Iran’s government can track every phone at a protest, freeze your bank account, and cut your internet—all without a warrant. Here’s how the surveillance system works, and why it threatens privacy everywhere.
The Text Message That Changed Everything
You attended a protest. You marched peacefully, chanted for change, went home. Days later, your phone buzzes:
“Your presence at illegal gatherings has been noted. You are under intelligence monitoring. Refrain from illegal gatherings, which are desired by the enemy.”
This isn’t a dystopian novel. This is Iran, February 2026—and the government didn’t need informants or seized phones to find you. Your phone’s mere presence at the protest was enough.
According to a groundbreaking New York Times investigation published on February 13, 2026, Iranian authorities sent exactly these messages to protesters who participated in anti-government demonstrations in late December 2025 and January 2026. The government tracked them through their cell phones—not by seizing devices, not through informants, but simply by knowing their phones were present at protest locations.
What’s more chilling is what came next. As the internet slowly flickered back online after a nationwide blackout, systematic detentions began. Iranians were pulled from their homes and subjected to hours of interrogation. Their interrogators confronted them with facial recognition matches, cell tower location data placing them at specific protests, and screenshots of their social media posts.
For those not detained immediately, other punishments arrived: SIM cards suspended, cutting off mobile access. Bank accounts frozen. Warning calls from unknown numbers. And always, the knowledge that authorities were compiling “long lists of names” for visits that might come “maybe a month later, or two months later.”
A security official told the Times that authorities hope to “hunt down the leaders of the riots” using this surveillance infrastructure. Not some of them. Not the most visible. All of them.
This is the Digital Iron Curtain—the most comprehensive, integrated civilian surveillance system ever deployed outside of China. And it’s built on technology that’s spreading globally.
What You’ll Learn in This Article
- How SIAM works: Iran’s 40-function surveillance platform that monitors 90 million citizens- The National Information Network: Iran’s internet kill switch with surgical precision- Who built it: China and Russia’s role in exporting authoritarian surveillance technology- How protesters are tracked: The step-by-step process from cell tower logs to detention- Why it matters globally: How Iran’s surveillance model threatens privacy worldwide- What you can do: Concrete actions to resist the spread of surveillance infrastructure
Inside SIAM: The 40-Function Surveillance Monster
Key Facts About SIAM:
- What it is: Subscriber Identity and Activity Monitoring platform- Where it lives: Embedded directly in Iran’s cellular network infrastructure- Who operates it: Government intelligence agencies with direct access- Legal oversight: None—no warrants, no judicial review, no limits- People affected: All 90+ million mobile phone users in Iran- First exposed: The Intercept’s “Iran Cables” leak, 2022
At the heart of Iran’s surveillance state sits a system called SIAM—the Subscriber Identity and Activity Monitoring platform. Leaked documents first revealed by The Intercept in 2022 (from the “Iran Cables” leak) exposed this 40-function surveillance tool embedded directly within Iran’s cellular networks by telecom companies themselves.
Think of SIAM as a master control panel. Government operators can query any phone number and instantly see that person’s location, call history, internet activity, and contacts. More disturbingly, they can remotely disable services, downgrade connections, or redirect calls—all without the target knowing.
SIAM isn’t hacking. It’s a legitimate network management tool that’s been weaponized for surveillance. The phone companies built the surveillance into the infrastructure itself.
What SIAM Can See
SIAM gives government operators access to everything your phone knows about you:
- Internet history: Every website, every app session, every connection- Communication records: All calls, all texts, all contacts, all timestamps- Personal information: Your identity, family details, billing records, address- Location tracking: Continuous monitoring through cell tower connections- Financial data: Transactions tied to your phone account
These aren’t theoretical capabilities—they’re documented functions from leaked SIAM manuals. Here are the actual tools operators use:
FunctionWhat It DoesGetIPDRRetrieves your complete internet history—every site, every session, every locationGetCdrPulls your call and SMS records, including all contacts and locationsFullSearchByNumComplete profile: personal details, family info, billing, everythingLocationCustomerListLists every phone present in a geographic area—perfect for protest identificationBillingInfoSearchYour complete financial history tied to your phone account
What SIAM Can Do To You
But SIAM isn’t just for watching. It’s for control:
FunctionWhat It DoesApplySuspBlock your calls, disconnect you mid-conversation, cut your dataForce2GNumberForce your device onto slow 2G network (easier to surveil, blocks encrypted apps)ApplyDivertHijack your calls—redirect them to government numbers without your knowledgeSuspOrderBlock service requests, prevent you from changing plans or escaping
In other words: Iran’s government can not only see everything you do on your phone, but can reach through the network and disable your ability to communicate at will.
