Citizen Lab Director Ron Deibert explains how the watchdog challenges governments and private companies
The Citizen Lab internet watchdog has been remarkably effective in holding governments and private sector companies to account for using information technology to put people at risk.
His digital sleuths from the University of Toronto’s Munk School of Global Affairs are best known for exposing abusive targeted spying, including through the use of hyper-intrusive spyware from Israel’s NSO group. Its Pegasus tool has been used to hack into and monitor dozens of journalists, human rights activists and dissidents around the world. In November, the US government blacklisted the NSO group and Apple sued it and notified the Pegasus victims.
Citizen Lab’s work elsewhere is less well known. It exposes digital espionage campaigns and insecure software, most recently an app created by the Chinese government for athletes, journalists and other foreigners participating in the Winter Olympics.
The Associated Press recently spoke with Citizen Lab director, 57-year-old political scientist and award-winning author, Ron Deibert. The interview has been edited for length and clarity.
Q: You founded Citizen Lab in 2001. How did that come about?
A: I was working on how intelligence agencies use satellite reconnaissance technology for arms control verification. It exposed me to a world I didn’t even know existed. I saw the mix of tools used to collect electronic evidence and wondered why something like this couldn’t be done in the public interest, on behalf of journalists, NGOs and human rights activists. ‘man. And what better place to do such evidence-based research – alongside people with technical skills that I didn’t have – than a university? I had all of this in mind when the Ford Foundation approached me to see if I was interested in a project on information technology and international security. So I introduced the lab as “counterintelligence for global civil society.” It was hubris at the time. I had no case to make such a claim. But here we are many years later, fulfilling that role.
Q: What do you consider Citizen Lab’s greatest contributions? And is it growing?
A: I think the biggest thing we’ve done is develop a reputation for highly credible, methodical, and unbiased research. We go where the evidence takes us and are beholden to no one. I was able to surround myself with very talented and very ethical people, most of whom could earn 5 to 6 times more in the private sector. We have about 25 full-time researchers and half a dozen fellows or affiliates. We can’t really grow much more. We are a professor’s lab and I have to do my due diligence properly. So we have to stay at that size.
Q: We seem to be at a perilous digital juncture. Experts say misinformation and cybercrime are rampant and online security is eroding. The public is losing confidence in digital systems. We seem to need a citizen lab in every country. What are your current challenges?
A: It seems to me, and a lot of people would agree, that the world is heading for a pretty dark time, some sort of global descent into authoritarianism coupled with all the sickness around social media, big tech and of artificial intelligence. The challenges grow and amplify, so we have no end of work. Since Apple made these notifications, it’s like we’re on a world tour of despotism (confirming Pegasus infections on victims’ phones). We are currently looking at the University of Toronto for a professor in information security and could potentially hire someone to offload some work and perhaps eventually replace me as lab director. Biggest Mission: We want to build more Citizen Labs – they don’t have to be called that! I would like to see 5-6 in the US and Europe. It is frustrating that more universities are not engaging in digital accountability research. I think it’s only a matter of time.
Q: You called ending the global spyware scourge a daunting challenge. You can’t see governments agreeing to ban it. So what can we collectively do to deter unethical cyber mercenaries?
A: I see three pillars of what can be done: first, investigative journalism is key to exposing abuses and more awareness needs to be done in civil society. Much more can also be done in the private sector. We need technology platforms to better protect their users against this threat. Both Apple and WhatsApp (a Facebook subsidiary that sued NSO Group in 2019) sent strong signals that they weren’t going to support it as they have in the past. We also need governments to act, like the Commerce Department did by blacklisting NSO. If we can get them to put in place export controls in the sector and pass laws allowing individuals to sue these companies – and perhaps even the foreign governments that hire them – a lot could be done. mitigate some of the damage we are seeing.