Canada and the Challenges of Cyberspace Governance and Security

When Canada stood with the United States and Britain in refusing to sign on to a new, statecontrolled future for the Internet, at December’s World Conference on Information Technology, it certainly made the federal government appear to be a stalwart champion of Internet freedom. But in reality, Canada’s approach to cyberspace governance and security has, at best, sent mixed signals about our commitment to Internet freedom. At worst, it has actually contributed to increasing on-line censorship and surveillance by the very undemocratic and illiberal regimes that Canada voted against at the conference. Unfortunately this is a dangerous time for Canada to wallow in aimlessness: when it comes to cyberspace governance and security, the momentum is headed in the direction of greater state control. As demographic realities indicate, Internet usage will increasingly belong to the global South and East, where freedom is an unsettled and elusive concept. If Canada truly seeks to guard against the Internet falling captive to the controls sought by repressive regimes, such as those in China and Russia, it will have to offer the world a compelling, competing vision that demonstrates integrity and dedication to genuine Internet freedom. Among other things, that means moving beyond traditional top-down, state-centred models of security, which are a poor fit for a decentralized, global, publicly shared, but largely privately developed, communications network. Imposing conventional, state led policing frameworks on cyberspace — for instance, in the name of fighting cyber crime — only provides legitimacy to regimes abroad when they bring their own state powers to censor Internet communications. It also means thinking more carefully about how much we should tolerate our Canadian technology developers continuing to supply tools of repression to the foreign regimes who seek to dominate their own people. Canada has the potential to take on a leadership role in showing the world what it means to truly stand for freedom in cyberspace. But providing global leadership will require that our own government commits to reducing state controls and surveillance here at home, encouraging greater transparency and checks on state power over the Internet, while enhancing privacy protections. Ultimately, the only way the Canadian government can truly help preserve and promote a decentralized and unfettered Internet for the world’s future is to demonstrate that it is genuinely committed to promoting the same thing here at home

Communities @ Risk: Targeted Digital Threats Against Civil Society

Produced by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.This study sought to gain greater visibility into the technical, social, and political nature of targeted digital threats to many of society’s most essential institutions. Citizen Lab researchers found that the technical sophistication of even the most successful attacks against civil society organizations (CSOs) tends to be low. Instead, attackers put more significant time and effort into crafting legitimate-looking email messages or other “lures” designed to bait targets into opening attachments or clicking on links (also known as social engineering). The content for these lures is often derived from information gathered from previous breaches of individuals in their organization or partners in their wider communities. Constant use of socially engineered attacks as bait erodes trust among those communities and creates disincentives around using the very communication technologies that are often seen as CSOs’ greatest asset

