By Staff Writer

When protests erupt in Iran, the regime’s response is predictable: batons, bullets, mass arrests, and bandwidth cuts.

Since 08 January, the Supreme Leader has implemented a near-complete internet blackout across the country. According to real-time network monitoring data from Cloudflare, internet traffic in Iran has collapsed to levels indicating an almost total shutdown of connectivity.

Cloudflare Radar shows Iranian internet traffic dropping precipitously starting on 08 January 2025, with connectivity falling to approximately 10 to 15 per cent of normal levels. This represents one of the most severe nationwide internet disruptions Iran has implemented since the November 2019 protests, when the regime shut down the internet for nearly a week while security forces killed an estimated 1,500 protesters.

This is not simply censorship. It is a calculated national security tactic, digital isolation deployed to suppress dissent, obscure egregious human rights abuses, and reassert regime dominance while the world cannot watch. At the centre of that tactic sits a critical chokepoint, MTN-Irancell, Iran’s largest digital and mobile network company, a technology platform for terror controlled by the Supreme Leader and the Iranian Ministry of Defence, and co-owned and financed by South Africa’s MTN Group.

The anatomy of a blackout: what Cloudfare’s data reveals

Cloudflare operates one of the world’s largest networks and processes approximately 20 per cent of all internet traffic globally, making it an authoritative source for real-time internet connectivity monitoring.

Its data on Iran this week tells a stark story.

Traffic collapse across all major networks: Cloudflare’s monitoring shows traffic from all major Iranian autonomous systems, including MTN-Irancell (AS44244), MCCI (AS197207), and Rightel (AS57218), has fallen to levels consistent with a coordinated, nationwide shutdown.

Mobile networks hit hardest: The sharpest drops have occurred on mobile networks, which is where most Iranians access the internet. This is deliberate. Mobile networks are how protesters organise, how videos of crackdowns spread, and how the outside world learns what is happening on Iranian streets.

Timing aligned with protests: The disruption began as demonstrations intensified across multiple cities, following the same playbook Iran has used repeatedly when protests threaten regime stability: sever the population’s ability to communicate, coordinate, and document.

Fixed-line networks also severely degraded: Even home internet connections, historically more resilient during protests, show severe degradation, suggesting this is not selective throttling but rather an attempt at comprehensive digital isolation.

This represents one of the most extensive internet shutdowns the regime has implemented in recent years. The regime has effectively severed 85 million people from the global internet, from each other, and from the ability to show the world what is happening inside their country.

The “digital curfew” becomes a digital blackout

Iran is a mobile-first country. More than 80 per cent of Iranians access the internet primarily through their phones. That demographic reality has made mobile operators uniquely valuable to the state’s repression machinery.

During the “Woman, Life, Freedom” protests in 2022, independent technical measurement organisations documented a government-imposed “digital curfew” that repeatedly cut or severely disrupted access on Iran’s three major mobile networks: Irancell, Rightel, and MCCI.

A multi-stakeholder technical report coordinated by OONI and partners found that from 21 September to 03 October 2022, authorities shut down access to these three major mobile networks in the evenings, roughly 4 pm to midnight, stranding users without mobile internet for around 100 hours across that period.

The timing was deliberate. Evenings are when protests swell, when evidence gets uploaded, and when the world watches.

Cloudflare’s network data confirmed the pattern in real time. Traffic from MTN-Irancell’s network (AS44244) dropped sharply during those protest days, reflecting outages that aligned with state action to disrupt connectivity.

But what is happening now goes further. This is not a tactical evening curfew designed to disrupt coordination while maintaining some economic function. This is a comprehensive blackout, an information siege designed to create a zone of impunity where the regime can kill without witnesses.

The estimates of the number of protesters killed since the shutdown began range from 538 to more than 2,000.

Why comprehensive blackouts are more dangerous than selective censorship

Partial internet outages can cause significant and sometimes catastrophic consequences.

