Profile of the Citizen Lab

Aired on CBC Radio-Canada’s “Une Heure Sur Terre”
November, 2008

The program provides an overview of the Lab, our research on information warfare, Nart Villeneuve’s Skype report, the OpeNet Initiative, and our psiphon circumvention software project.

Breaching Trust

I am pleased to announce our release of a major investigative report, Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform, written by Nart Villeneuve, Psiphon Fellow, the Citizen Lab, at the Munk Centre for International Studies, the University of Toronto.

The full report can be downloaded here.

John Markoff of the New York Times has just released a story about the report, which will appear in tomorrow’s paper, but can be found online here.

Major Findings of this report are as follows:

  • The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
  • These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
  • The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
  • Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

As my colleague Rafal Rohozinski and I say in the foreword to the report, “If there was any doubt that your electronic communications – even secure chat – can leave a trace, Breaching Trust will put that case to rest. This is a wake up call to everyone who has ever put their (blind) faith in the assurances offered up by network intermediaries like Skype. Declarations and privacy policies are no substitute for the type of due diligence that the research put forth here represents.”

Citizen spy fights to uphold our rights

Vancouver Sun
Saturday, June 28, 2008

by Daphne Bramham

A professor from Vancouver says what was once an open global space is now being carved up, colonized and militarized. From TheVancouverSun

In many countries, Ron Deibert would be considered a traitor or a terrorist. Under some circumstances, he might even be considered one in Canada.

Deibert is a citizen spy, singled out as a hero to people who care about human rights and civil society by such diverse publications as Wired and Esquire.

Born, raised and educated in Vancouver, Deibert runs the Citizen Lab at the University’s of Toronto’s Munk Centre for International Studies. It’s described as “an interdisciplinary research and development hothouse working at the intersection of the Internet and human rights.”

Deibert is also co-founder and a principal investigator of the OpenNet Initiative, a research and advocacy project that examines Internet censorship and surveillance worldwide. And he directs the Psiphon censorship circumvention software project.

“What we’ve done implicitly is borrow the methods and organizational structure as well as the technical and human-based intelligence that is used by state and national security forces. We’re the global or civil society counter-intelligence organization,” he said in a telephone interview before taking off for Thailand.

He’s there to teach activists and journalists in Southeast Asia how to use the Psiphon software to do things like send video via cellphone — video of demonstrations, police crackdowns and so on that would never get past some governments’ censors

If you only use the Internet to do e-mail and share family photos, you probably haven’t thought much about barriers and spies in cyberspace. But Deibert figures we all should.

“We have many urgent problems — global degradation, weapons of mass destruction and so on. We have increasingly finite political spaces and those are becoming even smaller. With that as a starting point, it seems to me that there is an obvious need for some kind of global place where citizens can share information and communicate.

“The Internet once held the promise of becoming the global public space … but it is being carved up, colonized and militarized. We need to protect this forum where ideas can be exchanged freely because it is quickly being lost.”

When Deibert testified before the U.S.-China Economic and Security Review Commission last week, he talked about American firms’ role in China’s control of the media. He said that not only do some software firms write the blocking programs, American search-engine companies such as Google, Yahoo! and MSN may be worse than the Chinese government when it comes to suppressing information.

Deibert and his colleague Nart Villeneuve have found wild variations between the number and kind of sites that Google blocks versus what Yahoo! and others do.

The companies do what Deibert calls “anticipatory over-blocking, in which content not officially blocked by China ends up being filtered because of the eagerness of search engines.”

It’s partly because of China’s purposeful vagueness, which could also be an issue for foreign journalists covering the Beijing Olympics. In the journalists’ “service” guide, tucked between warnings not to bring poisonous snakes or “big white mice,” journalists are forbidden from importing “printed matters, tapes and A&V discs, storage media for computers and other articles which are harmful to the political, economic, cultural and moral interest of China.”

It sets a minefield even for those who want to be compliant.

Deibert is skeptical that China will live up to its contract with the International Olympic Committee that guarantees journalists unfettered access to the Internet during the Games. It’s more likely, he says, that China will do just enough to give outsiders the impression of compliance.

At official Olympic sites, foreign journalists will likely be given IP — Internet Provider — addresses that will be recorded and passed on to the routers. The routers will be instructed to allow those IPs through the censors.

But Deibert suspects that foreign journalists who wander from the hard-wired Olympic sites to cafes or even cities not hosting Games events will run into the censors.

Of course, China has already unblocked BBC’s English website, garnering favourable news stories. But Deibert says the Chinese site remains blocked, suggesting that, during the Olympics, English-language sites dealing with sensitive subjects — the Tiananmen Square massacre, Tibet, Falun Gong and Taiwan’s independence — will be open, but the Chinese ones won’t.

After the Games, Deibert is under no delusion. The great wall will rise again.

It’s because of that kind of censorship that the Citizen Lab’s hackers have developed free software to get around the filters, allowing journalists, human rights activists and others to send and receive sensitive material as well as collect information on what governments are trying to keep secret.

