Citizen Lab

Citizen Lab
Formation 2001
Type Research Laboratory
Headquarters University of Toronto
Location
Director
Ronald Deibert
Website citizenlab.org

The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. Founded and directed by Professor Ronald Deibert, the Citizen Lab studies information controls—such as network surveillance and content filtering—that impact the openness and security of the Internet and that pose threats to human rights. The Citizen Lab collaborates with research centres, organizations, and individuals around the world, and uses a "mixed methods" approach, which combines technical interrogation and analysis with intensive field research, qualitative social science, and legal and policy analysis methods.

The Citizen Lab was a founding partner of the OpenNet Initiative (2002-2013) and the Information Warfare Monitor (2002-2012) projects. The Citizen Lab also developed the original design of the Psiphon censorship circumvention software, which was spun out of the Lab into a private Canadian corporation (Psiphon Inc.) in 2008.

The Citizen Lab’s research outputs have made global news headlines around the world, including front page exclusives in the New York Times, Washington Post, and Globe and Mail. In Tracking Ghostnet (2009) researchers uncovered a suspected cyber espionage network of over 1,295 infected hosts in 103 countries, a high percentage of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.[1] This seminal study was one of the first public reports to reveal a cyber espionage network that targeted civil society and government targets around the world. In Shadows in the Cloud (2010), researchers document a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the Offices of His Holiness the Dalai Lama, the United Nations, and several other countries.[2]

The Citizen Lab has won a number of awards for its work. The Citizen Lab is the first Canadian institution to win the MacArthur Foundation’s MacArthur Award for Creative and Effective Institutions (2014)[3] and the only Canadian institution to receive a “New Digital Age” Grant (2014) from Google Executive Chairman Eric Schmidt.[4] Past awards include the Canadian Library Association's Advancement of Intellectual Freedom in Canada Award (2013),[5] the Canadian Committee for World Press Freedom’s Press Freedom Award (2011),[6] and the Canadian Journalists for Free Expression’s Vox Libera Award (2010).[7]

In July 2014, Citizen Lab was profiled in the Ars Technica article, Inside Citizen Lab, the “Hacker Hothouse” protecting you from Big Brother.[8]

Funding

The Citizen Lab is independent of government or corporate interests. Financial support for the Citizen Lab has come from the Ford Foundation, the Open Society Institute, the Social Sciences and Humanities Research Council of Canada, the International Development Research Centre (IDRC), the Canada Centre for Global Security Studies at the University of Toronto’s Munk School of Global Affairs, the John D. and Catherine T. MacArthur Foundation, the Donner Canadian Foundation, and The Walter and Duncan Gordon Foundation. The Citizen Lab has received one-time, no-strings-attached donations of software from Palantir Technologies, VirusTotal, and Oculus Info Inc.

Research areas

Threats against civil society

The Citizen Lab’s Targeted Threats project seeks to gain a better understanding of the technical and social nature of digital attacks against civil society groups and the political context that may motivate them.[9] The Citizen Lab conducts ongoing comparative analysis of a growing spectrum of online threats, including Internet filtering, denial-of-service attacks, and targeted malware. Targeted Threats reports have covered a number espionage campaigns and information operations against the Tibetan community and diaspora.[10] Citizen Lab researchers and collaborators like the Electronic Frontier Foundation have also revealed several different malware campaigns targeting Syrian activists and opposition groups in the context of the Syrian Civil War.[11] Many of these findings were translated into Arabic and disseminated along with recommendations for detecting and removing malware.

The Citizen Lab’s research on threats against civil society organizations has been featured on the front page of BusinessWeek,[12] and covered in Al Jazeera,[13] Forbes,[14] Wired,[15] among other international media outlets.

Measuring Internet censorship

Internet censorship and surveillance by country

  Pervasive
  Substantial
  Selective

  Changing situation
  Little or no
  Not classified

Source: OpenNet Initiative,[16][17] Reporters Without Borders.[18][19]

The OpenNet Initiative has tested for Internet filtering in 74 countries and found that 42 of them—including both authoritarian and democratic regimes—implement some level of filtering.[20]

The Citizen Lab is continuing this research area through the Internet Censorship Lab (ICLab), a project to develop new systems and methods for measuring Internet censorship. It is a collaborative effort between The Citizen Lab, Professor Phillipa Gill’s group at Stony Brook University's Department of Computer Science, and Professor Nick Feamster’s Network Operations and Internet Security Group at Princeton University.[21]

Application-level information controls

The Citizen Lab studies censorship and surveillance implemented in popular applications including social networks, instant messaging, and search engines.

