone networks that can be used for Internet access.120

Google consulted with the State Department and the US Agency for International

Development about developing tools to circumvent Iranian monitoring of email. One

proposal, for example, considered establishing an encrypted email system that would be

activated by a using a particular search term.121

The Chaos Computer Club, a hacking group in Germany, developed a USB tool

that allowed journalists to circumvent Internet controls in China by accessing the TOR

network. The International Broadcasting Bureau, an agency of the US government,

funded the development of software by Dynamic Internet Technologies that employed

multiple open routers to avoid Chinese censorship.122 The technology could be applied

to Iran.

Provisioning circumvention technologies to Iranian citizens would increase

reliance on Western technology by dissidents. The net effect of the disconnect would be

to force network users seeking an Internet connection to actively engage with Western

providers. Enhanced contact with the West represents an effect contrary to the one that

motivated the disconnect in the first instance.

Inefficiencies/lack of innovation Iran initially encouraged development of Internet-related activity within the

country because it viewed the Internet as a technology to stimulate innovation. A quick

119 Clinton, “Secretary of State Hillary Rodham Clinton Delivers Remarks on Internet Freedom at the Newseum,” n.p. 120 Dehghan, “Iran Tightens Online Censorship to Counter US ‘Shadow Internet’.” 121 Albertson, “Secret Google Meeting Targeted Internet Freedom in Iran.” 122 Bradbury, “Routing Around Censorship.”

32

way to increase the degree of innovation in the country seemed to be an intelligent

policy because technological development in Iran collapsed after the Iran-Iraq war. The

government believed that the internet could provide a quick route to economic

expansion.123 The state at that time exercised little control over network technology or

online activity. Permissiveness was rooted in a policy to use technology to enhance the

authority of government.124

Iran appears to have abandoned its goal of quick transformation through global

communication, opting instead to facilitate a domestic agenda that provides for the

control of information. The consequence is that the potential for innovation decreases.

The availability of information from around the world constitutes an important input for

innovation. By restricting the availability of this raw material, Iran inhibits its potential

for sustaining industrial and scientific endeavors on a par with the rest of the world.

Conclusion Isolating internal networks from the Internet requires technical expertise and

creativity but is not unprecedented. The US military utilizes a worldwide system

connected to the Internet for secure communications. Called the Secret Internet

Protocol Router Network, it functions as a worldwide network for sensitive

communication. A somewhat less secure system, the Non-Classified Internet Protocol

Router Network, employs the internet for logistics communication.125 Cuba operates a

dual network that allows one system to connect to the Internet while a different intranet

123 Rahimi, “Cyberdissent: The Internet in Revolutionary Iran.” 124 Lerner, “Connecting the Actual with the Virtual: The Internet and Social Movement Theory in the Muslim World-The Cases of Iran and Egypt.” 125 Brewin and Verton, “DOD Leaders Mull Internet Disconnect.”

33

handles most communication within the country.126 Even the US considered legislation

that would augment the President’s authority under the Communications Act of 1934 to

throw a hypothetical “kill switch” in case of cyberattack.127

The technical feasibility of operating an intranet disconnected from the Internet

does not mean that it makes for good policy. Iran has a history of exquisitely controlling

information flows. Internet censorship as implemented in Iran began with a complex,

decentralized system of agencies with overlapping authority. New governmental

organizations charged with controlling information on the network, such as the Cyber

Army and Cyber Police, exercised authority that overlapped the jurisdiction of

incumbent regulators. The government shifted to a more centralized system in 2012

with the creation of the Supreme Cyberspace Council.128

The creation of a domestic network isolated from the Internet represents a dream

for Iran consistent with its mission to promote religious beliefs. "Any attempt by a

country to make an intranet is doomed to failure" in the view of Cedric Leighton, a

retired deputy director at the National Security Agency.129 The best that Iran can

achieve is a two-tier system with elements not connected to the Internet. The Internet

already consists of zones where access is restricted or controlled.130

Severely restricting Internet access through the implementation of an intranet

does not resolve problems motivating the disconnection, cyberattack is still possible

126 Riesman, “Iran’s Network in a Bottle.” 127 Bambauer, “Conundrum.” 128 CGCSblog, “Iran’s Internet Censorship.” 129 Ball and Gottlieb, “Iran Tightens Online Control by Creating Own Network,” n.p. 130 Lessig, “Reading the Constitution in Cyberspace.”

