Citizen Lab Director Warns Cyber Industry About US Authoritarian Descent

Ron Deibert, the director of Citizen Lab, a leading organization investigating government spyware abuses, is sounding a critical alarm to the cybersecurity community, urging professionals to step up and join the fight against authoritarianism.

Deibert is scheduled to deliver a keynote address at the Black Hat cybersecurity conference in Las Vegas on Wednesday, a major gathering for information security professionals. Ahead of his talk, he expressed concerns to TechCrunch about what he describes as a “descent into a kind of fusion of tech and fascism.” He highlighted the role Big Tech platforms play in “propelling forward a really frightening type of collective insecurity that isn’t typically addressed by this crowd, this community, as a cybersecurity problem.”

Deibert characterized recent political events in the United States as a “dramatic descent into authoritarianism,” but stressed that the cybersecurity community is positioned to help defend against it. “I think alarm bells need to be rung for this community that, at the very least, they should be aware of what’s going on and hopefully they can not contribute to it, if not help reverse it,” he stated.

The cybersecurity industry, particularly in the United States, has historically maintained some distance from politics. However, Deibert notes that politics has recently become fully integrated into the cybersecurity world. He pointed to instances such as former President Donald Trump’s order for an investigation into former CISA director Chris Krebs, who had validated the security of the 2020 election against false claims. Trump subsequently fired Krebs via tweet. Krebs was later compelled to step down from SentinelOne and vowed to contest the politically motivated federal investigation.

In response to such actions, Jen Easterly, a former CISA director and Krebs’ successor, called upon the cybersecurity community to engage and voice their concerns. Easterly wrote on LinkedIn, “If we stay silent when experienced, mission-driven leaders are sidelined or sanctioned, we risk something greater than discomfort; we risk diminishing the very institutions we are here to protect.” Easterly herself experienced political pressure from the Trump administration when her offer to join West Point was withdrawn.

Deibert, who recently published his book “Chasing Shadows: Cyber Espionage, Subversion, and the Global Fight for Democracy,” echoes Easterly’s message. He believes it’s time to recognize the evolving landscape where emerging insecurities, fueled by deteriorating checks and balances, overshadow traditional cybersecurity concerns. “I think that there comes a point at which you have to recognize that the landscape is changing around you, and the security problems you set out for yourselves are maybe trivial in light of the broader context and the insecurities that are being propelled forward in the absence of proper checks and balances and oversight, which are deteriorating,” Deibert remarked.

Furthermore, Deibert expressed concern that major technology companies like Meta, Google, and Apple might scale back their efforts to combat government spyware, sometimes termed “commercial” or “mercenary” spyware. This worry stems from the fact that these companies have also reduced their moderation and safety teams. These threat intelligence teams are vital for tracking government hackers from entities like China’s Ministry of State Security or Russia’s FSB and GRU, as well as private companies like NSO Group. Such teams were instrumental in detecting breaches, such as WhatsApp’s discovery of NSO Group hacking over 1,400 users in 2019, and Apple’s notifications to customers targeted by government spyware.

Deibert identified a “huge market failure when it comes to cybersecurity for global civil society,” referring to the segment of the population unable to afford protection from security firms that primarily serve governments and corporations. He warned that this failure will become more acute as supporting institutions weaken and attacks on civil society intensify. “Whatever they can do to contribute to offset this market failure (e.g., pro bono work) will be essential to the future of liberal democracy worldwide,” he urged.

Deibert is concerned that these critical threat intelligence teams, which he acknowledged are doing “amazing work,” could be reduced or eliminated, especially since similar teams within these companies have already faced cuts. He questioned the longevity of their current structure, asking, “But the question is how long will that last?”