When Iran throttles specific platforms or implements evening curfews, citizens lose some ability to organise and document. However, emergency communication remains possible, some information still flows, and the international community retains some visibility into events.

When the regime implements a near-total blackout:

Medical emergencies become life-threatening: Families cannot call for help, hospitals cannot coordinate, and ambulances cannot be directed to those injured in crackdowns.

Violence occurs in darkness: Security forces can use maximum force without fear of documentation. Videos cannot be uploaded. Witnesses cannot report. The world cannot see.

Families are severed from each other: Parents cannot reach their children. People cannot confirm the safety of loved ones. The psychological trauma compounds as fear spreads in an information vacuum.

Economic activity collapses: Businesses cannot operate. Banks cannot process transactions. Supply chains freeze. The longer the blackout continues, the more severe the economic damage, which the regime then uses to justify harsh security measures.

International response is hampered: Without information flowing out of Iran, the international community cannot assess the scale of abuses, coordinate pressure, or target sanctions effectively.

This is why comprehensive internet blackouts have increasingly been recognised not just as censorship, but as a form of collective punishment and a predicate to mass atrocities. When a government severs an entire nation’s connectivity during protests, it is creating the conditions for violence without accountability.

The 2019 precedent: what happened when Iran went dark

The current blackout mirrors Iran’s most severe previous internet shutdown in November 2019. Then, as now, nationwide protests threatened the regime. The government responded by shutting down the internet for nearly six days.

What happened during that blackout was documented only after connectivity resumed. Security forces killed an estimated 1,500 protesters, possibly more, in what Amnesty International described as a “bloodbath” and a “widespread killing spree”. Thousands more were arbitrarily detained and tortured.

The internet shutdown was not incidental to the violence. It was integral. By severing Iran from the world, the regime created the conditions for mass killing without immediate international outcry, without real-time documentation, and without the moderating pressure that global visibility creates.

Human rights organisations have been explicit. The correlation between comprehensive internet blackouts and mass atrocities in Iran is not coincidental. It is causal. The regime uses information darkness as cover for maximum violence.

MTN-Irancell: regime infrastructure disguised as a telecom

What makes MTN-Irancell’s role in the current blackout particularly significant is that it is not just another mobile operator that happens to operate in an authoritarian state. The controlling 51 per cent stake in Irancell is held by entities directly tied to Iran’s military and religious power structure, namely the Iranian Ministry of Defence and a foundation directly connected to the Supreme Leader.

MTN Group holds the remaining 49 per cent stake, a minority investment it has maintained since 2006. MTN describes this stake as “not under MTN’s operational control” and effectively frozen by sanctions constraints. However, that framing obscures the more troubling reality. The majority owner is not a commercial entity or even a civilian government ministry. It is the defence establishment and institutions led by Iran’s Supreme Leader, the apex of the regime’s power structure.

This ownership structure transforms Irancell from a telecommunications company that must reluctantly comply with government orders into telecommunications infrastructure that is inherently part of the regime’s security apparatus. When Cloudflare’s data shows Irancell’s network (AS44244) essentially offline during this blackout, it is not a private company being coerced by the state. It is the defence establishment deploying its own communications asset to isolate and suppress dissent.

How deeply Irancell is embedded in Iran’s security apparatus

To understand what MTN has actually invested in, it is essential to map the full extent of Irancell’s integration into Iran’s defence and national security infrastructure. This is not a commercial telecommunications company operating in a difficult regulatory environment. It is a strategic military and intelligence asset that happens to provide commercial mobile services.

Ownership structure: Iranian Ministry of Defence and the Supreme Leader’s foundations

The 51 per cent controlling stake in Irancell is split between two types of entities, both directly answerable to Iran’s supreme national security leadership.

Ministry of Defence and Armed Forces Logistics (MODAFL): Iran’s defence ministry is not merely a policy-making body. It is an operational command structure that controls vast economic and industrial assets across multiple sectors. Its telecommunications holdings are strategic assets, not commercial investments. The ministry’s stake in Irancell means the company’s board, strategic direction, and critical operational decisions are ultimately controlled by military leadership with security objectives, not commercial ones.

