Cross-border digital repression is on the rise
“Digital targeting has a serious impact on the well-being of victims, undermines their ability to engage in transnational advocacy work, violates fundamental rights such as the right to privacy, freedom of expression and peaceful reunion, and increases the dangers faced by their victims and family members and friends who remain in the country of origin,” the report concludes.
The countries Citizen Lab has identified as among the most common perpetrators of transnational digital repression include Yemen as well as Afghanistan, China, Iran, Rwanda and Syria. No-click software hacks, which allow an attacker to break into a phone or computer even if its user does not open a malicious link or attachment, are of particular concern, says Noura Al-Jizawi, research fellow at Citizen Lab and co-author of the report. That’s because “they can evade digital hygiene practices,” she says.
In 2021, hackers used this code to infiltrate and install spyware on the cellphone of Saudi women’s rights activist Loujain al-Hathloul, who was then living in British Columbia. In this case, the authors mistakenly left an image file on his phone that allowed researchers to determine the source of the code. The digital plan led to NSO Group, an Israeli tech company that made headlines for selling spyware to authoritarian nation states.
Some forms of digital repression are meant to embarrass and doxx. An anonymous interviewee in the Citizen Lab report, who moved from China to Canada, found fabricated nude photos of herself circulating among attendees at a conference she was planning to attend. Her personal information was also published in online advertisements soliciting sexual services.
Victims of this type of harassment experienced distress, anxiety and fear for the safety of their families, the report noted. “There’s also a bit of resignation among those who have continued activism, like a realization that this type of targeting would continue,” says co-author Siena Anstis, senior legal counsel at Citizen Lab.
Many activists have become paranoid about the messages they receive. Kaveh Shahrooz, an Iraqi lawyer living in Canada who lobbies on behalf of dissidents, pays close attention to every email. Shahrooz says he once received a message from a supposed organizer of a human rights conference in Germany inviting him to speak and asking him to provide personal information via a link provided. He did some further research on the conference and discovered that he was not invited, even though the personalized email had been.
“It’s one end of the spectrum,” says Shahrooz, “where you could be tricked into clicking on a link. But then the other end is getting threatening messages about my activist work — things like, ‘We know what you’re doing and we’ll deal with you later”.
There are few legal remedies. Several victims of spyware attacks in the UK have bring (where are bringing) civil actions against public operators and the NSO group, says Anstis. She adds that such cases can expect to be litigated, as they typically focus on claims against companies outside of the host country.