As hyperinflation rages in Iran, the Iranian government has increased control over currency exchange sites such as Mazanex.com and Mesghal.com. These websites had blanked out rates for the Rial’s value against other currencies in September 2012. Many leading foreign airlines also announced service discontinuation into Tehran in the wake of Iran’s currency volatility. Shipping company Maersk also stopped port calls to the country.

To exacerbate the situations of currency devaluation and cyber-attacks, people in Iran also had their access to certain open source software websites for downloading applications such as Bitcoin blocked. The blockade, valid for 32 months, was led by a US embargo, prohibiting certain persons from getting services through the open source hosting websites.

This denial of site access was explained in a blog entry on GeekNet’s SourceForge.net (which is the US-based host of the original Bitcoin client). According to the blog, the blockade will affect users’ capability to transfer and export certain technology to certain foreign governments and persons mentioned on the sanctions list. Thus, users living in nations listed on the US Office of Foreign Assets Control (OFAC) sanction list may not have access to the content available through or post content on the website SourceForge.net. Countries on the sanction list included Iran, Cuba, Sudan, North Korea and Syria.SourceForge.net also began enforcing those conditions with the automatic blockage of some IP addresses.

However, following outbursts from developers and project administrators, SourceForge removed the total blockage and transferred the power of deciding a block trigger to project leaders. This is what their February 2010 blog post said:

“Beginning now, every project admin can click on Develop -> Project Admin -> Project Settings to find a new section called Export Control. By default, we’ve ticked the more restrictive setting. If you conclude that your project is *not* subject to export regulations, or any other related prohibitions, you may now tick the other check mark and click Update. After that, all users will be able to download your project files as they did before last month’s change.”

Thus, the onus of export control decision lied on the project’s registered administrator on SourceForge, Gavin Andresen, the lead developer for Bitcoin. Andresen took over the role from Bitcoin creator Satoshi Nakamoto.
In the US, export of software, including ones that deploy encryption functions, is controlled by the Bureau of Industry and Security (BIS) as per the Export Administration Regulations (EAR).

Andresen, who is also Bitcoin Foundation’s Chief Scientist, explained that Bitcoin’s wallet encryption features uses AES-256 and compiles against the full OpenSSL library, which places Bitcoin in the above mentioned category. The SourceForge option that Bitcoin uses to remain compliant with the US law says: “This project incorporates, accesses, calls upon or otherwise uses encryption software with a symmetric key length greater than 64 bits (“encryption”). This review does not include products that use encryption for authentication only.”

This poses Iran with the dual difficulties of obtaining the client software first, and then trying to get and trade Bitcoin for Rial. Some Bitcoin “experts” also suggest using alternative methods of obtaining Bitcoin client. This includes using Virtual Private Network for masking IP addresses, using independent non-US mirrored sites and BitTorrent file sharing.

Besides the innate weaknesses of the SSL infrastructure, there are other challenges that alternative download channels present. The initial install code, for instance, must be verified for genuineness, with the core developer signing the code personally or an impartial third-party signing the downloadable code. Bitcoin Foundation, for instance, can sign the code with its certificate as registered developer.

In extreme cases, the verified source code can be user compiled directly, to avoid the need for downloading binaries. Source code is also distributed as a scannable book or text-based PDF form; this is what MIT did for Phil Zimmermann and what 70 volunteers did for PGPi Scanning Project 1997. In fact, the Bitcoin Project is increasingly looking like the Pretty Good Privacy (PGP) secure email program every passing day.