Review of the Islamic Republic of Iran’s letter on the role of Starlink in terrorist activities
On January 13, 2026, Iran’s Permanent Mission to the United Nations Office in Geneva published a tweet containing an image of a letter from Ali Bahraini, Iran’s ambassador, addressed to the Secretary-General of the International Telecommunication Union (ITU). In the letter, Bahraini claimed that during Iran’s recent protests, “terrorist groups” had exploited communication technologies, particularly Starlink terminals that were allegedly operating illegally inside Iran, to coordinate sabotage and operations.
In the letter, Bahraini cites decisions of the Radio Regulations Board (RRB) and Resolution 22 (Rev. WRC-23), which concern actions to limit unauthorized emissions from earth stations. He asks the ITU and the RRB to take immediate and practical steps to halt what he describes as “illegal transmissions.”
The Radio Regulations Board (RRB) is one of the ITU’s main specialized bodies. Its mandate is to oversee the implementation of the Radio Regulations (international radio regulations) and to interpret those regulations impartially at the international level.
Below, we examine the claims raised in the Islamic Republic’s official letter to the ITU to assess their accuracy.
Has Starlink become a communications platform and a tool for terrorism?
In the letter, the Iranian government attributed the recent protests to terrorist groups and claimed that:
“One of the important and aggravating factors in these terrorist operations has been the illegal misuse of modern communications technologies and the unauthorized exploitation of Starlink terminals.”
From a legal and technical standpoint, no communications technology is inherently “terrorist”; its function depends on how it is used. Just as mobile phones, fixed internet, messaging apps, and even social media can be used for ordinary civic communication and, in limited cases, for criminal activity, Starlink is likewise a neutral communications infrastructure that provides internet access.
Independent reporting indicates that Starlink’s predominant use in Iran, especially during periods of internet disruption and shutdown, has been by citizens, civil society activists, and journalists seeking to bypass censorship and preserve communications. To claim that Starlink has “systematically” become a tool of terrorism would require broad, verifiable, and publicly available evidence demonstrating an organized pattern of violent use of the network—evidence that has not been presented to date. In the absence of such data, attributing terrorist intent to a communications infrastructure or its users is not an empirically provable claim, but rather a form of political inference and generalization.
1) Did “organized terrorist groups” play a role in the January 2026 protests?
The letter claims that:
“These terminals have been used by organized terrorist groups to coordinate sabotage operations, train forces, organize operational elements, and disrupt peaceful protests; thus, a communications platform has been turned into a tool for terrorism.”
However, no independent credible sources or human rights organizations have reported terrorist or sabotage group attacks inside Iran linked to these protests. This allegation has been raised primarily by the Islamic Republic itself. In practice, Starlink has largely functioned as a communications tool for activists and citizens to bypass censorship and maintain communications, while the government has reportedly attempted to disrupt Starlink through measures such as jamming and GPS spoofing.
2) Have protesters “illegally misused” modern communications technologies?
In its official letter to the ITU Secretary-General, and in complaints submitted to the Radio Regulations Board, the Islamic Republic repeatedly uses the term “illegal” to describe the use of Starlink terminals in Iran. The basis for this characterization is a reference to both Article 18 and Resolution 22 (Rev.WRC-23) of the ITU Radio Regulations. These rules state that any radio station or earth terminal must operate with authorization from the competent authority of the country where it is located (in Iran’s case, the national telecommunications regulator).
Iran argues that importing and operating Starlink terminals without obtaining a domestic license violates this framework and therefore constitutes “illegal” activity. On this basis, Iran has asked the administration responsible for registering the Starlink network (Nkom, Norway’s regulator) to fully disable access to these terminals. Iran has even accused Norway of “failing to implement prior decisions” of the Radio Regulations Board.
Norway, however, previously rejected Iran’s interpretation of “illegality” and the scope of regulatory obligations in an official response (document RRB25-3/29, reviewed during the RRB’s 100th meeting in November 2025). Norway stated that while the use of unlicensed terminals may violate Article 18 and parts of Resolution 22, neither Resolution 22 nor Resolution 25 obliges the registering administration to proactively shut down an entire satellite operator network across a geographic territory as a preventive measure.
