Show Hide image

Who rules Iran?

Our guide to power in the Islamic Republic

It is a question that has been asked repeatedly since the 1979 revolution, and one for which there are few ready answers. Commentators gloss over the tensions between the supreme leader, the president and the parliament -- let alone the power invested in the clerical establishment, the Revolutionary Guard and the bonyads (or foundations) that make up the Iranian state.

Yet it is exactly these relationships that determine the course of Iranian politics, from its nuclear ambitions to the chances of democratic reform. In step with this week's Iran issue, we introduce you to the power relationships that lie beneath the political picture, and the events that put them in place.

The supreme leader

Khamenei (left) gives a speech next to the newly appointed judiciary chief, Sadegh Ardeshir Larijani, during a meeting in Tehran in August 2009. Photograph: STR/AFP/Getty Images

The highest authority in the Iranian constitution, this dual political and religious role was made to fit Ayatollah Ali Khamenei's predecessor, Ruhollah Khomeini, in the aftermath of the revolution. It is based on Khomeini's doctrine of the velayat-e faqih, or the "guardianship of the jurisconsult"; the idea that the community should be guided by a religious jurist, in expectation of the coming of the Hidden Imam.

The supreme leader should be the highest spiritual authority within Shia Islam, a marja-e taqlid ("a source of emulation") or a grand ayatollah. The 1989 succession of Ali Khamenei to the role marked a shift in the Islamic Republic from religious attitudes to authority to political expediency, as Khamenei was only a hojatoleslam, or "proof of Islam" -- a lower clerical rank.

The supreme leader has power over the army, the revolutionary guard, the Basij militia and the judiciary, primarily through appointing the leaders of each group. It was this "mini-state" that his predecessor created in the aftermath of the 1979 revolution that allowed Khamenei to establish clerical supremacy. The supreme leader's power is almost without limit: Khamenei had the final word on last year's disputed presidential election.

The president

The current Iranian president, Mahmoud Ahmadinejad, gestures while waiting for the arrival of Oman's leader, Qaboos Bin Said, at the presidential offices in Tehran on August 4, 2009. The sultan of Oman became the first foreign leader to visit Iran since Iran's controversial presidential vote last year. Photograph: BEHROUZ MEHRI/AFP/Getty Images

The most powerful political post in Iran that can be called democratic, the president of the Islamic Republic is elected from a list that is vetted by the Guardian Council. The president serves a four-year term for a maximum of two terms.

The power of the president is limited in the constitution, and is dwarfed by the influence of the supreme leader, the Guardian Council and other groups that make up the political centre. The presidency of Mohammad Khatami in 1997-2005 exposed these limitations; a reformer who offered a détente with the west, his foreign policy positions could never be anything more than symbolic, and his domestic reforms were obstructed by unelected loyalists to the regime.

Notionally, the president is the functional head of the executive. The president appoints the cabinet, subject to parliamentary approval, and is an international figurehead. In practice, however, power over defence and major foreign policy decisions falls under the authority of the supreme leader.

The Majlis: the Iranian parliament

Iranian students attend a parliament session in Tehran in November 2009. Photograph: ATTA KENARE/AFP/Getty Images

The Majlis represents the second democratic arm of the Iranian constitution, alongside the presidency. Its 290 members serve four-year terms. The Majlis has the constitutional power to vet and impeach cabinet ministers (and even the president), and introduces and passes legislation.

The major barrier to the power of the Majlis is the Guardian Council, which regularly bars candidates from standing, and vetoes parliamentary legislation. This constitutional deadlock has long been a feature of the politics of the Islamic Republic, and led to the creation of the Expediency Council in 1988.

The speaker of the Majlis, currently Ali Larijani, is an important spokesperson on domestic and international affairs. Even before the 1979 revolution, the Majlis was an important home of Iranian nationalism. Its roots are grounded in the constitutional revolution that took place between 1905 and 1911. Its importance should not be overlooked.

