Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. This week we begin with new research from Kaspersky Labs and the University of Toronto’s Citizen Lab, where security researchers reverse-engineered a mechanism developed by Italian company Hacking Team that a reported 60 governments worldwide are using to sweep up mobile phone data. Disguised as a regular news app for Android, the technical “implant” allows covert collection of emails, text messages, address books, and keystroke logging. It can take screenshots, record audio and photos, and monitor the user’s location through GPS.
Particular attention has been placed on the Saudi government’s use of the implant, which is part of Hacking Team's “Remote Control System” product. Human Rights Watch researcher Cynthia Wong called the sale of “so-called ‘lawful intercept’ tools to governments that equate dissent with terrorism” a “recipe for disaster.” She implored Hacking Team to discontinue contracts and technical support for their products with governments that have used the technology to exploit the privacy and other fundamental rights of citizens. In response to an inquiry about the product from Human Rights Watch, Hacking Team said that it would suspend support for its products if there were reason to believe that a customer had misused the technology. To date, the company has released no information about investigations of this nature.
The Remote Control System fits into a larger suite of tools developed by Hacking Team used to track computers and laptops. In a thoroughly creepy marketing video, Hacking Team asks, “Is passive monitoring enough? You need more. You want to look through your target’s eyes.”
Free Expression: Leading Jordanian NGO site blocked again
The website of 7iber, an Amman-based NGO that supports free expression and access to information in Jordan, was blocked for a second time on Monday. The group’s site originally was blocked last summer after it declined to seek a required state license for the site. It instead re-routed traffic to a new domain, which remained accessible in Jordan until this week. 7iber Editor-in-Chief Lina Ejeilat explains their position on the issue:
What we oppose is the licensing requirement, which requires every publication or website to get permission from the government in order to operate. The requirement to license is one of the oldest tools of government censorship and restriction of freedom of expression. How could it be that in the digital age of self-publishing, social media and citizen journalism, you have to get government permission to publish online?
The mesh-networking app FireChat, which allows users physically close to one another to communicate without an Internet connection, has been downloaded more than 40,000 times in Iraq since June 14. The app, which debuted in March, gained wide adoption in Iraq after the government began deploying a number of limits on Internet access, including network outages and blocking of social media platforms.
Internet Insecurity: Thai junta tricks users with phony Facebook login
Digital rights group the Thai Netizen Network reported that the Thai military government created fake applications to harvest information about users who attempted to visit blacklisted websites in Thailand. When users visit one of the 200-plus blocked websites, they are redirected to a web page managed by Thailand’s Technology Crime Suppression Division, where two buttons attempt to trick users into sharing their information. In response, TCSD defended [link in Thai] the deceptive aps, which violate Facebook’s own policy, saying that this method of data collection, “can handle more witnesses, which can lead to more prosecutions and will make the online society more clean.” This is a flagrant violation of Facebook’s policy for its app developers, and the app-cum-phishing scheme has been suspended twice.
Privacy: Russia’s latest scary Internet law
Russian lawmakers introduced a bill that would force foreign Internet companies to store Russian users’ personal information on local servers. Should the law come into effect in 2016, companies like Google and Facebook may be forced to choose between protecting user privacy and operating legally in the country.
Publications and Studies