Slack Banning Random Iranian Ex-Pats Shows Why Making Tech Companies Police The Internet Is Crazy Stupid

from the this-is-a-bad-idea dept

On Thursday morning, I started seeing a bunch of tweets pop up in my feed from people of Iranian backgrounds, who no longer lived in Iran, who were having their entire Slack groups shut down, with the company blaming US laws regarding sanctions on Iran.

There are a lot more reports like this, but that was just the first batch I found with a quick search. Slack’s explanation to the press seems… lacking:

?We updated our system for applying geolocation information, which relies on IP addresses, and that led to the deactivations for accounts tied to embargoed countries,? the representative said. ?We only utilize IP addresses to take these actions. We do not possess information about nationality or the ethnicity of our users. If users think we?ve made a mistake in blocking their access, please reach out to and we?ll review as soon as possible.?

All of the blocked people talking about it on Twitter note that they don’t live in any sanctioned country — though many admit to having visited those countries in the past (often years ago) and probably checking in on Slack while they were there. That… is not how the sanctions system is supposed to work. In another press statement Slack tries to pin the blame on the US government:

?Slack complies with the U.S. regulations related to embargoed countries and regions. As such, we prohibit unauthorized Slack use in Cuba, Iran, North Korea, Syria and the Crimea region of Ukraine. For more information, please see the US Department of Commerce Sanctioned Destinations , The U.S. Department of Treasury website, and the Bureau of Industry and Security website.?

But that’s bullshit. The sanctions rules don’t say you have to cut off completely anyone who ever connected from a sanctioned country. The Verge (linked above) spoke to an Oxford researcher with knowledge in this area:

?They are either incompetent at OFAC interpretation or racist,? said Oxford researcher Mahsa Alimardani, who specializes in communication tools in Iran.


?Detecting an Iranian IP address on a paid account (which is presumed to be for business) login as a violation of sanctions is a wrong interpretation of these regulations,? Alimardani says. ?At best it?s over-regulation to prevent any sort of misunderstanding or possible future hassle with OFAC.?

Of course, as former Facebook Chief Security Officer Alex Stamos notes in his own tweet on this topic, this is exactly what happens when you have vague rules with strong punishment, and expect internet platforms to magically police the web:

And of course, we’re seeing more and more and more of that. FOSTA does that in the US. The GDPR is doing that around the globe. The EU Copyright Directive will do that. The EU Terrorist Content Regulation will do it. And a bunch of other regulations targeting the internet as well. That’s why some of us keep warning that these laws are going to lead to widespread censorship and suppression of free speech. Because that’s how it always works out. If you threaten internet platforms with huge penalties for failing to block content, but leave the details pretty vague, they’re going to make decisions like that and simply kick people off their services entirely, rather than face liability. It’s a recipe for disaster — and one that seems to be favored by tons of clueless regulators, politicians, and plenty of people who just don’t realize how much harm they will cause.

Filed Under: , , , ,
Companies: slack

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Slack Banning Random Iranian Ex-Pats Shows Why Making Tech Companies Police The Internet Is Crazy Stupid”

Subscribe: RSS Leave a comment
James Burkhardt (profile) says:

Re: Ever watch House?

Its not the place to have a larger debate on questions about systemic racism in various places. But, suffice to say I disagree with your over all conclusion. I do think it would be accurate to say that, like claims of political bias in search, claims of racism in tech tend to be overblown reactions to not understanding how the tech works, and confusing correlation and causation.

Gary (profile) says:

Re: Stupid yes, but racist?

Damnit I said delete submit…

Anyway – The article does outline that the people had visits or at least n IP trail related to Iran. In the face of massive fines should they do nothing and engage in an expensive court case if someone decides they didn’t do enough?

I don’t think this was racially motivated. But in the end, Slack is being called upon to uphold this silly law. And if they don’t do it “correctly” their are liable. Even if they make an honest mistake, the government could come down on them like a ton of bricks.

Nom de Clavier says:

Are you for sanctions on Iran?

I’m not. Iran has done nothing except that US / UK / and especially Israel selected it as an enemy. No threat to us.

Now YOU state whether are for sanctions on Iran, and WHY.

Without stating that position, this is JUST your vehicle to attack any regulation of internet corporations that you’re always against.

This is a characteristic Masnick tactic: he doesn’t care beans whether the people of Iran suffer for no reason. He just sleazily positions himself as for freedoms and against much larger evil only to argue for no regulations and bring more surveillance capitalism down on us.

Anonymous Coward says:

Re: Re: Are you for sanctions on Iran?

Historically, it’s the US government that has done repressive things (japanese camps at ww2), meddled with other countries’ internal politics, put up puppy governments, assasinated political leaders, and sold weapons to terrorists while selling crack to its populace.

