Why Tehran’s Two-Tiered Internet Is So Dangerous

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of internet censorship. This was not merely blocking social media or foreign websites; it was a total communications shutdown.

Unlike previous Iranian internet shutdowns where Iran’s domestic intranet—the National Information Network (NIN)—remained functional to keep the banking and administrative sectors running, the 2026 blackout disrupted local infrastructure as well. Mobile networks, text messaging services, and landlines were disabled—even Starlink was blocked. And when a few domestic services became available, the state surgically removed social features, such as comment sections on news sites and chat boxes in online marketplaces. The objective seems clear. The Iranian government aimed to atomize the population, preventing not just the flow of information out of the country but the coordination of any activity within it.

This escalation marks a strategic shift from the shutdown observed during the “12-Day War” with Israel in mid-2025. Then, the government primarily blocked particular types of traffic while leaving the underlying internet remaining available. The regime’s actions this year entailed a more brute-force approach to internet censorship, where both the physical and logical layers of connectivity were dismantled.

The ability to disconnect a population is a feature of modern authoritarian network design. When a government treats connectivity as a faucet it can turn off at will, it asserts that the right to speak, assemble, and access information is revocable. The human right to the internet is not just about bandwidth; it is about the right to exist within the modern public square. Iran’s actions deny its citizens this existence, reducing them to subjects who can be silenced—and authoritarian governments elsewhere are taking note.

The current blackout is not an isolated panic reaction but a stress test for a long-term strategy, say advocacy groups—a two-tiered or “class-based” internet known as Internet-e-Tabaqati. Iran’s Supreme Council of Cyberspace, the country’s highest internet policy body, has been laying the legal and technical groundwork for this since 2009.

In July 2025, the council passed a regulation formally institutionalizing a two-tiered hierarchy. Under this system, access to the global internet is no longer a default for citizens, but instead a privilege granted based on loyalty and professional necessity. The implementation includes such things as “white SIM cards“: special mobile lines issued to government officials, security forces, and approved journalists that bypass the state’s filtering apparatus entirely.

While ordinary Iranians are forced to navigate a maze of unstable VPNs and blocked ports, holders of white SIMs enjoy unrestricted access to Instagram, Telegram, and WhatsApp. This tiered access is further enforced through whitelisting at the data center level, creating a digital apartheid where connectivity is a reward for compliance. The regime’s goal is to make the cost of a general shutdown manageable by ensuring that the state and its loyalists remain connected while plunging the public into darkness. (In the latest shutdown, for instance, white SIM holders regained connectivity earlier than the general population.)

The technical architecture of Iran’s shutdown reveals its primary purpose: social control through isolation. Over the years, the regime has learned that simple censorship—blocking specific URLs—is insufficient against a tech-savvy population armed with circumvention tools. The answer instead has been to build a “sovereign” network structure that allows for granular control.

By disabling local communication channels, the state prevents the “swarm” dynamics of modern unrest, where small protests coalesce into large movements through real-time coordination. In this way, the shutdown breaks the psychological momentum of the protests. The blocking of chat functions in nonpolitical apps (like ridesharing or shopping platforms) illustrates the regime’s paranoia: Any channel that allows two people to exchange text is seen as a threat.

The United Nations and various international bodies have increasingly recognized internet access as an enabler of other fundamental human rights. In the context of Iran, the internet is the only independent witness to history. By severing it, the regime creates a zone of impunity where atrocities can be committed without immediate consequence.

Iran’s digital repression model is distinct from, and in some ways more dangerous than, China’s “Great Firewall.” China built its digital ecosystem from the ground up with sovereignty in mind, creating domestic alternatives like WeChat and Weibo that it fully controls. Iran, by contrast, is building its controls on top of the standard global internet infrastructure.

Unlike China’s censorship regime, Iran’s overlay model is highly exportable. It demonstrates to other authoritarian regimes that they can still achieve high levels of control by retrofitting their existing networks. We are already seeing signs of “authoritarian learning,” where techniques tested in Tehran are being studied by regimes in unstable democracies and dictatorships alike. The most recent shutdown in Afghanistan, for example, was more sophisticated than previous ones. If Iran succeeds in normalizing tiered access to the internet, we can expect to see similar white SIM policies and tiered access models proliferate globally.

