Spanning a series of glass-doored rooms in the spire of the Munk School of Global Affairs’ location at the former Dominion Meteorological Building, Ron Deibert’s Citizen Lab bears a tongue-in-cheek resemblance to images of Jeremy Bentham’s Panopticon. The irony is not lost on Deibert; as he is quick to remind us that the building is at least architecturally, if not practically, an observatory.

As the culture wars rage against a backdrop of classified information leaks — brought to light courtesy of the Internet and insiders-turned-whistle-blowers — the work done by Deibert and his lab ranks among the most important currently conducted at the University of Toronto.

The hothouse

The Citizen Lab, according to its website, is a “‘hothouse’ that combines political  science, sociology, computer science, engineering, and graphic design.” This Swiss Army knife of a research group has tasked itself with the tall order of monitoring, analyzing, and ultimately, affecting how political power is exercised in cyber-space.  The nature of the lab’s work is multifaceted and draws from a variety of resources. Their goal is to redefine “interdisciplinary” research, which as far as Deibert is concerned, is largely misappropriated as an educational buzzword. “I see what we’re doing as ‘field building’” Deibert suggests. “There is a problem, in my opinion, with the way that universities are structured around disciplinary silos, and you often hear a lot about interdisciplinary research, but usually that means little more than there is an office with a sociologist next to a computer scientist. But here, there is truly interdisciplinary research going on; the way we approach the topics, the methods we employ, it’s all a mixture, it’s like alchemy,” he says.

Risky business

This kind of work does not come without risk; we need look no further than Edward Snowden’s forced relocation to Moscow, or the subsequent maltreatment of the journalists who abetted him, to see that. Deibert perceives the risks of the Citizen Lab’s work fitting into two categories; the first of which is what Deibert terms the “obvious physical risks that we face that have to do with the fact that we are pulling back thick drapes around agencies who would rather stay behind those curtains.”  These investigations, says Deibert, are a particularly “dangerous thing when you’re dealing with some nasty countries.”

The second category is legal liability. On that note, Deibert’s primary concern is focused on the companies that are the subject of the lab’s research. He sees Canada as being a particularly “plaintive friendly environment” for defamation and libel suits, which only reinforces the importance of making sure the work is as “rigorous, transparent, and peer reviewed as possible.” 

That looming threat of litigation was realized in the aftermath of the lab’s report on the breach of an Italian company called Hacking Team.

Hacking Team first drew the Citizen Lab’s interest as a developer of “offensive security” technologies. Earlier this year, hackers breached the firm’s protective measures and released a trove of documents that confirmed suspicions about how the firm produced software and sold it “to several governments with repressive human rights records, such as Ethiopia.” This software was being used to spy on journalists in, “Sudan, Saudi Arabia, Kazakhstan, and more,” Deibert explains. “All of [Hacking Team’s] corporate data was put on the public domain after the breach, and in the correspondences of the company executives they actually contracted a company to silence us through litigation. They actually say, ‘how do we shut the Citizen Lab down?’” 


Much of the reporting the Citizen Lab does is on “nasty countries,” at least insofar as freedom of information is considered. Some of the most recent reports — “almost all of [which]” are available on the lab’s website — bear titles such as “Iraq Information Controls Update: Analyzing Internet Filtering and Mobile Apps,” “China’s Great Cannon,” and “The Blocking of Vimeo in Indonesia.”

Deibert states that the Citizen Lab takes the safety of their researchers, many of whom are working abroad and in conflict areas, very seriously. “We have a whole protocol that we think through very carefully that deals with security in risky environments,” he says. In order to manage that risk, the lab contracts the services of Morgan Marquis-Boire, one of their fellows.

Marquis-Boire, a former Google security researcher, hacker, and journalist, is the director of security at First Look Media and publisher of The Intercept, the post-Snowden online home of journalists Glenn Greenwald and Laura Poitras. Marquis-Boire’s added value is significant, considering that he was the one who “actually came up with the protocol of how to actually secure the [Snowden documents].”

It is no surprise that Marquis-Boire found a place for himself at the Citizen Lab, or that he and Deibert became acquainted; after all, Deibert is a member of a very exclusive club with access to the complete Canadian archive of the Snowden leaks. Regarding the responsibility that accompanies that access, Deibert distinguishes between two considerations, although he is quick to qualify that they “aren’t ranked.”  He adds, “so you’re thinking of the public interest, first and foremost, so, what in here is critical for the public to know and needs to be in the public domain?” Deibert continues, “then, secondly… is there information in here, that if it were published, would put somebody’s life at risk, or do harm?”  Upon further consideration, he concludes that “around protection of the source, Edward Snowden put out certain obligations to the journalists and that extends to the people who consult on it, how to treat the material and report on it.” 


Among the chief concerns of those who study the Internet is the relative lag in consumer awareness. Deibert points out that, “for most people, the beginning and end of their experience is their screen in front of them, when in fact it is just the tip of the iceberg, and really the interesting stuff, especially from a perspective of how power is exercised and how freedom and liberty are protected, happens beneath the surface in the kind of bowels of it all. There is a subterranean realm to the machine.” For those as involved and as knowledgeable as Deibert and his peers, opportunities to edify the public are everywhere. Aside from the mundane drudgery of digging up information on everything from South Korean mobile applications to wearable technology, Deibert sees the education of a train of undergraduates, post-doctoral fellows, and other researchers, as being “critical” to the work.

Interestingly, Deibert and his peers sometimes find themselves at odds with the institution that houses and facilitates them. He famously refuses to use Blackboard in his teaching, favouring an embedded forum on the Citizen Lab’s website, a choice that follows a personal aversion to proprietary software. “I try to avoid it,” he says.

Those criticisms extend to the sharing of private data, whether it belongs to students or faculty, in a variety of other veins. “I think it would be good for the University of Toronto to issue a transparency report. Only one other university in the world has done that. How often does law enforcement come here and ask for data on faculty or students?” Deibert seems conflicted about whether people should generally be optimistic about the Internet, or if a healthier cynicism than we currently exhibit is warranted. He explains: “the way I look at this machine is that we’ve created, this wonderful thing that can be terrific for lots of goals we have, you know, throughout history, goals that we’ve had as a species, this wonderful mechanism of information storage and exchange, but we haven’t thought through all the downsides to it and the unintended consequences to it are getting more and more serious, on multiple levels.” What really worries him is the observation that “most people in my conversations are completely oblivious to it and don’t really care.” When asked if he had anything in particular that he wanted to share, Deibert offered the following tidbit: “Trust no one.”