Slack Banning Random Iranian Ex-Pats Shows Why Making Tech Companies Police The Internet Is Crazy Stupid
from the this-is-a-bad-idea dept
On Thursday morning, I started seeing a bunch of tweets pop up in my feed from people of Iranian backgrounds, who no longer lived in Iran, who were having their entire Slack groups shut down, with the company blaming US laws regarding sanctions on Iran.
Slack closed my account today!
I?m a PhD student in Canada with no teammates from Iran!
Is Slack shutting down accounts of those ethnically associated with Iran?!
And what?s their source of info on my ethnicity?#slack #UsSanctions pic.twitter.com/mY8Ltczq8v
— Amir (@a_h_a) December 19, 2018
So @SlackHQ decided to send me this email. No way to appeal this decision. No way to prove that I'm not living in Iran and not working with Iranians on slack. Nope. Just hello we're banning your account. pic.twitter.com/giqYQcMJYz
— Amir Omidi (@aaomidi) December 20, 2018
Yesterday, @SlackHQ sent me an email. My accounts on various Slack teams had been immediately deactivated, with no prior warning. The reason? I've visited family in Iran and used Slack when there. Only my work's paid-for Enterprise account works still. pic.twitter.com/0GFO3E0oqW
— Sareh (@Sareh88) December 20, 2018
Dear #Slack, instead of kicking out Iranians from your platform you could follow other disgusting solutions like what #Oracle and #Google do; return an error for every request with an Iranian IP. I'm NOT even in Iran!!!
This is literally #Racism pic.twitter.com/sbfjKDd9Jv— Reza Bigdeli (@rezabigdeli6) December 20, 2018
@SlackHQ closed my account linked to my @TU_Muenchen email with workspaces related to university and research in Germany! This is both sad and stupid…#slack pic.twitter.com/DlUoKmjM7U
— Mahdi Saleh (@mahdi_slh) December 19, 2018
Hey @SlackHQ – my account was just deactivated "in order to comply with economic sanctions, etc"…is this because I took a HOLIDAY to Iran?!
— James Lambie (@jimlambie) December 20, 2018
There are a lot more reports like this, but that was just the first batch I found with a quick search. Slack’s explanation to the press seems… lacking:
?We updated our system for applying geolocation information, which relies on IP addresses, and that led to the deactivations for accounts tied to embargoed countries,? the representative said. ?We only utilize IP addresses to take these actions. We do not possess information about nationality or the ethnicity of our users. If users think we?ve made a mistake in blocking their access, please reach out to feedback@slack.com and we?ll review as soon as possible.?
All of the blocked people talking about it on Twitter note that they don’t live in any sanctioned country — though many admit to having visited those countries in the past (often years ago) and probably checking in on Slack while they were there. That… is not how the sanctions system is supposed to work. In another press statement Slack tries to pin the blame on the US government:
?Slack complies with the U.S. regulations related to embargoed countries and regions. As such, we prohibit unauthorized Slack use in Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine. For more information, please see the US Department of Commerce Sanctioned Destinations , The U.S. Department of Treasury website, and the Bureau of Industry and Security website.?
But that’s bullshit. The sanctions rules don’t say you have to cut off completely anyone who ever connected from a sanctioned country. The Verge (linked above) spoke to an Oxford researcher with knowledge in this area:
?They are either incompetent at OFAC interpretation or racist,? said Oxford researcher Mahsa Alimardani, who specializes in communication tools in Iran.
[….]
?Detecting an Iranian IP address on a paid account (which is presumed to be for business) login as a violation of sanctions is a wrong interpretation of these regulations,? Alimardani says. ?At best it?s over-regulation to prevent any sort of misunderstanding or possible future hassle with OFAC.?
Of course, as former Facebook Chief Security Officer Alex Stamos notes in his own tweet on this topic, this is exactly what happens when you have vague rules with strong punishment, and expect internet platforms to magically police the web:
This is a warning of what you get with regulation that:
1) Puts enforcement responsibility on a tech platform
2) Without real guidelines/safe harbor of how to interpret
3) Over-penalizes false positives
4) Has no appeals process in the actual legal systemGet ready for more! https://t.co/vBUar6Nnap
— Alex Stamos (@alexstamos) December 20, 2018
And of course, we’re seeing more and more and more of that. FOSTA does that in the US. The GDPR is doing that around the globe. The EU Copyright Directive will do that. The EU Terrorist Content Regulation will do it. And a bunch of other regulations targeting the internet as well. That’s why some of us keep warning that these laws are going to lead to widespread censorship and suppression of free speech. Because that’s how it always works out. If you threaten internet platforms with huge penalties for failing to block content, but leave the details pretty vague, they’re going to make decisions like that and simply kick people off their services entirely, rather than face liability. It’s a recipe for disaster — and one that seems to be favored by tons of clueless regulators, politicians, and plenty of people who just don’t realize how much harm they will cause.
