The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. Founded and directed by Professor Ronald Deibert, the Citizen Lab studies information controls—such as network surveillance and content filtering—that impact the openness and security of the Internet and that pose threats to human rights. The Citizen Lab collaborates with research centres, organizations, and individuals around the world, and uses a "mixed methods" approach, which combines computer-generated interrogation, data mining and analysis with intensive field research, qualitative social science, and legal and policy analysis methods.
The Citizen Lab was a founding partner of the OpenNet Initiative (2002-2013) and the Information Warfare Monitor (2002-2012) projects. The organization also developed the original design of the Psiphon censorship circumvention software, which was spun out of the Lab into a private Canadian corporation (Psiphon Inc.) in 2008.
The Citizen Lab’s research outputs have made global news headlines around the world. For example, front page exclusives in the New York Times, Washington Post, and Globe and Mail. In Tracking Ghostnet (2009) researchers uncovered a suspected cyber espionage network of over 1,295 infected hosts in 103 countries, a high percentage of which were high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. This seminal study was one of the first public reports to reveal a cyber espionage network that targeted civil society and government systems around the world. In Shadows in the Cloud (2010), researchers documented a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the offices of the Dalai Lama, the United Nations, and several other countries.
The Citizen Lab has won a number of awards for its work. It is the first Canadian institution to win the MacArthur Foundation’s MacArthur Award for Creative and Effective Institutions (2014) and the only Canadian institution to receive a “New Digital Age” Grant (2014) from Google Executive Chairman Eric Schmidt. Past awards include the Canadian Library Association's Advancement of Intellectual Freedom in Canada Award (2013), the Canadian Committee for World Press Freedom’s Press Freedom Award (2011), and the Canadian Journalists for Free Expression’s Vox Libera Award (2010).
In July 2014, Citizen Lab was profiled in the Ars Technica article, Inside Citizen Lab, the “Hacker Hothouse” protecting you from Big Brother.
The Citizen Lab is independent of government or corporate interests. Financial support for the Citizen Lab has come from the Ford Foundation, the Open Society Institute, the Social Sciences and Humanities Research Council of Canada, the International Development Research Centre (IDRC), the Canada Centre for Global Security Studies at the University of Toronto’s Munk School of Global Affairs, the John D. and Catherine T. MacArthur Foundation, the Donner Canadian Foundation, the Open Technology Fund, and The Walter and Duncan Gordon Foundation. The Citizen Lab has received donations of software and support from Palantir Technologies, VirusTotal, and Oculus Info Inc.
The Citizen Lab’s Targeted Threats research stream seeks to gain a better understanding of the technical and social nature of digital attacks against civil society groups and the political context that may motivate them. The Citizen Lab conducts ongoing comparative analysis of a growing spectrum of online threats, including Internet filtering, denial-of-service attacks, and targeted malware. Targeted Threats reports have covered a number espionage campaigns and information operations against the Tibetan community and diaspora, phishing attempts made against journalists, human rights defenders, political figures, international investigators and anti-corruption advocates in Mexico, and a prominent human rights advocate who was the focus of government surveillance in the United Arab Emirates. Citizen Lab researchers and collaborators like the Electronic Frontier Foundation have also revealed several different malware campaigns targeting Syrian activists and opposition groups in the context of the Syrian Civil War. Many of these findings were translated into Arabic and disseminated along with recommendations for detecting and removing malware.
The Citizen Lab’s research on threats against civil society organizations has been featured on the front page of BusinessWeek, and covered in Al Jazeera, Forbes, Wired, among other international media outlets.
The group reports that their work analyzing spyware used to target opposition figures in South America has triggered death threats. In September 2015 members of the group received a pop-up that said:
The OpenNet Initiative has tested for Internet filtering in 74 countries and found that 42 of them—including both authoritarian and democratic regimes—implement some level of filtering.
The Citizen Lab is continuing this research area through the Internet Censorship Lab (ICLab), a project to develop new systems and methods for measuring Internet censorship. It is a collaborative effort between The Citizen Lab, Professor Phillipa Gill’s group at Stony Brook University's Department of Computer Science, and Professor Nick Feamster’s Network Operations and Internet Security Group at Princeton University.
Previous work includes investigations of censorship practices of search engines provided by Google, Microsoft, and Yahoo! for the Chinese market along with the domestic Chinese search engine Baidu. In 2008, Nart Villeneuve found that TOM-Skype (the Chinese version of Skype at the time) had collected and stored millions of chat records on a publicly accessible server based in China. In 2013, Citizen Lab researchers collaborated with Professor Jedidiah Crandall and Ph.D. student Jeffrey Knockel at the University of New Mexico to reverse engineering of TOM-Skype and Sina UC, another instant messaging application used in China. The team was able to obtain the URLs and encryption keys for various versions of these two programs and downloaded the keyword blacklists daily. This work analyzed over one year and a half of data from tracking the keyword lists, examined the social and political contexts behind the content of these lists, and analyzed those times when the list had been updated, including correlations with current events.
