The Citizen Lab and the Canadian Internet Policy & Public Interest Clinic (CIPPIC) have collaborated to produce a report which provides timely legal analysis, political context, and historical background on the Communications Security Establishment Act and related provisions in Bill C-59 (An Act respecting national security matters), First Reading (December 18, 2017).

Ethiopian’s penchant for commercial spyware is notorious, as is its pattern of digital espionage against journalists, activists, and other entities—many of which are based overseas—that seek to promote government accountability and are therefore viewed as political threats. Yet the Ethiopian government and others like it have faced little pressure to cease this particular strain of digital targeting.

This report describes how Ethiopian dissidents in the US, UK, and other countries were targeted with emails containing sophisticated commercial spyware posing as Adobe Flash updates and PDF plugins. Targets include a US-based Ethiopian diaspora media outlet, a PhD student, a lawyer, and even a Citizen Lab researcher.

In September 2017, I was made aware of an account of sexual assault involving Morgan Marquis-Boire that coincided with a Citizen Lab event, the Cyber Dialogue, in 2014. At Citizen Lab, we take all instances and reports of sexual assault very seriously and this is no exception.

Claudio X. González, the director of Mexicanos Contra la Corrupción y la Impunidad (MCCI: Mexicans Against Impunity and Corruption), becomes the 22nd known individual abusively targeted with NSO’s spyware technology in Mexico.

Lawyers representing the families of three slain Mexican women were sent infection attempts with NSO Group’s Pegasus spyware after questioning official accounts of the killings.

The international investigation into the 2014 Iguala Mass Disappearance was targeted with infection attempts using spyware developed by the NSO group.

NSO Group’s Pegasus spyware and exploit framework were used in infection attempts against Mexican senators and senior politicians in June and July 2016.

Uncovering an operation using NSO Group’s Pegasus spyware and Trident exploit framework to target Mexican journalists, lawyers, and even a minor child.

Documents stolen from a prominent journalist and critic of the Russian government were manipulated and then released as a “leak” to discredit domestic and foreign critics of the government. We call this technique “tainted leaks.”