Bonyads (Supreme Leader-linked foundations): These are massive para-statal foundations that control enormous segments of Iran’s economy and answer directly to the Supreme Leader, not to elected government or market forces. These foundations operate outside normal government budgets and oversight, functioning as economic instruments of regime power.

This ownership structure is not incidental. It is the result of deliberate regime strategy to ensure telecommunications infrastructure remains under security establishment control, immune from privatisation pressures or commercial accountability that might conflict with state security objectives.

Operational integration with security services

Beyond formal ownership, Irancell’s operations are deeply integrated with Iran’s intelligence and security apparatus.

National Information Network (NIN) integration: Iran has been building a domestic National Information Network designed to route Iranian internet traffic through state-controlled infrastructure, enabling comprehensive monitoring and rapid shutdown capability. Irancell’s network is a critical node in this architecture. The company’s infrastructure does not just carry commercial traffic. It is part of a broader system designed to give the state complete visibility and control over digital communications.

Deep packet inspection and filtering infrastructure: Technical analysis by organisations such as OONI and Censored Planet has documented extensive deployment of deep packet inspection and filtering equipment across Iranian networks, including Irancell. This is not basic content filtering. It is sophisticated technology capable of identifying specific individuals, tracking communication patterns, and enabling targeted surveillance. The defence ministry’s control of Irancell means this surveillance infrastructure is operated by and for security objectives.

Location tracking and metadata collection: Mobile networks inherently generate massive amounts of location and metadata, including where people are, who they communicate with, and movement patterns. In a defence ministry-controlled network, this data flows directly to security services. During protests, this capability enables identification of participants, mapping of social networks, and targeting of organisers.

Kill-switch architecture: The ease and speed with which Irancell’s network can be completely shut down, as Cloudflare’s current data demonstrates, indicates the infrastructure has been specifically engineered with centralised kill-switch capabilities. This is not a commercial network design. It is a security design. The architecture prioritises state control over network resilience.

Coorindation with intelligence services

Multiple reports and technical analyses suggest Irancell’s operations are coordinated with Iran’s primary intelligence organisations.

Ministry of Intelligence and Security (MOIS): Iran’s civilian intelligence service has long been documented as having direct access to telecommunications data for surveillance and monitoring purposes. In a defence ministry-controlled network like Irancell, this access is structural, not negotiated.

Islamic Revolutionary Guard Corps (IRGC) Intelligence Organisation: The IRGC’s intelligence arm is one of Iran’s most powerful security organisations, responsible for both domestic surveillance and external operations. The IRGC’s deep involvement in Iran’s telecommunications sector, including significant control over internet infrastructure, means Irancell operates within an ecosystem where the IRGC has substantial influence and access.

Supreme Council of Cyberspace: This body, chaired by the President but ultimately answerable to the Supreme Leader, coordinates Iran’s overall internet policy and cyber operations. During crackdowns, the Council coordinates shutdown orders across multiple networks. Irancell’s defence ministry ownership ensures seamless compliance with Council directives.

Strategic military and intelligence functions

Irancell’s infrastructure serves functions that go beyond commercial telecommunications or even domestic surveillance.

Military communications backbone: The defence ministry’s control of Irancell provides the regime with a mobile communications infrastructure that can be repurposed for military operations, including coordination of proxy forces, IRGC operations, and defence activities. The network provides coverage and capacity that could support military operations if needed.

Counter-intelligence operations: The network’s surveillance capabilities can be used to identify foreign intelligence activities, track diplomats and foreign nationals, and monitor communications that might reveal external intelligence operations in Iran.

Information warfare infrastructure: Irancell’s infrastructure can be used not just defensively, shutting down information flows, but offensively, including coordinated disinformation campaigns, targeting specific individuals or groups with tailored content, and mapping social networks to identify influence points.

