The following is a guest post by Chris Markman, Academic Technology Specialist at Clark University, where he presses the "fast-forward button" on Hacker Conference videos to give you a summary of the talk in a condensed format, with direct links to resources mentioned in the talk. New posts are available each month in the Security Matters blog column.
Mobile Censorship in Iran is a 30-minute presentation by Mahsa Alimardani (@maasalan), a security researcher, activist, and recent graduate from the University of Amsterdam. It was presented at the 2015 Chaos Computer Club (CCC) in Germany. There are a few versions of this talk floating around the web* (e.g., the version on the CCC website has dubbed German audio, but the original English version is available in the YouTube version above).
If you are not familiar with Iranian Internet censorship, the first five minutes of this talk provides an interesting overview of the impact this issue has had on technology users in Iran. Mahsa reports many Iranians now call it the #filternet rather than the Internet, and everyone is painfully aware of this censorship due to slow download speeds. At minute 7 we get a history of Iranian Internet censorship going back to 2001, including its influence on events like the Arab Spring.
Around the 12-minute mark, Mahsa begins to name specific mobile applications like Facebook and Instagram and how they are impacted by censorship. She covers not just the difficulty the Iranian government had in filtering this content initially but also the creation of state-sponsored and/or allegedly state-sponsored "clone" or "imitation" apps that offer the same features but are widely known to be monitored by the Iranian government (and as a result have a much smaller number of installations on mobile devices).
Minute 20 references a survey by the Small Media foundation that showed that most Iranian Internet users either knew their apps were not secure (and did not care) or had no idea—in either case, security was reported as a low priority. During the Q&A section Mahsa makes an interesting point about this perception: while many Iranian Internet users may be concerned about physical security of their electronics, i.e., data at rest, one of the major barriers in creating a "culture of digital security" in Iran is instilling the notion of data in transit, and how security concerns differ between the two.
From an IT security perspective in the United States, it is interesting to note the parallels in organizational "digital security culture" regarding the ongoing Apple-FBI iPhone encryption debate. Do our end users fully understand that without end-to-end encryption, their smartphone encryption is not as important as they think? Or is this perhaps a result of device encryption appearing to be more "real" than other forms of encryption because it's something people can hold in their hands—the complete opposite of the inherently ethereal nature of satellite and Wi-Fi communication?
*As a side note, the CCC has an interesting blog post about this issue where they highlight some of the reasons why this is a problem for the organization and the mitigation steps they have taken to help fix it. Despite this, it is still very easy to find "rogue" videos of this and many hacker conferences. If you're looking for a one-stop shop for this type of content, Archive.org has a great collection, but the best place to go (when available) is, of course, the conference website.
Chris Markman has been blogging about technology since 2008, first as a volunteer for the Participatory Culture Foundation and later as an MSLIS student at Simmons College and MSIT student at Clark University. Prior to joining the Academic Technology Services team at Clark University in 2014, he managed a film and music library in the Visual and Performing Arts department. Markman is a member of the New England Archivists professional group and several artist collectives in the city of Worcester, Massachusetts.
© 2016 Christopher Markman. This EDUCAUSE Review article is licensed under the Creative Commons BY-NC-SA 4.0 International license.