It’s risky business. Deibert won’t be specific, but some Psiphon users have been jailed in countries with the most pervasive Internet censorship — Iran, Saudi Arabia, Uzbekistan, Burma, Vietnam and China.

Cyber-dissidents disappear or are jailed all the time. More than 30 are in jail in China. Earlier this month, Reporters Without Borders reported the kidnapping of Huang Qi, who runs the human-rights website 64Tianwang in Sichuan. A few day earlier, retired university professor Zheng Honling was arrested. Both Huang and Zheng have posted Web articles critical of the government’s handling of food aid following last month’s earthquake.

But it’s not just China. Since the OpenNet Initiative began its monitoring in 2004, every year governments of all political persuasions have made the free flow of information more difficult and put more energy into spying on their own citizens’ Internet use.

They are not China and Uzbekistan, but Canada and the United States block, censor and spy on their citizens as well.

In Canada, Deibert says, there is “a considerable degree of surveillance and it is largely unaccountable. It’s part of the U.S.-led electronic intelligence cooperation that is rarely talked about.”

American telecommunications companies are required by law to install the capacity for police, the Federal Bureau of Investigations and the Central Intelligence Agency to eavesdrop on all their traffic. And since seven of the nine biggest telecom operators in the world are American, well, you get the picture.

More ominously, Deibert says the American government is openly talking about taking down any information source, anywhere in the world, that’s strategically threatening to its interests.

More than 20 civil suits are pending in the United States by individuals — mainly Muslim, Middle Eastern or South Asian — who had laptops, cellphones or other electronics seized by U.S. Homeland Security, which subsequently duplicated the information on those devices.

At least one court has already ruled that it’s legal for agents to search and seize electronics without suspicion, just as they’re allowed to search your purse or briefcase.

Yet, ironically, the U.S. government is warning its citizens travelling to the Beijing Olympics that their laptops may be targeted by Chinese government spies hoping to steal business and trade secrets.

So while there can be good reasons for some filters and spying — child-luring and child pornography are two — pretty quickly, the line blurs between what is in the public interest and what is a serious privacy breach.

Little more than 30 years ago a U.S. president was forced from the White House for tapping phones and planting bugs in his enemies’ office.

Yet these days, Deibert and his lab mates are considered mavericks for defending the value of liberal democracy and civil society that our governments were elected to uphold.

[email protected]

© The Vancouver Sun 2008

China’s Overeager American Censors

Published on Forbes.com
June 20, 2008

Practically every U.S.-owned search engine has caved to the Chinese government’s demands that they censor political Web sites in China. But none of them seem to agree on just what sites need censoring. Google, at times, blocks Chinese users’ access to the BBC while Yahoo! permits it. Yahoo! sometimes filters out Voice of America–Google doesn’t. And Microsoft removes entries from the Chinese version of Wikipedia from its results while every other search engine includes them–even the dominant Chinese search engine Baidu.com.

Confused? So are the search engines themselves, says Nart Villeneuve, a researcher at the University of Toronto’s Open Net Initiative. In a study released on Wednesday, he points to the wild variation in search engine censorship in China as a sign that the Chinese government isn’t handing companies a uniform list of censored sites but leaving them to guess at which sites are contraband.
————————
In a congressional hearing before the U.S.-China Economic and Security Review Commission on Wednesday, ONI director Ron Deibert held up the study as evidence of the complicity of U.S. firms in China’s control of the media. Worse, he argued, they seemed to be doing more than China’s dictators required to repress information.

“This kind of self-selection raises the prospect of anticipatory over-blocking, in which content not officially blocked by China ends up being filtered because of the eagerness of search engines,” Deibert said.

Read the entire article here

Read the my testimony to US Congress here

Read Nart’s research paper here

Media Coverage of Citizen Lab and OpenNet Initiative at WSIS/Tunisia

The OpenNet Initiative’s Tunisia Report generated considerable coverage, a lot of which features The Citizen Lab’s very own Director of Technical Research, Nart Villeneuve. Nart compiled the list below for archival purposes.

BBC – Controversy dogs UN net gathering (pdf)
BBC – Tunisia slated over net controls (pdf)
BBC – Hungry for net freedom in Tunisia (pdf)
Reuters – Rights group faults Tunisia on Internet censorship (pdf)
Times Online – Read all about it. But be quick (pdf)
VOA – Information Summit Closes Amid Criticism of Tunisian Censorship (pdf)
Inter Press Service – Activists Give a Crash Course in Overcoming Electronic Hurdles
South China Morning Post – TUNISIA: Study says Tunisia centralises web filtering
Le Monde – Les ONG accusent quinze Etats de censurer la liberté d’expression sur Internet (pdf)
Libération – «Le spectre du filtrage n’a jamais été aussi large» (pdf)
OpenNet Initiative – World Summit Opening in a Closed Society: Tunisia’s Approach to Internet Filtering Contradicts the Objectives of an ‘Open’ Information Society