Iran’s Cyber Warfare Paradox: Under Siege While Threatening Critical Infrastructure
The National Information Network: Iran’s Isolated Internet
SIAM doesn’t operate in a vacuum. It’s one component of Iran’s National Information Network (NIN)—a state-controlled internet infrastructure developed since 2013 and significantly expanded after the 2019 protests, explicitly designed to operate independently of the global internet.
In simple terms: Iran built a complete internet inside Iran that doesn’t need the outside world to function.
The NIN architecture has five layers:
- Access Networks — Mobile operators, ISPs, fixed-line providers (all state-controlled or heavily regulated)2. Aggregation Networks — Traffic collection and monitoring points3. Edge Cloud — Regional data centers that enforce government filtering policies4. Core Network — Centralized control managed by the Telecommunication Infrastructure Company (TIC)5. Secure Border Gateways — Chokepoints where ALL international traffic must pass and can be filtered or blocked
Why this matters: During crises—like the January 2026 protests—authorities can sever all international internet connections while keeping domestic services running. You can still access Iranian banking apps, government websites, and local e-commerce platforms. You just can’t tell the world what’s happening to you.
Citizens remain connected enough to function economically, but isolated enough to prevent information from escaping. It’s a kill switch with surgical precision.
This is what analysts call the “hybrid model”—somewhere between North Korea’s complete isolation and China’s filtered-but-connected internet. Iran wants the economic benefits of connectivity with the control benefits of disconnection, available at the flip of a switch.
Who Built Iran’s Surveillance System: China, Russia, and the Authoritarian Tech Pipeline
Iran didn’t build this surveillance state alone. A network of authoritarian governments and willing tech companies helped construct the Digital Iron Curtain—and they’re still profiting from it.
Chinese Contributions
Huawei and ZTE have provided material and technical support since 2010. Chinese companies supplied surveillance systems from Tiandy, and China’s “Great Firewall” served as the architectural model for the NIN. The technology transfer wasn’t just hardware—it was a complete framework for controlled connectivity.
Article 19, in a February 2026 report titled “Tightening the Net: China’s Infrastructure of Oppression in Iran,” documented how Chinese firms helped Iran build the filtering systems, data centers, and monitoring capabilities that make NIN work.
Russian Contributions
PROTEI, a Russian company, supplied core network components including:
- Deep Packet Inspection (DPI) systems that classify and throttle traffic- SMS delivery systems- User authentication infrastructure- Mobile network signaling components
The DPI technology is particularly important. It allows Iranian authorities to identify and throttle specific applications—WhatsApp, Telegram, Signal—without blocking the internet entirely. During protests, this means encrypted messaging apps become unusably slow while state-monitored Iranian apps continue functioning normally.
Russia and Iran also share satellite jamming technology, GPS disruption capabilities, and cyber operation tools. This isn’t a one-way transfer; it’s a partnership.
The Authoritarian Tech-Sharing Network
What we’re witnessing is the emergence of an authoritarian technology bloc:
- China → Iran: Infrastructure, hardware, censorship methodology- Russia ↔ Iran: Jamming tech, cyber capabilities, surveillance tools- Joint development: Counter-satellite systems, GPS jamming, coordinated cyber operations
These three nations are building and refining surveillance technologies that can be deployed anywhere. Iran is essentially a testing ground—and an export model.
How Protesters Are Identified: A Step-by-Step Nightmare
Let’s walk through how an Iranian protester gets caught in 2026:
Step 1: Real-Time Location Tracking
The moment you arrive at a protest, your phone begins connecting to nearby cell towers. SIAM’s LocationCustomerList function can query those towers and return a list of every phone present in that geographic area.
