“Digital targeting has a severe impact on the well-being of victims, undermining their ability to engage in transnational advocacy work, violating fundamental rights such as privacy, freedom of expression and peaceful assembly, and increasing the danger they face. Those who remain in their countries of origin family and friends,” the report concluded.
Some of the more common digital transnational repression perpetrators identified by Citizen Lab include Yemen as well as Afghanistan, China, Iran, Rwanda and Syria. Zero-click software hacking, where an attacker can break into a phone or computer even if the user doesn’t open a malicious link or attachment, This is especially concerning, said Noura Al-Jizawi, a Citizen Lab researcher and co-author of the report. That’s because “they can escape digital hygiene habits,” she said.
In 2021, hackers used such code to infiltrate and install spyware on the phone of Loujain al-Hathloul, a Saudi feminist activist who was then living in British Columbia. In that case, the perpetrator mistakenly left an image file on her phone that allowed researchers to determine the source of the code.Digital blueprint spawns Israeli tech firm NSO Group that has made headlines Selling Spyware to Authoritarian Nation-States.
Some forms of digital suppression are for embarrassment and doxxing. An unnamed interviewee in the Citizen Lab report, who moved to Canada from China, discovered that her fake nude photos were circulating among attendees of a conference she planned to visit. Her personal information was also posted in online advertisements soliciting sexual services.
Victims of such harassment experience distress, anxiety and fear for the safety of their families, the report states. “Those who continue their activism also have a sense of resignation, like realizing that this type of targeting is here to stay,” said co-author Siena Anstis, senior legal counsel at Citizen Lab. “
Many activists became paranoid about the information they received. Kaveh Shahrooz, an Iraqi lawyer living in Canada who lobbies on behalf of dissidents, conducted a special review of each email. Shahrooz said he once received a message from organizers of a German human rights conference inviting him to speak and asking him to fill in his personal information via a link provided. He did more research on the conference and found that he wasn’t invited, despite the personalized email sounding professional.
“It’s an extreme,” Shahruz said, “and you could be fooled into clicking the link. But on the other hand, I’ve received threatening messages about my activism work — like ‘We know what you’re doing, we I’ll deal with you later.'”
There is little legal recourse.Several victims of spyware attacks in the UK bring (or bring) civil claims against the state operator and NSO Group, Anstis said. Such cases can be challenged because they typically focus on claims against companies outside the confines of the host country, she added.