A little while ago, the OpenNet Initiative produced a report on censorware used by the government of Iran, exposing that Iran used SmartFilter censorware. I've stayed out of the ensuing controversy, since given the history of (Secure Computing PR flack) David Burt's tactics, I'm more than happy that Harvard people get to tangle with him in pure unalloyed form. But since the issue has settled down now, I'll summarize and add some references that won't be found anywhere else.
A US company selling censorware to a totalitarian government is not a legal problem in itself. However, selling to Iran in specific is problematic. So I will quote the company line:
"We sell to ISPs where the law allows. It's really up the customer how they use our software."
"Secure Computing has sold no licenses to any entity in Iran, and any use of Secure's software by an ISP in Iran has been without Secure Computing's consent and is in violation of Secure Computing's End User License Agreement. We have been made aware of ISPs in Iran making illegal and unauthorized attempts to use of our software. Secure Computing is actively taking steps to stop this illegal use of our products. Secure Computing Corporation is fully committed to complying with the export laws, policies and regulations of the United States. It is Secure Computing's policy that strict compliance with all laws and regulations concerning the export and re-export of our products and/or technical information is required. Unless authorized by the U.S. Government, Secure Computing Corporation prohibits export and reexport of Secure products, software, services, and technology to Iran and destinations subject to U.S. embargoes or trade sanctions."
... ONI responds with:
"The statement does not address whether automatic updates to block lists routinely made available to SmartFilter users by Secure Computing have also been made available to Iranian ISPs, nor does it address the extent to which the adoption of SmartFilter and its updated block list for "non-profit and advocacy organizations" by additional governments (such as Saudi Arabia; see OpenNet Initiative, Internet Filtering in Saudi Arabia in 2004, available at http://www.opennetinitiative.net/studies/saudi/) is part of Secure Computing's market."
David Burt, public relations manager for SC, provides [a] statement on the charge:
1) We block update requests from IP addresses that we know originate in Iran.
2) We sell to ISPs all over the world, including the Middle East. Like most Internet security companies, we do not disclose our customer list.
Now, in order to evaluate the likelihood of any truth in the censorware company's statements, it's helpful to have a historical perspective. Such as an archived front page of Censorware Project discussing a Secure Computing press release:
This was a lie. Secure Computing then issued a misleading press release with that same lie, which prompted us to take action.
Which had a Slashdot article also in defense (gee, isn't it interesting when Slashdot's front page is used to publicly call people liars to help defend someone's report?)
Anyway, while it may be technically an ad-hominem argument, I think the evidence as to credibility is clear. Though these days, there's not much I can do about it.By Seth Finkelstein | posted in censorware | on July 11, 2005 09:46 AM (Infothought permalink)