Digital Repression and the Future of Civil Resistance in Iran

Dr. Mehdi Rostami

The paradigmatic shift in the Islamic Republic of Iran’s digital governance between 2024 and 2026 indicates a transition from “reactive censorship” to “structural and preemptive authoritarianism.” This process, designed to achieve “absolute cyber sovereignty,” has moved beyond simple website blocking toward redesigning the National Information Network (NIN) architecture and leveraging Artificial Intelligence for biometric surveillance. In this framework, the internet is no longer defined as a public utility, but as a state privilege where access is classified based on social standing, political loyalty, and security imperatives. This policy document examines the technical, legal, economic, and social dimensions of this transformation and offers strategies for resistance.

1. The Architecture of Cyber Sovereignty: Anatomy of the National Information Network (NIN)

The National Information Network, referred to in official literature as “SHAMA,” is the backbone of the regime’s strategy to decouple domestic traffic from the global web. Unlike traditional filtering models, the NIN is a prioritized architecture that enforces control at the infrastructural layers.

• Layer 1: Management of International Gateways and BGP Protocol By 2026, Iran’s control over the internet reached maturity through the absolute centralization of international gateways under the management of the Telecommunication Infrastructure Company (TIC). A key tool in this layer is the use of “BGP Routing Protocol Withdrawal.” During the January 2026 blackout, major operators (MCI, Irancell, and TCI) effectively erased Iran’s IP addresses from the global routing table by removing their BGP routing announcements, turning the country into a “digital island.” This resulted in even Iranian government and banking websites facing “504 Gateway Timeout” errors from abroad—a conscious choice for absolute isolation.
• Layer 2: Deep Packet Inspection (DPI) and Protocol-Based Repression Utilizing DPI technology, largely supplied by Chinese firms like Huawei and ZTE, the state inspects data packet content in real-time. This system identifies not just content, but the “signatures” of VPN and tunneling protocols, leading to the disruption of TLS Handshakes. In 2026, the use of AI for “Traffic Fingerprinting” allows authorities to identify and block even encrypted traffic based on temporal and volumetric patterns.
• Layer 3: Internet Exchange Points (IXP) and Internal Monitoring The development of national IXPs ensures that internal traffic circulates without needing to leave the country. While this increases the speed of domestic services, it simultaneously creates “choke points” that facilitate centralized monitoring of citizen activities by security agencies. This structure allows the state to offer domestic traffic at a much cheaper rate (roughly one-third the price of global traffic) to incentivize users toward local platforms.

2. The New Legal Regime: From Cybercrime Law to Resolution 3.0

The technical infrastructure of repression is supported by a draconian legal framework aimed at criminalizing any independent online activity.

Resolution 3.0 of the Supreme Council of Cyberspace: Finalized in December 2025, this resolution grants unlimited authority to the state broadcaster (IRIB) and military institutions to manage cyberspace content.

• Article 12: Publishing any content deemed “fake news” or “disinformation” by the state carries a penalty of up to two years in prison and a permanent ban from media activities.
• Article 13: In crisis or wartime conditions (such as the June 2025 conflict), these penalties are elevated to “Grade 4,” potentially resulting in long-term imprisonment of up to 10 years.
• Article 14: For the first time, “Corruption on Earth” (Efsad-fel-Arz) is considered a charge for organizers of anti-government virtual activities, which can lead to a death sentence.

The new Cybercrime Law (2024) and its subsequent 2025 amendments have effectively abolished online anonymity. Internet cafes are required to record precise ID information, postal codes, and addresses visited by every user for six months. Furthermore, the use of any encryption tools that prevent authorized agencies from accessing data is criminalized under Article 10 of this law.

3. Biometric Surveillance and the Weaponization of AI

Iran has become one of the world’s most advanced laboratories for visual surveillance. The use of AI in street monitoring marks the transition from physical policing to “automated surveillance.”

• Smart City Projects and Tiandy: According to human rights reports, over 15 million surveillance cameras have been installed across 28 major Iranian cities, directly linked to the biometric database of the Smart National ID Card. The Chinese company Tiandy, which previously played a role in the repression of Uyghur Muslims, is the primary supplier of facial recognition systems and “smart interrogation chairs” for the IRGC. These systems can identify protesters or women opposing the mandatory hijab even in crowded environments and automatically issue warning SMS messages or court summons.
• IMSI Catchers and Mobile Tracking: In 2025, the use of IMSI Catcher technology to intercept mobile traffic was reported in Isfahan. By simulating cell towers, these devices capture the traffic of phones within their range, allowing authorities to monitor precise locations and unencrypted SMS content. This technology is specifically used to track women active in civil movements and to deconstruct local communication networks.

4. The Economy of Repression: Stakeholders and Architects of Isolation

Digital repression in Iran is a profitable project driven by a network of private-security firms and engineers loyal to the state ideology.

Key Figures and High-Level Institutions:

• Ali Aram (Deputy for IT at the Supreme National Security Council): Known as the chief architect of the “Whitelist” system. Through the Shahid Rezaei Research Institute at Sharif University, he recruits technical elites to develop VPN identification tools and internet shutdown infrastructure.
• Mohammad Amin Aghamiri (Secretary of the Supreme Council of Cyberspace): Responsible for converting technical orders into executive directives for operators and directly overseeing traffic monitoring layers.
• Seyed Mohsen Dehnavi: The legislative liaison who secures massive budgets for “Resistance Economy in Cyberspace” for digital blockade contractors.

Contractor Companies and Sanction Evasion:

• Dowran Group: Responsible for developing user interfaces (UI) for citizen monitoring and massive traffic databases.
• Jooya Dadvarz Group: Accused of importing over 300 advanced GPUs (such as NVIDIA H100) for use in security AI proejcts and exporting its expertise to Russia.
• Hossein Askar Tehrani (Oscar): Uses front companies in the UAE to supply sanctioned network equipment and exclusively manages unfiltered internet access for the regime elite.