Norway emphasized that responsibilities must remain limited to what is explicitly stated in the regulations. Expanding obligations beyond the text not only lacks a legal basis, but could also lead to the disruption of legitimate internet access for users. The Radio Regulations Board’s own conclusions aligned with this interpretation, noting that a terminal’s “unauthorized” status does not automatically make users’ activity illegal or justify a blanket shutdown of service. Instead, it requires identifying specific terminals and pursuing case-by-case cooperation between the requesting country, the registering administration, and the operator.
3) How accurate is the claim of “illegal transmissions”?
Iran’s official complaint further argues that “illegal transmissions” associated with Starlink terminals must be stopped, and it states:
“Despite decisions of the Radio Regulations Board in its 94th, 95th, 96th, and 97th meetings, these illegal transmissions have continued without interruption.”
The United States, however, stated in an earlier official response issued in November 2025 (RRB25-3/32) that, as an “administration concerned,” it had fulfilled all obligations under Article 18 and Resolutions 22 and 25. The statement goes on to express support for the ITU’s mission of connecting those without access and supporting the free flow of information and emphasizes that restrictions or shutdowns imposed by Iran contradict principles of freedom of information.
The Radio Regulations Board further clarified during its review that the “administration concerned” has no direct obligation under the Radio Regulations; the primary responsibility lies with the registering administration.
From a regulatory perspective, Article 18 states that all radio stations may operate only with authorization from local authorities. Resolution 22 provides that when a country identifies an unauthorized terminal, it should take steps within its capacity to stop it, then share accurate details with the registering administration so that the latter can coordinate action with the operator. Resolution 25, revised at WRC-23, emphasizes cooperation among administrations and supports the global operation of satellite networks while warning against cutting off legitimate users.
In its conclusions from the 100th meeting, the Radio Regulations Board noted that Iran had not provided a detailed and verifiable report on the measures it had taken to identify smuggled terminals. Under these conditions, the Board stated it cannot expect the registering administration to impose a general shutdown of a network without receiving specific identifying information. According to the Board, such an interpretation of Resolution 22 would effectively make implementation impossible. Therefore, while the issue of smuggled Starlink terminals may be addressed within the framework of Resolutions 22 and 25, the claim by itself does not constitute a legal basis for a blanket service shutdown or broad suspension of satellite communications.
It is also important to note that in the earliest days following the death of Mahsa Amini and the emergence of nationwide protests in 2022, the U.S. Treasury Department (OFAC) issued General License D-2, which played a key role in enabling Iranian citizens’ access to internet communications services, including Starlink. This license specifically exempts the provision of “personal communications services, software, hardware, and internet-related infrastructure” from the scope of U.S. sanctions on Iran, aiming to support the free flow of information and people-centred connectivity. This indicates that Iranian citizens’ use of these services is not only permitted under U.S. sanctions policy but directly aligned with the stated goal of reducing communications repression and strengthening free internet access.
4) Is the Islamic Republic fulfilling its ITU-related obligations to provide secure public communications infrastructure for citizens?
In another part of its official complaint, Iran claims:
“The Ministry of Information and Communications Technology of the Islamic Republic of Iran remains committed to providing secure public communications infrastructure, in a manner that balances security requirements with citizens’ rights.”
This claim is itself highly questionable. One of the main reasons users turn to Starlink is precisely because the Islamic Republic has restricted secure communication pathways. By installing “secure gateways” at internal and border levels, the state not only blocks and censors services, but also monitors traffic.
Moreover, one of the most significant practical tools developed with support from Iran’s Ministry of ICT has been the promotion of domestic messaging platforms. These platforms have not undergone independent official security audits, and in multiple cases their security has been questioned, with independent bodies issuing warnings about their use.
For example, a report published last year by the Open Technology Fund on domestic Iranian messaging platforms found that these apps (including Bale, Eitaa, and Rubika) not only violate user privacy and store citizens’ data on government-controlled servers, but also contain security vulnerabilities that expose personal data and communications to theft, surveillance, and misuse.
