Slack Banning Random Iranian Ex-Pats Shows Why Making Tech Companies Police The Internet Is Crazy Stupid
from the this-is-a-bad-idea dept
On Thursday morning, I started seeing a bunch of tweets pop up in my feed from people of Iranian backgrounds, who no longer lived in Iran, who were having their entire Slack groups shut down, with the company blaming US laws regarding sanctions on Iran.
Slack closed my account today!
I’m a PhD student in Canada with no teammates from Iran!
Is Slack shutting down accounts of those ethnically associated with Iran?!
And what’s their source of info on my ethnicity?#slack #UsSanctions pic.twitter.com/mY8Ltczq8v
— Amir (@a_h_a) December 19, 2018
So @SlackHQ decided to send me this email. No way to appeal this decision. No way to prove that I'm not living in Iran and not working with Iranians on slack. Nope. Just hello we're banning your account. pic.twitter.com/giqYQcMJYz
— Amir Omidi (@aaomidi) December 20, 2018
Yesterday, @SlackHQ sent me an email. My accounts on various Slack teams had been immediately deactivated, with no prior warning. The reason? I've visited family in Iran and used Slack when there. Only my work's paid-for Enterprise account works still. pic.twitter.com/0GFO3E0oqW
— Sareh (@Sareh88) December 20, 2018
Dear #Slack, instead of kicking out Iranians from your platform you could follow other disgusting solutions like what #Oracle and #Google do; return an error for every request with an Iranian IP. I'm NOT even in Iran!!!
This is literally #Racism pic.twitter.com/sbfjKDd9Jv— Reza Bigdeli (@rezabigdeli6) December 20, 2018
@SlackHQ closed my account linked to my @TU_Muenchen email with workspaces related to university and research in Germany! This is both sad and stupid...#slack pic.twitter.com/DlUoKmjM7U
— Mahdi Saleh (@mahdi_slh) December 19, 2018
Hey @SlackHQ - my account was just deactivated "in order to comply with economic sanctions, etc"...is this because I took a HOLIDAY to Iran?!
— James Lambie (@jimlambie) December 20, 2018
There are a lot more reports like this, but that was just the first batch I found with a quick search. Slack's explanation to the press seems... lacking:
“We updated our system for applying geolocation information, which relies on IP addresses, and that led to the deactivations for accounts tied to embargoed countries,” the representative said. “We only utilize IP addresses to take these actions. We do not possess information about nationality or the ethnicity of our users. If users think we’ve made a mistake in blocking their access, please reach out to feedback@slack.com and we’ll review as soon as possible.”
All of the blocked people talking about it on Twitter note that they don't live in any sanctioned country -- though many admit to having visited those countries in the past (often years ago) and probably checking in on Slack while they were there. That... is not how the sanctions system is supposed to work. In another press statement Slack tries to pin the blame on the US government:
“Slack complies with the U.S. regulations related to embargoed countries and regions. As such, we prohibit unauthorized Slack use in Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine. For more information, please see the US Department of Commerce Sanctioned Destinations , The U.S. Department of Treasury website, and the Bureau of Industry and Security website.”
But that's bullshit. The sanctions rules don't say you have to cut off completely anyone who ever connected from a sanctioned country. The Verge (linked above) spoke to an Oxford researcher with knowledge in this area:
“They are either incompetent at OFAC interpretation or racist,” said Oxford researcher Mahsa Alimardani, who specializes in communication tools in Iran.
[....]
“Detecting an Iranian IP address on a paid account (which is presumed to be for business) login as a violation of sanctions is a wrong interpretation of these regulations,” Alimardani says. “At best it’s over-regulation to prevent any sort of misunderstanding or possible future hassle with OFAC.”
