In what follows, I first provide a summary of the Citizen Lab’s recent investigation into the security of Zoom’s video conferencing application, and the company’s responses. I then discuss a broader range of digital security risks that are relevant to the work-from-home routines that MPs and their staff are following. Finally, I conclude with six recommendations.

This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.

New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.

This comprehensive Toronto Star profile provides an overview of the Citizen Lab’s work, impact, and history, mapping our journey from a initial Ford Foundation grant to an organization with 18 staff and a dozen research fellows.

As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.

English العربية Español   ¿Qué es esto? Esta página está destinada ÚNICAMENTE para los usuarios de Android que han recibido una notificación oficial sobre la posibilidad de haber sido objetivo de un ataque en un incidente relacionado con el software espía desarrollado por NSO Group ocurrido en la primavera del 2019. Si no has recibido… Read more »

English العربية Español ما هذا؟ هذه الصفحة مخصصة فقط لمستخدمي Android الذين تلقوا اتصالًا رسميًا باستهداف محتمل في حادثة تتعلق ببرامج التجسس الخاصة بـ NSO Group والتي حدثت في ربيع عام 2019. في حال لم يتم التواصل معك، فمن المرجح ألا تكون هذه النصيحة مناسبة لك. إذا كنتكنت تبحث عن نصائح عامة حول كيفية رفع… Read more »

English العربية Español What Is This? This page is intended ONLY for Android users receiving an official outreach of possible targeting in an incident related to NSO Group’s spyware that took place in Spring 2019. If you did not get such an outreach, this advice is probably not right for you. If you are looking… Read more »

This report presents results from a series of research projects that measured responses to personal data requests from telecommunication companies and Internet Service Providers across jurisdictions in Asia including Australia, Hong Kong, South Korea, Indonesia, and Malaysia. Overall, the projects found responses from telecoms were incomplete and in some cases did not follow what is required by law.