COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.

This annotated bibliography compiles and summarizes relevant literature on “digital transnational repression” (i.e., where states seek to exert pressure—using digital tools—on citizens living abroad in order to constrain, limit, or eliminate political or social action that threatens regime stability or social and cultural norms within the country). While transnational repression itself is not a new phenomenon, there has been limited research on how such repression is enabled and expanded by digital tools.

This submission outlines Canadian technology companies and the threat they pose to human rights abroad, as well as suggests mechanisms the Government of Canada’s RBC strategy can adopt to address the harmful impacts of Canadian-made technology. 

Amidst calls for reform in Togo, NSO Group’s spyware was used to target voices for change including a bishop, priest, and opposition politicians.

The encroachments to OTF highlight why independent and transparent funding sources for research and development on Internet freedom are so important. Providing this type of support within a large government organisation can be difficult. OTF was an example of how to do that right. Losing that example will be a loss not only to the practitioners and researchers that have grown through the support of OTF but the wider community of marginalized people they support. 

Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.

WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.

New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.

This campaign is the first documented case of one-click mobile exploits used to target Tibetan groups, and reflects an escalation in the sophistication of digital espionage threats targeting the community.

This document provides a high-level introduction to deep packet inspection, Internet filtering, and targeted intrusion dual-use technologies with the aim of familizaring the reader with their key technical features, the surrounding international human rights law framework, and some of the leading research to date on their deployment.