Protecting the privacy of their online communications is one of the main concerns of Iranian users. For over a decade, human rights defenders, activists, ethnic and religious minority rights leaders, students and journalists have been routinely targeted for hacking attacks by Iran’s security and intelligence organizations, especially Iran’s Revolutionary Guards Corps (IRGC).
Such attacks have never been followed by any explanations by Iran’s internet authorities or Iran’s Cyber Police (FATA)—even when such hacking attacks were against (reformist and centrist) state officials, and, more recently, members of President Rouhani’s own cabinet such as former Vice President for Women and Family Affairs Shahindokht Mowlaverdi.
Iranian authorities have never taken any effective steps, whether by legislative or judicial means, to protect user security and privacy, despite the fact that they are obligated to do so under international covenants it has signed such as the International Covenant on Civil and Political Rights (ICCPR) and under Article 25 of the Iranian constitution which forbids all forms of covert investigation.
With the development of the NIN by Iranian state organizations, which can provide the country’s intelligence and judicial organizations with full access to online communications for domestic applications/services, the concern is greater than ever. In an environment where regulatory and judicial oversight limiting state access to citizens’ online communications are not present, state-sponsored surveillance and hacking of online communications presents users with profound risks.