Current research focuses on monitoring information controls on the popular Chinese microblogging service Sina Weibo, Chinese online encyclopedias, and mobile messaging applications popular in Asia. The Asia Chats project utilizes technical investigation of censorship and surveillance, assessment on the use and storage of user data, and comparison of the terms of service and privacy policies of the applications. The first report released from this project examined regional keyword filtering mechanisms that LINE applies to its Chinese users.
Analysis of a popular cellphone app called "Smart Sheriff", by Citizen Lab and the German group Cure53, asserted the app represented a security hole that betrayed the privacy of the children it was meant to protect and that of their parents. South Korean law required all cellphones sold to those under 18 to contain software designed to protect children, and Smart Sheriff was the most popular government approved app—with 380,000 subscribers. The Citizen Lab/Cure53 report described Smart Sheriff's security holes as "catastrophic".
FinFisher is a suite of remote intrusion and surveillance software developed by Munich-based Gamma International GmbH and marketed and sold exclusively to law enforcement and intelligence agencies by the UK-based Gamma Group. In 2012, Morgan Marquis-Boire and Bill Marczak provided the first public identification of FinFisher's software. The Citizen Lab and collaborators have done extensive investigations into FinFisher, including revealing its use against Bahraini activists, analyzing variants of the FinFisher suite that target mobile phone operating systems, uncovering targeted spying campaigns against political dissidents in Malaysia and Ethiopia, and documenting FinFisher command and control servers in 36 countries. Citizen Lab's FinFisher research has informed and inspired responses from civil society organizations in Pakistan, Mexico, and the United Kingdom. In Mexico, for example, local activists, and politicians collaborated to demand an investigation into the state’s acquisition of surveillance technologies. In the UK, it led to a crackdown on the sale of the software over worries of misuse by repressive regimes.
Hacking Team is a Milan, Italy-based company that provides intrusion and surveillance software called Remote Control System (RCS) to law enforcement and intelligence agencies. The Citizen Lab and collaborators have mapped out RCS network endpoints in 21 countries, and have revealed evidence of RCS being used to target a human rights activist in the United Arab Emirates, a Moroccan citizen journalist organization, and an independent news agency run by members of the Ethiopian diaspora. Following the publication of Hacking Team and the Targeting of Ethiopian Journalists, the Electronic Frontier Foundation and Privacy International both took legal action related to allegations that the Ethiopian government had compromised the computers of Ethiopian expatriates in the United States and UK.
In 2017, the group released several reports that showcased phishing attempts in Mexico that used NSO Group technology, an Israeli-based “cyber warfare firm”. The products were used in multiple attempts to gain control of mobile devices of Mexican government officials, journalists, lawyers, human rights advocates and anti-corruption workers. The operations used SMS messages as bait in an attempt to trick targets into clicking on links to the NSO Group’s exploit infrastructure. Clicking on the links would lead to the remote infection of a target’s phone. In one case, the son of one of the journalists—a minor at the time—was also targeted. NSO, who purports to only sell products to governments, also came under the group’s focus when prominent UAE human rights defender Ahmed Mansoor’s mobile phone was targeted. The report on these attempts prompted Apple to release a security update to their iOS 9.3.5.
The Citizen Lab’s research on surveillance software has been featured on the front pages of the Washington Post and the New York Times and covered extensively in news media around the world, including the BBC, Bloomberg, CBC, Slate, and Salon.
The Citizen Lab’s research on commercial surveillance technologies has resulted in legal and policy impacts. In December 2013, the Wassenaar Arrangement was amended to include two new categories of surveillance systems on its Dual Use control list—“intrusion software” and “IP Network surveillance systems”. The Wassenaar Arrangement seeks to limit the export of conventional arms and dual-use technologies by calling on signatories to exchange information and provide notification on export activities of goods and munitions included in its control lists. The amendments in December 2013 were the product of intense lobbying by civil society organizations and politicians in Europe, whose efforts were informed by Citizen Lab’s research on intrusion software like FinFisher and surveillance systems developed and marketed by Blue Coat Systems.
The Citizen Lab studies the commercial market for censorship and surveillance technologies, which consists of a range of products that are capable of content filtering as well as passive surveillance.
The Citizen Lab has been developing and refining methods for performing Internet-wide scans to measure Internet filtering and detect externally visible installations of URL filtering products. The goal of this work is to develop simple, repeatable methodologies for identifying instances of internet filtering and installations of devices used to conduct censorship and surveillance.
