New report details how autocrats use the internet to harass and suppress activists in Canada

Thousands of miles away from her homeland in Syria, she organized protests and ran social media pages in Canada in support of opposition forces fighting President Bashar al-Assad’s regime.

Then anonymous complaints started rolling in and prompted Facebook to shut down her group page. Trolls left “nasty and dirty” comments on social media and created fake profiles with her photos, she said, while a Gmail administrator alerted her that “a state sponsor” was trying to hack her account.

“The Assad regime was functioning through this network of thugs that they call Shabeeha. Inside of Syria, those thugs would be physically beating up people and terrorizing them,” said the 42-year-old Toronto woman.

“Then they were also very much online, so they terrorized people online as well.”

As diaspora communities are increasingly relying on social media and other online platforms to pursue advocacy work, authoritarian states are trying to exert their will over overseas dissidents through what’s dubbed “digital transnational repression,” said a new study released Tuesday.

“States that engage in transnational repression use a variety of methods to silence, persecute, control, coerce, or otherwise intimidate their nationals abroad into refraining from transnational political or social activities that may undermine or threaten the state and power within its border,” said the report by the Citizen Lab at University of Toronto’s Munk School of Global Affairs.

“Thus, nationals of these states who reside abroad are still limited in how they can exercise ‘their rights, liberties, and voice’ and remain subject to state authoritarianism even after leaving their country of origin.”

Being a country of immigrants — particularly refugees seeking protection from persecution — Canada is vulnerable to this kind of digital attacks, amid the advancement of surveillance technology and rising authoritarianism around the globe, said the report’s authors.

“There is this misassumption that once people arrive in Canada from authoritarian countries, they are safe. We need to redefine what safety is,” said Noura Al-Jizawi, one of the report’s co-authors.

“This is not only affecting the day-to-day life of these people, but it’s also affecting the civic rights, their freedom of speech or their freedom of assembly of an entire community that’s beyond the individuals who are being targeted.”

A team of researchers interviewed 18 individuals, all of whom resided in Canada and had moved or fled to Canada from 11 different places, including Syria, Saudi Arabia, Yemen, Tibet, Hong Kong, China, Rwanda, Iran, Afghanistan, East Turkestan, and Balochistan.

The participants shared their experiences of being intimidated for the advocacy work they conducted in Canada, as well as the impacts of such threats — allegedly from these foreign states and their supporters — on their well-being and the diaspora communities they come from.

“Their main concern besides their privacy and the privacy of their family is the friends and colleagues back home. If the government targets their devices digitally, they would reveal the underground and hidden network of activists,” said Al-Jizawi.

“Many of them mention that they try to avoid the communities from their country of origin because they can’t feel safe connecting with these people.”

Many of the participants in the study said they have reached out for assistance to authorities such as the Canadian Security Intelligence Service but were disappointed.

“The responses were generally like, we can’t help you or this isn’t a crime and there’s nothing actionable here. In one case, they suggested to the person to hire a private detective,” noted Siena Anstis, another co-author of the study.

“Law enforcement is probably not that well equipped or trained to understand the broader context within which this is happening. The way that they handle these cases is quite dismissive.”

The anonymous Syrian-Canadian political activist who participated in the study said victims of transnational repression will stop reporting to Canadian officials if nothing comes out of their complaints.

“Every day we’re becoming more and more digital, which makes us more vulnerable to digital attacks and digital privacy issues. I hope our government will start thinking about how to protect us from this emerging threat that we never had to worry about before,” said the woman, who came here from Aleppo as a 7-year-old and has stopped her political activities to free Syria.

“If someone like me who is extremely outspoken and very difficult to stifle felt a little bit overwhelmed by all of it, you can imagine other people who recently came from Syria and still have a lot of ties there. I know a lot of people that will not open their mouth publicly because they’re scared what will happen.”

The report urges Ottawa to create a dedicated government agency to support victims and conduct research to better understand the scale and impact of these activities on the exercise of Canadian human rights. It also recommends establishing federal policies for the sale of surveillance technologies to authoritarian states and for guiding how social media platforms can better protect victims from digital attacks.

