Since 2012, the Citizen Lab with the support of the International Development Research Centre (IDRC) has been working on building bridges between researchers and activists in the global North and South to form a space of peers for collaboration and organization at local, regional, and international levels. This space emerged as the Cyber Stewards Network, and since then, members from the global South have been involved in key cybersecurity and Internet governance debates, policy discussions, litigation and advocacy campaigns. The following is a review of major outcomes in advocacy, litigation and public policy in 2013.
Research and Advocacy
Advocacy is broadly defined and in this context, Stewards who engage in advocacy are deeply rooted in evidence-based research as a foundation from which any good advocacy campaigns are developed.
Stewards speak out against Snowden revelations
Following the United States’ National Security Agency (NSA) spying revelations, the Cyber Stewards Network partners were involved in awareness-raising activities on issues of cyber surveillance and privacy.
Partners in the Cyber Stewards Network joined the chorus of voices speaking out against the NSA program and its implications on domestic safeguards for data protection across the world. Alberto Cerda, International Program Director of Chilean NGO Derechos Digitales, wrote in an op-ed that the “violation of fundamental rights has a global character. What good is it for me to be protected in Chile if it’s actually the US government that’s violating my rights?” Derechos Digitales has cautioned users to be mindful of what content they upload on any network.
Ramiro Alvarez Ugarte, Director of Access to Information for Asociación por los Derechos Civiles, has also suggested that the PRISM revelations should force netizens in countries outside of the US—such as his native Argentina—to look at the powers that domestic intelligence agencies wield, especially where governmental oversight of these organizations is lacking.
CIPESA criticized the Ugandan government for its plans to use surveillance technology to monitor the social media accounts of citizens. On May 30, Ugandan Security Minister Muruli Musaka announced that the government would establish a “Social Media Monitoring Center”as a matter of national security. To assuage the public’s fears, a government spokesperson later clarified that the surveillance centre would only target cyber criminals. Civil society remains skeptical given the government’s track record of shutting down media or removing online content under the pretext of terrorism or other security grounds.
7iber challenges online censorship in the Middle East
In early 2013, 7iber started a blog series titled Wireless, where they continue to publish regular blog and multimedia content on media, censorship, and cyber security issues in the Middle East. This ongoing series includes short updates, articles, creative infographics, and videos that deal with relevant issues from the region.
Besides the busy research work, the group received significant media attention when in June, their website was blocked in Jordan along with over 250 other news sites. Subsequently, in July, 7iber was recognized as one of the top ten Arabic Blogs of 2013 [Arabic]. In December, the group worked closely with Global Voices to coordinate the 4th Arab Bloggers Meeting, which took place in Amman.
Training, Education, and Capacity-building worldwide
In 2013, the Tibet Action Institute (TAI) participated in several panel discussions to discuss cybersecurity and targeted threats as part of their “Safe Travels Online” campaign. In June 2013, TAI hosted an event in Dharamsala, India. This “Safe Travels Online: Tech Meet” with Cyber Steward and TAI Field Coordinator Lobsang Gyatso Sither and other TAI staff explaining security concepts and the use of security tools to members of the Tibetan community. Citizen Lab Research Manager Masashi Crete-Nishihata gave a presentation on the Lab’s Targeted Threats research and what they have learned about online threats targeting the Tibetan community. Lhadon Thetong, the director of the Tibet Action Institute, then gave a talk on the importance of digital security, activism and action in the Tibetan community in the context of the movement and struggle for independence. A second “Safe Travels Online: Tech Meet” was held in Toronto and was hosted by Students for a Free Tibet Canada. The meeting revolved around online targeted threats against activists, the Tibetan diaspora community, and their supporters.
As part of the “Safe Travels Online” campaign, TAI has developed a video series hosted on their website. The series stars Tibetan comedian Sonam Wangdue and shows him promoting security best practices for users of digital technology.
