To the Rouhani administration
- The Rouhani administration should pledge not to cut off or disrupt in any way Iranians’ access to the global internet, and it should not allow its Ministry of Communications and Information Technology (hereafter referred to as the Ministry of Communications) to implement any disruption to such access for any reason.
- The Ministry of Telecommunications should publish the conditions under
which security agencies may access users’ online information and the explicit requirement that this be done only in accordance with these conditions and the law, and pledge not to honor any request for access to Iranian users’ accounts by the judiciary or intelligence and security organizations that violates these rules and regulations.
- In line with net neutrality principles, the Ministry of Telecommunications should allow internet traffic to flow without discrimination, restriction or interference, regardless of the sender, receiver or type of content, in order to ensure users’ freedom of choice, and it should end the discriminatory practice of selectively applying higher speeds and lower fees to domestic websites on Iran’s National Information Network.
- The administration should submit a bill to Parliament bringing these net neutrality principles into Iran’s body of law, giving permanence to them so they are not dependent on the proclivities of individual administrations.
- The administration should introduce a bill to Parliament protecting online communications between citizens on national and international networks, and clarify and codify the prohibition of unlawful access by judicial and intelligence agencies.
- The Ministry of Telecommunications should stop implementing the filtering of websites, online services and applications that provide encryption by default, which are used to safeguard online privacy worldwide.
- The Ministry of Telecommunications should stop implementing the filtering of online content that violates international standards of freedom of speech, as delineated by the International Covenant on Civil and Political Rights (ICCPR), of which Iran is a signatory, including websites engaged in news, education, services, culture, sports or belonging to political opponents and critics and their followers inside Iran; and it should make a determined effort to remove filters on social media networks which have been unlawfully blocked in Iran, such as Twitter, Facebook and YouTube.
- The Ministry of Telecommunications should stop implementing the filtering of content based on key words searches in Iran’s national search engines that violate ICCPR rights, and it should stop sending users to fabricated sites designed to deliver false and defamatory content.
- The administration should introduce a bill to Parliament codifying the above filtering regulations and prohibiting the deletion of content from websites.
To the Iranian Parliament
- The Iranian Parliament should pass legislation supporting and protecting online personal privacy from unauthorized state access and observing the principles of net neutrality.
- Parliament should rescind the aspects of Iran’s Law on Computer Crimes that violate citizens’ right to freedom of expression, specifically articles H and T which list various examples of criminal content, as these articles violate the ICCPR’s right to free speech.
- The Law on Computer Crimes should be revised so as to guarantee that no individual or state agency would have the right to use the country’s communications infrastructure to intercept messages containing password verification information.
To the Iranian judiciary
- The Law on Cyber Crimes, passed by Parliament in 2009, does not protect civil rights and individual privacy. Its vague language gives judicial and security agencies an open hand to violate the privacy of individuals. Legislators should revise the
law to ensure compliance with domestic laws and international commitments guaranteeing privacy.
- The judiciary should publish a list of clear and specific rules and regulations regarding state access to accounts.
- The judiciary should not request, pressure or in any way use its authority to enable or approve unlawful state access to accounts.
The UN and the Special Rapporteurs
- The United Nations should continue to hold Iranian officials responsible for hacking conducted by state agencies with access to the country’s communications infrastructure, by issuing public statements condemning such activities, incorporating relevant documentation in their reports, and directly calling for the cessation of such activities in public forums and in private dialogue with Iranian officials.
- The UN special rapporteur on the situation of human rights in Iran and the UN special rapporteur on the right to freedom of opinion and expression should include in their reports instances of Iranian state violations of freedom of expression, the right to access information and the right to privacy, and other violation of rights in online communications in Iran.
- The UN special rapporteurs on human rights in Iran and on freedom of expression should investigate the role of any company selling advanced equipment to Iranian state agencies engaged in surveillance against civil and political activists. As long as there are no guarantees for the protection of citizens’ rights, such sales could result in serious violations of the right to privacy of Iranian citizens.
To member states
- Member states of the UN, in particular, members of the European Union that are engaged with Iran on building diplomatic and business relationships, should express their concerns directly to their Iranian counterparts regarding violations of internet access and privacy in Iran, and express clearly and forcefully the unacceptability of state-sponsored hacking of Iranians’ accounts who are living abroad in those countries.
To technology companies
- Technology companies should remove restrictions on the sale and/or download of personal communication tools, services and products, allowing Iranian citizens’ full access to the latest technologies to protect online access, privacy and security.
- Technology companies should assure their Iranian users that they will take no action that will compromise their online privacy, for example, they will not place their servers or user data inside Iran, regardless of requests by the Iranian government.
- Technology companies active in Iran should inform the public through accessible, detailed and transparent reports of any agreements they make with the Iranian government that may potentially affect internet access or privacy in Iran.
- Technology companies should refuse to agree to any demands made by the Iranian government for online censorship that violate Iranians’ fundamental right to freedom of speech.
To internet freedom organizations
- Internet freedom organizations should create Farsi-language channels to communicate directly with the Iranian citizenry (for example, via Telegram or Twitter accounts) to deliver information on: tools and services to circumvent state filtering and facilitate internet access, privacy and security; tools and methods of state- sponsored hacking in Iran to facilitate more effective preventative and protective measures; and on the development of customized tools to protect Iranians’ security and privacy.