No warrant. No judicial oversight. No probable cause. Every device, logged.
Because SIM card registration in Iran requires your full identity—name, father’s name, birth certificate number, passport, address—your phone’s location is your location, legally and technically indistinguishable.
In practice: An operator types in geographic coordinates, presses enter, and receives a complete list of everyone who was at that location at that time. The technical capability removes the need for traditional police work. The surveillance infrastructure is the investigation.
Step 2: IMSI Catcher Deployment
For higher-value targets, authorities deploy IMSI catchers—portable devices that impersonate legitimate cell towers. Your phone automatically connects to what appears to be normal network infrastructure, and the device captures your IMEI (unique device identifier) and IMSI (subscriber identity) in real-time.
Translation: A van parked near a protest can silently harvest the identity of every phone within range, without hacking, without touching your device, simply by exploiting how cell phones work.
These devices have been documented in use beyond protests—including in Isfahan, where they identify women not wearing mandatory hijab on the street. The surveillance infrastructure built for “national security” inevitably expands to enforce social control.
Step 3: Facial Recognition
Iran has integrated CCTV cameras across the country into centralized government systems. Private property owners’ cameras are also part of the network. After any protest, facial recognition systems can process footage against the national ID database, matching faces to identities.
Reports indicate the system produces false positives—people detained who weren’t at protests—but from the state’s perspective, that’s a feature, not a bug. Fear is the point.
Step 4: Social Media Monitoring
If you posted about the protests online, authorities have already logged your IP address. Because internet traffic passes through government-controlled gateways, and because VPN usage is increasingly detectable via DPI, your online identity can be connected to your real identity.
Step 5: The Delayed Prosecution
This is the cruelest part. All this data is stored indefinitely. You might not be arrested immediately. Instead, you receive a warning text. Your SIM card stops working. Your bank account has problems. Then, maybe months later, there’s a knock on your door.
The timeline is intentional. It creates uncertainty, fear, self-censorship. You never know when the consequences will arrive.
This isn’t theoretical. The New York Times documented multiple cases of protesters receiving threatening texts days after demonstrations, followed by systematic interrogations weeks later. Authorities told detainees they were compiling “long lists of names” for future action. The surveillance dragnet captures first, punishes later.
How Iran’s Surveillance Compares to China and Russia
Iran didn’t invent digital authoritarianism—but it’s refining it in dangerous ways. Understanding the differences reveals where global surveillance technology is headed.
Iran vs. China
AspectIranChinaInternet ControlTotal blackouts possibleContinuous filtered accessSophisticationFunctional but rougherHighly refinedPlatform AccessInstagram, Telegram, WhatsApp bannedSimilar platforms bannedFacial RecognitionDeployed, some false positivesAdvanced, ubiquitousSocial CreditEmerging “lifestyle patterns”Mature systemEconomic IntegrationSurveillance tied to bankingFull ecosystem integrationCrisis ResponseKill the internet entirelySurgical censorship
The key difference: China has refined surveillance into a permanent state of filtered connectivity—economically efficient but requiring massive infrastructure investment. Iran’s model is cheaper and more exportable: maintain basic surveillance during normal times, then deploy total shutdowns during crises. For developing nations or smaller authoritarian states, Iran’s approach is far more achievable than China’s.
This makes Iran’s model the more dangerous global export.
Iran vs. Russia
AspectIranRussiaDomestic Internet IsolationFully operationalRunet partially implementedComplete DisconnectionAchieved multiple timesNot yet achievedSurveillance IntegrationDeep mobile network accessSORM (lawful intercept) focusProtest ResponseTotal blackout + mass arrestMore selective targeting
The key difference: Iran has already achieved what Russia aspires to—complete internet disconnection capability with maintained domestic services.
Iran vs. North Korea
AspectIranNorth KoreaGlobal Internet AccessRestricted but possibleNear-total isolationMobile Penetration~90 million usersMinimalDomestic Digital ServicesExtensiveKwangmyong intranet onlyTrajectoryMoving toward DPRK modelStatic isolation
The concerning trajectory: Iran is moving toward North Korean-style isolation while maintaining Chinese-style domestic services. It’s building a model where connectivity is conditional—available when the state allows it, gone when the state decides.