34

using non-obvious routes to insertion of malicious code, such as through the use of USB

drives. The fact that a system is nominally disconnected from the Internet will lead to a

false sense of security that has been shown to create vulnerabilities. The lack of

international surveillance of the intranet deprives its operators of a robust system of

global malware protection. Finally, social effects of the disconnect would include

increased reliance on Western technology to circumvent the blockage.

Bibliography

Albertson, Mark. “Secret Google Meeting Targeted Internet Freedom in Iran.” Examiner.com, September 4, 2013. http://www.examiner.com/article/secret-google-meeting-targeted-internet-freedom-iran.

Alterman, J.B. “IT Comes of Age in the Middle East: Focus on IT and Diplomacy.” Foreign Service Journal 82, no. 12 (2005): 36–42.

Arjomand, Said Amir. The Shadow of God and the Hidden Imam: Religion, Political Order, and Societal Change in Shi’ite Iran from the Beginning to 1890. Chicago: University of Chicago Press, 1984.

Bakhash, Shaul. The Reign of the Ayatollahs: Iran and the Islamic Revolution. Rev. ed. New York: Basic Books, 1990.

Ball, James, and Benjamin Gottlieb. “Iran Tightens Online Control by Creating Own Network.” The Guardian, September 25, 2012, sec. World news. http://www.guardian.co.uk/world/2012/sep/25/iran-state-run-internet.

Bambauer, Derek. “Conundrum.” Minnesota Law Review 96 (2011): 584. Benkler, Yochai. The Wealth of Networks: How Social Production Transforms Markets

and Freedom. New Haven [Conn.]: Yale University Press, 2006. Berry, John W. “The World Summit on the Information Society (WSIS): A Global

Challenge in the New Millennium.” Libri 56, no. 1 (2006): 1–15. Bradbury, Danny. “Routing Around Censorship.” Network Security 2011 (May 2011): 5–

8. Braman, Sandra. Change of State: Information, Policy, and Power. Cambridge, Mass.:

MIT Press, 2006. Brewin, Bob, and Daniel Verton. “DOD Leaders Mull Internet Disconnect.” CNN.com.

Sci-Tech, April 20, 1999. http://www.cnn.com/TECH/computing/9904/20/dod.disconnect.idg/index.html.

35

CGCSblog. “Iran’s Internet Censorship: New Infographic Illuminates Administrative Maze.” The Annenberg School for Communication. The Center for Global Communication Studies (CGCS), March 27, 2013. http://cgcsblog.asc.upenn.edu/2013/03/27/irans-internet-censorship-new-infographic-illuminates-administrative-maze/.

Chandler, Alfred D., and James W. Cortada. A Nation Transformed by Information: How Information Has Shaped the United States from Colonial Times to the Present. Oxford; New York: Oxford University Press, 2000.

Clark, John. Globalizing Civic Engagement: Civil Society and Transnational Action. London: Routledge, 2003.

Clinton, Hillary. “Secretary of State Hillary Rodham Clinton Delivers Remarks on Internet Freedom at the Newseum.” United States Department of State, January 21, 2010. http://www.state.gov/secretary/rm/2010/01/135519.htm.

Const. Iran. “Islamic Republic of Iran Constitution, as Amended.” Islamic Republic of Iran Constitution, 1979. http://www.iranonline.com/iran/iran-info/government/constitution.html.

Daneshvar, Parviz. Revolution in Iran. Houndmills, Basingstoke, Hampshire : New York: Macmillan Press ; St. Martin’s Press, 1996.

Dehghan, Saeed Kamali. “Iran Tightens Online Censorship to Counter US ‘Shadow Internet’.” The Guardian, July 13, 2011. http://www.guardian.co.uk/world/2011/jul/13/iran-tightens-online-censorship.