In Pakistan, Bytes for All continued their “Access Is My Right” advocacy campaign, which calls on Pakistani citizens to raise awareness about Internet censorship, privacy, and freedom of expression in the country. B4A describes the campaign as “a call for [a] larger human rights movement in the country and [for] citizens to fight the ongoing censorship as it will further take its toll on already compromised civil liberties in the country.” In the past year alone, the campaign produced posters criticizing the blocking of mobile phone services to prevent sectarian terrorist attacks, highlighting research by the Citizen Lab with the assistance of B4A on the presence of Netsweeper in Pakistan, and supporting privacy rights in Pakistan after research showed the presence of surveillance software FinFisher in the country.
In Colombia, Colnodo held a public cybersecurity workshop in in September 2013. The workshop brought together participants from women’s organizations, civil society organizations, government bodies, and the private sector in order to raise awareness and capacity building for women leaders and defenders of human rights regarding online security issues.
In India, the Centre for Internet and Society (CIS) launched its CIS Cybersecurity video series, a video documentary project featuring interviews with cybersecurity stakeholders from various sectors on hotly debated aspects of cybersecurity. The project aims to encourage wider public discussion around cybersecurity issues. Interviewees include: members of European Parliament, Mariejte Schaake and Amelia Andersdotter; Chief Security Officer for ICANN, Jeff Moss; Director of the Tibet Action Institute, Lhadon Tethong; Executive Vice President and Chief Technology Officer of Afilias Limited and member of the ICANN Board of Directors, Ram Mohan; Principal Technologist and a Senior Policy Analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union, Christopher Soghoian; former Policy Advisor to the Netherlands government, Jochem de Groot; and Global Policy Analyst at the Electronic Frontier Foundation, Eva Galperin. CIS’s Cybersecurity series has informed the producton of a full-length documentary called DesiSec: Cybersecurity and Civil Society in India.CIS released a trailer for DesiSec in November 2013 and held a special screening for the documentary in December 2013.
Research and Litigation
Several members of the Cyber Stewards Network have adopted public interest litigation (PIL) as part of their research strategy. Regardless of whether a given lawsuit proves successful, civil society organization may use PIL to bring issues like violations of human rights and free speech to the forefront of national attention. Moreover, PIL can serve to educate a country’s judiciary on issues about which they may not understand.
Bytes for All lawsuits
B4A currently has several cases before the Pakistani courts and one before the UK courts in conjunction with Privacy International.
In January 2013, B4A submitted a petition to the Lahore High Court claiming that the rights of Pakistanis have been violated through the government’s censoring of various popular sites on the Internet. The censorship of YouTube as a consequence of the site hosting the controversial “Innocence of Muslims” video was highlighted in this case. This petition was initiated in collaboration with the Media Legal Defense Initiative, a non-governmental organisation which supports the rights of journalists and independent media. The Youtube case has received 19 hearings over the past year and a half. Most recently, B4A met with the Federal minister and other stakeholders, and the National Assembly passed a resolution on unbanning the popular video-streaming site, however the site remains blocked. B4A remains committed to their long-standing anti-censorship/no-filtering stance and will oppose any options promoting censorship as a solution as they continue their advocacy work on this case.
Along with the so-called “YouTube case,” B4A filed a petition with the Lahore High Court on the possible use of the FinFisher product suite in Pakistan. The first hearing took place on May 13, 2013 and resulted in a court decision ordering the Pakistan Telecommunication Authority (PTA) to investigate the use of FinFisher software in the country. The court order further stipulated that the PTA must make a statement to the court by June 24, 2013. In October 2013, B4A submitted a contempt charge against the government for not reporting to the court with regards to the petition. B4A’s case is based on evidence revealed by the Citizen Lab on the presence of FinFisher software in 36 countries across the globe, including Pakistan.