Why Iran’s Surveillance State Threatens Global Privacy
Reading this from a democratic country? Thinking this doesn’t affect you?
It already does. Here’s how Iran’s surveillance infrastructure threatens privacy worldwide:
1. The Export Model
Iran’s surveillance infrastructure is being built as a replicable model. The China-Russia-Iran tech-sharing network is creating a toolkit that any aspiring authoritarian can deploy. The systems Iran uses today will be marketed to governments worldwide tomorrow.
We’ve already seen this pattern with Pegasus spyware. We’ve seen it with Chinese surveillance tech deployed across Africa. The Digital Iron Curtain isn’t a one-off—it’s a product roadmap.
2. The Normalization of Surveillance
Every Iranian citizen knows that domestic platforms—banking apps, commerce apps, government services—are monitored. As one researcher told the Times: “People know these platforms are used for interception… but you don’t have any other choice.”
This is the future surveillance capitalists dream of: a world where surveillance is so embedded in daily life that opting out means opting out of society itself. Iran is proving this model works.
3. The Technology Transfer
The deep packet inspection systems Iran uses come from companies that also sell to democratic governments. The IMSI catchers work the same way worldwide. The facial recognition algorithms don’t care about borders.
When authoritarian states refine surveillance technology, they make it cheaper, more effective, and more available. The digital arms race doesn’t stay contained.
4. The Precedent
If Iran demonstrates that total population surveillance is achievable and effective at suppressing dissent, other governments will take note. The question “Can we do this?” has been answered. The only remaining question is “Should we?”—and authoritarian governments don’t ask that question.
What Activists Can Do (And The Hard Truth)
⚠️ CRITICAL WARNING: This section provides information about Iran’s surveillance capabilities, NOT guaranteed protection methods. No technique offers complete safety in Iran’s surveillance environment.
Understanding the Threat (Not Defeating It)
For those in Iran or similar surveillance states, understanding how you’re tracked is the first step—but understanding doesn’t equal escape:
What the surveillance system captures:
- Mobile networks: All Iranian carriers feed data to SIAM. Every connection to a cell tower is logged.- Domestic apps: Banking, messaging, e-commerce—all Iranian platforms should be assumed to be monitoring tools.- VPNs and circumvention: Deep Packet Inspection can detect VPN usage. Even if blocked, the attempt creates a record.- Facial recognition: CCTV cameras (public and private) feed centralized databases with facial matching.- SIM registration: Your phone number is legally tied to your full identity—name, father’s name, national ID, address.
Risk Reduction (Not Elimination)
These measures reduce risk but do not eliminate it:
- Leaving phones behind: Prevents cell tower tracking, but facial recognition and informants remain.- Using foreign SIM cards: May avoid SIAM tracking, but physical possession of unregistered SIMs is illegal and creates suspicion.- Avoiding digital communication: Physical meetings avoid digital surveillance, but public facial recognition and physical surveillance increase.- Using circumvention tools: May provide temporary access, but DPI can detect and log the attempt even if blocked.
The Reality You Must Understand
There is no safe way to protest in Iran’s current surveillance environment. The system is specifically designed to eliminate the protection gaps that activists previously relied on:
- Satellite internet (Starlink) now carries severe criminal penalties, potentially including death sentences under certain charges- VPN detection is sophisticated and improving constantly- Facial recognition has false positive rates, meaning even non-participants can be swept up- Economic participation requires using monitored domestic platforms- The surveillance infrastructure has no oversight, no warrants, and no legal limits
For those considering action: Understand that every digital tool leaves traces. Every appearance in public risks facial recognition. Every phone you carry—even powered off—creates potential evidence if seized. The Iranian government has demonstrated both the technical capability and political will to track, identify, and punish protesters months after events.
For outside observers: Do not romanticize resistance or minimize risks. The bravery of Iranian activists is extraordinary precisely because the surveillance state makes meaningful protection nearly impossible. Sharing “safety tips” without these warnings is dangerous.
