Digital repression across borders is increasing

“Digital targeting seriously impacts the well-being of victims, undermines their ability to participate in transnational advocacy, violates fundamental rights such as the right to privacy, freedom of expression and peaceful assembly, and increases the dangers to their relatives and friends living in remain in their country of origin,” the report said.

The countries that the Citizen Lab identified as some of the most common perpetrators of digital transnational repression are Yemen, as well as Afghanistan, China, Iran, Rwanda and Syria. Zero-click software hacks, which allow an attacker to break into a phone or computer even if the user does not open a malicious link or attachment, are of particular concern, said Noura Al-Jizawi, a research associate at the Citizen Lab and co-author of the report. That’s because “they can circumvent digital hygiene practices,” she says.

In 2021, hackers used such code to infiltrate and install spyware on the cell phone of Saudi women’s rights activist Loujain al-Hathloul, then living in British Columbia. In that case, the perpetrators accidentally left an image file on her phone that allowed investigators to identify the source of the code. The digital blueprint led to NSO Group, an Israeli technology company that has made headlines for selling spyware to authoritarian nation states.

Some forms of digital repression are intended to embarrass and doxx. An unnamed interviewee in the Citizen Lab report, who moved from China to Canada, found that fabricated nude photos of her were being circulated among those attending a conference she was planning to attend. Her personal information was also posted in online advertisements asking for sex services.

Victims of this type of harassment experienced distress, fear and fear for the safety of their families, the report said. “There is also a sense of resignation among those who continued with activism, such as the realization that this kind of targeting would continue,” said study co-author Siena Anstis, senior legal counsel at the Citizen Lab.

Many activists have become paranoid about the messages they receive. Kaveh Shahrooz, an Iraqi lawyer living in Canada who lobbies on behalf of dissidents, gives each email special attention. Shahrooz says he once received a message from an alleged organizer of a human rights conference in Germany inviting him to speak and asking him to fill in personal information via a provided link. He researched more about the conference and found that he had not been invited, although the personal email sounded professional.

“That’s one end of the spectrum,” Shahrooz says, “where you can be fooled into clicking a link. But then at the other end you get threatening messages about my activist work — things like ‘We know what you do and we will settle with you later.’”

A flock of pigeons circles in the sky over houses in a Uyghur farming village on the edge of the desert.


There are few remedies. Several victims of spyware attacks in the UK have filed (or are bringing) civil claims against state operators and NSO Group, Anstis said. She adds that such cases are expected to be challenged, as they generally target claims against companies outside the scope of the host country.