The international community must move beyond condemnation and treat connectivity as a humanitarian imperative. A coalition of civil society organizations has already launched a campaign calling fordirect-to-cell” (D2C) satellite connectivity. Unlike traditional satellite internet, which requires conspicuous and expensive dishes such as Starlink terminals, D2C technology connects directly to standard smartphones and is much more resilient to infrastructure shutdowns. The technology works; all it requires is implementation.

This is a technological measure, but it has a strong policy component as well. Regulators should require satellite providers to include humanitarian access protocols in their licensing, ensuring that services can be activated for civilians in designated crisis zones. Governments, particularly the United States, should ensure that technology sanctions do not inadvertently block the hardware and software needed to circumvent censorship. General licenses should be expanded to cover satellite connectivity explicitly. And funding should be directed toward technologies that are harder to whitelist or block, such as mesh networks and D2C solutions that bypass the choke points of state-controlled ISPs.

Deliberate internet shutdowns are commonplace throughout the world. The 2026 shutdown in Iran is a glimpse into a fractured internet. If we are to end countries’ ability to limit access to the rest of the world for their populations, we need to build resolute architectures. They don’t solve the problem, but they do give people in repressive countries a fighting chance.

This essay originally appeared in Foreign Policy.

Tags: ,

Posted on February 27, 2026 at 7:05 AM5 Comments

Comments

Clive Robinson February 27, 2026 9:18 AM

@ Bruce, ALL,

With regards,

“The human right to the internet is not just about bandwidth; it is about the right to exist within the modern public square.”

Sorry Bruce, there is no such “Right” even in the US.

It’s at best an aspiration, and probably always will be.

There are numerous gate keepers that you have to get past.

The first of which is,

1, How do you pay for or obtain reliable access.

Banks can freeze your account, credit cards can refuse to perform transactions and order your cards detained by a merchant. A service provider has a legal right to decline to do business with you.

Even supposed “Free WiFi” is anything but free, yes it’s a lot harder to block access but it’s easily technically possible in various ways.

I’ve mentioned before back in 2014 on this blog about the UN ITU conference in Doha where Russia and others indicated that they were going to break away from the US Centered and controlled system.

And since then they and others have been “boiling the frog” style moving forward on these objectives.

Even the EU is now looking at how to De-US themselves and the issue is Southern Ireland is bought and payed for by US Tech, but I strongly suspect that those days are coming to an end with one of the Data commissioners now “owned” by a US Mega Corp,

https://www.iccl.ie/digital-data/complaint-v-ireland-to-european-commission-re-process-appointing-ex-meta-lobbyist-as-data-protection-commissioner/

What is not widely known is all Meta / Facebook employees sign a non revokable agreement on joining Meta to basically do as directed by Meta or face a Meta owned and run Tribunal as their only legal recourse against such direction.

Little is publicly known about these extensive documents but little by little it’s coming out drip by drip,

https://mashable.com/article/meta-nlrb-confidentiality-non-disclosure-agreement-employee-union

David Rockefeller February 27, 2026 10:33 AM

Once again the author is relying on tacit assumption through framing, and based on the media outlet it is not much of a stretch to conclude that it is intentional. Which in turn reflects on the author and their positioning.

People have been communicating and coordinating in groups for well over 10,000 years. The Internet makes its easier to do so but its absence does not preclude communication.

Heaven forbid the Iranian government takes steps to prevent CIA clandestine operations officers from executing regime change operations. I’m sure that’s something that raises the ire of the Council on Foreign Relations and other CIA allies.

Clive Robinson February 27, 2026 10:48 AM

@ ALL,

The real technical questions people need answers two are,

When using Consumer or Commercial grade technology,

1, How to block AI driven “Client Side Scanning”.
2, How to get the benefits of E2EE covertly.
3, How to appear overt but have covert communications.

I’ve seen this nonsense coming out of Governments well over a decade ago prior to the Ed Snowden Revelations it was clear that the US Gov in particular were changing legislation because,

“The Internet Scares all politicians”

But also gives the bad politicians and those behind them great power over the ordinary people, of voting citizens.