Previous work includes investigations of censorship practices of search engines provided by Google, Microsoft, and Yahoo! for the Chinese market along with the domestic Chinese search engine Baidu. In 2008, Nart Villeneuve found that TOM-Skype (the Chinese version of Skype at the time) had collected and stored millions of chat records on a publicly accessible server based in China.[22] In 2013, Citizen Lab researchers collaborated with Professor Jedidiah Crandall and PhD student Jeffrey Knockel at the University of Mexico to reverse engineering of TOM-Skype and Sina UC, another instant messaging application used in China. The team was able to obtain the URLs and encryption keys for various versions of these two programs and downloaded the keyword blacklists daily. This work analyzed over one year and a half of data from tracking the keyword lists, examined the social and political contexts behind the content of these lists, and analyzed those times when the list had been updated, including correlations with current events.[23]

Current research focuses on monitoring information controls on the popular Chinese microblogging service Sina Weibo,[24] Chinese online encyclopedias,[25] and mobile messaging applications popular in Asia.[26] The Asia Chats project utilizes technical investigation of censorship and surveillance, assessment on the use and storage of user data, and comparison of the terms of service and privacy policies of the applications.[27] The first report released from this project examined regional keyword filtering mechanisms that LINE applies to its Chinese users.[28]

Commercial surveillance

The Citizen Lab conducts groundbreaking research on the global proliferation of targeted surveillance software and toolkits, including FinFisher and Hacking Team.

FinFisher is a suite of remote intrusion and surveillance software developed by Munich-based Gamma International GmbH and marketed and sold exclusively to law enforcement and intelligence agencies by the UK-based Gamma Group. In 2012, Morgan Marquis-Boire and Bill Marczak provided the first public identification of FinFisher's software. The Citizen Lab and collaborators have done extensive investigations into FinFisher, including revealing its use against Bahraini activists,[29] analyzing variants of the FinFisher suite that target mobile phone operating systems,[30] uncovering targeted spying campaigns against political dissidents in Malaysia and Ethiopia,[31] and documenting FinFisher command and control servers in 36 countries.[32] Citizen Lab's FinFisher research has informed and inspired responses from civil society organizations in Pakistan,[33] Mexico,[34] and the United Kingdom.[35] In Mexico, for example, local activists, and politicians collaborated to demand an investigation into the state’s acquisition of surveillance technologies.[36] In the UK, it led to a crackdown on the sale of the software over worries of misuse by repressive regimes.[37]

Hacking Team is a Milan, Italy-based company that provides intrusion and surveillance software called Remote Control System (RCS) to law enforcement and intelligence agencies. The Citizen Lab and collaborators have mapped out RCS network endpoints in 21 countries,[38] and have revealed evidence of RCS being used to target a human rights activist in the United Arab Emirates,[39] a Moroccan citizen journalist organization,[40] and an independent news agency run by members of the Ethiopian diaspora.[41] Following the publication of Hacking Team and the Targeting of Ethiopian Journalists, the Electronic Frontier Foundation[42] and Privacy International[43] both took legal action related to allegations that the Ethiopian government had compromised the computers of Ethiopian expatriates in the United States and UK.

The Citizen Lab’s research on surveillance software has been featured on the front pages of the Washington Post[44] and the New York Times[45] and covered extensively in news media around the world, including the BBC,[46] Bloomberg,[47] CBC, Slate,[48] and Salon.[49]

The Citizen Lab’s research on commercial surveillance technologies has resulted in legal and policy impacts. In December 2013, the Wassenaar Arrangement was amended to include two new categories of surveillance systems on its Dual Use control list—“intrusion software” and “IP Network surveillance systems”.[50] The Wassenaar Arrangement seeks to limit the export of conventional arms and dual-use technologies by calling on signatories to exchange information and provide notification on export activities of goods and munitions included in its control lists. The amendments in December 2013 were the product of intense lobbying by civil society organizations and politicians in Europe, whose efforts were informed by Citizen Lab’s research on intrusion software like FinFisher and surveillance systems developed and marketed by Blue Coat Systems.[51]

Commercial filtering

The Citizen Lab studies the commercial market for censorship and surveillance technologies, which consists of a range of products that are capable of content filtering as well as passive surveillance.