The councils

The head of the Iranian Guardian Council, Ahmad Janati, delivers the Friday prayers sermon at Tehran University in October 2009. Janati warned against an anti-government demonstration to counter an official commemoration of the storming of the US embassy. Photograph: BEHROUZ MEHRI/AFP/Getty Images

Iran's executive is made up of councils with varying, low levels of accountability. The most important is the Guardian Council. This body is made up of six clerics appointed by the supreme leader and six jurists nominated by the parliament from a list prepared by the judiciary -- whose head, of course, is appointed by the supreme leader.

This body has the power to veto parliamentary legislation, shut newspapers and bar presidential and parliamentary candidates. Depending on your perspective, it is either the protector of revolutionary values or the scourge of political reform in Iran.

The two other important bodies are the Expediency Council and the Assembly of Experts, both headed by Ayatollah Rafsanjani, a key power broker in the Islamic Republic.

The supreme leader appoints the Expediency Council, a body created to resolve constitutional deadlock between the Majlis and the Guardian Council. In practice, its membership ensures a heavy bias towards the establishment. The Assembly of Experts is made up of clerics elected from a list vetted by the Guardian Council, and its nominal role is to appoint and monitor the supreme leader.

Qom

Iranians hold portraits of Iranian cleric Grand Ayatollah Hossein Ali Montazeri during his funeral procession in the holy city of Qom on 21 December 2009. Photograph: AFP/Getty Images

A short drive south-west from Tehran, Qom centres on the shrine of Fatima, the sister of Imam Reza, on the bank of the Qom river. The clerical centre of Shia Islam, it is also an immensely important political base, due to its proximity to the capital and the overlap between the spiritual and political authorities.

Housing tens of thousands of seminarians, the city has expanded since the revolution. Large sums of money -- in the form of Islamic taxes and alms sent by followers -- come to the marja-e taqlid ("sources of emulation") who reside there. Normally seen as a conservative body, the marja are among the few with any authority to criticise the supreme leader. Some have questioned Khamenei's right to be considered a marja.

The recently deceased Ayatollah Montazeri was a prime example of the power of Qom, and his death was seen as a rallying point for reformists. Once nominated as a successor to Khomeini, he was cast out of the political centre for criticising the supreme leader, and remained a vocal critic of the government until his death.

The Revolutionary Guard

Iranians carry the coffin of General Nur-Ali Shushtari, the deputy commander of the Revolutionary Guard's ground forces, killed near the Pakistani border, during a funeral in Tehran outside the Revolutionary Guard garrison on 20 October 2009. Photograph: BEHROUZ MEHRI/AFP/Getty Images

A military force and corporation estimated to be worth billions of dollars, the Revolutionary Guard is the latest pressure point for those wishing to exert pressure on the Iranian state.

The Revolutionary Guard stands in command of the Basij, a paramilitary organisation that was established by the dictat of Ayatollah Khomeini. Its foot soldiers are known as "Basijis", a morality police that monitors the public for correct Islamic dress, makes sure that young, unrelated and unmarried Iranians are not walking or driving together in the streets, and so on.

After the hostage crisis of 1979-1981, the Revolutionary Guard moved into the US Embassy in the centre of Tehran, which was renamed "Den of Spies", and used it as a training base. It expanded to a full fighting force in the Iran-Iraq war. It was the Revolutionary Guard that captured the British sailors in the Persian Gulf in 2007.

The Revolutionary Guard is intimately associated with Iran's foundations, and is suspected of links to Hezbollah in Lebanon. The US Secretary of State Hilary Clinton has said that the force is "supplanting the government" and creating a "military dictatorship".

The foundations

Hossein Shariatmadari, the director of the hardline Kayhan newspaper group, owned by Iran's largest foundation, sits next issues of the newspaper at his office in Tehran, 16 September 2007. Photograph: BEHROUZ MEHRI/AFP/Getty Images

When Muhammad Reza Shah Pahlavi was driven from Iran by the 1979 revolution, he left behind a huge swathe of assets. The Pahlavi foundation was renamed the Foundation for the Oppressed, a charity entrusted to helping veterans of the Iran-Iraq war. Thought to be worth as much as $12bn, this foundation controls large amounts of Iran's economy. Along with numerous companies, factories and mines, the foundation owns the Kayhan and Ettela'at newspapers.