Deibert, Ronald J., and Masashi Crete-Nishihata. “Global Governance and the Spread of Cyberspace Controls.” Global Governance 18, no. 3 (2012): 339–361.

Deibert, Ronald J., John Palfrey, Rafal Rohozinski, and Jonathan Zittrain. Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace. Information Revolution and Global Politics. Cambridge, Mass: MIT Press, 2010.

Della Porta, Donatella, and Mario Diani. Social Movements: An Introduction. Malden MA: Blackwell, 2006.

Diani, M. “Social Movement Networks Virtual and Real.” Information Communication & Society 3, no. 3 (2000): 386–401.

El Hamamsy, Walid. “BB = BlackBerry or Big Brother: Digital Media and the Egyptian Revolution.” Journal of Postcolonial Writing 47, no. 4 (September 2011): 454–466. doi:10.1080/17449855.2011.590325.

Esfandiari, Golnaz. Countries at the Crossroads 2012: Iran. Countries at the Crossroads. Freedom House, 2012. http://www.freedomhouse.org/report/countries-crossroads/2012/iran.

Falliere, Nicolas, Liam O. Murchu, and Eric Chien. “W32. Stuxnet Dossier.” Symantec Security Response., February 2011. http://www.h4ckr.us/library/Documents/ICS_Events/Stuxnet%20Dossier%20(Symantec)%20v1.4.pdf.

Fathi, Nazila. “Iran Disrupts Internet Service Ahead of Protests.” The New York Times. February 11, 2010, New York edition, sec. International / Middle East.

Finkle, Jim. “Researchers Say Stuxnet Was Deployed Against Iran in 2007.” Reuters. February 26, 2013. http://www.reuters.com/article/2013/02/26/us-cyberwar-stuxnet-idUSBRE91P0PP20130226.

36

Fisk, David. “Cyber Security, Building Automation, and the Intelligent Building.” Intelligent Buildings International 4, no. 3 (July 2012): 169–181. doi:10.1080/17508975.2012.695277.

Ghasemilee, Sara. “Iran Claims West Is Using Internet for Spying, Creates Its Own ‘halal’ Network.” Al Arabiya News, March 10, 2012. http://english.alarabiya.net/articles/2012/03/10/199814.html.

Glanz, James, and John Markoff. “U.S. Underwrites Internet Detour Around Censors Abroad.” The New York Times, June 12, 2011, sec. World. http://www.nytimes.com/2011/06/12/world/12internet.html.

Goldsmith, Jack L., and Tim Wu. Who Controls the Internet?: Illusions of a Borderless World. New York: Oxford University Press, 2006. Table of contents http://www.loc.gov/catdir/toc/ecip0519/2005027404.html Publisher description http://www.loc.gov/catdir/enhancements/fy0635/2005027404-d.html Contributor biographical information http://www.loc.gov/catdir/enhancements/fy0723/2005027404-b.html.

Golkar, Saeid. “Liberation or Suppression Technologies? The Internet, the Green Movement and the Regime in Iran.” International Journal of Emerging Technologies and Society 9, no. 1 (2011).

Goodwin, Jeff. The Social Movements Reader : Cases and Concepts. Malden MA: Blackwell Pub., 2003.

GReAT. “Gauss: Nation-state Cyber-surveillance Meets Banking Trojan.” Securelist.com, August 9, 2012. http://www.securelist.com/en/blog/208193767/Gauss_Nation_state_cyber_surveillance_meets_banking_Trojan.

Grochow, Jerrold. “Firewalls’ False Sense Of Security.” Computerworld 39, no. 9 (February 28, 2005): 23–23.

Handy, Charles. “Trust and the Virtual Organization.” Harvard Business Review 73, no. 3 (May 1995): 40–50.

Hindess, Barry. “Power and Rationality: The Western Concept of Political Community.” Alternatives: Global, Local, Political 17, no. 2 (April 1, 1992): 149–163. doi:10.2307/40644737.

Hobbes, Thomas. The Leviathan: Reprinted from the Edition of 1651. Harmondsworth, Eng.: Penguin, 1651.