“It might seem at this stage it’s only happening to some communities in Canada and it doesn’t matter,” said Anstis. “But collectively it’s our human rights that are being eroded. It’s our capacity to engage in, affirm and protect against human rights and democracy. That space for dialogue is really reducing.”

Source: New report details how autocrats use the internet to harass and suppress activists in Canada

When it comes to cyberspace, should national security trump user security? – Citizen Lab

Always valuable, the insights and activities of the Citizen Lab of UofT’s Munk Centre, with the highly pertinent, and rhetorical, question at the end:

As the Snowden document makes plain, CSE and its allies in the United States, United Kingdom, Australia and New Zealand knew about UC Browser’s privacy and security problems since at least 2012. But rather than disclose them to the public and notify the company (as we felt compelled to do), they sat on and exploited them.

Of course, a leaky browser application is not as critical as a fault in a pacemaker, a 747, or a nuclear enrichment facility. Or is it? Consider that in China where the browser is most popular, all network operators are required by law to retain customer data and turn it over to security agencies upon request. The Chinese regime does not look fondly on political opposition and public demonstrations, the organization of which is now almost entirely dependent on mobile devices. Each year, China executes thousands of people for crimes against the state, and sends thousands of others to re-education labour camps. Chinese dissidents with UC Browser on their mobile device have been sitting ducks for China’s targeted surveillance, for years.

Did CSE and its allies deliberate seriously about these moral tradeoffs? Hard to say, as such deliberations are classified. For what it’s worth, the White House’s Cybersecurity Coordinator, Michael Daniels, has said the United States has a “disciplined, rigorous, and high-level decision-making process for vulnerability disclosure” in which “all of the pros and cons are properly considered and weighed.” The top-secret documents, however, evince a different attitude, one full of only excitement at the discovery and the prospects for exploitation.

The case of UC Browser is one illustration of a larger public policy problem around cybersecurity. We stand at a crossroads. Down one path is a future where governments secretly stockpile information vulnerabilities as weapons, weaken encryption to make eavesdropping easier, and engineer secret “back doors” into our networks to steal info and sabotage systems. Heading down this path will turn the global information commons into an inter-state battlefield. In worst case scenarios involving the targeting of critical infrastructure, it will lead inevitably to large-scale loss of life.

There is another path we can head down, one in which the security of users, regardless of nationality or geography, is the primary concern. Going down this path would begin with the premise that cyberspace is a shared common resource requiring stewardship. It would imply a much greater role for civilian, as opposed to military, agencies. From this view, securing cyberspace would be undertaken by independent and globally distributed individuals and groups insulated from national rivalry. The core of this approach would involve the public disclosure of vulnerabilities wherever they occur in the interests of global public policy, human rights and international humanitarian law.

Are we confident our governments are on the right path?

When it comes to cyberspace, should national security trump user security? – The Globe and Mail.

State-sponsored hackers target human rights groups, study says – The Globe and Mail

Not surprising:

In an interview with The Globe and Mail, Mr. Deibert explained the Internet has extended the reach of repressive states.

Cyberespionage may well cost businesses their profits, he said, but for refugees and dissidents the downstream effects can be “arrest, detention, or even loss of life.” Consider what could happen to exiles who return to countries that never stopped capturing their conversations.

For its study, the Citizen Lab examined eight groups engaged in “rights issues related to China and Tibet.” It also looked at two larger human-rights groups operating globally. The organizations submitted their data and devices for analysis, on the condition that they remain anonymous.

The report suggests that hackers known to cybersecurity experts as “APT1” – short for Advanced Persistent Threat 1 – were targeting at least one China-focused group and one international rights group. This is significant because experts regard APT1 as a powerful hacking team run by the Chinese People’s Liberation Army.

Such groups use social media to study up on key personnel in targeted organizations. This research helps them craft messages that their prey will more likely open – and be infected by.

May be some opportunities for capacity-building but the Government doesn’t exactly have good relations with many NGOs.

State-sponsored hackers target human rights groups, study says – The Globe and Mail.