Filed Under: iran, iranians, ofac, sanctions, technology
Companies: slack
Comments on “Slack Banning Random Iranian Ex-Pats Shows Why Making Tech Companies Police The Internet Is Crazy Stupid”
Ever watch House?
Something bad happens to someone.
The usual suspects immediately say it must be lupus.
More (and more clear) data becomes available, and it turns out it wasn’t lupus afterall.
It’s essentially never actually lupus.
Racism in America is a lot like lupus on House.
Re: Ever watch House?
Its not the place to have a larger debate on questions about systemic racism in various places. But, suffice to say I disagree with your over all conclusion. I do think it would be accurate to say that, like claims of political bias in search, claims of racism in tech tend to be overblown reactions to not understanding how the tech works, and confusing correlation and causation.
Re: Re: Ever watch House?
Claims of racism in tech are not overblown, unless you can point to specific examples of it and not pull things out of anus to dismiss valid critiques.
Stupid but reasonable.
Re: Stupid yes, but racist?
Damnit I said delete submit…
Anyway – The article does outline that the people had visits or at least n IP trail related to Iran. In the face of massive fines should they do nothing and engage in an expensive court case if someone decides they didn’t do enough?
I don’t think this was racially motivated. But in the end, Slack is being called upon to uphold this silly law. And if they don’t do it “correctly” their are liable. Even if they make an honest mistake, the government could come down on them like a ton of bricks.
Are you for sanctions on Iran?
I’m not. Iran has done nothing except that US / UK / and especially Israel selected it as an enemy. No threat to us.
Now YOU state whether are for sanctions on Iran, and WHY.
Without stating that position, this is JUST your vehicle to attack any regulation of internet corporations that you’re always against.
This is a characteristic Masnick tactic: he doesn’t care beans whether the people of Iran suffer for no reason. He just sleazily positions himself as for freedoms and against much larger evil only to argue for no regulations and bring more surveillance capitalism down on us.
Re: Are you for sanctions on Iran?
Not only is this irrelevant to the issue at hand, it’s a self-fueling ad hom attack (ad hom-nom-nominem, as I prefer to call it) that goes nowhere and doesn’t even attack anything. Even by your standards, this is grabbing at strings.
Re: Are you for sanctions on Iran?
So apparently in troll-land, running a repressive Islamist theocracy that’s attempting to develop nuclear weapons is “doing nothing [wrong]” and “no threat to us.”
This has to be the most insane post yet…
Re: Re: Are you for sanctions on Iran?
To be fair to the troll, America could equally be accused of being a repressive christian theocracy, that actually has nuclear weapons and has been a threat and actual menace to far more countries than any other this century.
Re: Re: Are you for sanctions on Iran?
Historically, it’s the US government that has done repressive things (japanese camps at ww2), meddled with other countries’ internal politics, put up puppy governments, assasinated political leaders, and sold weapons to terrorists while selling crack to its populace.
Yes, I agree that it would be shitty for the US to have more nuclear weapons in the middle east. But that is the “we’re the bigger bully so we’re right” defense. The kind of global death, corruption, and danger the US presents to the world is much more than Iran. What gives the US, a historically much more corrupt and destructive force, the right to tell Iran what to do? Oh, the big guns. We got them first, no we’re infallible, and we don’t want to take the chance on anyone else.
Who was it that almost started ww3 around the Cuba neighborhood? Oh, that’s us. Who said they’ll use nuclear weapons in Ukraine? Oh, that’s Russia. The two nations most dangerous and destructive for this planet, and the ones holding it by its balls.
Re: Are you for sanctions on Iran?
This is solely "Slack" problem, as the last blockquote states. You cannot logically hold that a single corporation being stupid must prevent all regulation. Not even if ALL implement it wrong. Only shows that they are stupid kids and need LOTS MORE regulation.
YOU state that they’ve a totally arbitrary RIGHT to do so:
"And, I think it’s fairly important to state that these platforms have their own First Amendment rights, which allow them to deny service to anyone."
https://www.techdirt.com/articles/20170825/01300738081/nazis-internet-policing-content-free-speech.shtml
You’re NOT against the act in principle, if it’s taken against those you view as political opponents, like Alex Jones or "conservatives" even when well within common law terms: you’re okay if it’s for "hate speech". It’s ONLY when YOUR goals are being thwarted that you object. You are a Masnocrit.
Re: Re: Are you for sanctions on Iran?
Your ramblings aren’t even internally consistent.
Re: Re: Are you for sanctions on Iran?
