Report
Given our experiences, we have specific recommendations for how any federal commercial privacy legislation must be amended to better protect individuals from the predations and power of private organizations. In making our recommendations we have chosen to focus almost exclusively on the Openness and Transparency, Access to and Amendment of Personal Information, and Whistleblower sections of Bill C-11.
A comparative analysis of security, privacy, and censorship issues in TikTok and Douyin, both developed by ByteDance.
As part of the Citizen Lab’s research into the security and privacy of applications, we report on issues we discovered with three COVID-related applications in Indonesia and the Philippines – PeduliLindungi, StaySafe PH, and COVID-KAYA.
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
The solution to Canada’s 5G problems will not be found in policies that principally address one company. Instead, a robust and vendor-neutral approach is required.
Circles is a surveillance firm that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe, and is affiliated with NSO Group, which develops the oft-abused Pegasus spyware. Using Internet scanning, we found a unique signature associated with the hostnames of Check Point firewalls used in Circles deployments, enabling us to identify Circles deployments in at least 25 countries.
This report contains a summary of the scoping study’s results and it proceeds as follows: first, it outlines the Lab’s work on gender and digital security; second, it maps the landscape of research and advocacy in this field and discusses the interviews’ findings; and finally, it highlights some of the research gaps that are relevant to the Citizen Lab’s work.
COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.
This report examines algorithmic technologies that are designed for use in criminal law enforcement systems, including a human rights and constitutional law analysis of the potential use of algorithmic policing technologies.
As a follow-up to our March 2020 report, we conducted daily tests on WeChat and collected 2,174 censored keywords between January to May 2020. This data provides a view into how narratives and messaging on the pandemic are controlled and molded on social media in China.
