A confidential source sent the online news organization, The Intercept, a series of internal documents and communications providing details on what appear to be plans to develop and launch an Iranian mobile network, including subscriber management operations and services, and integration with a legal intercept solution. Some of this communication included representatives of the Communications Regulatory Authority of Iran (CRA). In October 2022, The Intercept shared this material with Citizen Lab researchers for analysis. The following report provides a summary of our analysis of this material and discusses its wider implications.
Key Findings Iran CRA regulations state that all telecom operators in Iran must provide the CRA with direct access to their system for retrieving user information and changing their services. Justified under its own broadly defined “Legal Intercept” provisions, the CRA aims to use this sophisticated system to store user information, allow or deny a user’s access to mobile services, and view historical voice, SMS, and data usage. The CRA’s Legal Intercept system uses APIs to integrate directly into mobile service providers’ operational systems, including acquiring detailed data on service ordering, service fulfillment, and billing history stored in the service provider data warehouse. Any new, termination, or change request for a user’s SIM card must be validated by the CRA, using the API from the mobile provider to request approval from the CRA prior to enacting the change. This type of state-sponsored system used to directly manage the operations of independent mobile networks in a country is extremely
Read more