I’ve published a report with the Citizen Lab, entitled, “Huawei and 5: Clarifying the Canadian Equities and Charting a Strategic Path Forward.” The report first provides a background to 5G and the Chinese telecommunications vendor, Huawei, as well as the activities that have been undertaken by Canada’s closest allies before delving into issues that have been raised about Huawei, its products, and its links to the Chinese government. At its core, the report argues that Canada doesn’t have a ‘Huawei problem’ per se, so much as a desperate need to develop a principled and integrated set of industrial, cybersecurity, and foreign policy strategies. The report concludes by providing a range of suggestions for some elements of such strategies, along the lines of how Canada might develop and protect its intellectual property, better manage trade issues, and develop stronger cybersecurity postures.Continue reading
I’ve had the pleasure to work with a series of colleagues over the past few years to assess and better understand the nature of security practices which are adopted by journalists around the world. Past outputs from this work have included a number of talk, an academic article by one of my co-authors Lokman Tsui, as well as a Columbia Journalism Review article by Joshua Oliver. Most recently, a collection of us have published an article entitled, “The Information Security Cultures of Journalism” with Digital Journalism.
This article is an exploratory study of the influence of beat and employment status on the information security culture of journalism (security-related values, mental models, and practices that are shared across the profession). The study is based on semi-structured interviews with 16 journalists based in Canada in staff or freelance positions working on investigative or non-investigative beats. We find that journalism has a multitude of security cultures that are influenced by beat and employment status. The perceived need for information security is tied to perceptions of sensitivity for a particular story or source. Beat affects how journalists perceive and experience information security threats. Investigative journalists are concerned with surveillance and legal threats from state actors including law enforcement and intelligence agencies. Non-investigative journalists are more concerned with surveillance, harassment, and legal actions from companies or individuals. Employment status influences the perceived ability of journalists to effectively implement information security. Based on these results we discuss how journalists and news organisations can develop effective security cultures and raise information security standards.
Over the past several months I’ve had the distinct honour to work with, and learn from, a number of close colleagues and friends on the topic of surveillance and censorship that takes place on WeChat. We have published a report with the Citizen Lab entitled, “We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus.” The report undertook a mixed methods approach to understand how non-China registered WeChat accounts were subjected to surveillance which was, then, used to develop a censorship list that is applied to users who have registered their accounts in China. Specifically, the report:
- Presents results from technical experiments which reveal that WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.
- Documents and images transmitted entirely among non-China-registered accounts undergo content surveillance wherein these files are analyzed for content that is politically sensitive in China.
- Upon analysis, files deemed politically sensitive are used to invisibly train and build up WeChat’s Chinese political censorship system.
- From public information, it is unclear how Tencent uses non-Chinese-registered users’ data to enable content blocking or which policy rationale permits the sharing of data used for blocking between international and China regions of WeChat.
- Tencent’s responses to data access requests failed to clarify how data from international users is used to enable political censorship of the platform in China.
You can download the report as a pdf, or read it on the Web in its entirety at the Citizen Lab’s website. There is also a corresponding FAQ to quickly answer questions that you may have about the report.