Research

A comparative analysis of security, privacy, and censorship issues in TikTok and Douyin, both developed by ByteDance.

The Citizen Lab’s response to the questionnaire of the U.N. Working Group on the use of mercenaries on the provision of military and security products and services in cyber space by cyber mercenaries and related actors and its human rights impact.

In order to contribute to the IPC’s deliberations in the triaging of its strategic priorities, this submission serves to provide particularized input with respect to the IPC’s public interest mandate in the oversight of law enforcement authorities when it comes to the use of algorithmic policing technology in Ontario.

On December 21, 2020 the Citizen Lab released a report that discovered issues with three COVID-related applications in Indonesia and the Philippines. This document provides a summary of the research findings and questions and answers from the research team.

As part of the Citizen Lab’s research into the security and privacy of applications, we report on issues we discovered with three COVID-related applications in Indonesia and the Philippines – PeduliLindungi, StaySafe PH, and COVID-KAYA.

Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.

On December 7, 2020, the Citizen Lab published a report that investigates Huawei, 5G technologies, and Canadian telecommunications issues. Drawing exclusively on open-source reporting, it finds that Canada does not have a Huawei problem, per se; it has a 5G strategy problem that is linked to the Government of Canada lacking a principle-driven set of integrated industrial, cyber security, and foreign policy strategies. This document provides a summary of the research findings and questions and answers from the research team.

The solution to Canada’s 5G problems will not be found in policies that principally address one company. Instead, a robust and vendor-neutral approach is required.

Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe, and is affiliated with NSO Group, which develops the oft-abused Pegasus spyware. Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments, enabling us to identify Circles deployments in at least 25 countries.