Don't opt out: click here to learn more about our work.

Flaw in WhatsApp exploited to target human rights lawyer, finds Citizen Lab

Lawyer has been embroiled in lawsuit against NSO Group, controversial Israeli technology firm

Flaw in WhatsApp exploited to target human rights lawyer, finds Citizen Lab

On May 12, a London-based human rights lawyer received peculiar video calls on his WhatsApp account while visiting Sweden.

Concerned by receiving the calls at such odd times in the morning, he reached out to cyber specialists at U of T’s Citizen Lab to investigate.

The Citizen Lab is a multidisciplinary research institute located at the Munk School for Global Affairs and Public Policy. The lab explores issues related to cybersecurity, surveillance, and digital censorship.

The lawyer, who remains anonymous due to fears of retaliation for speaking out, suspects potential foul play given his involvement with a civil lawsuit against NSO Group, an Israeli technology firm.

Foreign governments, including Saudi Arabia, Mexico, and the United Arab Emirates, have allegedly used NSO Group’s products to spy on journalists and political dissidents, including a critic of Saudi Arabia living in Canada.

According to reports from the Financial Times, the spyware targeting the lawyer’s phone had digital characteristics typical of NSO Group products.

Citizen Lab Senior Researchers John Scott-Railton and Bill Marczak led the investigative team that discovered WhatsApp’s vulnerability.

In an interview with The Varsity, Scott-Railton said he “observed a case where it looked like there was an attempt to target that lawyer’s phone with this novel attack, which would have happened over WhatsApp through a missed call.”

By exploiting the app’s vulnerability, NSO Group’s Pegasus spyware could enter a target’s iPhone or Android device through WhatsApp’s call function. The malicious code could then extract private information such as text messages and call histories, regardless of whether a target answers the call or not. The spyware can also collect new data by turning on the device’s camera or microphone.

 

WhatsApp’s response

WhatsApp engineers worked to patch the vulnerability as quickly as possible once they became aware of the susceptibility in the software. When finished, their company urged its 1.5 billion users to update their apps.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” WhatsApp said in a public statement.  

The social network also informed the United States Department of Justice officials and issued a Common Vulnerabilities and Exposures notice to inform cybersecurity experts.

Scott-Railton praised WhatsApp for acting swiftly after discovering the vulnerability. “The way that WhatsApp has responded to this has been, I think, quite positive,” he said, noting how WhatsApp contacted a number of human rights organizations, which are common targets of the Pegasus spyware, before publicly announcing the security vulnerability.

According to Scott-Railton, this was an “unprecedented” move by a social media company and signals that it “felt there was something very wrong that had been done… and they didn’t like what they saw.”

It is unclear how many people were targeted or impacted by the vulnerability. However, based on WhatsApp’s comments, Scott-Railton said it seems like “there was a problem… [which was] much larger” than the attack on the human rights lawyer alone.

NSO Group promises reform

NSO Group maintains that it partners with governments to assist with law enforcement efforts and prevent criminal activity such as terrorism.

In response to reports that its software was targeting the human rights lawyer, NSO Group said that it “would not, or could not, use its technology in its own right to target any person or organization, including this individual.”

Earlier this year, NSO Group was partially acquired by the UK-based private equity fund Novalpina Capital. When Novalpina took over, it promised to reform the company in light of recent reports of suspected abuse.  

When the acquisition occurred, Novalpina was hoping to “establish a new benchmark for transparency and respect for human rights in full compliance with the [United Nations] Guiding Principal,” said Stephen Peel, co-founder of the fund.

Scott-Railton believes that “if indeed this was NSO, it suggests that this public story about human rights abuse may not [match up] with other things that we’ve observed.”

A bigger picture

Citizen Lab has been involved in multiple investigations tracking companies that sell spyware. Earlier this year, Citizen Lab itself had been targeted by undercover agents — masked as “socially conscious investors” — for its research on NSO Group.

Scott-Railton believes this case points to a larger trend of companies selling spyware to target individuals. “I think in the long run, we won’t really understand the digital risks and challenges that we all face until we see cases where harm happens to individuals,” he said.

“It’s very disconcerting to someone who has WhatsApp on their phones when they hear that there’s some company out there that’s selling a technology to basically use that as a way onto their phones, without any interaction,” Scott-Railton said.

“It’s almost unpreventable.”