If you choose to act, do so with full knowledge that the risks are real, severe, and not fully mitigable through technical means alone.
The Digital Iron Curtain Is Here—And It’s Spreading
Iran has built something unprecedented: a surveillance system that tracks 90 million people’s movements, communications, and behaviors in real-time, with the power to disconnect them from the world at the flip of a switch—while keeping them just connected enough to survive economically.
This isn’t speculative. It’s operational. Right now.
When protests erupted in late 2025 and early 2026, the response was surgical: internet blackouts so complete the world relied on fragmentary reports for weeks. Then, when connectivity returned, the dragnet activated. Text messages threatened protesters identified by cell tower logs. Bank accounts froze. SIM cards died. And authorities continue compiling lists for arrests that might come “a month later, or two months later.”
Behind every data point is a human story:
- The protester who marched for change and now checks their phone anxiously for warning messages- The mother whose bank account froze because her daughter attended a demonstration- The young man interrogated with screenshots of his social media posts, wondering who betrayed him—not knowing it was simply the infrastructure itself
The technology enabling this comes from China. From Russia. From companies that also sell to democratic governments. The surveillance capabilities tested in Iran today will be marketed globally tomorrow—because surveillance technology always spreads.
For privacy advocates worldwide, the lesson is urgent: The fight for digital rights isn’t abstract. It’s life and death in Tehran. Freedom and imprisonment in Isfahan. The difference between speaking and silence for 90 million people.
The Digital Iron Curtain has fallen. The question is no longer whether surveillance states are possible—Iran proved they are. The question is whether we’ll resist this model spreading to the rest of the world.
What You Can Actually Do
Exposure alone changes nothing. Here’s what can push back against the spread of surveillance infrastructure:
For Policymakers and Governments
- Expand surveillance technology export controls beyond current sanctions—target dual-use DPI systems, facial recognition, and network monitoring tools2. Investigate western companies providing components, training, or maintenance to authoritarian surveillance systems3. Fund circumvention technology with realistic expectations (no false promises of perfect safety)4. Document and preserve evidence of surveillance-enabled human rights abuses for future accountability5. Resist domestic mission creep—the capabilities deployed in Iran are technically possible everywhere
For Technology Companies
- Audit your supply chains for authoritarian government customers- Implement human rights due diligence before selling network infrastructure or monitoring tools- Support end-to-end encryption in products, even when governments pressure you to weaken it- Refuse to build backdoors—what works in democracies works in dictatorships too
For Individuals Who Care About Privacy
- Support digital rights organizations doing this research: Citizen Lab, Article 19, EFF, Access Now- Pressure your government to restrict surveillance technology exports- Use and normalize encrypted communications—not to hide wrongdoing, but to make privacy the default- Share these stories—the more people understand how surveillance states operate, the harder they are to build quietly- Remember the human cost—behind every data point is a person risking everything for freedom
The surveillance state isn’t coming. It’s here. What happens in Iran today demonstrates what’s technically possible everywhere tomorrow.
The question isn’t whether we can stop surveillance technology from existing—we can’t. The question is whether we’ll let it become normalized, accepted, and expected as the price of participating in modern society.
Iran shows us where that path leads. We can choose differently.
Sources and Further Reading
This investigation is based on:
Primary source: “Iran Turns to Digital Surveillance Tools to Track Down Protesters” by Adam Satariano, The New York Times, February 13, 2026.
Technical documentation:
- “Iran Cables” leak analysis, The Intercept, 2022 (SIAM system documentation)- “Tightening the Net: China’s Infrastructure of Oppression in Iran,” Article 19, February 2026- Citizen Lab technical reports on Iranian internet infrastructure- WIRED coverage of Iran’s surveillance ecosystem- Holistic Resilience/Raaznet research on NIN architecture- Radio Free Europe/Radio Liberty investigative reporting
Verification note: All technical claims about SIAM functions, NIN architecture, and surveillance capabilities are based on leaked government documents, technical analysis by digital rights organizations, or confirmed reporting by established news sources.