Deep-Packet Inspection in U.S. Scrutinized Following Iran Surveillance
By Kim Zetter June 29, 2009 | 6:54 pm | Categories: Surveillance, privacy
Following a report last week that Iran is spying on domestic internet users with western-supplied technology, advocacy groups are pressuring federal lawmakers to scrutinize the use of the same technology in the U.S.
The Open Internet Coalition sent a letter to all members of the House and Senate urging them to launch hearings aimed at examining and possibly regulating the so-called deep-packet inspection technology.
Two senators also announced plans to introduce a bill that would bar foreign companies that sell IT technology to Iran from obtaining U.S. government contracts, legislation that is clearly aimed at the two European companies that reportedly sold the equipment to Iran.
The Wall Street Journal reported last week that Nokia Siemens Networks, a joint venture between Germany’s Siemens and Finland’s Nokia, recently gave Iran deep-packet inspection equipment that would allow the government to spy on internet users.
According to the Journal, Iranian officials have used deep-packet surveillance to snoop on the content of e-mail, VoIP calls and other online communication as well as track users’ other online activity, such as uploading videos to YouTube. Iranian officials are said to be using it to monitor activists engaged in protests over the country’s recent disputed presidential election, though the Journal said it couldn’t confirm whether Iran was using the Nokia Siemens Networks equipment for this purpose or equipment from another maker.
Nokia Siemens has denied that it provided Iran with such technology.
But similar technology is being installed at ISPs in the U.S.
It spurred extensive controversy last year when Charter Communications, one of the country’s largest ISPs, announced that it planned to use deep-packet inspection to spy on broadband customers to help advertisers deliver targeted ads.
The plan sparked a backlash and heated congressional hearings. Publicity about the issue died down, however, after Charter retreated from its plan, and Congress moved on to other matters. But deep-packet inspection didn’t go away.
ISPs insist they need it to help combat spam and malware. But the technology is ripe for abuse, not only by ISPs but also by the U.S. government, which could force providers to retain and hand over data they collect about users.
In its letter to lawmakers (.pdf) urging them to investigate the technology, the Open Internet Coalition delicately avoided placing the U.S. government in the same category as Iran by not mentioning possible U.S. government abuses of the technology.
“We do not believe U.S. network owners intend to interfere with political communications in the way the Iranian government is doing, but the control technologies they are deploying on the internet carry the same enormous power,” the Coalition writes. “And, whether an inspection system is used to disrupt political speech or achieve commercial purposes, both require the same level of total surveillance of all communications between end-users and the internet.”
At a House subcommittee hearing this year to examine the technology, Rep. Rick Boucher (D-Virginia) also expressed alarm.
“The thought that a network operator could track a user’s every move on the Internet, record the details of every search and read every e-mail or attached document is alarming,” he said.
With regard to the sale of the technology to Iran, Sens. Charles E. Schumer (D-New York) and Lindsey Graham (R-South Carolina) attempted to address the Nokie Siemens issue with a bill that would prevent foreign companies selling sensitive technology to Iran from either obtaining new government contracts or renewing existing ones, unless they halt their exports to Iran.
According to NextGov, Nokia did more than $10 million in business with the U.S. government between 2000 and 2008; Siemens has nearly 2,000 U.S. government contracts and obtained $250 million in U.S. government contracts this year alone. Nokia Siemens Networks currently has more than $5 million in U.S. government contracts.
Neither Schumer nor Graham mentioned how such a law would be enforced if foreign companies used proxies to sell their products to Iran to circumvent the regulation.
The U.S. government embargo against U.S. companies selling to Iran is one of the tightest. The embargo currently prevents any U.S. individual or company from obtaining a license to sell goods and technologies to Iran that could be used for, among other things, missile proliferation purposes, chemical and biological warfare proliferation, human rights and crime control. The embargo, however, has done little to prevent Iran from obtaining U.S. technology anyway.