The Islamic Republic of Iran’s claim of balancing security with citizens’ rights is directly refuted by the technical architecture of its internet disruptions. Iran targeted and disrupted fundamental internet protocols, notably the User Datagram Protocol (UDP). UDP is vital for basic internet functionalities such as video conferencing, voice calls, online gaming, DNS queries, and streaming services. As a core transport layer protocol utilized by countless legitimate applications, the disruption of UDP cannot be credibly described as a targeted security measure; it constitutes a systematic degradation of internet usability intended to render communications platforms unworkable.
Was the internet not restricted before January 8, 2026?
In its letter, the Islamic Republic claims:
“During peaceful protests, internet access remained available throughout the country. However, once it became clear that terrorist groups were exploiting this platform for their activities, proportionate measures were taken to ensure public security and national security.”
Iran’s claim that internet access was not disrupted during the period of “peaceful demonstrations” before the call by the Iranian opposition figure, Reza Pahlavi, at 8:00 PM on January 8, 2026, is not consistent with data from internet monitoring organizations. Technical evidence indicates that, before the nationwide shutdown, there were already targeted and regional disruptions in protest hotspots, consistent with a staged approach to communications control. The subsequent full internet shutdown and disabling of a major portion of the media clearly reflected an attempt to control the flow of information. During the first 48 hours, effectively only government-affiliated outlets remained active, and many semi-independent websites, particularly media and technology outlets, were inaccessible for up to a week. In the past, Iran has shut down the Internet 17 times.
https://x.com/DougMadory/status/2009351836172697674
At the same time, Cloudflare’s disclosure of a “protester identification project” suggested that authorities were focused on tracking and identifying protesters rather than countering sabotage or terrorist operations. According to Cloudflare’s data, methods of mass data extraction were used to collect users’ posts and interaction content, including follower lists, likes, and comments, to reconstruct real identities.
https://x.com/Cloudforce_One/status/2011515147941302482
The significance of this trend was such that Meta, for the first time, proactively restricted the display of follower lists for users inside Iran in order to prevent large-scale data extraction by state-backed bots.
Prior correspondence
During the Radio Regulations Board’s 92nd meeting in October–November 2022, Iran requested that Starlink service be disabled after hundreds of its terminals began operating within the country. The Board responded that broadcasting signals from within Iran without authorization violates Article 18 and Resolutions 22 and 25, and recommended that Norway and the United States take immediate steps to halt unauthorized emissions, while Iran should provide additional information.
This pattern continued through the 98th meeting in March-April 2024, with the Board repeatedly asking Norway and the United States to intervene and stop transmissions. During the 98th meeting, however, both countries responded directly to Iran’s formal complaint, stating that they had received no evidence and thus had no obligation to shut down terminals.
During the 99th meeting in July 2025, Iran argued that geographic constraints made it impossible to identify all terminals and asked the Board to declare Norway and the United States in violation of their obligations. The United States responded that the issue is primarily one of border control, customs enforcement, and smuggling, and argued that the Board had over-interpreted Resolution 22. Norway similarly argued that monitoring each individual user terminal is not practical, and that the current text of Resolution 22 does not impose a blanket obligation to disable all terminals.
At the 100th meeting in November 2025, Iran again demanded an immediate access shutdown and requested the public release of the case file. In an official ITU Circular Letter (CR/527) dated January 20, 2026, the adopted minutes from the 100th meeting stated that Norway argued Resolution 22 does not require the notifying administration to force Starlink to deactivate all terminals in a given area, and that no explicit legal obligation for a complete shutdown exists. The United States reiterated that it has complied with its obligations under Article 18 and Resolutions 22 and 25, and emphasized its support for the ITU’s mission and the free flow of information.
Finally, it should be noted that the Radio Regulations Board is neither a security court nor an enforcement mechanism for governments’ political demands. It is a technical and legal body within the ITU designed to resolve disputes through a limited, text-based, and conservative interpretation of regulations. This institutional limitation is precisely why Iran’s recent requests for a “blanket shutdown” of Starlink have been unsuccessful in the Board’s most recent sessions.