The Citizen Lab Summer Institute on Monitoring Internet Openness and Rights (CLSI) is an annual research workshop hosted at the Munk School of Global Affairs & Public Policy, University of Toronto. CLSI brings together academics, researchers, activists, and frontline workers and asks them to address some of the most pressing issues at the intersection of digital security and human rights. 

When CLSI was first organized in 2013, it recognized that the study of digital security and information controls was inherently interdisciplinary, yet research was organized into disciplinary silos. This disconnect made it difficult to effectively collaborate, so CLSI was formed to break down these disciplinary divides.

Collaborations formed at prior Summer Institute workshops have led to high impact projects including examining technology-facilitated violence within the stalkerware application industry (2018), analyzing national security and signals intelligence policy in Canada (2017), investigating censorship of the death of Liu Xiaobo on WeChat and Weibo (2017), conducting security audits of child monitoring apps in South Korea (2017, 2016, 2015), documenting Internet filtering in Zambia (2016), and exposing the “Great Cannon” (2014), an attack tool in China used for large scale distributed-denial of service attacks against Github and

CLSI 2019 continued this legacy of collaboration by assembling our largest plenum to date, with over 140 attendees, 30 percent of whom were new participants. This year also introduced two new research streams on disinformation and gender and digital security. 

Below are summaries of the major research areas as well as profiles of specific sessions to illustrate the interdisciplinary work undertaken at CLSI.

Network Interference and Freedom of Expression Online

This area of research studies Internet filtering, network interference, and other technologies and practices that impact freedom of expression online. Important aspects of this stream include both the measurement and circumvention of network interference. 

Improving Test Lists for Use by Wider Audiences

In this workshop, participants were asked to contribute to lists that are used to evaluate Internet openness. URL test lists provide an extensive list of URLs with common categories and metadata that allow developers and researchers to perform measurements, build apps and write reports that are consistent and comparable internationally. By capturing the needs of more users, improvements could be made to the lists for wider adoption which would lead to them being better maintained, up to date, and more complete.

The session identified a variety of past and new issues and discussed possible solutions. Problems included duplicate URLs, outdated/broken links, misleading categories, and a lack of metadata for titles and descriptions. Solutions included regional breakdowns of URLS to avoid duplication, adding a column to mark URL status as current/historical, and forked lists with additional domain specific columns.

Magma: Info Controls Research Framework

Magma provides a research framework for people working on information controls and network measurements, especially in authoritarian contexts and high-risk areas. This framework is meant to enable them to properly structure an activity plan, to make informed choices regarding the required tools (including ethical and security aspects), as well as to analyze the data produced by such tools. This workshop sought to understand what further improvements could be implemented in existing network tools to increase their effectiveness.

According to the organizer, the session helped to better understand and map the community needs of the Magma guide. With the help of the participants, they identified the important and most valuable documentation elements that are required to be introduced first into the guide, as well as sections that were missing. This additionally led to a discussion on the framework’s review policy and quality work relating to network measurements and Internet censorship research methodology.

Surveillance and Counter Surveillance

What are the technologies, laws, and policies that enable targeted and passive surveillance? What are technologies and practices for preserving privacy and evading surveillance? This stream documents the prevalence and impact of information security threats against civil society groups.

Press Freedom and Surveillance: Challenges and Paths Forward

This session presented several questions about how best to enhance research on surveillance and opened up the floor for participants to contribute ways that they may strengthen their work globally. 

Organizers heard from a variety of journalists and surveillance research experts from around the world who they had not connected with previously about existing resources on media and surveillance, including research guidelines for vetting and prioritizing possible cases, academic research on newsroom behaviour, and how to improve adoption of surveillance consciousness.

Security Planner (Security Advice that Doesn’t Suck)

This session solicited feedback from CLSI participants on Citizen Lab’s Security Planner project as organizers prepare to update and overhaul the site. Facilitators sought feedback on the accuracy, relevance, accessibility, usability, and effectiveness of some of Security Planner’s most visited recommendations, as well as feedback on the design and usability of the tool overall. 