5. Tiered Internet: The “Whitelist” Model and Digital Apartheid

In 2026, Iran fully transitioned to the “Whitelist” model. In this model, the global internet is blocked by default, and specific access is granted only based on social rank.

Three Tiers of Access in Tiered Internet:

1. Elite Access (White SIM Cards): Includes MPs, selected university professors, and official media journalists who have unfiltered access to YouTube and X.
2. Commercial Access (Cyber Freedom Areas): Zones in business centers and chambers of commerce where merchants can access global services for a limited time (e.g., 20 minutes a day) under direct supervision by providing their business cards and registering their device IPs.
3. General Public Access (NIN-Only): Limited access to the National Information Network and domestic platforms, accompanied by frequent global disconnects during peak protest hours.

This structure not only makes resistance difficult but also erodes the motivation for collective protest against filtering by granting “connectivity privileges” to reference groups.

6. Analytical History: Events of 2025 and 2026

Two major events in this period demonstrated the state’s capacity for digital isolation.

• The 12-Day War (June 2025) and the NIN Maneuver: On June 13, 2025, coinciding with Israeli airstrikes, Iran cut off the global internet almost completely for 12 days. International traffic dropped below 3%, but banking and government infrastructure remained active on the NIN. This event proved that a decade of investment in the National Information Network had paid off and the state was capable of cutting people off from the world without administrative collapse.
• The Great Blackout of January 2026: On January 8, 2026, in response to widespread protests over the collapse of the Rial (1.4 million Rial to 1 USD), the state implemented the “harshest blackout in history.” Unlike previous times, even internal NIN services and landline networks were cut in cities like Tehran, Isfahan, and Sanandaj. This was aimed at creating an “information black hole” to hide the scale of the crackdown (which resulted in over 2,500 deaths).

7. Adaptive Civil Resistance: Battle in the Hidden Layers

Iranian civil society has turned to new tactics that go beyond circumventing filters and move toward “infrastructural self-sufficiency.”

Starlink: The Satellite Bridge and Electronic Warfare: The number of Starlink terminals in Iran reached over 100,000 by 2026. In response, the state uses two sophisticated techniques:

• GPS Spoofing: Sending fake signals that make the Starlink dish believe it is elsewhere (e.g., the middle of the ocean or Mehrabad Airport). This disrupts the dish’s orientation algorithm and prevents satellite connection.
• Ku-Band Saturation: Using mobile military jammers (mainly Russian systems like Kalinka or Tobol) to create noise on Starlink communication frequencies.
• User Response: Civil activists use “Faraday Cages” (simple metal mesh) and place dishes in pits to block ground-level jamming while receiving only the vertical satellite signal.

Mesh Networks and Offline Messaging: The use of apps like Bitchat, which utilize the Bluetooth Mesh protocol, surged during the 2026 protests. These tools allow messages to hop from one phone to another over short distances, eventually creating a communication chain without the need for internet. Despite security risks like “Man-in-the-Middle” attacks, they have played a key role in neighborhood-level organizing.

8. Devastating Consequences: Economic and Psychological Dimensions

Digital repression is not just a security issue; it targets the economic fabric and mental health of society.

• Destruction of the Digital Economy and Human Capital: Estimates show that every day of internet shutdown causes over $37 million in damage to the Iranian economy. The total losses from the January 2026 blackout exceeded 90 trillion Tomans. E-commerce saw an 80% drop in sales, and over 10 million people whose livelihoods depended on platforms like Instagram faced a severe crisis.
• Brain Drain: Approximately 50% of startup workers and 44% of technical graduates in 2026 intend to leave the country, leading to a “talent drought” in the IT sector.
• The Trauma of “Digital Isolation”: Psychologists have identified the phenomenon of “anticipatory anxiety” among citizens; a constant fear triggered by every dip in internet speed, sparking panic about imminent disconnection from loved ones. The cycle of “absolute isolation” followed by a “news bombardment” once reconnected has led to collective PTSD symptoms and rising depression rates.

9. Future Scenarios (2026–2030)

Based on trend analysis, three main scenarios for the future of cyberspace in Iran are envisioned:

1. Absolute Isolation Model (North Koreanization): The state completes the NIN, cuts global internet for 99% of people, and permits only a domestic intranet (Filternet Plus).
2. Managed Survival Model: The state grants trickle-down privileges to the middle class and merchants to prevent economic collapse while maintaining security control through AI.
3. Structural Failure: The development of new satellite constellations (like Eutelsat or next-gen Starlink) and the advancement of decentralized tools break the state’s monopoly on traffic gateways, leading to a loss of digital control.

10. Policy Recommendations and International Solutions

1. Targeted Sanctions on “Repression Engineers”: The international community must look beyond institutions and place specialized individuals and front companies (like Dowran Group and the Whitelist architects) on human rights sanction lists.
2. Development of Anti-Jamming Protocols: Investment in satellite technologies that are resistant to GPS spoofing and use internal “orbital navigation.”
3. Support for Public Satellite Internet: The EU and UK should utilize constellations like Eutelsat to provide internet to Iran, reducing dependence on a single private operator (like Starlink).
4. Documentation of Digital Crimes: Establishing an international tribunal to investigate the role of surveillance technology providers (like Tiandy and Hikvision) in human rights violations in Iran.

The digital battle in Iran is the new frontier in the history of civil resistance. The future of freedom in this country will be determined not only in the streets but in coding, communication protocols, and the society’s ability to maintain its connection with the free world.