Ontario Human Rights Commission releases new policy on accessible education

Broader definition of disability, policy comes in wake of university-mandated leave of absence approval

Ontario Human Rights Commission releases new policy on accessible education

The Ontario Human Rights Commission (OHRC) released a new Policy on Accessible Education for Students with Disabilities on August 29.

This policy reflects a broader definition of disability, recognizes that education is important to a person’s development, and provides students with up-to-date information about their human rights and responsibilities.

It also reminds schools of their obligation to maintain accessible, inclusive, discrimination-free, and harassment-free spaces, along with recommendations on how to effectively meet legal obligations under the Ontario Human Rights Code.

Significance in relation to the UMLAP

The policy’s release comes months after U of T passed its new University-Mandated Leave of Absence Policy (UMLAP) in June.

The UMLAP allows U of T to put students on a mandatory leave of absence if their mental health affects their ability to complete their schoolwork, or if it poses a risk to themselves or others.

An early version of the policy was criticized strongly by OHRC’s Chief Commissioner Renu Mandhane, who sent a letter to the university asking it to delay the policy’s approval.

According to the letter, sent in January, “the Policy falls short of meeting the duty to accommodate under the Code, and as outlined in the OHRC’s Policy on ableism and discrimination based on disability.” 

The letter also said “the Policy appears to allow decisions to be made by University administration who do not have any specialized training on human rights or risk assessment.”

After this letter, the university withdrew that version of the UMLAP, but proposed another version in May, which was passed.

What’s in the new OHRC policy?

The new OHRC policy addresses “the evolving legal definition of disability and its implications for education providers.’

It also recognizes that “disability” includes “both present and past conditions,” as well as a subjective component based on the perception of disability.

The new policy also discusses ableism, negative attitudes, stereotypes, and stigma toward students with disabilities.

It states that “providers have a legal obligation under the Code to not discriminate against students with disabilities, and to eliminate discrimination when it happens.”

A major focus of the policy is on the “duty to accommodate,” which was also one of Mandhane’s main criticisms of the UMLAP.

“Under the Code, education providers have a legal duty to accommodate the needs of students with disabilities who are adversely affected by a requirement, rule or standard,” reads the policy.

The OHRC’s letter notes that “the decisions to exclude a student from school due to alleged health and safety risk without sufficient objective evidence… may constitute discrimination.”

It also adds that students with disabilities cannot be judged to be incapable of fulfilling their educational requirements unless proper accommodation has been provided and the capabilities of the students have been assessed.

The new policy also recommends that schools and postsecondary institutions collect quantitative and qualitative data to understand any barriers that may exist, and to identify and address any concerns that may lead to systemic discrimination.

Yemeni community stages protest against Canada’s arms deal with Saudi Arabia

Protesters in front of Chrystia Freeland’s office call for end to $15 billion deal

Yemeni community stages protest against Canada’s arms deal with Saudi Arabia

Yemeni protesters and allies gathered on September 8 in front of Chrystia Freeland’s constituency office at Spadina Avenue and Bloor Street West to protest Canada’s arms deal with Saudi Arabia. Canadian-made combat vehicles have reportedly been used by Saudi Arabia in its war in Yemen. The conflict was labelled by the United Nations as the worst humanitarian crisis of 2018, with at least 16,700 casaulties since it began in 2015, though the count could be much higher. Over two million people have been displaced by the conflict.

The protest comes in the wake of growing Canada-Saudi tensions after Freeland, Canada’s Minister of Foreign Affairs, called for the release of two human rights activists in Saudi Arabia on Twitter. As part of its response to Freeland’s message, Saudi Arabia announced that Saudi students studying at Canadian universities had to leave the country.

Protesters gathered at around 2:45 pm, holding signs calling for Freeland to take action and immediately stop the arms deal.

The group of roughly 50 were affiliated with groups such as the Yemeni Community in Canada, the Canadian Defenders for Human Rights, and the Canadian Peace Coalition.

Protesters held signs depicting the victims of war crimes as young as nine years old.

Firas Al Najim, a member of the Canadian Defenders for Human Rights and one of the participants in the protest, criticized the Canadian government’s decision to sell arms to Saudi Arabia, saying that it makes the country “an accomplice to war crimes” and adding that “the government should speak up for human rights in the war-torn Yemen.”

The deal, initiated by the Harper government in 2014, is for $15 billion in armoured vehicles, and aims to create 3,000 jobs in the manufacturing sector — mainly in London, Ontario.