Of course, as former Facebook Chief Security Officer Alex Stamos notes in his own tweet on this topic, this is exactly what happens when you have vague rules with strong punishment, and expect internet platforms to magically police the web:
This is a warning of what you get with regulation that:
1) Puts enforcement responsibility on a tech platform
2) Without real guidelines/safe harbor of how to interpret
3) Over-penalizes false positives
4) Has no appeals process in the actual legal systemGet ready for more! https://t.co/vBUar6Nnap
— Alex Stamos (@alexstamos) December 20, 2018
And of course, we're seeing more and more and more of that. FOSTA does that in the US. The GDPR is doing that around the globe. The EU Copyright Directive will do that. The EU Terrorist Content Regulation will do it. And a bunch of other regulations targeting the internet as well. That's why some of us keep warning that these laws are going to lead to widespread censorship and suppression of free speech. Because that's how it always works out. If you threaten internet platforms with huge penalties for failing to block content, but leave the details pretty vague, they're going to make decisions like that and simply kick people off their services entirely, rather than face liability. It's a recipe for disaster -- and one that seems to be favored by tons of clueless regulators, politicians, and plenty of people who just don't realize how much harm they will cause.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: iran, iranians, ofac, sanctions, technology
Companies: slack
Reader Comments
Subscribe: RSS
View by: Time | Thread
Ever watch House?
The usual suspects immediately say it must be lupus.
More (and more clear) data becomes available, and it turns out it wasn't lupus afterall.
It's essentially never actually lupus.
Racism in America is a lot like lupus on House.
[ link to this | view in chronology ]
Re: Ever watch House?
[ link to this | view in chronology ]
Re: Re: Ever watch House?
[ link to this | view in chronology ]
Stupid but reasonable.
[ link to this | view in chronology ]
Re: Stupid yes, but racist?
Anyway - The article does outline that the people had visits or at least n IP trail related to Iran. In the face of massive fines should they do nothing and engage in an expensive court case if someone decides they didn't do enough?
I don't think this was racially motivated. But in the end, Slack is being called upon to uphold this silly law. And if they don't do it "correctly" their are liable. Even if they make an honest mistake, the government could come down on them like a ton of bricks.
[ link to this | view in chronology ]
Are you for sanctions on Iran?
I'm not. Iran has done nothing except that US / UK / and especially Israel selected it as an enemy. No threat to us.
Now YOU state whether are for sanctions on Iran, and WHY.
Without stating that position, this is JUST your vehicle to attack any regulation of internet corporations that you're always against.
This is a characteristic Masnick tactic: he doesn't care beans whether the people of Iran suffer for no reason. He just sleazily positions himself as for freedoms and against much larger evil only to argue for no regulations and bring more surveillance capitalism down on us.
[ link to this | view in chronology ]
Re: Are you for sanctions on Iran?
[ link to this | view in chronology ]
Re: Are you for sanctions on Iran?
This has to be the most insane post yet...
[ link to this | view in chronology ]
Re: Re: Are you for sanctions on Iran?
[ link to this | view in chronology ]
Re: Re: Are you for sanctions on Iran?
Yes, I agree that it would be shitty for the US to have more nuclear weapons in the middle east. But that is the "we're the bigger bully so we're right" defense. The kind of global death, corruption, and danger the US presents to the world is much more than Iran. What gives the US, a historically much more corrupt and destructive force, the right to tell Iran what to do? Oh, the big guns. We got them first, no we're infallible, and we don't want to take the chance on anyone else.
Who was it that almost started ww3 around the Cuba neighborhood? Oh, that's us. Who said they'll use nuclear weapons in Ukraine? Oh, that's Russia. The two nations most dangerous and destructive for this planet, and the ones holding it by its balls.
[ link to this | view in chronology ]
Re: Are you for sanctions on Iran?
This is solely "Slack" problem, as the last blockquote states. You cannot logically hold that a single corporation being stupid must prevent all regulation. Not even if ALL implement it wrong. Only shows that they are stupid kids and need LOTS MORE regulation.
