Note: Hujjat al-Islam wal-Muslimeen Mohammad Kahvand has been active in the field of cyberspace and computer games for years. This insightful cleric has made cyberspace his primary concern for several decades and is seriously engaged in this field. Producing a large number of computer games and establishing a private company for producing these games is part of his activities. We spoke with him about governance in cyberspace and its essence, dimensions, and requirements. While expressing the requirements of governance in cyberspace, he believes that fundamentally, there is no control or governance over cyberspace in our country! The full text of the exclusive interview of Contemporary Fiqh with the member of the Cyberspace Steering Committee of the Center for Management of the Seminary is as follows:

Contemporary Jurisprudence: What does governance in cyberspace mean, and what dimensions does it have?

Kahvand: I believe that governance in general means the realization of your relations; of course, not that we can say one hundred percent that our relations and goals have been achieved, no, but at least we can say that a significant part of our desired outcome has been achieved. In a country, if we see that the constitution is being implemented, we say that this country has governance with regard to each article of the constitution and is carrying it out; moreover, I distinguish between governance and ruler; that is, we can have a ruler in a place, but that ruler is not necessarily a governor; for example, Mohammad Reza Pahlavi was the ruler of Iran before the revolution but was not the governor; rather, we can say that the governor was America.

Governance in cyberspace can be examined in various fields; for example, examining the economic domain in the field of cyberspace, examining security, examining politics, and saying whether a country has governance in these fields in cyberspace or not.

Now, what does governance in cyberspace mean? In my opinion, governance in cyberspace means the realization of the ideals, relations, constitution, and general policies of a country in the field of cyberspace, which each country determines according to its own issues. Now, if the opposite happens, meaning we see that most of our policies are not being implemented, most of our constitution in the field of cyberspace is unfortunately being violated, and our goals are not being achieved, then we can say that we truly do not have governance in cyberspace.

Right now, if I want to judge, I can seriously say that we do not have governance in cyberspace.

Contemporary Jurisprudence: What requirements and indicators does success in governance in cyberspace have?

Kahvand: In my view, several indicators are highly strategic. The first indicator is an executive and perhaps even philosophical requirement that you control this space yourself. This is the first but not the only indicator. Sometimes a person controls cyberspace but based on America’s goals; however, we fundamentally have no control; therefore, the first point is that you control it yourself, meaning the valve of this matter is in your hands, its relations are in your hands. For its relations to be in your hands, these tools must belong to you. We have seven layers in cyberspace, one of which is governance. This governance layer actually encompasses all other layers. Those layers consist of: hardware infrastructure, software infrastructure, services, tools, content, and user, and one is governance itself that sits on top of these and has dimensions as well, such as cultural, security, legal, scientific, environmental, and so on.

All these layers must be at our disposal so that we can govern. If laptops, phones, tablets, smart TVs, smart home devices, voice assistants, and the like in the hardware domain are not in your hands, you have lost your governance to a considerable extent, just as the other side can easily remotely disable and shut down phones belonging to its own company and make them inoperable and without signal; if it does this, you have lost governance to that extent. Even in the security domain, when the phone belongs to the other side, the possibility of eavesdropping and data theft increases dramatically, and similarly in the services layer. Right now, Instagram is not ours; therefore, we have no control over it and in our own country, we are forced to implement Instagram’s laws. In this case, we are rulers but not governors; rather, the true governors are Instagram, WhatsApp, and Google Play.

In the same way, this is in the services layer; if you do not have services, then any policy-making on the content layer is practically null, meaning that it is the services layer that controls the content; now, you can make policies until the Day of Judgment, write laws and executive regulations, but if you do not compel foreign services to comply with your laws and policy relations, you will not implement any plan in the content domain at all; all content and its relations proceed in the way they want, moreover, now in the content layer, we have discussions about information and the issue of data theft and privacy, all of which are raised.

In the infrastructure layer, it is the same. When the infrastructure is not yours, you have neither security nor privacy; moreover, through the infrastructure, they can easily make a service work or not. Hardware and software infrastructure is extremely important. For example, one of the software infrastructures is the operating system. Even if we make all services and social networks, search engines, email, messengers, text, photo, and video editors Iranian, but when the Android operating system belongs to the foreign side, through it, it can easily eavesdrop and obtain all your information.

The second requirement is localizing the structures. By localizing software, not all vulnerabilities are eliminated; rather, some vulnerabilities belong to that structure and its requirements.

In addition to needing to take control of the governance and management of this ecosystem, we must also have design and algorithm production—whether it be algorithm production for software, infrastructure, services, or content—tailored to our own culture; otherwise, governance is not possible. For example, the algorithm and requirement of Instagram is that people engage in moment-logging and women move toward self-display and ostentation. Now, if you copy the same structure and bring it into the country under the name that it has become domestic and all problems are solved, you have not done anything special; rather, it will still have the same previous side effects.

