Apr

21

OFAC Licenses Exports of Anti-Censorship Software to Iran

Posted by at 10:27 pm on April 21, 2010
Category: Iran Sanctions

Iranian Web CensorshipLast week the Censorship Research Center issued a press release announcing that the Office of Foreign Assets Control (“OFAC”) issued a license authorizing the export of the Center’s Haystack software to Iran. That software permits Internet surfers in Iran to circumvent controls by the Iranian government which prohibit access to certain Internet sites within Iran.

The software functions by using encryption to hide an Iranian user’s connection to Haystack’s servers by encrypting the communications with that server within innocuous communications to unblocked sites. According to Haystack, the only way for Iran to counter Haystack would be to block all Internet access.

Two things are interesting here. First, the issuance of this specific license indicates that the general license issued by OFAC back in March for “software incident to the exchange of personal communications over the Internet” is not unlimited. The Haystack software is not personal communications software although it does enable other personal communications software to operate in Iran.

Second, although the exact strength or method of encryption isn’t revealed, it has to be assumed to be fairly strong. The company describes its encryption as follows:

even if our methods were compromised, our users’ communications would be secure. We use state-of-the-art elliptic curve cryptography to ensure that these communications cannot be read. This cryptography is strong enough that the NSA trusts it to secure top-secret data, and we consider our users’ privacy to be just as important.

Chances are good based on this description that export of this software to private end-users in countries other than Iran would have required filing a request for review with the Department of Commerce and, potentially, a waiting period prior to export. The authorization of this export indicates that the current administration believes that facilitation of internet communication in Iran is sufficient to override concerns that would otherwise be present due to the software’s use of encryption.

Permalink

Bookmark and Share

Copyright © 2010 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

2 Comments:

I think you are right on the money about this one…although it did take them 10 months to formulate the belief that authorization was more important than concerns regarding the software’s encryption technology.

I do believe the floodgates have been opened and a number of software developers will now be applying to export this type of technology to Iran. I say this due to the number of calls and emails I received since the CRC press release last week. Other software developers (to remain nameless) have asked me where they can look up to see if Haystack actually obtained the specific license and what the authorization actually entails.

This press release seems to have created a lot of buzz. Perhaps a large amount of applications for authorization to export similar technology will lead OFAC to consider amending the last month’s general license regarding personal software communications to include the export of technologies similar to Haystack?

Seems unlikely, but from what I’m hearing there is a lot of interest in OFAC’s decision to authorize the export of Haystack.

Comment by Erich Ferrari on April 22nd, 2010 @ 3:18 pm

Perhaps those with an interest should FOIA OFAC.

Comment by Hillbilly on April 23rd, 2010 @ 2:37 pm