When the Follow-Up Compounds the Problem

Inadequate journalism often leads to worse journalism. A case in point is Wired.com’s follow-up on a dubious Wall Street Journal story about alleged “deep packet inspection” (DPI) — an invasive digital surveillance method — on Iran’s mobile-Internet users.

Here’s how the Wired Threat Level blog posting, “Deep-Packet Inspection in U.S. Scrutinized Following Iran Surveillance,” begins:

Following a report last week that Iran is spying on domestic internet users with western-supplied technology, advocacy groups are pressuring federal lawmakers to scrutinize the use of the same technology in the U.S.

The Open Internet Coalition sent a letter to all members of the House and Senate urging them to launch hearings aimed at examining and possibly regulating the so-called deep-packet inspection technology.

Two senators also announced plans to introduce a bill that would bar foreign companies that sell IT technology to Iran from obtaining U.S. government contracts, legislation that is clearly aimed at the two European companies that reportedly sold the equipment to Iran.

The Wall Street Journal reported last week that Nokia Siemens Networks, a joint venture between Germany’s Siemens and Finland’s Nokia, recently gave Iran deep-packet inspection equipment that would allow the government to spy on internet users.

According to the Journal, Iranian officials have used deep-packet surveillance to snoop on the content of e-mail, VoIP calls and other online communication as well as track users’ other online activity, such as uploading videos to YouTube. Iranian officials are said to be using it to monitor activists engaged in protests over the country’s recent disputed presidential election, though the Journal said it couldn’t confirm whether Iran was using the Nokia Siemens Networks equipment for this purpose or equipment from another maker.

Nokia Siemens has denied that it provided Iran with such technology.

But similar technology is being installed at ISPs in the U.S.

The piece goes on at some length to discuss the reasonable concern about the threat posed by deep-packet inspection by ISPs, acting on their own initiative or for government-mandated surveillance.

But wait. The Journal’s weasel-worded original story itself (buried far down in the piece) acknowledges that the DPI may not be happening at all, at least not in the way the story strongly suggests or by the company it implicates. Read David Isenberg’s detailed explanations (here, here) to understand why the Journal story is so problematic.

Consider the sequence in the Wired follow-up:

1. Cite the Journal story and describe its contents with no hint that credible outside observers, such as Isenberg (a friend of mine), have major questions about its accuracy.

2. Add a sentence saying that the company accused of providing the gear to the Iran dictators flatly denies the report. (Don’t bother to mention that the only named source in the original Journal piece loudly denounced it on his own blog.)

3. Then pivot: Talk about US companies that are installing DPI equipment at ISPs, as if this proves the original point.

If Wired wanted to write about American ISPs using DPI — a topic that deserves wide attention — it shouldn’t peg the story to a Journal report that is so open to question, at least not without noting that people who understand the technology have raised serious questions about it.

Iran’s dictators are a murderous bunch; I have no doubt about that. Nor is there doubt that western telecom companies are selling dictators surveillance tools; they’ve been doing it for years — and in my view they are morally culpable in the misuse of those technologies. In the matter at hand, we don’t know for sure what’s going on.

For what it’s worth, I consider Wired’s Threat Level to be a normally credible and well-reported blog. But journalists should try harder to be careful on matters like this. Sloppiness in these circumstances can undermine our trust in everything else they report.