Ron Deibert presented “Investigating Targeted Espionage: Methods, Findings, Implications” as a Keynote during IEEE International Symposium on Technology and Society (ISTAS) 2021 on 28 October 2021.
Click here to view the recording of this keynote.
Ron Deibert is Director of Citizen Lab at the Munk School of Global Affairs and Public Policy, University of Toronto. The Citizen Lab has been undertaking investigations into targeted espionage for well over a decade. This path-breaking research has uncovered widespread global harms and an alarming spread of authoritarian practices across borders connected to a burgeoning and widely abused commercial surveillance industry. In his keynote, Deibert explains the methods, findings and implications of the Citizen Lab’s research for human rights and global security.
Deibert’s keynote focuses on contemporary digital security concerns especially within the realm of targeted espionage. The talk opens with a discussion of recent zero-click, zero-day attacks affecting Apple users, which were carried out using the Pegasus ‘spyware’ software offered by the Israel-based NSO Group. Deibert affirms the unfortunate reality that this is only one piece of spyware among many being marketed to bad actors. His lab works with victims to conduct research and report on mercenary firms like the NSO Group. He describes the misuse of such software by both government and non-governmental organizations to target those who are openly critical of them. Deibert proffers the bleak conclusion that the commercial spyware market “is one of the most serious crises of global civil society of liberal democracy that we face right now.” The main issue facing the realm of digital security regarding the growing commercial spyware market, he proposes, is a lack of clear accountability or legislation. Identifying the groups responsible as criminals or terrorists is a difficult task and one bound to differ between observers and legal jurisdictions. Complicating this is the fact that increasingly these cyber-attacks are aimed at civil society, i.e., private citizens. Though government and industrial espionage is to be expected, the average citizen does not have the resources or expertise to defend themselves against such attacks. He describes the nature of these attacks to be a kind of despotism for sale and discusses the types of services offered by these spyware firms including data analysis, data interception, social media scraping, packet tracing and more. Throughout his address, Deibert stresses the importance of government action and legislation to regulate spyware and the commercial spyware market. However, he also recognizes that governments and law enforcement services usually have a stake in the development of these technologies, creating conflicts of interest.