“Digital guidance has a serious impact on the well-being of victims, undermines their ability to participate in transnational advocacy work, violates fundamental rights such as the right to privacy, freedom of expression and peaceful assembly, and increases the dangers faced by their victims, family and friends who remain in their country of origin, ”the report concludes.
Countries that Citizen Lab identified as some of the most common perpetrators of digital transnational repression include Yemen, as well as Afghanistan, China, Iran, Rwanda, and Syria. Non-click software hacks, which allow an attacker to enter a phone or computer even if its user does not open a malicious link or attachment, they are of particular concern, says Noura Al-Jizawi, a Citizen Lab research officer and co-author of the report. That’s because “they can evade digital hygiene practices,” he says.
In 2021, hackers used this code to infiltrate and install spyware on the mobile phone of Saudi women’s rights activist Loujain al-Hathloul, who was then living in British Columbia. In this case, the authors mistakenly left an image file on their phone that allowed researchers to identify the source of the code. The digital project led to NSO Group, an Israeli technology company that has reached the headlines of the sale of spyware to authoritarian nation-states.
Some forms of digital repression are meant to embarrass and doxx. An unnamed interviewee in the Citizen Lab report, who moved from China to Canada, discovered that photos made of her naked were circulating among attendees at a conference she intended to visit. Your personal information was also posted in online ads requesting sexual services.
Victims of this type of harassment experienced distress, anxiety and fear for the safety of their family, the report notes. “There’s also a bit of a sense of resignation among those who continued with activism, such as the awareness that this kind of orientation would continue,” says co-author Siena Anstis, senior legal advisor at Citizen Lab.
Many activists have become paranoid about the messages they receive. Kaveh Shahrooz, an Iraqi lawyer living in Canada who puts pressure on behalf of dissidents, gives each email a special scrutiny. Shahrooz says he once received a message from an alleged organizer of a human rights conference in Germany inviting him to speak and asking him to fill out personal information via a link provided. He researched more about the conference and found that he was not invited, even though he looked professional, even though it had been personalized email.
“This is one end of the spectrum,” says Shahrooz, “where you can be fooled by clicking on a link. But then the other end is receiving threatening messages about my activist work: things like” We know the that you are doing and we will take care of it later “.
There are few legal remedies. Several victims of spyware attacks in the UK have filed (or are filing) civil claims against state operators and NSO Group, Anstis says. He adds that these cases can be expected to be challenged, because they generally focus on claims against companies outside the scope of the host country.