What more can be said about the Internet's role in the popular uprising that has shaken the Iranian regime since its widely contested election?
The power of open social networks is undisputed. The Internet's three favorite offspring -- Twitter, Facebook and YouTube -- have been heralded by mainstream media as flag-bearers for a new era of citizen journalism and activism.
But the open Internet's power cuts both ways: The tools that connect, organize and empower people can also be used to hunt them down. The companies that profit from sales of this technology need to be held to a higher standard.
Of particular concern is the use -- and easy abuse -- of Deep Packet Inspection. DPI is a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers on the information superhighway.
'Lawful Intercepts' in Lawless Regimes
European and North American companies are selling DPI to enable their business customers "to see, manage and monetize individual flows to individual subscribers." But this "Internet-enhancing" technology has been sought out by regimes in Iran, China and Burma for more brutal purposes.
|Basij forces target computers during a June 14 midnight raid on Tehran University|
Nokia Siemens' attempts to dodge responsibility for Iran's reported abuse of their technology is typical corporate hand-washing.
"If you sell networks, you also, intrinsically, sell the capability to intercept any communication that runs over them," a Nokia Siemens spokesman told the Wall Street Journal. He added that the company "does have a choice about whether to do business in any country."
A Growth Industry
Had Nokia Siemens chosen not to sell spying technology to Iran, another global competitor likely would have taken its place. This list of DPI providers includes Zeugma Systems (Canada), Camiant (USA), Openet (Ireland), Procera Networks (USA), Allot (Israel), Ixia (USA), AdvancedIO (Canada), Arbor Networks (USA) and Sandvine (Canada), among others.
These companies typically partner with Internet Service Providers to insert DPI along the main arteries of the Web. (Sandvine, for example, just announced a "global distribution agreement" with -- you guessed it -- Nokia Siemens Network.) All Net traffic in and out of Iran travels through one portal -- the Telecommunications Company of Iran -- easing the use of DPI.
Yankee Group analysts assert that U.S. ISPs are currently deploying advanced DPI equipment, although many do not disclose it publicly. Through these secret arrangements both in the United States and abroad, the DPI industry is experiencing remarkable growth.
The Nature of the Beast
"A company has a nature. Its nature is to produce economic values and wealth for its shareholders," Professor Larry Lessig often says in lectures about corporate ethics and government corruption. "A tiger has a nature, and that nature is not one you trust with your child."
And naturally, the public shouldn't expect corporations to look out for our best interests. Public policy is designed for that role -- to make it profitable for corporations to behave in ways that don't harm the rest of us.
Similarly, the tech and communications companies that are selling content-sniffing tools to governments can't be trusted to safeguard against the horrific state crimes we've witnessed in Iran.
When network operators use Deep Packet Inspection, the privacy of Internet users is compromised. But in government hands, invasion of privacy can lead to human rights violations.
Setting the Bar High for DPI
"Internet Censorship is a real challenge, and not one any particular industry -- much less any single company -- can tackle on its own, " Rep. Mary Bono Mack wrote on Wednesday in a letter to Rep. Henry Waxman, chair of the House Commerce Committee. "Efforts to promote freedom of expression and to limit the impact of censorship require both private and public sector engagement."
Rep. Bono Mack's letter echoes Free Press' call on June 22 for a congressional inquiry into the issue. But this is just a start.
Before DPI becomes more widely deployed around the world and at home, the U.S. government ought to establish legitimate criteria for authorizing the use such control and surveillance technologies.
The harm to privacy and the power to control the Internet are so disturbing that the threshold for using DPI must be very high.
The use of DPI for commercial purposes would need to meet this high bar. But it is not clear that there is any commercial purpose that outweighs the potential harm to consumers and democracy.