Cyber operations platform: A telecommunications network under defence ministry control can serve as infrastructure for broader cyber operations, both domestic monitoring and potential external operations. The same infrastructure that blocks VPNs and filters content domestically can be used to launch or support cyber operations externally.

Economic intelligence and industrial espionage: The surveillance capabilities embedded in Irancell’s network provide access to business communications, trade negotiations, and commercial activities, intelligence valuable both for regime economic planning and for understanding foreign commercial activities in Iran.

Personnel and governance integration

The integration extends beyond infrastructure to personnel and governance.

Security-cleared management: Key positions within Irancell require security clearances from intelligence services, ensuring personnel loyalty to regime security objectives over commercial or customer interests.

Defence ministry representatives: Board and senior management include individuals directly appointed by or accountable to the defence ministry, ensuring strategic decisions align with security priorities.

Operational security protocols: The company operates under security protocols that prioritise regime stability over commercial considerations, meaning decisions about network operations during sensitive periods are made with security objectives paramount.

The MTN paradox: commercial investment in a military asset

This is the reality of what MTN Group has invested in, not a telecommunications company that reluctantly complies with government orders, but a strategic military and intelligence asset that happens to provide commercial mobile services.

MTN’s 49 per cent stake, its technical expertise provided during network buildout, its international legitimacy, and its capital have all contributed to building and maintaining infrastructure that is fundamentally a defence ministry communications and surveillance platform.

The company’s claims that it lacks “operational control” are technically accurate but strategically meaningless. Operational control resides with the defence ministry precisely because that is how the asset was designed to function. MTN’s investment has financed and legitimised that design.

When Cloudflare’s data shows Irancell’s network going dark during protests, it is not showing a commercial company complying with government orders under duress. It is showing a defence ministry asset being deployed for its intended purpose, information control in service of regime security.

MTN Group, an international, publicly traded South African telecommunications company with operations across Africa, owns 49 per cent of that military asset and has provided the technical expertise, international capital, and commercial legitimacy that helped build it into what it is today.

That is not an unfortunate legacy investment in a difficult market. It is financial and technical support for infrastructure that is, by design and ownership, part of Iran’s defence and intelligence apparatus.

Why this matters beyond human rights: the national security dimension

In Iran, digital repression is not a side effect of instability. It is core to the regime’s security doctrine. United States Treasury sanctions have been explicit about this connection. In October 2022, OFAC designated senior Iranian officials for the “shutdown of Iran’s internet access” and the violent crackdown on peaceful protests, specifically naming the Minister of Communications as responsible for attempts to block internet access to slow demonstrations.

The United States had already sanctioned Iran’s ICT minister in 2019 for orchestrating “widescale internet censorship”, describing how Iran’s National Information Network enhances the government’s ability to monitor, restrict, and completely block internet usage.

Freedom House likewise documents Iran’s persistent use of restrictions, surveillance, and disruptions, pressuring users towards a more controllable domestic internet environment while expanding the state’s capacity for digital repression.

That broader architecture matters because it fuses internal repression with external security behaviour. A regime that can rapidly black out information flows at home can also more effectively manage escalation dynamics, conduct disinformation campaigns, and coordinate covert operations abroad, while keeping its population blind, fragmented, and easier to intimidate.

The digital crackdown infrastructure does not stay domestic. It becomes a strategic capability.

A government that can implement a comprehensive nationwide internet blackout, shutting down a country of 85 million people with apparent ease, possesses a capability that extends far beyond domestic protest management. It demonstrates:

Information warfare capacity: The ability to control information environments at scale, which can be applied to regional conflicts, proxy operations, and hostile information campaigns.

Preparation for military contingency: Blackout infrastructure and practised execution could be deployed during military operations to prevent real-time intelligence gathering by adversaries.

Resilience against external pressure: By demonstrating it can operate effectively while completely isolated from global information flows, the regime signals to adversaries that information-based pressure campaigns have limited leverage.