Howard, Philip N. The Digital Origins of Dictatorship and Democracy : Information Technology and Political Islam. Oxford; New York: Oxford University Press, 2010.

Howard, Philip N., Sheetal D. Agarwal, and Muzammil M. Hussain. “When Do States Disconnect Their Digital Networks? Regime Responses to the Political Uses of Social Media.” The Communication Review 14, no. 3 (July 2011): 216–232. doi:10.1080/10714421.2011.597254.

Hulme, George V. “A False Sense of Security?” CIO 25, no. 2 (October 15, 2011): 18–20. Islamic Republic of Iran. Press Law (Ratified on March 19, 1986) And Its Executive By-

law (January 31, 1987), 1986. http://www.parstimes.com/law/press_law.html. Jackson, David. “Obama: ‘Violence Is Not the Answer’ in Egypt.” USATODAY.COM,

January 28, 2011. http://content.usatoday.com/communities/theoval/post/2011/01/obama-violence-is-not-the-answer-in-egypt/1.

37

Kahn, Richard, and Douglas Kellner. “New Media and Internet Activism: From the ‘Battle of Seattle’ to Blogging.” New Media & Society 6, no. 1. What’s Changed About New Media? (February 2004): 87–95. doi:10.1177/1461444804039908.

Kathuria, Karl. Casting a Wider Net: Lessons Learned in Delivering BBC Content on the Censored Internet. Toronto: Citizen Lab At Munk School Of Global Affairs, October 11, 2011. http://citlabdocs:L1k3AL1b@mendeley.citizenlab.org/CanadaCentre2011.pdf.

Keck, Margaret E., and Kathryn Sikkink. Activists Beyond Borders : Advocacy Networks in International Politics / Margaret E. Keck and Kathryn Sikkink. Ithaca, N.Y. : Cornell University Press, 1998., 1998.

Keizer, Greg. “Iran Arrests ‘Spies’ after Stuxnet Attacks on Nuclear Program.” Computerworld, October 2, 2010. http://www.computerworld.com/s/article/9189218/Iran_arrests_spies_after_Stuxnet_attacks_on_nuclear_program.

Kelly, Sanja, Sarah Cook, and Mai Truong. Freedom on the Internet 2012: A Global Assessment of Internet and Digital Media. Washington, DC: Freedom House, 2012. http://www.freedomhouse.org/sites/default/files/FOTN%202012%20FINAL.pdf.

Kriesberg, Louis, Jackie Smith, Charles Chatfield, and Ron Pagnucco. “Social Movements and Global Transformation.” In Transnational Social Movements and Global Politics: Solidarity Beyond the State, 3–18. Syracuse NY: Syracuse University Press, 1997.

Ladhani, Noorin. “Egypt: First Cut Off the Internet!” Social Policy 41, no. 1 (2011): 54–54.

Lerner, Melissa Y. “Connecting the Actual with the Virtual: The Internet and Social Movement Theory in the Muslim World-The Cases of Iran and Egypt.” Journal of Muslim Minority Affairs 30, no. 4 (December 2010): 555–574. doi:Article.

Lessig, Lawrence. Code and Other Laws of Cyberspace. Basic Books, 2000. ———. “Reading the Constitution in Cyberspace.” Emory Law Journal 45 (1996): 869. Lichy, Jessica. “Borders and Frontiers in the Information Age.” Global Business

Languages 14 (January 2009): 3–16. Lindenberg, Marc., and Coralie. Bryant. “Going Global: Transforming Relief and

Development NGOs.” 288. Bloomfield CT: Kumarian Press, 2001. Locke, John. Second Treatise of Government. Project Gutenberg, 1690.

http://www.gutenberg.org/files/7370/7370-h/7370-h.htm. McAdam, Doug, John D. McCarthy, and Mayer N. Zald. Comparative Perspectives on

Social Movements: Political Opportunities, Mobilizing Structures, and Cultural Framings. New York: Cambridge Univ Press, 1996.

McNutt, John G., and Katherine Mary Boland. “Electronic Advocacy by Nonprofit Organizations in Social Welfare Policy.” Nonprofit & Voluntary Sector Quarterly 28, no. 4 (December 1999): 432–451.

