When Iranians began protesting their government in late December, an ominous text message landed in some of their phones.
Their “presence at illegal gatherings” had been noted and they were under “intelligence monitoring,” the Iranian authorities texted them. “It is advised that you refrain from attending such illegal gatherings, which are desired by the enemy.”
Iran’s government most likely tracked the protesters through location data emitting from their phones, researchers later concluded. The move was part of a new phase by the authorities to combat opposition by tapping a vast digital surveillance infrastructure to track down dissenters who participated in the recent antigovernment demonstrations, according to human rights groups, researchers and documents.
Iran, like China, has some of the world’s most expansive known surveillance abilities. Technology to monitor mobile devices, apps and web traffic has been integrated throughout communications and internet networks, along with facial recognition and other tracking methods, according to groups that have studied Iran’s capabilities.
These digital surveillance abilities have received less attention than the internet blackouts that the government imposed during the violent crackdown to end the protests last month. But as authorities slowly restore some online access, they have detained people who were believed to have attended protests and subjected them to hours of interrogation based on facial recognition and phone data, according to accounts from Iranians and a government security official in the country.
Some people who posted on social media about the protests and other political topics have had their phone SIM cards suspended — effectively shutting off access to mobile networks — while others received warning phone calls and faced banking service interruptions, according to a report that was released this week by Holistic Resilience, a digital rights group focused on Iran.
The authorities’ hope was to hunt down the “leaders of the riots” and arrest them, according to the government security official, who declined to be identified.
“They can follow you to the streets,” said Mahdi Saremifar, a researcher with Holistic Resilience. “The government ends up with a long list of names of people. They can visit every single one of those people, maybe a month later or two months later.”
Iran began constructing its digital censorship and surveillance system around 2013. That was when the country’s internet and telecommunications infrastructure, known as the National Information Network, began being developed so that the government could more easily filter the internet and surveil people.
In the years since, censorship tools were used to block information and various online services, while surveillance systems let authorities identify and track opponents, according to researchers at Project Ainita, a group focused on Iran’s digital networks.
For the country’s 90 million people, access to the internet was managed like a drawbridge. While blocks were lifted for some services like Google search, global platforms including Instagram, Telegram, WhatsApp and YouTube were banned. In moments of political crisis, the government could also shut down the internet altogether, creating a digital blackout so people could not communicate and spread news of unrest.
Some Iranians have gone to great lengths to sidestep these controls, using services like Elon Musk’s Starlink satellite internet. But the government moved swiftly to plug holes. Iranians using Starlink now risk imprisonment or even the death penalty, according to rights groups.
Since about 2018, the Iranian government has also added a long menu of surveillance abilities such as “targeted spying, tracking and communication interception,” according to Holistic Resilience.
Spyware can be inserted on phones to record private messages and copy files. Security cameras that were installed across the country, including those owned by private property owners, share a live feed with the government. Other systems to evaluate people’s “lifestyle patterns” were also built.
Around 2019, the government created a centralized digital identity that links a citizen’s personal identity and his or her digital behavior, according to researchers. For access to national mobile networks, people must register their phone and SIM card identification numbers, making it easier to track their movements, connections and apps usage.
Another program, called SIAM, reported earlier by The Intercept, lets authorities log user behavior, track movements and slow down a target’s mobile data connection.
By blocking global services, Iran has funneled people toward domestic services that are more easily monitored. Activity on certain online services, including those for banking and commerce, is tied to a state registry.
“People in Iran know these platforms are used for interception and surveillance, but for some things you don’t have any other choice,” said Mr. Saremifar of Holistic Resilience.
Civil society groups and security researchers have raised alarms about the government’s secretly subverting digital tools that Iranians use to avoid censorship and surveillance.
In 2023, cybersecurity researchers identified fake virtual private networking apps, which disguise a person’s location. These apps contained spyware that could be used to log a person’s keystrokes and gain access to files stored on a device. More recently, apps posing as providers of Starlink internet service were also found to include spyware, according to cybersecurity researchers.
Iranian authorities have collaborated with other authoritarian governments, researchers found.
In 2023, Citizen Lab, a watchdog organization affiliated with the University of Toronto, reported that an Iranian telecom company, Ariantel, had consulted with a Russian tech provider, Protei, about tools for monitoring internet traffic and blocking access to certain websites. Chinese companies including Huawei and ZTE have given material and technical support to Iran since at least 2010 to enhance its surveillance and censorship capabilities, said Article 19, a digital rights group.
Iran’s surveillance techniques are far from perfect. During the recent protests, people in the country described being wrongly identified by facial recognition software and location data.
Iranian authorities have also deployed digital surveillance tools in other instances.
In the city of Isfahan last year, the police used devices known as ISMI catchers that trick phones into transmitting device identification numbers, according to researchers at Miaan, a digital security group focused on Iran. The information, which could be matched against telecom records and state registries, was used to identify and intimidate women who refused to wear a hijab.
Officers stationed around the city also used contactless card readers that could grab identifying data from people’s national ID cards as they walked by. Many women in Isfahan then received threatening text messages from the government about not wearing appropriate clothing, according to Miaan.
Adam Satariano is a technology correspondent for The Times, based in London.
The post Iran Turns to Digital Surveillance Tools to Track Down Protesters appeared first on New York Times.
