Oct

21

On the Internet You Can Be From Anywhere You Want


Posted by at 8:59 pm on October 21, 2008
Category: Iran SanctionsSyria

Syrian Flag and Chrome IconCountry-based sanctions start to get leaky in the age of the Internet. How does a software download service know whether or not it’s providing a service to an individual in a sanctioned country?

A blogger at PBS’s Mediashift Blog notes that Google has blocked downloads of its new browser Chrome, as well as other Google programs, to residents of Syria and Iran. Well, sorta:

Iranian blogger, Hamid Tehrani, who edits the Iran section for Global Voices, [reports] that Chrome is blocked, along with other Google downloads, in Iran. But it’s relatively easy for Iranian users to get around this obstacle. [Another Iranian blogger reported] in an email (from his Gmail account) that he is still able to access Google services by using a proxy.

“Currently, we are using all of the search engines and portals without any restriction, using the latest versions of Google Earth, Chrome, GTalk and any other downloadable product,” he said. In addition to helping users get around government filtering and censorship, proxies and anonymizers can also fool Google’s servers into thinking that the downloads were going elsewhere rather than to users in Iran.

What’s going on here is that normally each user is assigned an IP address that identifies the user as he or she surfs the Internet. IP addresses are assigned, in part, based on geographical location, and there are blocks of IP addresses that would identify an Internet surfer as Iranian or Syrian (or French, etc.) Google has, apparently, blocked downloads from users with IP addresses allocated to sanctioned countries. An open proxy server, however, can be used by most browsers to connect to the Internet, thereby making the user appear to be coming from the country in which that proxy server is located rather than from the country in which the user is actually located.

The article reports that other web-based service providers have taken alternate approaches to dealing with U.S. sanctions.

Although Yahoo removed Iran from the drop-down list, Iranians were still using Yahoo services, according to Kourosh Ziabari, an Iranian journalist and blogger who wrote about the issue for the citizen journalism site OhMyNews.

“[Iranians are using] Yahoo services, downloading new versions of Messenger, using the different web site parts but not finding the name of their country in the sign-up list,” Ziabari wrote. “In fact, if an Iranian user wanted to sign up for a new account in Yahoo mail, he should have selected the name of the other countries, and then he would proceed.”

Although removing Iran, Cuba, Syria and other sanctioned countries from drop-down lists is certainly a good idea to demonstrate compliance with U.S. economic sanctions, it can hardly be considered sufficient. Websites that provide web services, such as downloads, should also capture IP addresses in order to determine whether a web-based customer is coming from sanctioned country. Arguably, websites that sell non-virtual products (you know, computers, GPS equipment, bricks, etc.) should also capture those addresses. A web-based order from Iran for a shipment to the UAE is a bit of a red flag, n’est-ce pas?

But given the ease of using proxy servers, should websites do more to implement U.S. sanctions? Should Google (and other browser providers) put “kill switches” in downloadable software that would make a direct connection to the Internet, “call home,” and then shut the program down if the home servers indicated the verification connection was coming from a sanctioned country? Or should the program require activation using a code sent to an email address other than a web-based email address? Any other ideas? Or is this just a losing battle that should be abandoned?

Permalink

Bookmark and Share

Copyright © 2008 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)


7 Comments:


Why should they block access? Information, not just informational materials, are excluded from OFAC and BIS authority unless controlled under Section 5 or 6 of the long expired Export Administration Act.

Comment by Mike Deal on October 22nd, 2008 @ 1:05 pm

Mike, I knew you would jump in with that! I agree with you that OFAC’s narrow interpretation of the Berman Amendment is on shaky ground, but it is what it is and some companies may prefer to abide by OFAC’s interpretation rather than fight it.

Comment by Clif Burns on October 22nd, 2008 @ 1:40 pm

What about the prohibition on providing “services” to Iran? Allowing an Iranian to access Google Earth, Gmail, Yahoo, any other web service, etc. may be interpreted as providing “services” to Iran which is prohibited under the Iranian Transactions Regulations. Any thoughts?

Comment by jd on October 22nd, 2008 @ 1:46 pm

If the “service” is the provision of information then its exempted under the Berman Amendment. The glitch here is the provision of information in an interactive fashion. OFAC thinks, arguably incorrectly, that interactive provision of information isn’t covered by the Berman Amendment and thus is a prohibited provision of service.

Comment by Clif Burns on October 22nd, 2008 @ 1:57 pm

Intrestingly, MediaShift’s article says the following,

“After getting error messages while trying to download Google Talk, Gmail Notifier, and Chrome, Allaou wrote that he “figured out 100% that Google censored Syria from taking advantage of their programs.”

Allaou, please see URL and scroll to country list for supported telecom providers in: Syria, Sudan, and Cuba for “Calendar”.

http://www.google.com/support/calendar/bin/answer.py?answer=37226&topic=15302#S

Comment by SW on October 22nd, 2008 @ 3:26 pm

OFAC’s notion that information that qualifies under the Berman Amendment as amended by the Free Trade in Ideas Act must already be in existence is contrary to the explicit language of the conference report that accompanied the Free Trade in Ideas Act which explicitly rebuked OFAC’s narrow interpretation of the Berman Amendment.

OFAC is a rogue operation, disinterested in following the law. Given some case law that recognized that state government agencies could be considered to be racketeer controlled enterprises, there is at least a cognizable argument that OFAC is a RICO enterprise and that its operators are subject to RICO liability.

Comment by Mike Deal on October 26th, 2008 @ 9:23 am

Earlier this year, Charles Schwab Bank froze my account (refused to honor checks, and refused to accept deposits, both paper and electronic) after I tried to check my balance on their Web site from a Syrian IP address.

It was some time before I found out what had happened. (Schwab claims they mailed a snail-mail notice to my home address in the USA, even though I hadn’t bene home in months and receive my statements electronically.) Only after I had left Syria (which Schwab “verfied’ by calling me at a Turkish land-line telephone number, which of course could have been forwarded to anywhere) was I able to get the acocunt unfrozen. I still haven’t been able to get them to notify credit bureaus that my transactions were blocked in error.

Any advice on what laws they might have violated by doing this, or what recourse I might have. (Complaint to the Comptroller of the Currency, perhaps?)

I had notifed Schwab in advance of my intent to travel to Syria. I had read their customer disclosures, whihc make no mention of any sanctions by Schwab except those *required* by OFAC regulations, whihc this clearly wasn’t. I had gone to considerable lengths to avoid having any financial dealings with the government of Syria or government-owned entities (or any other “specially designated nationals” in Syria). And I had been able to withdraw funds from an ATM in Syria (of a private, non-Syrian — I was later told they route transactions via a private line to Lebanon, although my Schwab Bank statement correctly showed the address of the ATM in Syria) without incident.

Comment by Edward Hasbrouck on December 13th, 2008 @ 7:47 pm