The next requirement for governance over cyberspace is legalization. Proper policy-making and consequently proper legislation and regulation are among the necessities of this matter. In our country, policy-making is the work of the Supreme National Security Council, but the rest can be entrusted to the Supreme Council of Cyberspace. In my opinion, it was a big mistake to separate artificial intelligence from cyberspace and form an independent supreme council for it; because it leads to making different decisions regarding two parts of cyberspace. Also, in my view, the reason why many of the Leader’s policies are not implemented is that these policies are not turned into law and are not criminalized.

The next requirement for governance is national division of labor. A very big problem we have in the field of cyberspace is that unfortunately, the national division of labor has not been done properly. Right now, a significant part of governance over cyberspace in the Islamic Republic is exclusively in the hands of the government. The government is neither capable of this alone nor willing to share others in governance.

The decision-making councils in cyberspace are mostly composed of government individuals. The Supreme Council of Cyberspace is one of them. The Committee for Determining Criminal Instances has thirteen members, seven of which are governmental, either directly or indirectly. Presidencies are also generally in the hands of governments; for example, the Committee for Regulation and Communications is entirely in the hands of the Ministry of Communications. The National Foundation for Computer Games is a quasi-governmental institution, but in my opinion, it is completely governmental, because the Supreme Council of the Cultural Revolution has entrusted it to the Ministry of Culture and Islamic Guidance, whereas games are an inseparable part of cyberspace. Also, the virtual border guard of the Islamic Republic is the Ministry of Intelligence, whereas it should be in the hands of the judiciary, and the judiciary should give access to each part according to its mission.

Contemporary Jurisprudence: Does governance in cyberspace mean supervision with eliminative levers such as filtering, censorship, and so on, or do things like soft policy-makings also have a place in it?

Kahvand: Reducing governance in cyberspace to censorship and filtering is very ugly, but these matters are one of the levers of governance. Everyone does this. When we have documents and do not give them to someone, in fact, we are filtering. When we wear clothes, we are filtering. When we do not associate with just anyone, we are filtering. The Quran is full of filters. Law means filter. Sharia, when it steps in, means filter. Ethics, when it comes in and speaks, means filter. Any kind of regulation means filter, and this is natural, and in cyberspace, it must certainly exist.

Now, should the type of filtering we apply be in a hard way with an iron fist? No. Rather, in applying policies, one must act artistically. Some policies must be announced publicly; but some of them should not be done now, rather, they must be implemented with subtlety. One of these methods is algorithm design. When someone builds a software according to a goal, in fact, they are filtering. When you produce a tractor, you are filtering and saying this should go into the agricultural field; it cannot be used on the highway and road. This is a kind of filter through structure production.

One model of filter is in the bandwidth domain, where you do not make a sound at all. The policy is that foreign bandwidth should not total 50 percent of the total consumed bandwidth to avoid monopoly. This is a very strategic policy that does not need to be announced but must be implemented; although it is not implemented, otherwise Instagram, Telegram, and Google would not have become prominent in the country.

Contemporary Jurisprudence: What presuppositions and foundations influence the mode of governance of governments in cyberspace?

Kahvand: I have nothing to do with other governments, so I only speak about the Islamic Republic. In the domain of presuppositions and foundations, the first presupposition is that we design the requirements in accordance with Sharia. This is the most important presupposition. Unfortunately, in the executive layer, the definite perception is that cyberspace is a secular thing and Islamizing it has no meaning. Regarding cars, some mocked that Islamizing a car means that when you turn it on, it says Bismillah al-Rahman al-Rahim or reads the travel prayer for you; whereas Islamizing means the same creation of structure and algorithm.

The second presupposition is that we must first gain our independence in this field and then make a global leap. Cyberspace is a media, and in media, we should not be a separate island from the world and people; otherwise, we will fail. Cyberspace is a global market, a global expanse, and has a global audience; therefore, first, through internalization and localization, we must gain our independence, and then, in accordance with the cultural ecosystem of target countries, create appropriate services, tools, and content; of course, under the grand goal of preparing the ground for the appearance of Hazrat Hujjat (aj).

The last presupposition is that we must view cyberspace as a civilizational arena. If we do not see it as a civilizational arena, we will not plan, legislate, or make policies civilizationally, and then we will definitely lose the game.

Contemporary Jurisprudence: To what extent does the involvement of fiqh knowledge matter for desirable governance in cyberspace? For desirable governance in cyberspace, what jurisprudential rules, issues, and points are helpful or influential?

Kahvand: If I am asked what the problem of fiqh is in entering the field of cyberspace, I strongly state that it is subject identification. Deduction with any jurisprudential and usuli system requires strong subject identification. Currently, subject identification of cyberspace and media in the country is a disaster! In all books written on fiqh of media and cyberspace, subject identification has been done incorrectly. There are numerous examples of it. I do not interfere in the realm of ijtihad and do not have the qualification for it either, but I have expertise in the field of subject identification and critique books on fiqh of media and cyberspace from this perspective.

The jurisprudential system deeply needs correct subject identification in the domain of media and cyberspace. For this matter, it is necessary to seek help from trustworthy and pious expert individuals.