The Foundation for the Oppressed is just one of several bonyads intimately related to the Revolutionary Guard and the political centre around the supreme leader. In the context of Iranian politics, the foundations represent the vested interests of the unaccountable and the spoils of the 1979 revolution. They have thus far proved beyond the reach of the democratic arms of the state. Any attempt to pull the Iranian state away from clerical hegemony comes up against the bonyads.

This piece accompanies Henry Smith's article, "Iran: the people"

Fox via YouTube
Show Hide image

Are smart toys spying on children?

If you thought stepping on a Lego was bad, consider the new ways in which toys can hurt and harm families.

In January 1999, the president of Tiger Electronics, Roger Shiffman, was forced to issue a statement clearing the name of the company’s hottest new toy. “Furby is not a spy,” he announced to the waiting world.

Shiffman was speaking out after America’s National Security Agency (NSA) banned the toy from its premises. The ban was its response to a playground rumour that Furbies could be taught to speak, and therefore could record and repeat human speech. “The NSA did not do their homework,” said Shiffman at the time.

But if America’s security agencies are still in the habit of banning toys that can record, spy, and store private information, then the list of contraband items must be getting exceptionally long. Nearly 18 years after TE were forced to deny Furby’s secret agent credentials, EU and US consumer watchdogs are filing complaints about a number of WiFi and Bluetooth connected interactive toys, also known as smart toys, which have hit the shelves. Equipped with microphones and an internet connection, many have the power to invade both children’s and adults’ private lives.

***

“We wanted a smart toy that could learn and grow with a child,” says JP Benini, the co-founder of the CogniToys “Dino”, an interactive WiFi-enabled plastic dinosaur that can hold conversations with children and answer their questions. Benini and his team won the 2014 Watson Mobile Developer Challenge, allowing them to use the question-answering software IBM Watson to develop the Dino. As such, unlike the “interactive” toys of the Nineties and Noughties, Dino doesn’t simply reiterate a host of pre-recorded stock phrases, but has real, organic conversations. “We grew it from something that was like a Siri for kids to something that was more conversational in nature.”

In order for this to work, Dino has a speaker in one nostril and a microphone in the other, and once a child presses the button on his belly, everything they say is processed by the internet-connected toy. The audio files are turned into statistical data and transcripts, which are then anonymised and encrypted. Most of this data is, in Benini’s words, “tossed out”, but his company, Elemental Path, which owns CogniToys, do store statistical data about a child, which they call “Play Data”. “We keep pieces from the interaction, not the full interaction itself,” he tells me.

“Play Data” are things like a child’s favourite colour or sport, which are used to make a profile of the child. This data is then available for the company to view, use, and pass on to third parties, and for parents to see on a “Parental Panel”. For example, if a child tells Dino their favourite colour is “red”, their mother or father will be able to see this on their app, and Elemental Path will be able to use this information to, Benini says, “make a better toy”.

Currently, the company has no plans to use the data with any external marketers, though it is becoming more and more common for smart toys to store and sell data about how they are played with. “This isn’t meant to be just another monitoring device that's using the information that it gathers to sell it back to its user,” says Benini.

Sometimes, however, Elemental Path does save, store, and use the raw audio files of what a child has said to the toy. “If the Dino is asked a question that it doesn’t know, we take that question and separate it from the actual child that’s asking it and it goes into this giant bucket of unresolved questions and we can analyse that over time,” says Benini. It is worth noting, however, that Amazon reviews of the toy claim it is frequently unable to answer questions, meaning there is potentially an abundance of audio saved, rather than it being an occasional occurrence.

