You may not know this Citizen Lab researcher. But you should
If you keep abreast of the news, you’ve undoubtedly seen John Scott-Railton quoted by media such as the New York Times, CNN and the Guardian about the participants in the Jan. 6 Capitol Hill riot in Washington, D.C.; the truth about the murder of Saudi journalist Jamal Khashoggi; or the nefarious uses for Pegasus spyware. Railton also appears on the new HBO docuseries Catch and Kill,* to discuss journalist Ronan Farrow’s exposé of movie mogul Harvey Weinstein’s abuse and Weinstein’s use of expert surveillance firm Black Cube to silence his critics.
When it comes to surveillance, Scott-Railton speaks from experience. He, too, has been targeted by Black Cube as the result of his work as a senior researcher and spyware expert with the Citizen Lab at U of T’s Munk School of Global Affairs & Public Policy. Founded at the University of Toronto in 2001 by Professor Ron Deibert, the Citizen Lab research provides “counter-intelligence for global civil society,” exposing weaknesses in the technology we use daily and underscoring how digital advances can be used for anti-democratic ends. The Lab’s interdisciplinary researchers themselves leverage technological, legal and policy expertise to highlight these issues.
Citizen Lab is involved in a variety of research projects that touch our everyday lives, including an examination of ways private companies use the personal data they collect from individuals; online censorship; and digital espionage. All of this lends the Lab’s research its real-world impact, from alerting His Holiness the Dalai Lama to security breaches in his network to exposing a weakness in WhatsApp that made it vulnerable to spyware.
Scott-Railton’s passion for freedom of expression first came to the fore during the Arab Spring of 2011, when he and UCLA graduate school peers created the Voices Project to allow Egyptians to get information out of the country despite a government-imposed internet shutdown. The project helped do the same during the Libyan civil war and brought him into contact with the Citizen Lab and its research. Soon, Scott-Railton joined the Lab, where he currently serves as an expert in targeted espionage.
“My career journey is about digging into work I’m passionate about, but it’s also about collaborations,” Scott-Railton says. “Citizen Lab is just filled with tremendously talented people who are able to do technological things I never dreamed I’d be able to do. They explained their work and techniques so openly, it made me feel that I belonged. I had found a group of people who felt the same way I did.”
During the past few years, Scott-Railton and his Citizen Lab colleagues have been shining the light on NSO group, the cyber-surveillance company that created Pegasus spyware, a government-exclusive hacking tool that can infect mobile phones, essentially converting them to ongoing surveillance devices.
Pegasus was sold to the Saudi government and the Citizen Lab discovered that it was used to gain information about Khashoggi’s whereabouts during his final days. Recent revelations have also linked NSO to a list of more than 50,000 mobile phone numbers from more than 50 countries that appear to be potential surveillance targets for its clients. The list includes French Prime Minister Emmanuel Macron, along with the names of hundreds of journalists, government leaders, opposition politicians and political dissidents, among others.
“My way of looking at the world indicates that there is an authoritarian resurgence globally,” Scott-Railton says. “Authoritarians hold their regimes together using the glue of fear and lies, and they use technology to increase the threat they pose to citizens with total exposure of all their personal privacy. We must prevent the possibility that there will be nowhere in the world safe from menace.”
In 2019, Scott-Railton and his colleagues were engaged in research to determine who had purchased Pegasus spyware, given the danger it poses. As a result, Scott-Railton attracted unwelcome attention from an unnamed party who hired Black Cube to discover more in an attempt to discredit the organization.
In series of events worthy of a Jason Bourne espionage movie, Scott-Railton caught onto Black Cube’s surveillance efforts. The Citizen Lab, in conjunction with the Associated Press, carefully designed a sting operation to expose the espionage. Scott-Railton met with one of their operatives, a man purporting to be a potential investor, for lunch in a New York City restaurant and covertly filmed the conversation. After general questions turned to detailed probing about the Citizen Lab’s research, Scott-Railton signalled an Associated Press reporter stationed nearby, who confronted the man while cameras rolled. He denied everything, but has since turned the tables and informed on Black Cube.
“This episode should serve as an important lesson for all groups who, like Citizen Lab, work in areas that expose wrongdoing through evidence-based research,” said Deibert, founder and director of the Citizen Lab, in a 2019 statement. “Risks are not always easy to calculate and can come in many unpredictable forms.
“What happened was serious,” Deibert added in a recent interview. “It’s pretty scary to be the subject of this type of operation, where an organization is trying to gather information they could use to discredit us.”
Scott-Railton agrees, noting, “This work isn’t over. We are seeing the proliferation of this type of terrorism around the globe and it’s best to be sure people know about it. There is an entire system of mercenary players out there. But, one of the most powerful things we’re seeing is that a number of technology companies like WhatsApp, Microsoft and Google are deciding this is enough and calling them out. Now, we need to see policymakers take it seriously.”
Recently, Scott-Railton has turned his attention to working with colleagues at the Citizen Lab and in the media to identify participants in the Jan. 6 Capitol Hill riot.
“It’s important that the people who were emboldened to storm the Capitol know they weren’t as anonymous as they thought,” he says. “Once I have information, I get in touch with journalists who work to confirm it. It is an opportunity to preserve the values of democracy that we all hold dear.”
As long as there are such abuses of power and attempts to silence citizenry and obscure the truth, Scott-Railton and his colleagues will have no shortage of counter-intelligence work to keep them busy.
*Check HBO listings for availability
