A report published by the Center for Long-Term Cybersecurity, Enhancing Cybersecurity Resilience for Transnational Dissidents, examines the cybersecurity posture, vulnerability, and resilience of exiled women dissidents in the United States, as well as their transnational advocacy and journalism organizations.
“These exiled dissident women face unique challenges at the intersection of gender, politics, and home country-backed digital repression,” the authors write. “The report tries to identify the primary cybersecurity threats faced by these transnational women activists in the U.S., understand the measures they use to protect themselves, and determine key areas for action and improvement to enhance their cybersecurity.”
The authors are affiliated with Citizen Lab, at the Munk School of Global Affairs & Public Policy, within the University of Toronto: Noura Aljizawi is a senior researcher at Citizen Lab; Gözde Böcü is a Ph.D. Candidate in the Department of Political Science at the University of Toronto and a Doctoral Research Fellow at the Citizen Lab; and Nicola Lawford is a Citizen Lab Fellow and Master’s Candidate in Technology and Policy at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) Internet Policy Research Institute (IPRI).
The report was published as part of the Center for Long-Term Cybersecurity’s 2024 Public Interest Cybersecurity Research Call for Papers, and was presented in June at the 2024 Cyber Civil Defense Summit.
As the foundation for the study, the researchers conducted 17 semi-structured interviews with women-identifying victims of digital transnational repression (DTR) in the U.S., as well as interviews with five current and former staff from digital rights organizations. The paper outlines distinct cybersecurity challenges that dissident women and their organizations face, using a structure based on SAFETAG, a cybersecurity framework customized for small non-profit organizations, with additional themes and insights drawn from the interviews.
Activists and dissidents subjected to digital transnational repression face a range of threats, the authors write, including “targeted spyware and malware, harassment and disinformation campaigns on social media or messaging platforms, distributed denial-of-service (DDos) attacks on websites, doxxing, impersonation, phishing, account hacking, and private digital threats, such as rape threats and threats against family.”
The paper exposes how the digital security challenges transnational dissidents face extend into their home and family lives, external employment, and decisions around navigating their host country and diaspora community. “Although privacy features and cybersecurity frameworks are available, they are often insufficient against sophisticated threats,” the authors explain. “Women, queer individuals, and other marginalized groups face targeted harassment and disinformation campaigns. These attacks exploit gender- and identity-based vulnerabilities to discredit, intimidate, and silence these activists, making their cybersecurity needs particularly urgent.”
The report includes a variety of recommendations for different stakeholders to improve the cybersecurity posture of women dissidents in the U.S. For example, the authors suggest that U.S. government agencies should improve the prevention, mitigation, and investigation of transnational repression, and develop community-based alternatives to law enforcement for activists who are uncomfortable with traditional state mechanisms. They also recommend that technology companies implement protective features for high-risk users, and should adopt stronger trust and safety measures, improve content moderation, invest in other languages, and enforce policies against disinformation and deepfakes.
The paper also highlights considerations specific to women dissidents, and calls on social media platforms to “work with women and marginalized communities to center platform designs and features around their experiences.”
“Transnational activists, journalists, and researchers perform a variety of cybersecurity functions using their own resources and communities,” the authors conclude. “Nonetheless, cybersecurity frameworks are not designed for their situations, and technology products and services do not meet their needs. Government actors and private companies can take a variety of actions to address these shortcomings and mitigate the harms of intersectional barriers to their security and advocacy for freedom.”
