This workshop will focus on an important, yet understudied, aspect of cyber conflict: the role of civil society. From individuals to Civil Society Organizations (CSOs), there is a lack of data, as well as a lack of conceptual work as related to what the threats are, what normative frameworks there are to protect these targets and how they apply. The workshop will tackle the following research questions:

  • What are the main threats faced by CSOs? How have these threats evolved? What countries, regions and types of CSOs are most affected? Who are the main threat actors?
  • What are the short-term and long-term effects of these threats on targeted organizations?
  • How do current normative frameworks apply to these threats? Which concepts are most useful to protect their targets in cyber conflicts?
  • Which stakeholders are most relevant to the protection of civil society, and how have they started to assess their position with respect to their international obligations?
  • What are effective and realistic strategies to counter targeted threats?


  • Lennart Maschmeyer (PhD Candidate, University of Toronto): “Tracking targeted threats in public reporting by the infosec industry”

This research project addresses the threats faced by civil society organizations (CSOs) such as human rights groups and dissident voices in cyber conflict. Debates on cyber threats typically focus on large-scale espionage, massive disruptions and even destruction of critical infrastructure. However, many of the same tools and strategies employed in international campaigns are being used by repressive regimes to monitor and disrupt the work of CSOs at home and abroad. This situation poses a dire threat to open societies and democracies worldwide. The objective of this project is to better understand the extent of the threat by building a comprehensive dataset on malicious activity targeting civil society, thereby providing a basis for countermeasures. The project aims to answer three key questions: (1) What threats do CSOs face in cyberspace, (2) how are these being reported, and (3) what is the overall proportion of malicious activity targeting CSOs? Building on Citizen Lab’s research, the project proceeds with a systematic analysis of public reporting by the infosec industry to track the most common attack vectors, the global distribution of threats and evolution of public reporting on the issue. Based on these findings, the paper concludes with a discussion of the leading infosec firms’ growing clout as intelligence actors and the political implications of this development.

  • Bill Marczak (Postdoctoral researcher, UC Berkeley): “Watching the watchers: how commercial surveillance opens spies to scrutiny”

As online political activity increasingly concentrates on encrypted, pseudonymous social networks like twitter and facebook, states that wish to thwart accountability have fewer options to disable critical voices online. Spying on targets private communications, or simply identifying users, often cannot be accomplished y passive inspection alone, and instead requires an inspector to devise a ruse that tricks targets into performing some action that facilitates the surveillance, such as opening a malicious attachment or link. An industry sells spyware and hacking tools helps facilitate this new active surveillance and has become a third key player in the online interactions between users and states. However, an inspector, and a surveillance company, can be caught if their ruse is imperfect. Indeed, transnational groups of countersurveillance researchers liaise with targeted civil society groups, exposing state surveillance that thwarts accountability. Our paper describes how the industry and the countersurveillers work and respond to each other, and analyzed how countersurveillers may exploit the interplay between the industry, its investors, and its government clients, to advance their cause.

  • Masashi Crete-Nishita (Research Manager at Citizen Lab, University of Toronto): “Canaries in the Coal Mine: Digital Espionage Operations Targeting the Tibetan Diaspora”

Groups that work to protect human rights and civil liberties around the world are being targeted by digital espionage conducted by many of the same operators who target industry and government. These groups and organizations have far fewer resources to defend themselves, yet the stakes of the compromise are often much higher.
The Tibetan community has been targeted by digital espionage operations for over a decade in a longstanding cat and mouse game with well-resourced adversaries. This talk will present a detailed history of these espionage operations with a focus on how these operations have evolved over time, the efforts Tibetan groups have made to mitigate the threats, and how the experiences of the community are instructive for other diaspora groups and civil society movements who may face similar challenges.