Which was why I looked into how to deal with things.

The big problem though is not that there are not “solutions” there are and mostly they are simple. The real problem is “the people” are,

1, Overly “Trusting” of leaders.
2, Prefer “Convenience” over their lives and well being of their families etc.
3, Don’t want to have their “biased” view points challenged.
4, Want to abdicate “Responsibility” to others who very much do not have their interests at heart.

The technical solution is fairly simple and it requires using an issue that although obvious is not generally thought about. Which is the,

“Observer problem”

Put simply an observer only sees the surface of a communications exchange.

Most know that “Encryption” can,

“Hide the message but not the traffic”

Which means the traffic has to be benign “to an observer” and importantly not correlatable to any actions.

In the past people have tried the likes of Steganography but in general it fails due to the fact it has no “One Time” element to it thus is subject to correlation attacks

Solving this is still not enough in that often even One Time traffic looks contrived thus not benign.

But now the battle over E2EE has been conceded by many authorities (much to the consternation of their guard labour). They still want access to “message content” to do their Cardinal Richelieu routine.

This is why “Client Side Scanning” has been brought into play.

But simply, if they can see what you see then they think they have the “message contents”.

As I pointed out with “Secure Messaging Apps” the most important thing is,

“To consider the whole system not it’s component parts”

And by drawing up diagrams etc ensure that,

“The ‘security endpoint’ you rely on is beyond the ‘communications endpoint’ they rely on.”

If it’s not “you lose” a lot more than the game of whits…

In short you need to take the ‘security endpoint’ “Off the Device” the ‘communications endpoint’ is on by some ‘strong segregation method’. Which is why I talk about “Energy Gapping” not the much weaker “Air Gapping” you normally get told about.

But this alone is insufficient if the “observer” can see “oddities” that they can “correlate” and conclude there is a “Covert Channel” that they can then come looking for.

Which is why traffic has to look both benign and be to some level “deniable” in the face of “betrayal” by the “second party” in any communications.

In short every covert message communicated has to be,

1, In plaintext.
2, Use a “One Time” element.
3, Be effectively deniable.
4, Correlate to innocent activities.

Whilst hard I’ve shown how to achieve this with no more than pencil, paper, glass and matches, to take messages “off device” and beyond the ‘communications endpoint’. But you also need,

1, A Code book.
2, A One Time Pad.

To turn the message into a secure form of “plaintext” that any observer can be allowed to see.

The only issue I can not solve is,

“The Human Condition”

Because in this day and age, of “Collect it all” of electronic communications, any mistake will be “caught and recorded” even though it might not be immediately recognised and acted upon, it will remain there just waiting.

Hence,

“To err is human”

Is in effect a death sentence awaiting a signature…

Who? February 27, 2026 11:17 AM

The D2C system would have helped southern European countries on April 28, 2025; an authoritarian government in one of those countries would have easily blocked those satellite links. Just make buying those smartphones illegal.

On the other hand, I doubt that those satellite links provide the bandwidth necessary to manage communications, even basic ones, for a specific country.

Clive Robinson February 27, 2026 11:51 AM

@ Who?, ALL,

With regards,

“…an authoritarian government in one of those countries would have easily blocked those satellite links.”

Jamming of satellite links is often portrayed in entertainment and media as being simple to do.

Whilst in the past there was a basis of truth in this as each satellite had very limited “beaming capability” it is quite rapidly becoming harder due to the same phased antenna array technology that makes 5G and 6G phones work.

Put simply the jamming system has to point up at the satellite from within the jamming margin footprint of each antenna beam. The addition of “high dynamic range” means that the jamming power has to be as high.

There are “origami antenna” designs currently being tested, that turn into flat 64 square meter phased array antennas capable of 256 individual narrow beam footprints per satellite…

Japan’s Aerospace Exploration Agency (JAXA) sent up a cubesat miniature test bed at the end of last year for a MIMO antenna system.

Which also helps get around the,

“I doubt that those satellite links provide the bandwidth necessary to manage communications, even basic ones, for a specific country.”

The idea is to replicate standard Broadband mobile phone coverage which will as Hellon Rusk has demonstrated sufficient for quite a few countries.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.