The protest comes after an August 9 airstrike on a school bus which killed 51 people, including 40 children. Some 79 people were injured, 56 of whom were children. The Saudi-led coalition airstrike has been condemned by Human Rights Watch, which called it an “apparent war crime.”

The fighting in Yemen has been going on for more than three years, and involves Saudi Arabia, allied Sunni Muslims, and the Houthi rebels who control much of northern Yemen and the capital, Sana’a. The rebels drove Yemen’s government into exile in 2014.

“Many innocent people will be victims of these weapons. I totally understand that these weapons are creating job opportunities in Canada, but it is coming in the interest of Yemeni innocent blood,” said Hamza Shaiban, President of the Yemeni Community in Canada.

Councillor Joe Cressy proposes amendments to enforce conformity with zoning laws

Job applicants with criminal records need human rights protections

Students and graduates seeking employment opportunities can face discrimination and barriers due to police record checks

Job applicants with criminal records need human rights protections

For most students, employment opportunities, volunteering, and experiential learning are a necessary stage in one’s academic and professional career. For some students — particularly in nursing, or education, or even medicine — your credentials may not be enough to get a placement: various types of criminal record checks may be required. These ‘checks’ may also be a standard part of screening for an eventual job.

But what you may not know is that record checks can reveal a lot of information: information that is very old, irrelevant to the position being applied for, or even information that a person may not even be aware is there. Even though the person may be legally innocent — in that they have not been convicted of a crime — such information on a record can create barriers to placements and employment and therefore have a negative impact on someone’s future as young professionals.

Employers are using record checks more and more as a risk screening tool and as a result, these ‘checks’ may create a stigma rather than depicting the reality of the situation and therefore must be used with caution as a risk management tool. According to the John Howard Society, having a record can reduce someone’s chances of getting a job by up to 50 per cent, and that number is likely worse for racialized populations. Some employers have policies on what to do when they see a positive result on a criminal check; others might just put the application in the garbage.

Many of those who have never been convicted of a crime are unaware that the current operating system of police record checks in Ontario can still pose barriers to employment through revealing sensitive information to employers. This can occur through disclosing criminal charges that were withdrawn or stayed, charges in which the individual was acquitted, and non-criminal police contact when there was no conviction or finding of guilt. There are currently no province-wide standards on what type of information can or cannot be disclosed on various levels of record checks.

Over 100,000 cases on average are processed through Ontario courts every year. Of those, more than 40 per cent are withdrawn, stayed, or acquitted. According to the article “Race, Crime, and Criminal Justice in Canada”, by Akwasi Owusu-Bempah and Scot Wortley, Indigenous people are overrepresented at nearly every stage of the criminal justice system. Moreover, Black people are overrepresented in cannabis possession arrests in Ontario. This police contact can be revealed in future background checks. However, allegations are not convictions. There is no legal basis for this information to appear in police background checks. It is important to notice that there is a racial dimension to the issue of non-conviction records and who they affect.

The Canadian Civil Liberties Association created a report in 2012 with interviews of many who have lost educational or employment opportunities as a result of the disclosure of non-conviction records. Many of these people didn’t even know they had something on their record.

However, Ontario passed the Police Records Check Reform Act, 2015 on December 1 that year. Also known as Bill 113, the act standardizes disclosure practices across police services and promotes fairness and respect for the privacy of individuals when they request for a police record check. It will be implemented in law as of November 1, 2018.

There is currently very little protection in the Ontario Human Rights Code for people with criminal records, and no protection for people with non-conviction records, which means that employers are legally allowed to discriminate. It can also be the sole reason as to why you are denied a volunteer or employment opportunity. Even when the law comes into force later this year, employers should still know how to interpret a criminal or non-criminal record and should be encouraged to take a nuanced approach in assessing the relevance of a particular record to the specific position being applied for.

We as students must mobilize together and raise greater awareness about the barriers that the current system imposes on our professional future with regard to human rights protection. Raising awareness through engaging in activities such as signing petitions and participating in public demonstrations can be impactful. The Ontario Human Rights Commission must redefine how employer practices must be adhered to in the context of police record checks.

Sonia Gill and Proshat Babaeian both completed the 2017–2018 masters program in Criminology at the Centre for Criminology & Sociolegal Studies. They work with the John Howard Society of Ontario.

What’s Philosophy Got to Do With It? – Speaking with Barbara Jackman

Human rights lawyer Barbara Jackman on secret hearings and security certificates

What’s Philosophy Got to Do With It? – Speaking with Barbara Jackman