YOU state that they've a totally arbitrary RIGHT to do so:
"And, I think it's fairly important to state that these platforms have their own First Amendment rights, which allow them to deny service to anyone."
https://www.techdirt.com/articles/20170825/01300738081/nazis-internet-policing-content -free-speech.shtml
You're NOT against the act in principle, if it's taken against those you view as political opponents, like Alex Jones or "conservatives" even when well within common law terms: you're okay if it's for "hate speech". It's ONLY when YOUR goals are being thwarted that you object. You are a Masnocrit.
[ link to this | view in chronology ]
Re: Re: Are you for sanctions on Iran?
[ link to this | view in chronology ]
Re: Re: Are you for sanctions on Iran?
Take that We People!
[ link to this | view in chronology ]
Re: Re: Are you for sanctions on Iran?
YOU state that they've a totally arbitrary RIGHT to do so:
We've explained this to you many times in the past, so I'm not sure why you continue to demonstrate your failure to comprehend basic points by repeating such nonsense.
I'm not sure if you're really this dumb or it's just your favorite trolling technique, but it is entirely possible to be consistent by arguing that while someone has a right to do something, they should not be doing it.
You would have a point if I argued that Slack should be legally barred from removing these people from their platform, which I am not saying at all.
The real question, which you'll never answer honestly, do YOU think Slack should be legally barred from removing anyone from their platform ever?
[ link to this | view in chronology ]
Re: Re: Re: Are you for sanctions on Iran?
When dealing with touchy sectors of a government, ALWAYS err on the side of caution when "interpreting" a law.
[ link to this | view in chronology ]
Re: Are you for sanctions on Iran?
[ link to this | view in chronology ]
Re: Are you for sanctions on Iran?
Sucks when your idol doesn't play the way you want him to, don't it?
[ link to this | view in chronology ]
Re: Re: Are you for sanctions on Iran?
[ link to this | view in chronology ]
Re: Re: Re: Are you for sanctions on Iran?
Being smarter than blue boy isn't hard. By any stretch of the imagination.
[ link to this | view in chronology ]
Obfuscating your location does not break any laws in Canada, or the United States.
If he had done this, it would have appeared to Slack that he was coming from his home computer, and not from Iran.
While he might have run into some problems with the Iranian auhorities for using a VPN, he would not have been breaking any laws in either the USA or Canada, by setting up a VPN on his home broadband to hide the fact that he was in Iran.
It is no different than when I take road trips to Mexico, and use the VPN set up on my home broadband to bypass geo blocking to access US-only radio station streams, or to get the US Netflix library, while I am down there.
To this sites, it merely appears that I am on my home computer, and I can listen to iHeart, or SiriusXM, while I am driving in Mexico.
And when I do this, I am not breaking in laws in either Mexico, or the United States when I do this.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Using my the VPN on my home network to access us only content when traveling abroad is being done for financial gain, so no felony is being committed.
Another thing I used to do.when cars had cassette players, and when tracks were only sold with DRM was to plug a tape recorder into my computer and record onto cassettes to play in my car. This was not a felony because it was for personal use and not for making money
That is why Congress limited it to being for financial gain, which bypassing geonlocks is most certainly not.
[ link to this | view in chronology ]
Re: Re:
At least you don't bring up the CFAA. Acessing US-only content, when I am in Mexico, does not violate the CFAA becuase I did not use any illegally obtained passwords.
And second, when I am in Mexico, I only have to obey Mexican laws, while I am down there. And since using a VPN to access US-only content does not break Mexican law, that is all that counts.
US law does apply to me when I am in Mexico. When I am in Mexico, I only recognize Mexican laws, when I am down there.
