In what follows, I first provide a summary of the Citizen Lab’s recent investigation into the security of Zoom’s video conferencing application, and the company’s responses. I then discuss a broader range of digital security risks that are relevant to the work-from-home routines that MPs and their staff are following. Finally, I conclude with six recommendations.

يفحص هذا التقرير التشفير الذي يحمي الاجتماعات في تطبيق Zoom الرائج. وجدنا أن Zoom لديه نظام تشفير “خاص به” ، ويحتوي على نقاط ضعف كبيرة. بالإضافة إلى ذلك حددنا نقاط تثير القلق في البنية التحتية لـ Zoom ، بما في ذلك نقل مفاتيح التشفير للاجتماعات عبر الصين.

This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.

New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.

This comprehensive Toronto Star profile provides an overview of the Citizen Lab’s work, impact, and history, mapping our journey from a initial Ford Foundation grant to an organization with 18 staff and a dozen research fellows.

As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.

This report presents results from a series of research projects that measured responses to personal data requests from telecommunication companies and Internet Service Providers across jurisdictions in Asia including Australia, Hong Kong, South Korea, Indonesia, and Malaysia. Overall, the projects found responses from telecoms were incomplete and in some cases did not follow what is required by law.

CLSI brings together academics, researchers, activists, and frontline workers and asks them to address some of the most pressing issues at the intersection of digital security and human rights.

This campaign is the first documented case of one-click mobile exploits used to target Tibetan groups, and reflects an escalation in the sophistication of digital espionage threats targeting the community.

This year, Citizen Lab researchers will present on issues ranging from WeChat image filtering to the methodologies used for identifying commercial spyware abuses.