The Net Delusion - Evgeny Morozov [115]
American diplomats eventually realized that the current sanctions regime “is having an unintended chilling effect on the ability of companies such as Microsoft and Google to continue providing essential communications tools to ordinary Iranians,” as a State Department representative put it in a letter sent to the Senate six months after the Iranian protests. In March 2010 the Treasury agreed to make limited amendments to its regulations, allowing the export of “publicly-available mass market online services ... incident to the exchange of personal communications over the Internet” to Iran (Cuban and Sudanese sanctions were also amended accordingly). These amendments, however, don’t extend to the export of most censorship-circumvention software, meaning that Iranians still face legal hurtles when they want to break through the firewalls that American policymakers so badly want them to pierce.
A Dollar in a Haystack
This doesn’t mean that it’s impossible to get such tools to Iran legally: One can ask the U.S. government for an export license. Not surprisingly, some of the tools that make it to Iran are backed by people and organizations that are more successful in pressuring the U.S. government into granting them such a license. Thus, it’s those who have the best resources—lawyers, publicists, and lobbyists—rather than the best technologists who are most likely to see their products used by Iranians.
In March 2010, after a publicity-heavy campaign in the media, a technology called Haystack was granted one such license. Haystack came out of nowhere during the Iranian protests in 2009. It was founded by two twenty-something American techies with no ties to Iran. They got mesmerized by the pictures coming out of Tehran and wanted to help by finding a way to give Iranians access to banned websites. Thus, they designed Haystack—a technology that would not only pierce through the firewalls but would also make it seem as if its users were browsing innocuous sites like weather.com. Austin Heap, the public face of Haystack who quickly became a media darling, kept boasting that his software was not only very effective but also perfectly secure.
Such claims were impossible to verify, as no one could evaluate Haystack: Its website contained several “Donate!” buttons but had no link to download the actual software. Haystack’s founders claimed this was on purpose: They simply did not want to let the Iranian government reverse-engineer their software before anyone in Iran actually got a chance to use it.
This seemed like a good enough explanation to the media—and Haystack continued receiving glowing coverage in the International Herald Tribune, NPR, Christian Science Monitor, and BBC News (in March 2010 The Guardian even proclaimed Austin Heap to be “Innovator of the Year”). In August 2010 Newsweek published an approving profile of Haystack in which its founder got most of the limelight. “Tomorrow I meet with [Sens. John] McCain, [Bob] Casey, maybe [Carl] Levin, but I don’t know if I will have enough time,” Austin Heap told Newsweek.
Many experts in the technology community were getting increasingly skeptical: If Haystack was, indeed, so good, why wouldn’t its founders let anyone find flaws in it? Given that it was meant to be used by Iranian dissidents, such concerns were justified.
Soon enough, the outlandish claims made by Haystack’s founders angered some of the Iranians that had originally been recruited to test Haystack in the country—and they leaked a copy of Haystack to independent third-party testers. A few hours of testing revealed that using Haystack in Iran was extremely unsafe, as the software left digital traces that the Iranian government could use to identify its users. As it turned