Toronto’s Citizen Lab uses forensics to fight online censors

A basement in the gray, Gothic heart of the University of Toronto is home to the CSI of cyberspace. “We are doing free expression forensics,” says Ronald Deibert, director of the Citizen Lab, based at the Munk Centre for International Studies. Deibert and his team of academics and students investigate in real time governments and companies that restrict what we see and hear on the Internet. They are also trying to help online journalists and bloggers slip the shackles of censorship and surveillance. Deibert is a co-founder of the OpenNet Initiative (ONI), a project of the Citizen Lab in collaboration with the Berkman Center for Internet and Society at Harvard Law School. ONI tracks the blocking and filtering of the Internet around the globe.

“We are testing in 71 countries,” says Deibert, who shares his data with Berkman. “We are testing all the time. We are the technical hub of ONI.”

“We started out in 2002 with China,” said Jillian York, project coordinator for Berkman. “The work evolved, and then with Cuba we cracked it.” By 2006, ONI had expanded its dragnet for blocked or filtered content to more than 40 countries. However, as Citizen Lab and Berkman gained expertise and resources so did the censors they battled.

“We are now onto third-generation controls,” York said of Internet censorship. “The first generation was simple filtering, IP blocking in China, for example.” The second generation was surveillance, which ranged from placing spies or closed-circuit cameras in Internet cafés to installing tracking software on computers themselves. “The third generation controls combine all the above. We see it in China, Syria, and Burma. It’s a very broad approach,” York laments.

ONI’s research and public awareness-raising provides just one weapon in the increasingly sophisticated armory that bloggers need to deploy against government encroachment. Some free-speech campaigners engage across a wide battlefront, taking on authorities in Tunisia or Pakistan, for example, to keep blogging and video platforms open. Others, like Deibert, devise tools for an individual user to tunnel beneath a firewall or slip past a digital spy undetected. He helped develop Psiphon, a free, open source application that channels data through a network of proxies to circumvent censorship. “Anyone can use it. It’s fast and there’s nothing to download onto your computer for the Internet police to find,” said Deibert.

It’s a game of digital cat-and-mouse with authorities hunting down circumvention nodes, and Psiphon switching to an alternate as soon as a node is compromised. Citizen Lab launched Psiphon in December 2006 but did not have the resources to develop it further. So in May this year, Deibert and another ONI founder, Rafal Rohozinski, spun it off as a commercial enterprise. It is still free to users but charges companies to deliver their blocked content. Clients so far include the BBC and the U.S. government-funded Broadcasting Board of Governors. Social networking platforms such as Twitter and Facebook have been a boon to Psiphon and other circumvention tools like Tor, spreading node connection information among bloggers and journalists. This was evident during the media crackdown in Iran that followed the disputed June presidential elections, when Twitter proved difficult to shut down.

Much of the light in Deibert’s Toronto basement may come from rows of LCD screens but unmasking digital spies is not all about electronic wizardry. “With ONI, we are testing all the time but we are not just a technical operation. The technology is not as important as the cultural information,” says Deibert, sounding like an old-school Le Carré character who stresses “human intelligence” over gadgetry. Reporting by volunteers on the ground in repressive countries provides vital information and context for monitors to analyze censorship developments and anticipate blocking strategies.

Berkman has expanded the reporting network through a crowd-sourcing tool called Herdict, which allows individuals to report a blocked Web site immediately.

“This is a constant struggle—the threat environment is always morphing,” according to Deibert. And the threats don’t just come from governments. Defenders of free expression and user privacy are increasingly concerned about the potential dangers of “cloud computing,” in which vast stores of personal data are held remotely by private companies both in democracies and repressive states. “Some of the biggest threats are from private companies. Cyberspace is largely owned and operated by private companies. Data is sent into a cloud over which we have no control,” Deibert says. The potential for such abuse is heightened in repressive states. An example of the dangers for the Citizen Lab team was TOM-Skype, the Chinese version of Skype. Citizen Lab uncovered a huge privacy breach where supposedly secure data were being stored secretly on servers in China.

Another case that Diebert says should concern us was in July this year when BlackBerry users in the United Arab Emirates were directed by text messages from their service provider Etisalat, which is majority owned by the UAE government to a link to upgrade their phones. The software they downloaded, however, turned out to be spyware. BlackBerry maker, Research in Motion Ltd of Canada, denied involvement and showed customers how to remove the software.

Deibert cautions online journalists in these days of increased third-party hosting to pay attention to corporate as well as government surveillance, and to read the fine print of terms-of-use agreements with ISPs and others before checking the sign-up box for an e-mail account or blog hosting platform.

“We need to lift the lid on the Internet. Where are the servers, where does your e-mail go, where is the Internet exchange point located, who has access to the building?” he asked.

Every day journalists and bloggers are reminded of the need to fight for their freedoms. Censorship and surveillance are slippery slopes. Take Pakistan. In February 2006, in its first case of Internet censorship, Islamabad decided to shield its populace from cartoons of the Prophet Muhammad, published in the Danish daily Jyllands-Posten. The Pakistan Communications Authority blocked 12 Web sites that reproduced the offending caricatures. By April of that year the authority was censoring five other Web sites saying they had published “misleading information”. In July, 30 more Web sites were blocked, nearly all of them associated with the movement advocating independence for the province of Baluchistan.

This censorship creep is an established phenomenon in Asia and the Middle East. But now it is spreading to Africa, where Internet use is still relatively low. Sub-Saharan African governments that have hobbled their own broadcast and print media have watched the celebrity-censors of other continents like China, Cuba and Iran and have drawn the inevitable conclusion: Online journalism is the future, so control it now.

“Ethiopia is going to be a test case,” says the Berkman Center’s York. “Internet penetration is low, yet platforms like Blogspot are blocked.”

When you talk to people at organizations such as ONI, one thing quickly becomes clear: They don’t know who is going to win the war for control of cyberspace. Circumvention tools like Tor and Psiphon are tactical weapons. A strategic response requires unrelenting campaigning and public education to raise the economic, political and social costs of censorship and surveillance for governments and private companies.

Meanwhile, Citizen Lab keeps doing what it does best; “We combine the technology with human intelligence, then turn them around to watch the watchers,” Deibert said.