CogniToys have a relatively transparent Privacy Policy on their website, and it is clear that Benini has considered privacy at length. He admits that the company has been back and forth about how much data to store, originally offering parents the opportunity to see full transcripts of what their child had been saying, until many fed back that they found this “creepy”. Dino is not the first smart toy to be criticised in this way.

Hello Barbie is the world’s first interactive Barbie doll, and when it was released by Mattel in 2015, it was met with scorn by parents’ rights groups and privacy campaigners. Like Dino, the doll holds conversations with children and stores data about them which it passes back to the parents, and articles expressing concerns about the toy featured on CNN, the Guardian, and the New York Times. Despite Dino’s similarities, however, Benini’s toy received almost no negative attention, while Hello Barbie won the Campaign for a Commercial-Free Childhood’s prize for worst toy of the year 2015.

“We were lucky with that one,” he says, “Like the whole story of the early bird gets the worm but the second worm doesn’t get eaten. Coming second on all of this allowed us to be prepared to address the privacy concerns in greater depth.”

Nonetheless, Dino is in many ways essentially the same as Hello Barbie. Both toys allow companies and parents to spy on children’s private playtimes, and while the former might seem more troubling, the latter is not without its problems. A feature on the Parental Panel of the Dino also allows parents to see the exact wording of questions children have asked about certain difficult topics, such as sex or bullying. In many ways, this is the modern equivalent of a parent reading their child's diary. 

“Giving parents the opportunity to side-step their basic responsibility of talking to, engaging with, encouraging and reassuring their child is a terrifying glimpse into a society where plastic dinosaurs rule and humans are little more than machines providing the babies for the reptile robots to nurture,” says Renate Samson, the chief executive of privacy campaign group Big Brother Watch. “We are used to technology providing convenience in our lives to the detriment of our privacy, but allowing your child to be taught, consoled and even told to meditate by a WiFi connected talking dinosaur really is a step in the wrong direction.”

***

Toy companies and parents are one thing, however, and to many it might seem trivial for a child’s privacy to be comprised in this way. Yet many smart toys are also vulnerable to hackers, meaning security and privacy are under threat in a much more direct way. Ken Munro, of Pen Test Partners, is an ethical hacker who exposed security flaws in the interactive smart toy “My Friend Cayla” by making her say, among other things, “Calm down or I will kick the shit out of you.”

“We just thought ‘Wow’, the opportunity to get a talking doll to swear was too good,” he says. “It was the kid in me. But there were deeper concerns.”

Munro explains that any device could connect to the doll over Bluetooth, provided it was in range, as the set-up didn’t require a pin or password. He also found issues with the encryption processes used by the company. “You can say anything to a child through the doll because there's no security,” he says. “That means you've got a device that can potentially be used to groom a child and that's really creepy.”

Pen Test Partners tells companies about the flaws they find with their products in a process they call “responsible disclosure”. Most of the time, companies are grateful for the information, and work through ways to fix the problem. Munro feels that Vivid Toy Group, the company behind Cayla, did a “poor job” at fixing the issue. “All they did was put one more step in the process of getting it to swear for us.”

It is one thing for a hacker to speak to a child through a toy and another for them to hear them. Early this year, a hack on baby monitors ignited such concerns. But any toy with speech recognition that is connected to the internet is also vulnerable to being hacked. The data that is stored about how children play with smart toys is also under threat, as Fisher Price found out this year when a security company managed to obtain the names, ages, birthdays, and genders of children who had played with its smart toys. In 2015, VTech also admitted that five million of its customers had their data breached in a hack.

“The idea that your child shares their playtime with a device which could potentially be hacked, leaving your child’s inane or maybe intimate and revealing questions exposed is profoundly worrying,” says Samson. Today, the US Electronic Privacy Information Center (EPIC) said in a statement that smart toys “pose an imminent and immediate threat to the safety and security of children in the United States”. 