Yes, I agree that it would be shitty for the US to have more nuclear weapons in the middle east. But that is the “we’re the bigger bully so we’re right” defense. The kind of global death, corruption, and danger the US presents to the world is much more than Iran. What gives the US, a historically much more corrupt and destructive force, the right to tell Iran what to do? Oh, the big guns. We got them first, no we’re infallible, and we don’t want to take the chance on anyone else.

Who was it that almost started ww3 around the Cuba neighborhood? Oh, that’s us. Who said they’ll use nuclear weapons in Ukraine? Oh, that’s Russia. The two nations most dangerous and destructive for this planet, and the ones holding it by its balls.

Nom de Clavier says:

Re: Are you for sanctions on Iran?

This is solely "Slack" problem, as the last blockquote states. You cannot logically hold that a single corporation being stupid must prevent all regulation. Not even if ALL implement it wrong. Only shows that they are stupid kids and need LOTS MORE regulation.

simply kick people off their services entirely, rather than face liability.

YOU state that they’ve a totally arbitrary RIGHT to do so:

"And, I think it’s fairly important to state that these platforms have their own First Amendment rights, which allow them to deny service to anyone."

You’re NOT against the act in principle, if it’s taken against those you view as political opponents, like Alex Jones or "conservatives" even when well within common law terms: you’re okay if it’s for "hate speech". It’s ONLY when YOUR goals are being thwarted that you object. You are a Masnocrit.

Mike Masnick (profile) says:

Re: Re: Are you for sanctions on Iran?

YOU state that they’ve a totally arbitrary RIGHT to do so:

We’ve explained this to you many times in the past, so I’m not sure why you continue to demonstrate your failure to comprehend basic points by repeating such nonsense.

  1. Yes, they have every right to do it.
  2. That doesn’t mean they should not be criticized for doing it.
  3. The point here was that the reason they were doing it was stupid — a misreading of the law which leads to
  4. Showing why poorly written, vague laws, where the liability is placed on tech companies, is a problem.

I’m not sure if you’re really this dumb or it’s just your favorite trolling technique, but it is entirely possible to be consistent by arguing that while someone has a right to do something, they should not be doing it.

You would have a point if I argued that Slack should be legally barred from removing these people from their platform, which I am not saying at all.

The real question, which you’ll never answer honestly, do YOU think Slack should be legally barred from removing anyone from their platform ever?

Anonymous Coward says:

What he should do in the future, when travelling to Iran, to avoid any problems with that, is to set up a proxy or VPN on his home broadband, and use that, so that websites will not know he is coming from Iran.

Obfuscating your location does not break any laws in Canada, or the United States.

If he had done this, it would have appeared to Slack that he was coming from his home computer, and not from Iran.

While he might have run into some problems with the Iranian auhorities for using a VPN, he would not have been breaking any laws in either the USA or Canada, by setting up a VPN on his home broadband to hide the fact that he was in Iran.

It is no different than when I take road trips to Mexico, and use the VPN set up on my home broadband to bypass geo blocking to access US-only radio station streams, or to get the US Netflix library, while I am down there.

To this sites, it merely appears that I am on my home computer, and I can listen to iHeart, or SiriusXM, while I am driving in Mexico.

And when I do this, I am not breaking in laws in either Mexico, or the United States when I do this.

JoeCool (profile) says:

Re: Re:

One could argue that you are bypassing a technical restriction (geolocation blocking) to access copyrighted data, and therefore breaking the DMCA. It’s as stupid as the restrictions on decrypting DVDs, but they prosecute that all the time. It’s all part of piling on the charges to scare one into a plea bargain. They won’t come after for using a VPN to access netflix by itself, but if they wanted you for something else, you can bet your ass they’ll add that to the list of charges.

Anonymous Coward says:

Re: Re: Re:

In order for it to be a felony, it has to be for some kind of financial gain, which I am certainly not doing here.

Using my the VPN on my home network to access us only content when traveling abroad is being done for financial gain, so no felony is being committed.

Another thing I used to do.when cars had cassette players, and when tracks were only sold with DRM was to plug a tape recorder into my computer and record onto cassettes to play in my car. This was not a felony because it was for personal use and not for making money

That is why Congress limited it to being for financial gain, which bypassing geonlocks is most certainly not.

Anonymous Coward says:

Re: Re: Re:

“They won’t come after for using a VPN to access netflix by itself, but if they wanted you for something else, you can bet your ass they’ll add that to the list of charges.”

At least you don’t bring up the CFAA. Acessing US-only content, when I am in Mexico, does not violate the CFAA becuase I did not use any illegally obtained passwords.

And second, when I am in Mexico, I only have to obey Mexican laws, while I am down there. And since using a VPN to access US-only content does not break Mexican law, that is all that counts.

US law does apply to me when I am in Mexico. When I am in Mexico, I only recognize Mexican laws, when I am down there.