The Citizen Lab has been developing and refining methods for performing Internet-wide scans to measure Internet filtering and detect externally visible installations of URL filtering products. The goal in this work is to develop simple, repeatable methodologies for identifying instances of internet filtering and installations of devices used to conduct censorship and surveillance.

The Citizen Lab has conducted research into companies such as Blue Coat Systems, Netsweeper, and SmartFilter. Major reports include "Some Devices Wander by Mistake: Planet Blue Coat Redux" (2013),[52] "O Pakistan, We Stand on Guard for Thee: An Analysis of Canada-based Netsweeper’s Role in Pakistan’s Censorship Regime" (2013),[53] and Planet Blue Coat: Mapping Global Censorship and Surveillance Tools (2013).[54]

This research has been covered in news media around the world, including the front page of the Washington Post,[55] the New York Times,[56] the Globe and Mail,[57] and the Jakarta Post.[58]

Following the 2011 publication of "Behind Blue Coat: Investigations of Commercial Filtering in Syria and Burma", Blue Coat Systems officially announced that it would no longer provide “support, updates. or other services” to software in Syria.[59] In December 2011, the U.S. Department of Commerce's Bureau of Industry and Security reacted to the Blue Coat evidence and imposed a $2.8 million fine on the Emirati company responsible for purchasing filtering products from Blue Coat and exporting them to Syria without a license.

Citizen Lab's Netsweeper research has been cited by Pakistani civil society organizations Bytes for All and Bolo Bhi in public interest litigation against the Pakistani government and in formal complaints to the High Commission (Embassy) of Canada to Pakistan.[60]

Policy engagement

The Citizen Lab is an active participant in various global discussions on Internet governance, such as the Internet Governance Forum, ICANN, and the United Nations Government Group of Experts on Information and Telecommunications.

Since 2010, the Citizen Lab has helped organize the annual Cyber Dialogue conference, hosted by the Munk School of Global Affairs’ Canada Centre, which convenes over 100 individuals from countries around the world who work in government, civil society, academia, and private enterprise in an effort to better understand the most pressing issues in cyberspace.[61] The Cyber Dialogue has a participatory format that engages all attendees in a moderated dialogue on Internet security, governance, and human rights. Other conferences around the world, including a high-level meeting by the Hague-based Scientific Council for Government Policy and the Swedish government’s Stockholm Internet Forum, have taken up themes inspired by discussions at the Cyber Dialogue.

Capacity building

The Citizen Lab contributes to capacity building by supporting networks of researchers, advocates, and practitioners around the world, particularly from the Global South. The Citizen Lab has developed regional networks of activists and researchers working on information controls and human rights for the past ten years. These networks are in Asia (OpenNet Asia), the Commonwealth of Independent States (OpenNet Eurasia), and the Middle East and North Africa.[62]

With the support of the International Development Research Centre (IDRC), the Citizen Lab launched the Cyber Stewards Network in 2012, which consists of South-based researchers, advocates, and practitioners who analyze and impact cybersecurity policies and practices at the local, regional, and international level. The project consists of 12 partners from across Asia, sub-Saharan Africa, Latin America, and the Middle East and North Africa.[63]

Citizen Lab staff also work with local partners to educate and train at-risk communities. For example, in 2013 it collaborated with the Tibet Action Institute to hold public awareness events in Dharamsala, India, for the exiled Tibetan community on cyber espionage campaigns.[64] In the winter of 2013, the Citizen Lab conducted a digital security training session for Russian investigative journalists at the Sakharov Center in Moscow.[65]