In the meantime, consumers called for a boycott of Nokia and Siemens products. And Hands Across the Mideast Support Alliance (HAMSA) has organized a writing campaign urging users to send a protest letter to Nokia. According to the organization’s site, nearly 4,000 people have acknowledged sending the letter so far.
http://www.wired.com/threatlevel/2009/06/deep-packet-inspection/
By Kim Zetter June 29, 2009 | 6:54 pm | Categories: Surveillance, privacy
Following a report last week that Iran is spying on domestic internet users with western-supplied technology, advocacy groups are pressuring federal lawmakers to scrutinize the use of the same technology in the U.S.
The Open Internet Coalition sent a letter to all members of the House and Senate urging them to launch hearings aimed at examining and possibly regulating the so-called deep-packet inspection technology.
Two senators also announced plans to introduce a bill that would bar foreign companies that sell IT technology to Iran from obtaining U.S. government contracts, legislation that is clearly aimed at the two European companies that reportedly sold the equipment to Iran.
The Wall Street Journal reported last week that Nokia Siemens Networks, a joint venture between Germany’s Siemens and Finland’s Nokia, recently gave Iran deep-packet inspection equipment that would allow the government to spy on internet users.
According to the Journal, Iranian officials have used deep-packet surveillance to snoop on the content of e-mail, VoIP calls and other online communication as well as track users’ other online activity, such as uploading videos to YouTube. Iranian officials are said to be using it to monitor activists engaged in protests over the country’s recent disputed presidential election, though the Journal said it couldn’t confirm whether Iran was using the Nokia Siemens Networks equipment for this purpose or equipment from another maker.
Nokia Siemens has denied that it provided Iran with such technology.
But similar technology is being installed at ISPs in the U.S.
It spurred extensive controversy last year when Charter Communications, one of the country’s largest ISPs, announced that it planned to use deep-packet inspection to spy on broadband customers to help advertisers deliver targeted ads.
The plan sparked a backlash and heated congressional hearings. Publicity about the issue died down, however, after Charter retreated from its plan, and Congress moved on to other matters. But deep-packet inspection didn’t go away.
ISPs insist they need it to help combat spam and malware. But the technology is ripe for abuse, not only by ISPs but also by the U.S. government, which could force providers to retain and hand over data they collect about users.
In its letter to lawmakers (.pdf) urging them to investigate the technology, the Open Internet Coalition delicately avoided placing the U.S. government in the same category as Iran by not mentioning possible U.S. government abuses of the technology.
“We do not believe U.S. network owners intend to interfere with political communications in the way the Iranian government is doing, but the control technologies they are deploying on the internet carry the same enormous power,” the Coalition writes. “And, whether an inspection system is used to disrupt political speech or achieve commercial purposes, both require the same level of total surveillance of all communications between end-users and the internet.”
At a House subcommittee hearing this year to examine the technology, Rep. Rick Boucher (D-Virginia) also expressed alarm.
“The thought that a network operator could track a user’s every move on the Internet, record the details of every search and read every e-mail or attached document is alarming,” he said.
With regard to the sale of the technology to Iran, Sens. Charles E. Schumer (D-New York) and Lindsey Graham (R-South Carolina) attempted to address the Nokie Siemens issue with a bill that would prevent foreign companies selling sensitive technology to Iran from either obtaining new government contracts or renewing existing ones, unless they halt their exports to Iran.
According to NextGov, Nokia did more than $10 million in business with the U.S. government between 2000 and 2008; Siemens has nearly 2,000 U.S. government contracts and obtained $250 million in U.S. government contracts this year alone. Nokia Siemens Networks currently has more than $5 million in U.S. government contracts.
Neither Schumer nor Graham mentioned how such a law would be enforced if foreign companies used proxies to sell their products to Iran to circumvent the regulation.
The U.S. government embargo against U.S. companies selling to Iran is one of the tightest. The embargo currently prevents any U.S. individual or company from obtaining a license to sell goods and technologies to Iran that could be used for, among other things, missile proliferation purposes, chemical and biological warfare proliferation, human rights and crime control. The embargo, however, has done little to prevent Iran from obtaining U.S. technology anyway.
In the meantime, consumers called for a boycott of Nokia and Siemens products. And Hands Across the Mideast Support Alliance (HAMSA) has organized a writing campaign urging users to send a protest letter to Nokia. According to the organization’s site, nearly 4,000 people have acknowledged sending the letter so far.
http://www.wired.com/threatlevel/2009/06/deep-packet-inspection/