On December 15, 2022, as part of our regular re-analysis of past cases to find additional spyware infection indicators and details, we discovered that a researcher had misread the labels assigned to two individuals’ results, leading to a confusion between phones owned by two people with the same initials who were part of the same… Read more »

Police led mass iris scan collection in Qinghai, a region with a population that is 49.4% non-Han, including Tibetans and Hui Muslims. Iris scan collection is part of long-standing police intelligence gathering programs. Through this data collection, Qinghai’s police are effectively treating entire communities as populated by potential threats to social stability.

Analysis and recommendations pertaining to the collection of de-identified mobility data and its use in Canadian privacy law. In this explainer, we discuss our findings and recommendations with Amanda Cutinha and Christopher Parsons, the report’s authors.

We investigate the collection of mobility data by the federal government of Canada, its legality under the existing and proposed privacy regime, and proposed recommendations for the reform of draft Bill C-27 which would address many of the issues in the governance of mobility data.

Key findings and recommendations from the House of Commons Standing Committee on Access to Information, Privacy and Ethics on the use and impact of facial recognitioon, along with some concerns.

Citizen Lab fellow Cynthia Khoo appeared before the House of Commons Standing Committee on Access to Information, Privacy and Ethics (ETHI) as a witness in the Committee’s study on the use and impact on facial recognition technology. She was invited to provide testimony on the potential harms and human rights implications of facial recognition, including recommendations for how the Government of Canada should regulate such technology.

This report offers 30 recommendations to the draft legislation in an effort to correct its secrecy and accountability deficiencies, while also suggesting amendments which would impose some restrictions on the range of powers that the government would be able to wield. It is important that these amendments are seriously taken up due to the sweeping nature of the legislation.

Mexican digital rights organization R3D, with technical support from the Citizen Lab, has determined that Mexican journalists and a human rights defender were infected with Pegasus between 2019 and 2021. The infections occurred years after the first revelations of Pegasus abuses in Mexico, and after Mexico’s current President assured the public that the government no longer used the spyware, and that there would be no further abuses.

We identified a network of 885 websites and attributed these websites with high confidence as having been used by the United States (US) Central Intelligence Agency (CIA) for covert communication.

We find that mass DNA collection in Tibet is another mass DNA collection campaign conducted under the Xi Jinping administration (2012–present), along with the mass DNA collection campaign in the Xinjiang Uyghur Autonomous Region and the police-led national program of male DNA collection.