References

  1. "Tracking Ghostnet: Investigating a Cyber Espionage Network". Retrieved March 24, 2014.
  2. "Shadows in the Cloud: Investigating Cyber Espionage 2.0". Retrieved March 24, 2014.
  3. "MacArthur Award for Creative and Effective Institutions: The Citizen Lab". February 19, 2014. Retrieved March 24, 2014.
  4. "Google Executive Chairman Eric Schmidt Awards Citizen Lab "New Digital Age" Grant". March 10, 2014. Retrieved March 24, 2014.
  5. "The Citizen Lab wins the 2013 CLA Advancement of Intellectual Freedom in Canada Award". February 6, 2013. Retrieved March 24, 2014.
  6. "Citizen Lab Wins the 2011 Canadian Committee for World Press Freedom’s Press Freedom Award". May 3, 2011. Retrieved March 24, 2014.
  7. "Canadian Internet Pioneer, The Citizen Lab, Wins Canadian Journalists for Free Expression Vox Libera award". November 15, 2010. Retrieved March 24, 2014.
  8. Joshua, Kopstein (30 July 2014). "Inside Citizen Lab, the "Hacker Hothouse" protecting you from Big Brother". Ars Technica.
  9. "Comparative Analysis of Targeted Threats Against Human Rights Organizations". Retrieved March 4, 2014.
  10. Kleemola, Katie; Hardy, Seth (August 2, 2013). "Surtr: Malware Family Targeting the Tibetan Community". Retrieved March 24, 2014.; "Permission to Spy: An Analysis of Android Malware Targeting Tibetans". April 18, 2013. Retrieved March 24, 2014.; "Recent Observations in Tibet-Related Information Operations: Advanced social engineering for the distribution of LURK malware". July 26, 2012. Retrieved March 24, 2014.
  11. Marquis-Boire, Morgan; Hardy, Seth (June 19, 2012). "Syrian Activists Targeted with Blackshades Spy Software". Retrieved March 24, 2014.; Scott-Railton, John; Marquis-Boire, Morgan (June 21, 2013). "A Call to Harm: New Malware Attacks Target the Syrian Opposition". Retrieved March 24, 2014.; Marquis-Boire, Morgan; Galperin, Eva; Scott-Railton, John (December 23, 2013). "Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns". Retrieved March 24, 2014.
  12. Stephan Farris (November 15, 2012). "The Hackers of Damascus". Bloomberg Businessweek.
  13. "New report exposes digital front of Syria's civil war". Al Jazeera. December 25, 2013.
  14. Greenberg, Andy (April 1, 2013). "Evidence Mounts That Chinese Government Hackers Spread Android Malware".
  15. Poulsen, Kevin (December 23, 2013). "In Syria’s Civil War, Facebook Has Become a Battlefield".
  16. OpenNet Initiative "Summarized global Internet filtering data spreadsheet", 8 November 2011 and "Country Profiles", the OpenNet Initiative is a collaborative partnership of the Citizen Lab at the Munk School of Global Affairs, University of Toronto; the Berkman Center for Internet & Society at Harvard University; and the SecDev Group, Ottawa
  17. Due to legal concerns the OpenNet Initiative does not check for filtering of child pornography and because their classifications focus on technical filtering, they do not include other types of censorship.
  18. "Internet Enemies", Enemies of the Internet 2014: Entities at the heart of censorship and surveillance, Reporters Without Borders (Paris), 11 March 2014. Retrieved 24 June 2014.
  19. Internet Enemies, Reporters Without Borders (Paris), 12 March 2012
  20. "OpenNet Initiative". Retrieved March 24, 2014.
  21. "Internet Censorship Lab". Retrieved April 20, 2015.
  22. "Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform". 2008.
  23. "Chat program censorship and surveillance in China: Tracking TOM-Skype and Sina UC". July 2013.
  24. "Keyword: Bo Xilai". Retrieved March 24, 2014.; "Visualizing Changes in Censorship: Summarizing two months of Sina Weibo keyword monitoring with two interactive charts". August 21, 2013.
  25. "Who’s the Boss? The difficulties of identifying censorship in an environment with distributed oversight: a large-scale comparison of Wikipedia China with Hudong and Baidu Baike". August 28, 2013.
  26. "Asia Chats: Analyzing Information Controls and Privacy in Asian Messaging Applications date = November 14, 2013".
  27. "Asia Chats: Analyzing Information Controls and Privacy in Asian Messaging Applications". November 14, 2013.
  28. "Asia Chats: Investigating Regionally-based Keyword Censorship in LINE". August 14, 2013.
  29. Marquis-Boire, Morgan; Marczak, Bill (July 25, 2012). "From Bahrain With Love: FinFisher's Spykit Exposed?".
  30. Marquis-Boire, Morgan; Marczak, Bill; Gaurnieri, Claudio (August 29, 2012). "The Smartphone Who Loved Me? FinFisher Goes Mobile".
