The director of Citizen Lab, one of the most prominent organizations investigating government spyware abuse, is raising alarms to the cybersecurity community and asking them to join and participate in the fight against authoritarianism.
On Wednesday, Ron Deibert will give his keynote speech at the Black Hat Cybersecurity Conference in Las Vegas, one of the biggest gatherings of information security experts this year.
Prior to his speech, Debert told TechCrunch he plans to describe him as a “descent to a kind of fusion of technology and fascism,” and the role that big tech platforms play, “promoting the truly horrific kind of collective anxiety that is not commonly addressed as a problem with cybersecurity.”
Deibert described recent US political events as “a dramatic descent into authoritarianism,” something the cybersecurity community can help defend.
“At least they should know what's going on and hopefully they can't contribute to it.
Historically, at least in the US, the cybersecurity industry has put some politics behind it. However, these days, politics has completely entered the world of cybersecurity.
Earlier this year, President Donald Trump ordered an investigation into former CISA director, Chris Krebs, who publicly refused Trump's false claims about election fraud by declaring the security of the 2020 election. Trump later fired Krebs in a tweet. In an investigation ordered by Trump to reelection in 2024 several months later, Krebs has vowed to step down from Sentinel Lawn and fight back.
In response, Jen Easterly, another former CISA director and Krebs successor, called on the cybersecurity community to engage and speak out.
“Being silent when experienced, when mission-led leaders are on the sidelines or approved, risking something greater than discomfort. They risk reducing the very institutions here to protect,” Easterly wrote in a LinkedIn post.
Easterly was a victim of political pressure from the Trump administration when he received an offer to join West Point in late July.
Deibert, who published his new book, Chasing Shadows: Cyber Spionage, Subversion, and The Global Fight for Democracy, this year, reflects the same message as Easter.
“I think there's a point where you have to recognize that the landscape is changing around you, and the security issues you set for yourself are trivial in light of the anxiety that's being propelled forward without the broader context and proper checks and balance and monitoring.
Deibert is also concerned that large companies such as Meta, Google and Apple can take a step back from their efforts to combat government spyware, which is sometimes called “commercial” or “mercian” spyware, by thwarting threat intelligence teams.
These threat intelligence teams are a dedicated group of security researchers who track both government hackers working within government agencies such as China's Ministry of National Security, as well as Russian intelligence agency FSB and GRU, and companies such as NSO Group and Paragon.
These are the same teams responsible for detecting hacks against their users, such as when WhatsApp hacks more than 1,400 users in 2019, or when Apple uses government spyware to catch hackers and target customers to notify victims of attacks.
Deibert is concerned that they could, or at least, cut back on the same company's moderation and safety teams.
He told TechCrunch that threat intelligence teams like Meta are doing “amazing work” by remaining separate from the commercial weapons of the wider organization.
“But the question is how long it will last,” Daver said.