Anonymous Coward says:

Re: Re: Re:

This is where using my own private VPN on my home network is far better than using a commercial VPN service

Since I am logging into my network at home, there is no possible way for Netflix, Pandora, SiriusXM, Hulu, iHeart, etc, etc, to know that I am logging in from a abroad using my home computer as a proxy server, since my IP address is obviously not going to show up on VPN or proxy lists. To these services, it appear to them like I am logging on from home, and they will never be the wise

And CFAA does not apply here, since the CFAA does not make it illegal to log into my home broadband, which I am paying for, and my own computer server which I own. Since I am logging on my home network, it cannot be considered unauthorized access, since I not using any illegally obtained passwords/

Neither does the DMCA, firstly because I am not doing it for any kind of commercial or financial gain, so felony charges do not apply. The felony provision only apply if you are doing it for commercial or financial gain, and logging to my home network from abroad to log into US-only websites, while I am abroad does not meet the requirements for “commercial or private financial gain”l

Anonymous Coward says:

Re: Re: Re:

In order for it to be a felony, circumventing a technological measure has to part of some kind of business

Because of the “commercial or private financial gain” requirement, you have to be doing that as part of some kind of business with the intent of making money.

For your own personal use, it is not a criminal offense. It does not become a felony until you do it for the purpose of making money.

Anonymous Coward says:

Re: Re: Re: Re:

Until they add the argument that you could have gotten access to said services or equivalent to such by paying for a Mexican equivalent.

Therefore, you enriched yourself by using the VPN, ie not paying.

The head spinning logic starts with you did not pay additional which leads to more money left in your account which equals unjust enrichment which equals personal gain which equals a legally shaky legal claim against you which you have to defend against.

Anonymous Coward says:

Re: Re: Re:3 Re:

Another advantage of having my own private VPN is to avoid filters in hotels that block streaming sites

Some hotels do block streaming.

One hotel in San Diego did that when I was there 3 years ago. Logging in to my home VPN to bypass their filters a d watch YouTube or Netflix did not break any laws either in California or any federal laws. Bypassing web filters on the wifi at hotel you are staying at does not break any laws I. Canada, Mexico, or the United states or any state laws.

If you travel a lot, you should consider upgrading your home broadband to something that allows servers, and then set up your own private VPN. This is because while commercial VPN providers are blocked, others are not. This is because blocking all VPN usage could cause problems for business travelers staying there.

Anonymous Coward says:

Re: Re: Re:2 Re:

However, when I am in Mexico, I only have to obey Mexican laws when I am down there. Since I am on Mexican soil when I am circumventing geoblocking, US laws do not apply to what I do, even if I do login to my home network to bypass region locks. When you go to a foreign country, you are subject to THEIR laws, not United States laws.

Also, before coming back into the USA, always encrypt my phone, and then do a reset on it. Once a reset is done, the decryption key is lost for encrypted data, so even if they image my phone at the border, there will be no way for them to be able to decipher the encrypted data, so there is no way they would ever be able to figure out that I was, say, bypassing geolocks to listen to iHeart, or SirusXM while driving on the highways in Mexico.

I just make sure not to bring that SIM card back into the United States. I just flush it down the toilet somewhere before coming back to the USA, getting rid of the incriminating SIM card.

Doing all of this also destroys any evidence that you unlocked your phone to use on a foreign carrier to avoid expensive roaming charges.

And this is good to know, just in case the US decides the lift the ban on travel to North Korea, as the DPRK requires you to use their SIM cards while in the country. Before returning to the United States, you just simply wipe your phone and reset, and then leave North Korea off the list countries recently visited when filling out your Customs form when you re-enter the United States, only putting down China (the country most travellers to the DPRK goes through), and neither your cell phone provider, or CBP, will ever be wiser of what you were up to.

Anonymous Coward says:

Re: Re: Re:2 Re:

The “commerical or private financial gain” requirement means that I would have be selling a circumvention tool to be making money.

This is why a lot VPN services do not keep logs, and are very careful in their adverts about using it to circumvent region blocks. While myself, as a user, cannot be prosecuted, the providers can, if they specifically market their sites for that.

Another example was back when cars had cassette players and music tracks were only sold with DRM. When I plugged my tape recorder into my computer, and recorded tracks onto cassettes for my personal use, in my car, that was not a felony offense, because I was doing it for my own personal use, and not selling any those tracks. Becuase I did not sell any of those tracks that were freed from their DRM, I was not breaking the law.

There was one article elsewhere wondering why makers of ad blocking just don’t block the anti-adblock scripts on sites.

For the users to bypass anti-adblock scripts is not a felony because they are not doing with the intent to make money, but the makers of the ad blocking software can be prosecuted, but their products are made for the purpose of making money for them.

In short, you have to be circumventing technological measures for the purposes of selling such circumvention for a profit. As long as you are not selling it to make money, you are not committing a felony

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...