How The Citizen Lab polices the world's digital spies

University of Toronto professor Ron Deibert launched The Citizen Lab in 2001 to become the 'CSI of the internet.' Since then, it has become one of the leading watchdogs for digital censorship and online suppression. 

Citizen lab senior researcher John Scott-Railton (left) and technical adviser Greg Wiseman.

Courtesy of The Citizen Lab

December 22, 2016

It's well known that WeChat censors conversations between hundreds of millions of mainland Chinese who regularly use the country's most popular chat app.

Censorship is a fact of life in China, and Beijing's censors have raced to keep pace with the rapid spread of digital communications. But the full scope of how WeChat controls what users say, read, and share wasn't known until a small team of technology researchers at the University of Toronto began to suspect the company was blocking conversations among users in North America, too.

“In the past, when we spoke about globalization, we said it would erase censorship because there were no borders. Now we’re seeing that argument disappear,” says Jason Ng, a researcher at The Citizen Lab, an outfit based based at the university's Munk School of Global Affairs that focuses on exposing how technology can be used to violate free speech and endanger human rights. “This is a new way of thinking about how to restrict information based on who or where users are.”

Through his work examining what WeChat users are able to see – whether they are in China or abroad – revealed that the company's digital filtering technology tracks users around the globe, blocking content without users' knowledge.

The Citizen Lab published its findings earlier this month, adding to a growing body of work that has cemented the center's reputation as a global leader in the fight to protect privacy and preserve the right to free expression and human rights in the digital world.

Over the past 15 years, the lab has uncovered vast electronic spying networks that compromised thousands of computers, including the Dalai Lama’s, pushed cellphone providers to publish reports on what information they share with authorities, and shed light on the growing number of Western corporations that provide digital spyware to repressive regimes. 

Earlier this year, researchers discovered that a secretive Israeli company, the NSO Group, and the United Arab Emirates had spent millions of dollars to successfully design malicious software capable of exploiting vulnerabilities in Apple's mobile operating system to break into its targets' iPhones. Apple immediately fixed the vulnerabilities, protecting millions of iPhone users around the world. 

“The work they’ve done to bring surveillance activities to light has been truly second to none,” says Michael Geist, who specializes in technology law at the University of Ottawa. “They have peeled back the veil behind the entire digital space.” 

Can Syria heal? For many, Step 1 is learning the difficult truth.

Citizen Lab founder Ron Deibert.
Riley Stewart/Munk School of Global Affairs

The information revolution 

Most people on the internet considered it free and uncensored territory when Ron Deibert, then a newly tenured professor of international relations at the University of Toronto, set up The Citizen Lab in 2001 with a $250,000 grant from the Ford Foundation. 

“People just assumed that governments wouldn’t be able to censor the internet. They thought it was just too powerful a technology, the way it was designed it was impossible to control,” he says. 

Mr. Deibert suspected that wasn’t true and decided to set up a lab that could act as a multidisciplinary “CSI of the internet” that would test his theory and clearly demonstrate the results. 

At the time, he was partly motivated by “the idea of sticking it to people in positions of power.” As a child in a hardscrabble working class neighbourhood on the east side of Vancouver, British Columbia, Deibert sometimes joined the other kids to break into churches. He attended an “underfunded” and “brutal” Catholic elementary school staffed by a team of “bigoted instructors.” He nurtured his sense of rebellion with the 1970s influences of The Rolling Stones and punk rock. 

Young adulthood led Deibert to university, where he studied to become a Sovietologist. When the end of the Cold War forced him to find an alternative, a professor advised Deibert to focus on the “information revolution.” At time, that mostly consisted of telecommunications, TV, and the CNN effect. 

“You should look at its impact on world affairs, is how he put it. Because no one is really studying it and it’s going to be important,” Deibert says. 

Deibert says he began to understand just how important it would become as a graduate student, when he landed a contract with Canada’s foreign affairs ministry to study how the emerging use of satellite images could be applied to arms control verification. He got an up-close view of the global telecommunications network and the many ways governments could manipulate it.