Geopolitics of cyberspace

Abstract: This educational event will offer an in-depth presentation and discussion about the growing geopolitical competition over cyberspace and its implications for global security. Drawing form research of the Citizen Lab, and in particular the Information Warfare Monitor's Ghostnet and Shadows in the Cloud, Ron Deibert will share prominent trends contributing to cyberspace contestation and will put forward unique perspectives on the broader implications for world politics and security.The Geopolitics of Cyberspace Ron Deibert Director, the Citizen Lab, University of Toronto [email protected] JR02-2009 Information Warfare Monitor Tracking GhostNet: http://www.infowar-monitor.net/ghostnet Investigating a Cyber Espionage Network March 29, 2009 JOINT REPORT: Information Warfare Monitor Shadowserver Foundation April 6, 2010 SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0 INFOWAR MONITOR JR03-2010 WEB VERSION. Also found here: http://shadows-in-the-cloud.net ASEAN Associated Press Deloitte and Touche United Nations Embassy of India, US Taiwan Stock Exchange Ministry of Foreign Affairs, Iran Dept of Foreign Affairs, Indonesia Embassy of Indonesia, China High Commission of India, UK NATO (Germany) Prime Minister’s Office, Laos ........ Selected Infections From: "[email protected]" Date: 25 July 2008 Subject: Translation of Freedom Movement ID Book for Tibetans in Exile Translation of Freedom Movement ID Book for Tibetans in Exile. Front Cover Emblem of the Tibetan government in Exile Script: Voluntary Contribution into common fund for Tibetan Freedom Movement Inside Cover Resolution was passed in the preliminary general body meeting of the Tibetan Freedom Movement held on July 30, 1972 that the Tibetan refugees in exile would promise for each individual’s share of the voluntary contribution into the Tibetan Freedom Movement Receipt book. This resolution was later reaffirmed by the 11th Tibetan People’s Deputies and passed into the law on April 01, 1992 (Tibetan King Year 2119) Until the last page of this book is used, the book stands valid until August 15, 2012 Date: August 16, 2008 Emblem of the Tibetan Government in Exile Official Signature Attachment: Translation of Freedom Movement ID Book for Tibetans in Exile.doc National Security Council Secretariat Indian Armed Forces Indian Defense Contractors Embassy of India, Kabul, Embassy of India, Moscow Embassy of India, US Consulate General of India, Dubai, High Commission of India in Abuja, Nigeria Indian Diplomatic and National Security Establishment “Secret” “Classified” “Restricted” Fusion Methodology Technical Interrogation accomplished through network probes, reconnaissance, and software-based tests Field Research undertaken by local experts in situ; interviews and tests Multi- Disciplinary Analysis Advanced data fusion, visualization & analysis Global Partnerships Transformation of Signals Intelligence • Cold War Sigint platforms: billions of dollars • Cyber-collection platform: Cost of deployment is near zero • Entered the age of DIY Sigint The Age of Auto-Surveillance By NART VILLENEUVE with a Foreword by Ron Deibert and Rafal Rohozinski November 12, 2010 KOOBFACE: Inside a Crimeware Network JR04-2010 WEB VERSION. Also found here: http://www.infowar-monitor.net/koobface INFOWAR MONITOR First Phase (1990s): Cyber Commons Liberal “hands off” state regulations; telecom development policies; dot-com boom; citizen mobilization Second Phase (2000s): Cyber Borders The unintended and perceived negative consequences of an unfettered Net lead to greater state and corporate intervention Present Phase (10s): Cyber Arms Race Cyberspace has become an object of intense geopolitical contestation among states and non-state actors alike Legal and Normative Measures Broad use of slander, libel and other laws to restrict information; create climate of self censorship Informal Requests And other pressures applied to ISPs and OSPs to “take down” or remove offensive posts or information that threatens “national security” Outsourcing/ Downloading Includes decisions taken by private companies to comply with spirit of local laws or to turn over information on users Just-in-Time Blocking Disabling or attacking critical cyberspace assets at key moments in time (e.g., elections, public demonstrations) Computer Network Attacks As a component of military action or low intensity conflict (e.g., Estonia, Russia-Georgia Patriotic Hacking Government security services informally encourage or tacitly approve actions of citizen groups -- China 50 cent party; Russian Targeted Surveillance/ hackers Social Malware attacks Infiltration of adversarial networks though targeted “social malware” and drive-by web exploits Militarization of Cyberspace Cyber Arms Race Cyber Arms Race Physical Sphere Code sphere Regulatory Idea Sphere Sphere The Perfect Storm The whole human memory can be, and probably in a short time will be, made accessible to every individual... It need not be concentrated in any one single place. It need not be vulnerable as a human head or a human heart is vulnerable. It can be reproduced exactly and fully, in Peru, China, Iceland, Central Africa, or wherever else seems to afford an insurance against danger and interruption. It can have at once, the concentration of a craniate animal and the diffused vitality of an amoeba. H.G. Wells “World Brain” 1937 For more info: opennet.net infowar-monitor.net citizenlab.or

Undercover of the Net : Surveillance, Privacy, and the Dark Side of Cyberspace

Professor Deibert is Director of the Canada Centre for Global Security Studies and the Citizen Lab at the Munk School of Global Affairs, University of Toronto. The Citizen Lab is an interdisciplinary research and development hothouse working at the intersection of the Internet, global security, and human rights. He was one of the authors of the Tracking Ghostnet report that documented an alleged cyber-espionage network affecting over 1200 computers in 103 countries, and the Shadows in the Cloud report, which analyzed a cloud-based espionage network. He is the author of the forthcoming book Black Code: the battle for the future of cyberspace (McClelland & Stewart, 2013). He has been a consultant and advisor to governments, international organizations, and civil society/NGOs on issues relating to cyber security, cyber crime, online free expression, and access to information.Non UBCUnreviewedResearche

Distributed Security as Cyber Strategy: Outlining a Comprehensive Approach for Canada in Cyberspace

This article is reprinted with the kind permission of the Canadian Foreign & Defence Institute

QQ浏览器存在的隐私与安全隐患

The authors would like to thank Sarah McKune and Masashi Crete-Nishihata for assistance and peer review on this report.This report describes privacy and security issues with the Windows and Android versions of QQ Browser. Our research shows that both versions of the application transmit personally identifiable data without encryption or with easily decrypted encryption, and do not adequately protect the software update process.Jeffrey Knockel’s research for this project was supported by the Open Technology Fund’s Information Control Fellowship Program and Adam Senft’s research from the John D. and Catherine T. MacArthur Foundation (Ronald J. Deibert, Principal Investigator)

NSO Group Infrastructure Linked to Targeting of Amnesty International and Saudi Dissident

Citizen Lab validates Amnesty International investigation showing targeting of staff member and Saudi activist with NSO Group’s technology.Bill Marczak’s work on this project was supported by the Center for Long Term Cybersecurity (CLTC) at UC Berkeley. This work was also supported by grants to the Citizen Lab from the Ford Foundation, the John T. and Catherine D. MacArthur Foundation, the Oak Foundation, the Open Society Foundations, and the Sigrid Rausing Trust

(Can’t) Picture This: An Analysis of Image Filtering on WeChat Moments

This report demonstrates the technical underpinnings of how WeChat image censorship operates and suggests possible evasion strategies.Open Society Foundation