While there are intrinsic risks associated with doing business in Iran, the Computer Crimes Law (“CCL”) of 2009 put up another obstacle that foreign companies already working in Iran or looking to enter this market must overcome. Instead of being assured by Iran’s passing a law that was ostensibly created to address intellectual property thefts and rights, companies are advised to closely inspect the exact nature and implementation of this law as it served to establish an elaborate surveillance system used primarily as a means of dealing with political opponents.
The key to navigating the Iranian cyber law is understanding the context in which it was created. The timing of the legislation signals that the CCL was a direct response to the protests that followed the elections of 2009. Characterized by many international organizations as fraudulent, the elections sparked a series of large-scale protests. Although the opposition “Green Movement” was eventually shutdown, no riots in the history of Iran had been so organized and well documented online. Realizing the scale of the threat, the Iranian government passed the CCL in order to prevent an encore of 2009 – and not to protect intellectual property and rights.
There are three cyber law issues in particular of which foreign companies in Iran should be wary: the number of governing bodies entrusted with supervising space activities; ambiguities in the language employed in the CCL; and privacy issues. The CCL provided for the establishment of a number of new bodies, including the Working Group to Determine Instances of Criminal Content on the Internet (“the Working Group”), the Iranian Cyber Police (“FATA”), and others. These governing bodies are entrusted with supervising space activities, investigating complaints from the public and determining sites with “criminal” content. Given the large number of bodies dealing with cyber law and the lack of clear delineation between their responsibilities, it is hard for a foreign company to know exactly to whom to go.
Much like the rest of the Iranian legislation, including its Constitution, Penal Code, and other documents, the CCL contains no definitions of key terms used throughout the text, such as “access,” “interception,” and “confidential data.” These ambiguities are not accidental. The meaning of the terms is left up to the aforementioned bodies to decide on a case-by-case basis. In order to avoid getting trapped in these ambiguities, foreign companies must seek expert help.
In spite of the extensive control apparatus, the new legislation has failed to address issues such as the aforementioned intellectual property theft for which it had been allegedly created in the first place. In fact, this government policy is characterized by a complete lack of concern for privacy protection, as evident, for instance, in the government policy on cybercafés. Their users are now required to provide their name, address, and even national identification number when logging on. The cafes, on the other hand, are obligated to install security cameras and keep a log of each user’s browsing history. This data must be kept on file for six months and provided to FATA on demand. Given this huge privacy breach, foreign companies must know how to minimize the risk of their classified information being jeopardized by the government.
In short, though current governing legislation does exist with respect to cyber law, its interpretation, implications, and subsequent enforcement can (and should) be viewed as a potential risk and significant source of concern. In order to assist foreign companies wishing to capitalize on the undeniably expansive market opportunities in Iran, while also safeguarding against the real danger of risking the integrity of their Intellectual Property, it is crucial to work with seasoned experts. Having successfully operated within Iran for nearly a decade, Brasidas Group is intimately familiar with the local business and political environment, and can assist in minimizing your risks and successfully navigating in this unique market.