The Citizen Lab, a University of Toronto institute based out of the Munk School of Global Affairs, has been making headlines this past year due to the rise of increasingly complex cybersecurity issues in countries such as the United Arab Emirates (UAE), China, and Mexico. The lab, which investigates both domestic and foreign affairs, aims to ensure that cybersecurity issues overseas do not taint the comparatively secure hold Canadians have on their own rights.
Canada, however, is not immune from the tempting prospect of spying on its own citizens. A Citizen Lab report by Christopher Parsons and Tamir Israel explains how various legislative initiatives were proposed by the government to allow warrantless disclosure of digital identifiers, such as IP addresses, for national security reasons.
The authors reject the principle upon which the proposals were founded – primarily, the idea that you have nothing to fear if you have nothing to hide. Their research indicates that online privacy from the government actively allows users to honestly explore and express ideas without fear of consequence.
Another concern within this realm is the use of spyware. Cyber warfare companies that sell government-exclusive spyware have become infamous for selling their products to human rights abusers. This spyware is often used to quell government dissent and freedom of expression.
Ron Deibert, the director of the Citizen Lab, says that concerns like these require serious accountability. On his blog, he describes the mission of the Citizen Lab as using “mixed methods research to highlight digital security issues that arise out of human rights concerns, and then […] try to mitigate the problem.”
The following review details some of the Citizen Lab’s major findings over the course of the past year, and explains how these findings relate to, and shed light on, issues concerning cyberspace.
Abuse of Spyware by the UAE
One regime that regularly targets its citizens with spyware is the UAE. The Citizen Lab broke the story of Ahmed Mansoor, an internationally recognized human rights advocate who was targeted by multiple government hacking attempts. One suspicious SMS link that Mansoor received on his iPhone 6 was sent to Citizen Lab researchers to test its source. It was discovered as belonging to a company called NSO Group, an Israel-based cyber warfare company that specializes in a government-exclusive spyware product called Pegasus.
Had Mansoor clicked on the link, it would have activated a ‘zero-day’ exploit and jailbroken his phone, installing spyware without his knowledge. Once installed, it would have logged all his calls and messages, relaying them back to the spyware’s customer.
The value of zero-days is that they give software developers zero days to patch the malware before it becomes active. In other words, it is an unknown vulnerability that has high value when used successfully against dissident voices, which Mansoor clearly represented in the UAE. The Citizen Lab’s response was to report the iOS vulnerability directly to Apple, which patched it immediately with a software update.
Liu Xiaobo and Chinese censorship
Online censorship is another strategy the Citizen Lab frequently finds to be effectively used in suppressing populations. In July, The New York Times published an article on the death of Liu Xiaobo, a Chinese dissident who won a Nobel prize while in jail for his activist work. Immediately following his death, Citizen Lab research discovered “a ‘significant shift’ in censorship techniques” in China; this included blocking keywords relating to his name in direct messaging applications.
Notably, WeChat, one of the main platforms censored by the Chinese government, did not indicate to users when certain messages were blocked. The Citizen Lab also uncovered that the degree of censorship varied depending on whether a WeChat account was linked to mainland China or outside of the country. China holds a tight rein on its internet companies, penalizing all who fail to censor ‘sensitive’ content.
Censorship is a broad weapon to use against civilians; however, as seen with Mansoor, targeting through spyware like Pegasus is far more effective when attempting to portray the illusion of freedom. NSO Group is an interesting company: alongside Pegasus, it was virtually unknown to the public sphere until Hacking Team, NSO’s competitor, had sensitive information leaked about the companies.
Citizen Lab research identified various themes that NSO operators used to bait its targets into clicking on its exploit links; these included fake news, taunts, and threats.
However, the Citizen Lab’s largest case study of civilian targeting in the last year came not from the UAE or China, but from Mexico.
NSO and the Targeting of Mexican Civil Society
Mexico, an admitted customer of NSO, has allegedly used its spyware to target vast swaths of civil society. These have included scientists, journalists, politicians, foreign investigators, and non-governmental organizations (NGOs). This blatant assault on freedom of expression allows a corrupt government to act with impunity and must be condemned on democratic grounds.
In Theory, Pegasus, as with all government-exclusive spyware, is meant to aid law enforcement in fighting criminal enterprise and terrorism. However, when Citizen Lab was contacted by Access Now, an organization committed to defending digital rights, they stumbled onto the first of many instances in which civilians were improperly targeted with NSO spyware.
Scientists: In Mexico, an obesity epidemic prompted the government to introduce a “soda tax” to pursue healthier alternatives. The implementation of the tax lead to a decrease in obesity. The fast food industry, displeased with the negative effects on their profit margins, soon began placing political pressure on the Mexican government, with companies such as Coca-Cola begging the President to oppose the tax.