[ link to this | view in chronology ]
Re: Re:
Since I am logging into my network at home, there is no possible way for Netflix, Pandora, SiriusXM, Hulu, iHeart, etc, etc, to know that I am logging in from a abroad using my home computer as a proxy server, since my IP address is obviously not going to show up on VPN or proxy lists. To these services, it appear to them like I am logging on from home, and they will never be the wise
And CFAA does not apply here, since the CFAA does not make it illegal to log into my home broadband, which I am paying for, and my own computer server which I own. Since I am logging on my home network, it cannot be considered unauthorized access, since I not using any illegally obtained passwords/
Neither does the DMCA, firstly because I am not doing it for any kind of commercial or financial gain, so felony charges do not apply. The felony provision only apply if you are doing it for commercial or financial gain, and logging to my home network from abroad to log into US-only websites, while I am abroad does not meet the requirements for "commercial or private financial gain"l
[ link to this | view in chronology ]
Re: Re:
Because of the "commercial or private financial gain" requirement, you have to be doing that as part of some kind of business with the intent of making money.
For your own personal use, it is not a criminal offense. It does not become a felony until you do it for the purpose of making money.
[ link to this | view in chronology ]
Re: Re: Re:
Therefore, you enriched yourself by using the VPN, ie not paying.
The head spinning logic starts with you did not pay additional which leads to more money left in your account which equals unjust enrichment which equals personal gain which equals a legally shaky legal claim against you which you have to defend against.
[ link to this | view in chronology ]
Re: Re: Re: Re:
There is no way that Netflix, or anyone else, would know what I was up to. It appear that I was on my home computer and they would have no clue that I was logging in from abroad.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Some hotels do block streaming.
One hotel in San Diego did that when I was there 3 years ago. Logging in to my home VPN to bypass their filters a d watch YouTube or Netflix did not break any laws either in California or any federal laws. Bypassing web filters on the wifi at hotel you are staying at does not break any laws I. Canada, Mexico, or the United states or any state laws.
If you travel a lot, you should consider upgrading your home broadband to something that allows servers, and then set up your own private VPN. This is because while commercial VPN providers are blocked, others are not. This is because blocking all VPN usage could cause problems for business travelers staying there.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Also, before coming back into the USA, always encrypt my phone, and then do a reset on it. Once a reset is done, the decryption key is lost for encrypted data, so even if they image my phone at the border, there will be no way for them to be able to decipher the encrypted data, so there is no way they would ever be able to figure out that I was, say, bypassing geolocks to listen to iHeart, or SirusXM while driving on the highways in Mexico.
I just make sure not to bring that SIM card back into the United States. I just flush it down the toilet somewhere before coming back to the USA, getting rid of the incriminating SIM card.
Doing all of this also destroys any evidence that you unlocked your phone to use on a foreign carrier to avoid expensive roaming charges.
And this is good to know, just in case the US decides the lift the ban on travel to North Korea, as the DPRK requires you to use their SIM cards while in the country. Before returning to the United States, you just simply wipe your phone and reset, and then leave North Korea off the list countries recently visited when filling out your Customs form when you re-enter the United States, only putting down China (the country most travellers to the DPRK goes through), and neither your cell phone provider, or CBP, will ever be wiser of what you were up to.
[ link to this | view in chronology ]
Re: Re: Re: Re:
This is why a lot VPN services do not keep logs, and are very careful in their adverts about using it to circumvent region blocks. While myself, as a user, cannot be prosecuted, the providers can, if they specifically market their sites for that.
Another example was back when cars had cassette players and music tracks were only sold with DRM. When I plugged my tape recorder into my computer, and recorded tracks onto cassettes for my personal use, in my car, that was not a felony offense, because I was doing it for my own personal use, and not selling any those tracks. Becuase I did not sell any of those tracks that were freed from their DRM, I was not breaking the law.
There was one article elsewhere wondering why makers of ad blocking just don't block the anti-adblock scripts on sites.
For the users to bypass anti-adblock scripts is not a felony because they are not doing with the intent to make money, but the makers of the ad blocking software can be prosecuted, but their products are made for the purpose of making money for them.
In short, you have to be circumventing technological measures for the purposes of selling such circumvention for a profit. As long as you are not selling it to make money, you are not committing a felony
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Why can't it be both?
[ link to this | view in chronology ]