“I discovered that most governments have some kind of signals intelligence capacity. Spy satellites, eavesdropping satellites, wiretapping cables,” he says. “It was as if it was happening in a separate space of secrecy.”

More policeman than rebel 

Deibert, currently in his 50s, now sees himself and The Citizen Lab as more policeman than rebel, dedicated to detailed investigations and in-depth technical forensics that uncover potential or ongoing attacks against privacy and free speech. 

“As I’ve matured, I’ve realized I have a responsibility as a professor, here at the university, to speak truth to power,” he says. He adds that he sees the lab as a “kind of early warning system for raising the alarm bell,” much like climate scientists who warn that carbon emissions could bring about the collapse of the climate. 

“That’s what I feel like we’re doing when we’re drilling into these things and saying, ‘Hey, you know the Chinese government requires this application developer to monitor everything we do. That’s a problem and we have to do something about it.’ ”

As Deibert has matured, so has the lab’s work. One of Delbert’s students, Nart Villeneuve, suggested its first major project. Mr. Villeneuve, an antiglobalization activist and self-taught hacker, had learned about the possibility of internet censorship through his association digital activist groups.

Villeneuve set out to build a network of contacts in countries that were likely to encounter blocked content and to design the software that would help him expose it. In 2003, Villeneuve and Delbert published their first report, setting up side-by-side computer screens to demonstrate how the results of internet searches were different depending on which country the search was conducted in. 

The research eventually grew into a partnership with Harvard University and became the high-impact Open Net Initiative, which produced annual reports on internet censorship in more than 30 countries over 10 years. 

The Citizen Lab’s focus shifted toward a focus on civil society and exposing corporations that sell software to repressive regimes and Deibert says it would no longer take on a project like the Open Net initiative. But the principles behind it still form the backbone of most of the work that Citizen Lab takes on.

Deibert believes that the threat from cyberespionage and online censorship is growing quickly, especially as ordinary citizens embrace digital technology and governments aggressively push cybersecurity policies. He argues that makes his lab’s work more urgent than ever and points to the discovery of the NSO Group’s iPhone breach as an example. 

“The challenge drives me. You become addicted to the investigation,” he says. “I’ve seen how it can be successful and I think the desire to repeat that drives part of what of I do.” 

Researchers v. spies

That sort of addiction is also part of what motivates Bill Marczak, a Berkeley, Calif.,-based Citizen Lab fellow who helped expose NSO Group's activities.

“One thing I want in life is to feel like my work is having an impact somewhere. I want to feel like I’m improving the world,” says Mr. Marczak, a PhD candidate at the University of California at Berkeley, and a long-time computer nerd whose mother designed musical computer programs for him as a child. 

Marczak first made an impact in Bahrain in 2012. He had lived there with his parents while he was in high school. After returning to the US, he set up the organization Bahrain Watch to help activists trace the source of digital weapons used against them. 

When one of his contacts received a suspicious email, Marczak suspected it might be spyware and contacted The Citizen Lab. That led to research for his first paper with the lab, which revealed that a British company had sold sophisticated digital surveillance tools to some of the world’s most repressive regimes.  

“I wouldn’t say it was a surprise but it was really exciting to be able to establish this,” he says. 

Marczak has worked with the lab since and his network of contacts has proved to be invaluable. He first learned about the possibility of a widespread iPhone breach near midnight one evening last August, as he prepared to go to bed. Again, the tip came from one of his contacts, Bahraini activist Ahmed Mansour, who sent him a tip via email.

Like Deibert, Marczak believes that the digital world is becoming more dangerous than most people understand. He says he knows he can’t stop governments or corporations from spying but takes pride in the fact he can slow them down. 

“One of the only things I can do with my research is to raise the cost of doing these things,” he says. “If you can catch them in action, the naming and shaming, that’s a pretty powerful tool.”