The workshop facilitator received valuable comments on the current iteration of Security Planner, both concerning the overall design of the site and the usefulness of its recommendations. The session additionally featured participants with varying cultural and professional backgrounds and levels of expertise, which greatly improved the discussion and quality of feedback received.

Gender and Digital Security

This newly introduced channel examines the intersection of gender, rights, information controls, and digital security. This includes looking at the impacts of network interference on the rights of women and LGTBQ groups as well as forms of technology-facilitated abuse and harassment.

Pop and Wit Feminism as a Tool Against Tech Patriarchy

Feminist digital storytelling is gaining strength every day as a form of resistance by summoning individuals to strategize against technological patriarchy. In this session, organizers explored how these narratives can be used to fight back the multiple forms of violence faced by women and gender dissidents. To this end, they presented two projects that use alternative narratives to draw attention to the technology-mediated forms in which women and gender dissidents are silenced, surveilled or controlled. Participants then broke into small groups to probe narratives that strengthen feminist movements through the construction of alternative, attractive and witty counter-speeches closer to pop culture, with the ultimate aim of reaching more audiences, of expanding resistance.

The workshop facilitators were able to inspire the participants to recognize creative and ingenious responses to the multiple forms of silencing, surveillance and policing faced by women and gender dissidents. Two ideas were presented: a humorous response to men seeking to occupy spaces gained by and for women, and the idea of a social media that funds women’s rights organizations from every expression of misogynist violence. Similarly, participants were able to share projects that rely on artistic creation to make visible the thousand ways of feminist resistance, like M.A.M.I museum by Coding Rights and “Curso sobre seguridad digital” by Sula Batsu.

Mobilizing Stalkerware Research for Security and Frontline Support

This session brought together security researchers and anti-virus engineers, frontline anti-violence and gender rights support workers, and related NGOs to discuss how to implement stalkerware research on the ground in their lines of work, and connect the three communities to address the stalkerware problem leveraging each other’s expertise.

Participants engaged in robust discussion and learned more about each other’s line of work: for instance, frontline support workers emphasized how they already work overtime unpaid and are not able to deal with anti-virus companies on top of that. Organizers and participants left with important takeaways such as there needing to be an NGO liaison between frontline support workers and tech companies in any concrete initiative, as connecting the two directly would be potentially re-traumatizing at worst for the former (where they are also survivors) and an unfeasible burden at best.

Policy and Transparency

This stream examines the transparency and accountability mechanisms relevant to the relationship between corporations and state agencies. This analysis is integral for any discussion of personal data and other surveillance activities and galvanizes researchers around issues of corporate involvement in data disclosure and enhanced government accountability. 

Airports and Privacy Practices: The Role of Airports Council International

The session explored airport spaces as privacy/surveillance sites. With anecdotal evidence on low or non-existent privacy safeguards, the session explored the role of Airports Council International and its role in upholding privacy standards. 

Session participants shared experiences on airports and privacy practices from Asia and Latin America, technical insight into how airports privacy blindspots have been exploited in the past, and focused on a major airport wifi provider and explored their business model. Participants showed interested in forming an airport and privacy working group which will explore research designs that can answer existing questions and coordinate future collaboration. 

Community Choice, Community Values: Advocating for Local Surveillance Regulation

This workshop was inspired by the Oakland, California City Council ordinance establishing rules for the city’s acquisition and use of surveillance equipment, and San Francisco’s facial recognition ban. One of the primary concerns around state uses of surveillance tools such as facial recognition, automatic license plate recognition (ALPR), and IMSI catchers (cell site simulators, “Stingrays”) is often a lack of accountability or transparency regarding their acquisition and use. There are some communities, particularly in the US, who have fought back against such secrecy via regulatory action. This session crowdsourced the answers to some basic questions researchers need to answer to pursue such a strategy in Toronto/Canada while learning from people who may have experience in their home city or region with similar regulations, or may know of other such initiatives. 

The session resulted in participants from various backgrounds exploring the range of issues communities face in relation to state surveillance, social and cultural differences in approaching surveillance, better understanding of different political realities, and advice from participants on strategies and approaches for advocacy, based on experience in complementary projects.