Munro says big brands are usually great at tackling these issues, but warns about smaller, cheaper brands who have less to lose than companies like Disney or Fisher Price. “I’m not saying they get it right but if someone does find a problem they’ve got a huge incentive to get it right subsequently,” he says of larger companies. Thankfully, Munro says that he found Dino to be secure. “I would be happy for my kids to play with it,” he says. “We did find a couple of bugs but we had a chat with them and they’re a good bunch. They aren’t perfect but I think they’ve done a hell of a lot of a better job than some other smart toy vendors.”

Benini appears alert to security and the credibility it gives his company. “We took the security very, very seriously,” he says. “We were still building our systems whilst these horror stories were coming about so I already set pipelines and parameters in place. With a lot of devices out there it seems that security takes a backseat to the idea, which is really unfortunate when you’re inviting these devices into your home.”

As well as being wary of smaller brands, Munro advises that parents should look out for Bluetooth toys without a secure pairing process (ie. any device can pair with the toy if near enough), and to think twice about which toys you connect to your WiFi. He also advises to use unique passwords for toys and their corresponding apps.

“You might think ‘It's just a toy, so I can use the same password I put in everything else’ – dog’s name, football club, whatever – but actually if that ever got hacked you’d end up getting all your accounts that use that same password hacked,” he says.

Despite his security advice, Munro describes himself as “on the fence” about internet-connected smart toys as a whole. “Most internet of things devices can be hacked in one way or another,” he says. “I would urge caution.”

***

Is all of this legal? Companies might not be doing enough ethically to protect the privacy of children, but are they acting responsibly within the confines of the law?

Benini explains that Dino complies with the United States Children's Online Privacy Protection Act (COPPA) of which there is no real equivalent in the UK. COPPA says that companies must have parental permission to collect personal information over the internet about children under 13 years of age. “We’ve tried to go above and beyond the original layout of COPPA,” says Benini, when describing CogniToys transparent privacy documents. Parents give their consent for Elemental Path to collect their children’s data when they download the app that pairs with the toy.

Dino bears a striking similarity to Amazon Echo and Google Home, smart speakers that listen out for commands and questions in your home. Everything that is said to Amazon Echo is recorded and sent to the cloud, and an investigation by the Guardian earlier this year discovered that this does not comply with COPPA. We are therefore now in a strange position whereby many internet of things home devices are legally considered a threat to a child’s privacy, whereas toys with the same capabilities are not. This is an issue because many parents may not actually be aware that they are handing over their children’s data when installing a new toy.

As of today, EU consumer rights groups are also launching complaints against certain smart toys, claiming they breach the EU Unfair Contract Terms Directive and the EU Data Protection Directive, as well as potentially the Toy Safety Directive. Though smart toys may be better regulated in Europe, there are no signs that the problem is being tackled in the UK. 

At a time when the UK government are implementing unprecedented measures to survey its citizens on the internet and Jeremy Hunt wants companies to scour teens’ phones for sexts, it seems unlikely that any legislation will be enacted that protects children’s privacy from being violated by toy companies. Indeed, many internet of things companies – including Elemental Path – admit they will hand over your data to government and law enforcement officials when asked.

***

As smart toys develop, the threat they pose to children only becomes greater. The inclusion of sensors and cameras means even more data can be collected about children, and their privacy can and will be compromised in worrying ways.

Companies, hackers, and even parents are denying children their individual right to privacy and private play. “Children need to feel that they can play in their own place,” says Samson. It is worrying to set a precedent where children get used to surveillance early on. All of this is to say nothing of the educational problems of owning a toy that will tell you (rather than teach you) how to spell “space” and figure out “5+8”.

In a 1999 episode of The Simpsons, “Grift of the Magi”, a toy company takes over Springfield Elementary and spies on children in order to create the perfect toy, Funzo. It is designed to destroy all other toys, just in time for Christmas. Many at the time criticised the plot for being absurd. Like the show's prediction of President Trump, however, it seems that we are living in a world where satire slowly becomes reality.

Amelia Tait is a technology and digital culture writer at the New Statesman.