B4A is also actively collaborating with Privacy International to sue the UK government over its Tempora surveillance program, which would allow GCHQ to wiretap networks passing through the UK. B4A and PI are arguing that the program violates the European Convention on Human Rights’ privacy safeguards as well as the limits of lawful surveillance outlined in the Regulation of Investigatory Powers Act. The suit, which was filed with the UK’s Investigatory Powers Tribunal, asks that the program be made illegal and that GCHQ destroys all unlawfully obtained material.
For these and other efforts, B4A and its Director, Shahzad Ahmed, have received international recognition. In March 2013, B4A received an Avon Communications Award “for organizing campaigns for the betterment of women” through their Take Back the Tech campaign. One year later, Shahzad Ahmed won the Doughty Street Advocacy Award as part of the Index on Censorship’s 2014 Freedom of Expression Awards. The award recognized Ahmed as “one of the leading voices in the fight against online censorship in Pakistan.”
PIN vs. the Nigerian government
PIN initiated its own legal action against the Nigerian government. In April 2013, Premium Times, a Nigerian English-language newspaper, reported that President Goodluck Jonathan had awarded a USD 40 million contract to Elbit Systems, an Israeli company that markets itself as an “international defense electronics company.” PIN responded by filing a Freedom of Information (FoI) request, demanding that the Nigerian government provide details of the process through which the contract was awarded and any information that could shed further light on the substance of the contract itself. After the government failed to respond to the FoI request, PIN applied for an order of mandamus from the Federal High Court in Abuja, which in turn asked the National Assembly to amend Nigeria’s 2011 Freedom of Information Act to henceforth bar unjustified requests for information. PIN’s lawyers filed an appeal against the Federal High Court’s ruling, but on November 26, 2013, Premium Times reported that Elbit Systems officials had begun installing its surveillance system in Nigeria.
Data Privacy and Retention in Argentina
Members of the Cyber Stewards Network are active in efforts to raise awareness on the use of surveillance technologies such as the Federal System of Biometric Identification (SIBIOS) in Argentina. SIBIOS is a centralized biometric identification system created in 2011 as part of an upgrade to Argentina’s National Registry of Persons (RENAPER). It is designed to be used by several government agencies, including the Federal Police, the Argentine National Gendarmerie, the National Coast Guard, and the Airport Security Police, and connect them into one database. Ramiro Ãlvarez Ugarte of Asociación por los Derechos Civiles (ADC) in Argentina has warned that SIBIOS lacks accountability and independent oversight, and has been actively investigating the extent and scope of the system’s capabilities.
During Argentina’s 2013 presidential election, the country’s electoral registration took photo’s of Argentine’s citizens from RENAPER without obtaining permission. In October 2013, ADC formally requested the Contentious Administrative Proceedings Tribunal to remove these photos from the electoral database. The vulnerability of this database was revealed in late October 2013 when a teenager discovered a way break into the database which hosts the photos of voters and circulated the information on his blog [Spanish] to highlight the government’s lax security measures around personal data. (A translation can be found here.) This issue was brought to the attention of United Nation’s Office of the High Commissioner for Human Rights in a report published in December 2013 and co-authored with Privacy International discussing surveillance and poor privacy protection in Argentina.
Research and Public Policy
One of the key goals of the CSN is to conduct evidence-based research with the goal of influencing local, regional and global policy debates. Over the past year, Stewards have engaged in direct meetings with high-level officials, participated in key decision-making conferences and engaged governments and the general public.