Nom, you lie. But thanks for contributing to the TD Corporation! Your copyrighted rant is now licenses to TD via fair use. Forever!
Take that We People!
Re: Re: Are you for sanctions on Iran?
YOU state that they’ve a totally arbitrary RIGHT to do so:
We’ve explained this to you many times in the past, so I’m not sure why you continue to demonstrate your failure to comprehend basic points by repeating such nonsense.
I’m not sure if you’re really this dumb or it’s just your favorite trolling technique, but it is entirely possible to be consistent by arguing that while someone has a right to do something, they should not be doing it.
You would have a point if I argued that Slack should be legally barred from removing these people from their platform, which I am not saying at all.
The real question, which you’ll never answer honestly, do YOU think Slack should be legally barred from removing anyone from their platform ever?
Re: Re: Re: Are you for sanctions on Iran?
I wouldn’t call their actions “stupid”, nor their take on the law a “misreading”.
When dealing with touchy sectors of a government, ALWAYS err on the side of caution when “interpreting” a law.
Re: Are you for sanctions on Iran?
I made no statement one way or the other on the properness of Iranian sanctions. That’s got nothing to do with the story. At all.
Re: Are you for sanctions on Iran?
Your president demanded sanctions on Iran. You know, the one you love to spam about in that Devin Nunes thread.
Sucks when your idol doesn’t play the way you want him to, don’t it?
Re: Re: Are you for sanctions on Iran?
I would bet real money that you actually thought that that was a clever gotcha.
Re: Re: Re: Are you for sanctions on Iran?
You’d lose that bet.
Being smarter than blue boy isn’t hard. By any stretch of the imagination.
What he should do in the future, when travelling to Iran, to avoid any problems with that, is to set up a proxy or VPN on his home broadband, and use that, so that websites will not know he is coming from Iran.
Obfuscating your location does not break any laws in Canada, or the United States.
If he had done this, it would have appeared to Slack that he was coming from his home computer, and not from Iran.
While he might have run into some problems with the Iranian auhorities for using a VPN, he would not have been breaking any laws in either the USA or Canada, by setting up a VPN on his home broadband to hide the fact that he was in Iran.
It is no different than when I take road trips to Mexico, and use the VPN set up on my home broadband to bypass geo blocking to access US-only radio station streams, or to get the US Netflix library, while I am down there.
To this sites, it merely appears that I am on my home computer, and I can listen to iHeart, or SiriusXM, while I am driving in Mexico.
And when I do this, I am not breaking in laws in either Mexico, or the United States when I do this.
Re: Re:
One could argue that you are bypassing a technical restriction (geolocation blocking) to access copyrighted data, and therefore breaking the DMCA. It’s as stupid as the restrictions on decrypting DVDs, but they prosecute that all the time. It’s all part of piling on the charges to scare one into a plea bargain. They won’t come after for using a VPN to access netflix by itself, but if they wanted you for something else, you can bet your ass they’ll add that to the list of charges.
Re: Re: Re:
In order for it to be a felony, it has to be for some kind of financial gain, which I am certainly not doing here.
Using my the VPN on my home network to access us only content when traveling abroad is being done for financial gain, so no felony is being committed.
Another thing I used to do.when cars had cassette players, and when tracks were only sold with DRM was to plug a tape recorder into my computer and record onto cassettes to play in my car. This was not a felony because it was for personal use and not for making money
That is why Congress limited it to being for financial gain, which bypassing geonlocks is most certainly not.
Re: Re: Re:
“They won’t come after for using a VPN to access netflix by itself, but if they wanted you for something else, you can bet your ass they’ll add that to the list of charges.”
At least you don’t bring up the CFAA. Acessing US-only content, when I am in Mexico, does not violate the CFAA becuase I did not use any illegally obtained passwords.
And second, when I am in Mexico, I only have to obey Mexican laws, while I am down there. And since using a VPN to access US-only content does not break Mexican law, that is all that counts.
US law does apply to me when I am in Mexico. When I am in Mexico, I only recognize Mexican laws, when I am down there.
Re: Re: Re:
This is where using my own private VPN on my home network is far better than using a commercial VPN service
Since I am logging into my network at home, there is no possible way for Netflix, Pandora, SiriusXM, Hulu, iHeart, etc, etc, to know that I am logging in from a abroad using my home computer as a proxy server, since my IP address is obviously not going to show up on VPN or proxy lists. To these services, it appear to them like I am logging on from home, and they will never be the wise
And CFAA does not apply here, since the CFAA does not make it illegal to log into my home broadband, which I am paying for, and my own computer server which I own. Since I am logging on my home network, it cannot be considered unauthorized access, since I not using any illegally obtained passwords/
Neither does the DMCA, firstly because I am not doing it for any kind of commercial or financial gain, so felony charges do not apply. The felony provision only apply if you are doing it for commercial or financial gain, and logging to my home network from abroad to log into US-only websites, while I am abroad does not meet the requirements for “commercial or private financial gain”l
Re: Re: Re:
In order for it to be a felony, circumventing a technological measure has to part of some kind of business
Because of the “commercial or private financial gain” requirement, you have to be doing that as part of some kind of business with the intent of making money.