The Citizen Lab has conducted research into companies such as Blue Coat Systems, Netsweeper, and SmartFilter. Major reports include "Some Devices Wander by Mistake: Planet Blue Coat Redux" (2013), "O Pakistan, We Stand on Guard for Thee: An Analysis of Canada-based Netsweeper’s Role in Pakistan’s Censorship Regime" (2013), and Planet Blue Coat: Mapping Global Censorship and Surveillance Tools (2013).
Following the 2011 publication of "Behind Blue Coat: Investigations of Commercial Filtering in Syria and Burma", Blue Coat Systems officially announced that it would no longer provide “support, updates. or other services” to software in Syria. In December 2011, the U.S. Department of Commerce's Bureau of Industry and Security reacted to the Blue Coat evidence and imposed a $2.8 million fine on the Emirati company responsible for purchasing filtering products from Blue Coat and exporting them to Syria without a license.
Citizen Lab's Netsweeper research has been cited by Pakistani civil society organizations Bytes for All and Bolo Bhi in public interest litigation against the Pakistani government and in formal complaints to the High Commission (Embassy) of Canada to Pakistan.
The Citizen Lab is an active participant in various global discussions on Internet governance, such as the Internet Governance Forum, ICANN, and the United Nations Government Group of Experts on Information and Telecommunications.
Since 2010, the Citizen Lab has helped organize the annual Cyber Dialogue conference, hosted by the Munk School of Global Affairs’ Canada Centre, which convenes over 100 individuals from countries around the world who work in government, civil society, academia, and private enterprise in an effort to better understand the most pressing issues in cyberspace. The Cyber Dialogue has a participatory format that engages all attendees in a moderated dialogue on Internet security, governance, and human rights. Other conferences around the world, including a high-level meeting by the Hague-based Scientific Council for Government Policy and the Swedish government’s Stockholm Internet Forum, have taken up themes inspired by discussions at the Cyber Dialogue.
The Citizen Lab contributes to field building by supporting networks of researchers, advocates, and practitioners around the world, particularly from the Global South. The Citizen Lab has developed regional networks of activists and researchers working on information controls and human rights for the past ten years. These networks are in Asia (OpenNet Asia), the Commonwealth of Independent States (OpenNet Eurasia), and the Middle East and North Africa.
With the support of the International Development Research Centre (IDRC), the Citizen Lab launched the Cyber Stewards Network in 2012, which consists of South-based researchers, advocates, and practitioners who analyze and impact cybersecurity policies and practices at the local, regional, and international level. The project consists of 24 partners from across Asia, sub-Saharan Africa, Latin America, and the Middle East and North Africa including 7iber, OpenNet, and the Centre for Internet and Society.
Citizen Lab staff also work with local partners to educate and train at-risk communities. For example, in 2013 it collaborated with the Tibet Action Institute to hold public awareness events in Dharamshala, India, for the exiled Tibetan community on cyber espionage campaigns. In the winter of 2013, the Citizen Lab conducted a digital security training session for Russian investigative journalists at the Sakharov Center in Moscow.
The Citizen Lab's work is often cited in media stories relating to digital security, privacy controls, government policy, human rights, and technology. Since 2006, they have been featured on 22 front-page stories at publications including the New York Times, Washington Post, Globe and Mail and International Herald Tribune.
Since 2013, Citizen Lab has hosted the Summer Institute on Monitoring Internet Openness and Rights as an annual research workshop at the Munk School of Global Affairs, University of Toronto. It brings together researchers and practitioners from academia, civil society, and the private sector who are working on Internet openness, security, and rights. Collaborations formed at CLSI workshops have led to publication of high impact reports on Internet filtering in Zambia, a security audit of child monitoring apps in South Korea, and an analysis of the "Great Cannon", an attack tool in China used for large scale distributed-denial of service attacks against Github and GreatFire.org.
BPR interviewed Ronald Deibert, director of Citizens Lab at the Munk School of Global Affairs, University of Toronto, an interdisciplinary research organization focusing at the intersection of internet, global security and human rights. They have worked for the office of the Dalai Lama.
Researchers said Packrat sent a top Argentine journalist, Jorge Lanata, the identical virus that Nisman received a month before his death.
But researchers from Citizens Lab, a research group based at the University of Toronto, and Cure53, a German software company, released two reports in September finding that Smart Sheriff had a variety of security issues that it made it vulnerable to hackers and put children and parents’ personal information at risk.
Pulling the plug on Smart Sheriff was “long overdue,” said independent researcher Collin Anderson, who worked with Internet watchdog group Citizen Lab and German software auditing firm Cure53 to comb through the app’s code.