Melucci, Alberto. Nomads of the Present : Social Movements and Individual Needs in Contemporary Society / Alberto Melucci. Edited by John Keane and Paul Mier. Philadelphia : Temple University Press, 1989., 1989.

Mill, John Stuart. On Liberty. London: The Walter Scott Publishing Co., Ltd., 1859. http://www.gutenberg.org/files/34901/34901-h/34901-h.htm.

38

Morozov, Evgeny. “Dictatorship.com.” New Scientist 209, no. 2802 (March 5, 2011): 30–31.

———. The Net Delusion: The Dark Side of Internet Freedom. PublicAffairs, 2011. Mueller, Milton L. “China and Global Internet Governance: A Tiger by the Tail.” In

Access Contested: Security, Identity, and Resistance in Asian Cyberspace, edited by Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain, 177–194. Cambridge MA: MIT Press, 2011. http://books.google.com/books?hl=en&lr=&id=In97BDvSBXwC&oi=fnd&pg=PP2&dq=%22the+event+gets+under+way,+an+of%EF%AC%81cial+from+the+United+Nations%E2%80%94the%22+%22and+a+security+guard.+The+banner+is+placed+on+the+%EF%AC%82oor+while+discussions%22+%22YouTube.+Press+inquiries+begin,+and+soon+there+are+stories+and+posts+about+the%22+&ots=9a1vINarED&sig=l6AGEx8pErtmW2D-uE6ZChQzpSM.

———. Networks and States: The Global Politics of Internet Governance. Information Revolution and Global Politics. Cambridge, Mass: MIT Press, 2010.

Nasirpour, Sanaz. “Hojatollah Alimohammadi: The Process of Velayat Faqih’s Political Believes’ Development in the Political Fegh of Shiite.” Politics and Religion 3, no. 2 (2009): 293–295.

Negroponte, N. “Beyond Digital.” Wired, 1998. Nicholson, A., S. Webber, S. Dyer, T. Patel, and H. Janicke. “SCADA Security in the

Light of Cyber-Warfare.” Computers & Security 31, no. 4 (June 2012): 418–436. doi:10.1016/j.cose.2012.02.009.

Nye, Joseph S. Soft Power. New York: PublicAffairs, 2004. Omid, Homa. Islam and the Post-revolutionary State in Iran. New York: St. Martin’s

Press, 1994. ONI. “Global Internet Filtering in 2012 at a Glance.” OpenNet Initiative, April 3, 2012.

https://opennet.net/blog/2012/04/global-internet-filtering-2012-glance#footnote1_1m6w9x9.

———. Internet Filtering in Iran. OpenNet Initiative, June 16, 2009. https://opennet.net/sites/opennet.net/files/ONI_Iran_2009.pdf .

Papacharissi, Zizi. “The Virtual Sphere: The Internet as a Public Sphere.” New Media & Society 4 (2002): 9–27.

Penney, Jonathon W. “Open Connectivity, Open Data: Two Dimensions of the Freedom to Seek, Receive and Impart Information.” Victoria University of Wellington Law Review (June 2, 2012): 1–59.

Pool, Ithiel de Sola. Technologies of Freedom. Cambridge, Mass.: Belknap Press, 1983. Rahimi, Babak. “Cyberdissent: The Internet in Revolutionary Iran.” Middle East Review

of International Affairs Journal 7, no. 3 (2003): 101–115. Ramezanpour, Ali Asghar. “The Scope and Structure of Censorship in Iran.” Freedom

House. Gozaar: A Forum on Human Rights and Democracy in Iran, April 11, 2008. http://www.gozaar.org/english/articles-en/The-Scope-and-Structure-of-Censorship-in-Iran.html.

Reporters Without Borders. “Iran.” The Enemies of Internet, March 12, 2013. http://surveillance.rsf.org/en/iran/.

———. “Repression Stepped up yet Again as Iran Becomes World’s Biggest Prison for Journalists.” Reporters Without Borders, June 21, 2009. http://en.rsf.org/iran-repression-stepped-up-yet-again-as-21-06-2009,33474.