For your own personal use, it is not a criminal offense. It does not become a felony until you do it for the purpose of making money.
Re: Re: Re: Re:
Until they add the argument that you could have gotten access to said services or equivalent to such by paying for a Mexican equivalent.
Therefore, you enriched yourself by using the VPN, ie not paying.
The head spinning logic starts with you did not pay additional which leads to more money left in your account which equals unjust enrichment which equals personal gain which equals a legally shaky legal claim against you which you have to defend against.
Re: Re: Re:2 Re:
This is where having my own private VPN on my home network has its perks
There is no way that Netflix, or anyone else, would know what I was up to. It appear that I was on my home computer and they would have no clue that I was logging in from abroad.
Re: Re: Re:3 Re:
Another advantage of having my own private VPN is to avoid filters in hotels that block streaming sites
Some hotels do block streaming.
One hotel in San Diego did that when I was there 3 years ago. Logging in to my home VPN to bypass their filters a d watch YouTube or Netflix did not break any laws either in California or any federal laws. Bypassing web filters on the wifi at hotel you are staying at does not break any laws I. Canada, Mexico, or the United states or any state laws.
If you travel a lot, you should consider upgrading your home broadband to something that allows servers, and then set up your own private VPN. This is because while commercial VPN providers are blocked, others are not. This is because blocking all VPN usage could cause problems for business travelers staying there.
Re: Re: Re:2 Re:
However, when I am in Mexico, I only have to obey Mexican laws when I am down there. Since I am on Mexican soil when I am circumventing geoblocking, US laws do not apply to what I do, even if I do login to my home network to bypass region locks. When you go to a foreign country, you are subject to THEIR laws, not United States laws.
Also, before coming back into the USA, always encrypt my phone, and then do a reset on it. Once a reset is done, the decryption key is lost for encrypted data, so even if they image my phone at the border, there will be no way for them to be able to decipher the encrypted data, so there is no way they would ever be able to figure out that I was, say, bypassing geolocks to listen to iHeart, or SirusXM while driving on the highways in Mexico.
I just make sure not to bring that SIM card back into the United States. I just flush it down the toilet somewhere before coming back to the USA, getting rid of the incriminating SIM card.
Doing all of this also destroys any evidence that you unlocked your phone to use on a foreign carrier to avoid expensive roaming charges.
And this is good to know, just in case the US decides the lift the ban on travel to North Korea, as the DPRK requires you to use their SIM cards while in the country. Before returning to the United States, you just simply wipe your phone and reset, and then leave North Korea off the list countries recently visited when filling out your Customs form when you re-enter the United States, only putting down China (the country most travellers to the DPRK goes through), and neither your cell phone provider, or CBP, will ever be wiser of what you were up to.
Re: Re: Re:2 Re:
The “commerical or private financial gain” requirement means that I would have be selling a circumvention tool to be making money.
This is why a lot VPN services do not keep logs, and are very careful in their adverts about using it to circumvent region blocks. While myself, as a user, cannot be prosecuted, the providers can, if they specifically market their sites for that.
Another example was back when cars had cassette players and music tracks were only sold with DRM. When I plugged my tape recorder into my computer, and recorded tracks onto cassettes for my personal use, in my car, that was not a felony offense, because I was doing it for my own personal use, and not selling any those tracks. Becuase I did not sell any of those tracks that were freed from their DRM, I was not breaking the law.
There was one article elsewhere wondering why makers of ad blocking just don’t block the anti-adblock scripts on sites.
For the users to bypass anti-adblock scripts is not a felony because they are not doing with the intent to make money, but the makers of the ad blocking software can be prosecuted, but their products are made for the purpose of making money for them.
In short, you have to be circumventing technological measures for the purposes of selling such circumvention for a profit. As long as you are not selling it to make money, you are not committing a felony
If anyone thinks Slack wanted to piss off a bunch of customers, that’s not the case. This is clearly driven by government (right or wrong). I would also guess that if the government would allow Slack to have an appeals process, they would.
Re: Re:
Slack is clearly suck at implementing some method of compliance, even over-compliance. They couldn’t even put an appeal link in the banmail. Had to wait for a comment to the press for that.
“They are either incompetent at OFAC interpretation or racist.”
Why can’t it be both?