FinFisher in Mexico
In Mexico, Cyber Steward Renata Avila has joined the chorus of voices calling for government accountability regarding the its purchase of surveillance software. In March, the Citizen Lab published “You Only Click Twice: FinFisher’s Global Proliferation,” which found FinFisher command and control servers on two Mexican Internet service providers, including UniNet, one of the largest ISPs in the country. Following the release of “For Their Eyes Only: The Commercialization of Digital Spying,” two Mexico-based human rights groups, Propuesta Civica and ContingenteMx, filed a verification procedure with Mexico’s privacy authority (IFAI) regarding FinFisher’s presence in the country. The IFAI subsequently opened a preliminary inquiry asking ISPs whether they were hosting FinFisher servers, while Federal Deputy Juan Pablo Adame proposed a resolution before the Mexican Senate and Congress encouraging the IFAI to investigate the deployment of FinFisher. In July, documents leaked by YoSoyRed implicated the Mexican Federal Government in purchasing FinFisher software from a security contractor for up to USD 15.5 million. One month later, the Mexican Senate and Congress passed a joint resolution in which they demanded full investigation into the contracts for the purchase of surveillance and hacking systems capable of monitoring mobile phones, electronic communications, chats, and geolocation data. Congress also called for laws to regulate and restrict purchases of surveillance equipment, extensively quoting the Citizen Lab report in their request. The commercial entities named have not yet responded. IFAI also informed Congress that they would continue the investigation.
Regional and Global Internet Governance Discussions
In 2013, the Cyber Stewards were heavily involved in both worldwide and regional discussions on Internet governance. Cyber Steward and ICT Watch Director Donny B.U was one of the main organisers of the 2013 Internet Governance Forum (IGF) in Indonesia in late October. Donny spoke to Detik about Internet governance in Indonesia. ICT Watch used the 2013 Internet Governance Forum in Bali, Indonesia as an opportunity to facilitate involvement among Indonesian CSOs and call for government attention toward Internet governance issues. As part of the organizing process, Donny also established the Indonesian CSOs Network For Internet Governance (ID-CONFIG) as a forum for civil society organizations to exchange information and coordinate strategies to explore and address Internet governance-related issues in Indonesia. This forum united civil society organizations to participate in the IGF in a more cohesive way, and as a result, they were able to significantly influence the agenda and the degree to which the Indonesian government resisted pressure to comply with international norms on freedom of expression.
The CSN used the opportunity of the 2013 IGF to engage in a kind of “just-in-time” research project, by monitoring information controls in and around the IGF itself. The exercise was undertaken by Citizen Lab researchers attending the IGF and remotely in Toronto and elsewhere, as well as local Indonesian CSN and Privacy International partner . We published a framework post, that set out the terms of the research, and then subsequently, Professor Sinta Dewi Rosadi (Faculty of Law, Padjadjaran University, Bandung, Indonesia), published our report and its initial findings during the IGF itself.
Almost every network member participated in the IGF. Immediately following the event, a coalition of civil society organizations and individuals (including other Cyber Stewards Network members Renata Avila and Paradigm Initiative Nigeria) delivered astatement to the co-chairs of the Open Government Partnership (OGP). The OGP aims to promote transparency and adopt new technologies to strengthen governance.The statement, which was informed by discussions at the IGF in Indonesia, calls for greater transparency among all governments, especially the OGPparticipating countries, regarding the use of surveillance technology and the export and import of such technology.
CSN members also played a key role in organizing or participating in regional Internet governance discussions. Walid Al-Saqaf participated in several high-level meetings, including the Second Arab Internet Governance Forum (AIGF) in Algiers, where he moderated a session on freedom of expression on the Internet in the Arab world. It was the highest level pan-Arab meeting that critically discussed violations against cyber activists in the region. He also co-founded ISOC-Yemen, the first ISOC chapter in Yemen, in order to advance Internet accessibility and awareness in the country.
PIN and CIPESA co-hosted a series of online internet freedom discussions during November and December 2013. Over four weeks, the discussions focused on a variety of online safety and Internet governance issues particular to Africa, including the African Convention on Cybersecurity and surveillance between countries on the African continent. Following the discussions, CIPESA published a report analyzing participants’ responses and making a number of recommendations.
Finally, B4A and ICT Watch participated in the “Asia Regional Consultation on ‘Freedom of Expression for Civil Liberties’” held in Bangkok, Thailand from November 21-23, 2013. The event focused on three issues relevant to free expression cyberspace in Asia: access to the Internet, online surveillance, and political-electoral communication. The event featured
It was attended by 137 participants from 26 countries, including Frank La Rue, Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression.