On September 12, 2024, the Center for Long-Term Cybersecurity hosted a launch event for Enhancing Cybersecurity Resilience for Transnational Dissidents, a report authored by researchers from Citizen Lab, at the Munk School of Global Affairs & Public Policy, at the University of Toronto.
This groundbreaking paper investigates the cybersecurity threats faced by grassroots transnational advocacy organizations in the United States that are targeted by authoritarian governments. These organizations serve critical roles in pro-democracy activism and working with dissidents on the ground in their counties of origin, but often lack the resources to protect themselves from cyberattacks.
The panel featured a conversation with two of the report’s authors, Noura Aljizawi, a senior researcher at Citizen Lab, and Nicola Lawford, a Citizen Lab Fellow and Master’s Candidate in Technology and Policy at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) Internet Policy Research Institute (IPRI). The panel was moderated by Ron Deibert, Director of the Citizen Lab, and covered key findings on the cybersecurity threat landscape, resilience, and areas for action and improvement to enhance the cybersecurity of transnational activists in the U.S.
New Approaches for Supporting Organizations “Below the Cyber Poverty Line”
Ann Cleaveland, Executive Director of the Center for Long-Term Cybersecurity (CLTC), introduced the event, noting that the paper was published as part of a 2024 Public Interest Cybersecurity Research Call for Papers, which had an objective “to increase the scientific body of knowledge about cybersecurity for communities and organizations that often fall through the cracks of cyber defense,” Cleaveland explained.
“These are sometimes called target-rich, resource poor organizations, or organizations that are ‘below the cyber poverty line’,” Cleaveland added. “These organizations include critical organizations in our communities, like nonprofits, state and local governments, small utilities, hospitals, school districts, and… activists and journalists.”
She said that the report’s focus on activists and dissidents is directly aligned with the goals of CLTC’s Public interest Cybersecurity Program. “Public interest cybersecurity seeks to ensure that all communities that rely on technology for public life receive cybersecurity protection,” Cleaveland said. “Citizens Lab’s project — and the research that you’ll hear about — is emblematic of that public interest cybersecurity mission.”
New Approaches for Supporting Organizations “Below the Cyber Poverty Line”
Aljizawi and Lawford provided an overview of their paper, explaining that it “examines the cybersecurity landscapes, vulnerability, and resilience of exiled women dissidents in the United States, and sheds light on the gaps in existing cybersecurity frameworks.” They noted that the research is part of a forthcoming report by Citizen Lab on gender dimensions of digital transnational oppression on a global scale.
“We explore the cybersecurity challenges that transnational activist organizations, grassroots activists, and dissidents face, including specific risks faced by women activists in exile, how they respond, and what can be done to enhance their cyber resilience,” Aljizawi said. “Transnational activists, particularly exiled women dissidents, are crucial voices in global human rights advocacy. Unfortunately, their activism makes them targets of sophisticated, state-backed cyber threats. These attacks are not just technical or digital. They are often paired with offline attacks, such as harassment, intimidation, and targeting of family members in their home country or even in exile.”
Aljizawi added, “Unfortunately, when women are the targets, the attacks are deeply gendered and exploit the vulnerabilities at the intersection of gender, politics, and home country-backed brutal repression.”
Lawford explained that many commonly used cybersecurity frameworks, such as MITRE ATT&CK and the NIST Framework, are often too difficult for nonprofits or individuals to implement. Thus, the researchers centered their analysis on the Security Auditing Framework and Evaluation Template for Advocacy Groups, or SAFETAG, a “risk and capacity-based framework with 18 audit methods and subtasks.”
Understanding the Cybersecurity Practices of Dissidents and Digital Rights Organizations
The researchers conducted 17 semi-structured interviews with exiled dissidents, all women, based in the United States. “They self-reported that they were targeted digitally by what they believe to be authorities of their country of origin,” Aljizawi said. “We also conducted five interviews with staff members of digital rights organizations assisting exiled dissidents to gain their insights into cyber threats and effective countermeasures they recommend.”
Deibert clarified that “the research… was undertaken under a research ethics protocol, and part of that protocol is… to make sure we’re not introducing harm to subjects as we go about the research.”
Lawford explained that “despite being under-resourced and heavily targeted, activists still employ advanced security measures.” For example, many use features such as Apple’s lockdown mode, privacy features such as VPN, end-to-end encryption, anti-virus software, and air-gapping of sensitive data. They also may limit contact with friends and family and refrain from sharing their location and home address.
The researchers explained that women dissidents in the U.S. often refrain from reaching out to law enforcement due to lack of trust, and they are subjected to gender-based harassment, online and off. “[Having] asylum doesn’t mean necessarily that transnational advocates can carry on their advocacy safely,” Aljizawi said. “Technology continues to facilitate the home country’s repression and threats, which range from sophisticated digital threats, like spyware, malware, phishing, doxing, disinformation, and smear campaigns, among others. One of the interviewees described the state of insecurity in exile perfectly, saying ‘to migrate is to exchange one problem for another problem’.”
Recommendations for Policymakers and Tech Companies
Lawford provided an overview of some of the key recommendations outlined in their paper, including the pressing need for not just short-term support, but long-term cybersecurity resources, “real sustained support that’s going to support real resiliency.”
She noted that U.S. government agencies need to provide more comprehensive support in investigating, mitigating, and preventing transnational repression and following up with targets. “Any interventions should be grounded in human rights and done in partnership with impacted communities to avoid additional policing and surveillance,” Lawford said.
She also outlined recommendations for technology companies. “Device manufacturers should develop protective settings, like Apple’s lockdown mode, to safeguard users from state-sponsored attacks, and network providers, software manufacturers, and social media platforms… should invest in forensic tools to capture evidence of where cyber attacks are coming from, and avoid sharing data with entities that are linked to oppressive regimes,” she said. “Social media platforms should enhance trust and safety measures that are context-sensitive to regions and languages, and provide public accountability tools, such as API access, to help users and researchers track online threats.”
The researchers noted that social media platforms in particular should continue to offer privacy features, such as blocking users who create multiple accounts to conduct harassment and developing clear policies against disinformation targeting activists, journalists, and academics. Companies also “should design [software] with women and marginalized communities, as all engineers should, to ensure that their needs are integrated into all products from the start.”
“The cybersecurity challenges faced by transnational women activists are urgent and demand immediate attention,” Aljizawi concluded. “These women are often isolated, under-resourced, and uniquely vulnerable to digital threats. Addressing these challenges is critical, not only for their own safety, but for the continued fight for democracy and human rights.”
Watch the video above or on YouTube.