The current blackout is not just about suppressing protesters in Tehran and other cities. It is a demonstration of regime capability, both to its own population and to regional adversaries, that it can create comprehensive information blackouts and operate with impunity during those windows.

The MTN problem: financing the infrastructure of terror

MTN Group’s 49 per cent minority stake places it in an extraordinarily compromised position during this blackout. The company has no operational control, cannot prevent the shutdown, and operates under a sanctions environment that limits its ability to exit or restructure the investment. In many ways, MTN is trapped.

However, that trapped position does not eliminate responsibility, especially not now, as Cloudflare’s data shows Irancell’s network essentially offline while the regime potentially prepares for or conducts a violent crackdown in darkness.

MTN’s investment, however passive or frozen, has provided financial support, technical expertise, international legitimacy, and operational capacity to infrastructure now being used not just for censorship, but for comprehensive information blackout as a predicate to potential mass violence.

The question is not whether MTN executives personally decided to implement this blackout. The question is whether holding a substantial stake in defence ministry-controlled telecommunications infrastructure being used to create zones of impunity for state violence is consistent with any defensible standard of corporate responsibility.

Right now, as families in Iran cannot reach each other, as injured protesters cannot call for help, as security forces operate without the moderating influence of global visibility, and as the world waits anxiously for the blackout to lift so we can learn what happened in darkness, Irancell’s infrastructure, minority-financed by MTN, is the instrument of that darkness.

The MTN-Irancell situation exposes a dangerous gap in how the international community addresses corporate involvement in authoritarian repression, and that gap becomes starkest during active blackouts.

When a company holds a substantial minority stake in a defence ministry-controlled telecommunications network that is being used to implement a comprehensive information blackout during protests, blackouts that history shows often precede mass atrocities, the standard corporate responses of “we lack operational control” and “we are frozen by sanctions” become morally and strategically inadequate.

MTN’s investment has helped build and sustain a network that is now creating the information darkness within which state violence can occur without witnesses. That requires an immediate, extraordinary response, not the gradual, process-oriented approach typical of corporate governance challenges.

Right now, Iran is dark. Cloudflare’s data shows traffic collapsed to 10 to 15 per cent of normal levels. Families cannot reach each other. Protesters cannot document what security forces are doing. The world cannot see what is happening in a nation of 85 million people.

This blackout is not a technical failure. It is not even just censorship. It is a deliberate information siege implemented by shutting down telecommunications networks, particularly Irancell, Iran’s largest mobile operator, controlled by the Ministry of Defence and Supreme Leader-linked foundations.

National security professionals and policymakers should name this plainly. Irancell is military communications infrastructure used for terror against Iran’s own population. The Iranian defence ministry controls it. Supreme Leader-linked foundations profit from it. It is deeply integrated with intelligence services and surveillance systems. An international telecommunications company remains financially embedded in it, even as Cloudflare’s data shows the network essentially offline during one of Iran’s most severe information blackouts in years.

The technology exists to connect people. The question is whether the governance structures, corporate accountability mechanisms, and international political will exist to prevent that same technology, when owned by a defence ministry and integrated into a surveillance apparatus, from being weaponised to create the information darkness that enables terror and atrocities.

Right now, in this moment, the answer is that 85 million people sit in digital darkness. The infrastructure that created that darkness is majority-owned by Iran’s defence establishment, deeply integrated with intelligence services, and financed by MTN. The world waits to see what horrors the darkness has concealed.

This needs to change. It needed to change in 2019. It needs to change now, before the blackout lifts and we learn what was done in darkness.

It starts with treating comprehensive internet blackouts for what they are, not a content moderation issue, not a telecommunications policy question, but a grave human rights violation and a predicate to mass atrocities. It also requires treating companies that provide the infrastructure for such blackouts, whether through majority control or minority financing, as participants in a system of repression that cannot be tolerated by any international order that claims to value human rights.

The blackout is happening now. Accountability must follow immediately, comprehensively, and with consequences severe enough to ensure this never happens again.

MTN has declined to comment.