39

Rheingold, Howard. The Virtual Community. Cambridge, MA: Addison-Wesley, 1993. Rhoads, Christopher, and Farnaz Fassihi. “Iran Vows to Unplug Internet.” Wall Street

Journal - Eastern Edition 257, no. 124 (May 28, 2011): A1–A12. Riesman, Abraham. “Iran’s Network in a Bottle.” BostonGlobe.com, July 15, 2012.

http://www.bostonglobe.com/ideas/2012/07/14/iranian-government-building-internet-all-its-own/60eT7aC7P563vc4ti8auIN/story.html.

Roberts, Hal, Ethan Zuckerman, and John Palfrey. Circumvention Tool Evaluation. Cambridge MA: B e r k m a n C e n t e r f o r I n t e r n e t & S o c i e t y, 2011. https://cyber.law.harvard.edu/sites/cyber.law.harvard.edu/files/2011_Circumvention_Tool_Evaluation_1.pdf.

Rousseau, Jean-Jacques. Of The Social Contract, Or Principles of Political Right. Translated by G.D.H. Cole. World Public Library Collection. Project Gutenberg Consortia Center, 1762. http://ebooks.gutenberg.us/WorldeBookLibrary.com/socon.htm.

Schoorman, F.D., R.C. Mayer, and J.H. Davis. “An Integrative Model of Organizational Trust: Past, Present, and Future.” The Academy of Management Review ARCHIVE 32, no. 2 (2007): 344–354.

Schrempf, Judith. “Nokia Siemens Networks: Just Doing Business – or Supporting an Oppressive Regime?” Journal of Business Ethics 103, no. 1 (April 9, 2011): 95–110. doi:10.1007/s10551-011-0844-7.

Shirazi, Farid. “The Emancipatory Role of Information and Communication Technology: A Case Study of Internet Content Filtering Within Iran.” Journal of Information, Communication & Ethics in Society 8, no. 1 (March 2010): 57.

Storm, Darlene. “Gauss Malware: Nation-state Cyber-espionage Banking Trojan Related to Flame, Stuxnet.” Computerworld, August 9, 2012. http://blogs.computerworld.com/security/20816/gauss-malware-nation-state-cyber-espionage-banking-trojan-related-flame-stuxnet.

The White House. “National Security Strategy of the United States,” May 2010. , http://www.whitehouse.gov/sites/default/!les/rss_viewer/ national_security_strategy.pdf.

Warkentin, Craig. Reshaping World Politics: NGOs, the Internet, and Global Civil Society. Lanham MD: Rowman & Littlefield Publishers, 2001.

Weiss, Philip F. “Protecting a Right to Access Internet Content: The Feasibility of Judicial Enforcement in a Non-Neutral Network.” Brooklyn Law Review 77 (October 1, 2011): 383.

York, Jillian. “More Than Half a Billion Internet Users Are Being Filtered Worldwide.” OpenNet Initiative, January 19, 2010. http://opennet.net/blog/2010/01/more-halfa- billion-internet-users-are-being-filtered-worldwide.

Zetter, Kim. “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History.” Wired.com. Threat Level, July 11, 2011. http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/.

———. “Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers.” Wired.com. Threat Level, May 28, 2012. http://www.wired.com/threatlevel/2012/05/flame/.

40

———. “Son of Stuxnet Found in the Wild on Systems in Europe.” Wired.com. Threat Level, October 18, 2011. http://www.wired.com/threatlevel/2011/10/son-of-stuxnet-in-the-wild/.

———. “Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon.” Wired.com. Threat Level, February 26, 2013. http://www.wired.com/threatlevel/2013/02/new-stuxnet-variant-found/.

Ziccardi, Giovanni. Resistance, Liberation Technology and Human Rights in the Digital Age. Law, Governance and Technology Series 7. Dordrecht: Springer, 2013.

Zysman, John, and Abraham Newman. “The State in the Digital Economy.” In The State after Statism: New State Activities in the Age of Liberalization, edited by Jonah D. Levy, 211–300. Cambridge, Mass: Harvard University Press, 2006.