  31. Marquis-Boire, Morgan; Marczak, Bill; Gaurnieri, Claudio; Scott-Railton, John (April 30, 2013). "For Their Eyes Only: The Commercialization of Digital Spying".
  32. Marquis-Boire, Morgan; Marczak, Bill; Gaurnieri, Claudio; Scott-Railton, John (March 13, 2013). "You Only Click Twice: FinFisher's Global Proliferation".
  33. "Bytes for All Petitions Pakistani Court on Presence of Surveillance Software". May 16, 2013.
  34. "Cyber Stewards Network and Local Activists Investigate FinFisher in Mexico". November 8, 2013.
  35. "OECD complaint filed by human rights groups against British surveillance company moves forward". June 24, 2013.
  36. Renata Avila (November 8, 2013). "Cyber Steward Network and Local Activists Investigate Surveillance in Mexico".
  37. Jamie Doward (September 8, 2012). "Crackdown on sale of UK spyware over fears of misuse by repressive regimes".
  38. Marczak, Bill; Gaurnieri, Claudio; Marquis-Boire, Morgan; Scott-Railton, John (February 17, 2014). "Mapping Hacking Team's "Untraceable" Spyware".
  39. Morgan Marquis-Boire (October 10, 2012). "Backdoors Are Forever? Hacking Team and the Targeting of Dissent".; Vernon Silver (October 10, 2012). "Spyware Leaves Trail to Beaten Activist through Microsoft Flaw".
  40. Morgan Marquis-Boire (October 10, 2012). "Backdoors Are Forever? Hacking Team and the Targeting of Dissent".; Nicole Perlroth (October 10, 2012). "Ahead of Spyware Conference More Evidence of Abuse".
  41. Marczak, Bill; Gaurnieri, Claudio; Marquis-Boire, Morgan; Scott-Railton, John (February 12, 2014). "Hacking Team and the Targeting of Ethiopian Journalists".
  42. "American Sues Ethiopian Government for Spyware Infection". Electronic Frontier Foundation. February 18, 2014.
  43. "Privacy International seeking investigation into computer spying on refugee in UK". Privacy International. February 17, 2014.
  44. Craig Timberg (February 12, 2014). "Foreign regimes use spyware against journalists, even in U.S.". The Washington Post.
  45. Nicole Perlroth (August 30, 2012). "Software Meant to Fight Crime is Used to Spy on Dissidents". The New York Times.
  46. "Mozilla accuses Finfisher makers of 'hiding' under name". BBC. May 1, 2013.
  47. Vernon Silver (March 13, 2013). "Gamma FinSpy Surveillance Servers in 25 Countries". Bloomberg Businessweek.
  48. Ryan Gallagher (March 13, 2013). "Report: Global Network of Government Spyware Detected in U.S., Authoritarian Countries". Slate.
  49. Natasha Lennard (March 13, 2013). "Surveillance software used to spy on activists around the world". Salon.
  50. "International agreement reached controlling export of mass and intrusive surveillance technology". Privacy International. December 9, 2013.
  51. "Shedding Light on the Surveillance Industry: The importance of evidence-based, impartial research". December 20, 2013.
  52. Marquis-Boire, Morgan; Anderson, Collin; Dalek, Jakub; McKune, Sarah; Scott-Railton, John (July 9, 2013). "Some Devices Wander By Mistake: Planet Blue Coat Redux".
  53. "O Pakistan, We Stand on Guard for Thee: An Analysis of Canada-based Netsweeper’s Role in Pakistan’s Censorship Regime". June 20, 2013.
  54. Marquis-Boire, Morgan; Dalek, Jakub; McKune, Sarah (January 15, 2013). "Planet Blue Coat: Mapping Global Censorship and Surveillance Tools".
  55. Ellen Nakashima (July 8, 2013). "Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan". The Washington Post.
  56. John Markoff (January 16, 2013). "Rights Group Reports on Abuses of Surveillance and Censorship Technology". The New York Times.
  57. Omar El Akkad (June 21, 2013). "Canadian technology tied to online censorship in Pakistan". The Globe and Mail.
  58. Irene Poetranto (December 14, 2013). "Time for Greater Transparency". The Jakarta Post.
  59. "Behind Blue Coat: Investigations of commercial filtering in Syria and Burma". November 9, 2011.
  60. "Letter to High Commissioner Of Canada : Call for Transparency, Accountability & Action Following Reports On Netsweeper’s Presence in Pakistan". Bolo Bhi. July 23, 2013.
  61. "Cyber Dialogue". Retrieved March 25, 2014.
  62. "ONI Asia". Retrieved March 25, 2014.
  63. "Cyber Stewards Network". Retrieved March 25, 2014.
  64. "Tibet Action Institute: Safe Travels Online Tech Meet". June 12, 2013.
  65. "Дискуссия "Современные угрозы информационной безопасности для НКО, активистов и журналистов"". Sakharov Center. December 17, 2013.

External links