Soon after, supporters of the soda tax began a campaign to promote it. Some of the scientists involved in the campaign started receiving suspicious SMS links aiming to disrupt their campaign. Citizen Lab research determined that they were analogous to the messages Ahmed Mansoor received in the UAE, concluding they were NSO infiltration attempts.
Journalists: Even before the wide availability of spyware, Mexico was considered one of the most dangerous places in the world for journalists to work. Some estimates place half of the acts of intimidation and violence against journalists from government agencies.
One way freedom of the press has been suppressed is through digital surveillance that hinders the ability of journalists to investigate instances of corruption against their own government. Eleven Mexican journalists were targeted with NSO exploit links.
One of the most heavily targeted investigative journalists that the Citizen Lab found in the NSO targeting campaign was Carmen Aristegui, who, alongside her son Emilio, was sent SMS exploit links. The intensive targeting campaign happened to coincide with the investigation of Mexican President Enrique Peña Nieto’s “Casa Blanca” scandal.
The Casa Blanca scandal was a defining moment of Peña Nieto’s tenure, centred upon the purchase of a mansion by his wife that was interpreted as being paid for with taxpayers’ money. The breaking of Aristegui’s story battered the President’s credibility, which led to Aristegui’s employer, Noticias MVS, firing her and her team for publishing the story.
Other journalists were then targeted after they found evidence of government involvement in suspicious events, such as massacres, disappearances, and mysterious murders. Though the Citizen Lab discovered many of the same NSO targeting techniques in Mexico as in the UAE, the tactics used in Mexico were far more extreme.
Mexican governmental deceptions also included fake AMBER alerts and set an alarming precedent by impersonating the United States Embassy, claiming that clicking on a link would help their visa status. The latter was used against Emilio Aristegui, a minor, while he was on US soil to gain information about his mother.
Politicians: In an effort to control the Mexican population, the operators of Pegasus likely broke US law and certainly broke diplomatic norms. Interestingly, Citizen Lab researchers never came across NSO operators targeting Peña Nieto’s party, but they did target high-ranking opposition politicians. The leaders of the National Action Party (PAN), which includes the President of the Mexican Senate, received exploit links while anti-corruption legislation was being discussed by the government.
Foreign Investigators: In 2014, 43 students disappeared while on route to Mexico City in what has since been dubbed the Iguala Mass Disappearance. Due to the relatively nonchalant reaction the Mexican authorities had concerning the incident, a group of foreign, independent experts came in to investigate the details of the case to ensure that the government was not involved.
The investigators were soon targeted with NSO infection attempts after casting doubt about the degree of government involvement in the disappearance. Citizen Lab research believes, through circumstantial evidence, that the Office of the Prosecutor (PGR) was one of the government branches responsible for the infiltration attempts in an effort to control the official narrative.
Non-governmental organizations: The final case that the Citizen Lab investigated regarding targeting Mexican civil society involved Claudio González, the director of Mexicanos Contra la Corrupción y la Impunidad (MCCI). MCCI is an anti-corruption organization whose director was targeted with NSO infection attempts while he was investigating government corruption and advocating for anti-corruption legislation. According to the Citizen Lab, this is the 22nd known target of spyware abuse in Mexico.
The Citizen Lab found that a pattern has emerged in Mexico demonstrating that a new weapon is being used against anti-corruption advocates: targeting via government-exclusive spyware. It appears that those who question official government narratives are liable to be targeted by NSO spyware. As Deibert puts it, “Should it come as any surprise that these powerful surveillance technologies would end up being deployed against those who aim to expose corrupt Mexican officials?”
Though no direct links of NSO abuse have been attributed to the Mexican government, it is known that government agencies possess the spyware and have the ability to use it. The circumstantial evidence gathered through the help of the Citizen Lab strongly indicates that unless a massive breach in security has occurred, a nation at peace should not allow its own citizens to be harassed in such a manner.
NSO Group, has not ensured that its spyware will not target civilians. Selling to states that have reputations for human rights abuses clearly demonstrates a lack of consideration for freedom and security.
Although the Israel-based group was recently courted by the US company Blackstone Group for a 40 per cent stake in NSO, the failure of the deal is thought to have resulted from an awareness campaign by groups such as Citizen Lab.
The lessons of the UAE, China, and Mexico clearly demonstrate the potential for abuse when countries without strong accountability measures are given incredibly powerful weapons.
Such weapons bring into question a citizen’s freedom — whether it be of speech, expression, or thought — even in a country that claims to be a liberal democracy. “Freedom of speech is the antithesis to one-party rule,” Deibert writes, “[Authoritarian censorship] underscores why careful evidence-based research is so essential to the progress of human rights.”