Senior Researcher, Citizen Lab
John Scott-Railton is a Senior Researcher at Citizen Lab at The University of Toronto. His work focuses on technological threats civil society, including targeted malware operations, cyber militias, and online disinformation. His greatest hits include a collaboration with colleague Bill Marczak that uncovered the use of NSO Group’s Pegasus spyware to target civil society in several countries, including Mexico and the UAE. This investigation also uncovered the first iPhone zero-day and remote jailbreak seen in the wild. Other investigations include the first public report of ISIS-led malware operations, the Government of China’s nation-scale DDoS attack (the “Great Cannon”), and the ‘tainted leaks’ Russian disinformation campaigns. John has also investigated the successful manipulation of news aggregators such as Google News, and privacy and security issues with fitness trackers. Recently, John was a fellow at Google Ideas and Jigsaw at Alphabet. Previously he founded The Voices Projects, collaborative information feeds that bypassed internet shutdowns in Libya and Egypt.
As nonprofits and funders increasingly deploy technological solutions to address social issues, the social sector should be paying much more attention to cybersecurity threats that could threaten the very undergirdings of that work — and our democracy as a whole. How can funders ensure that their giving, regardless of program area or geography, is protected from threats that seek to undermine and undo the progress they are making? What are reasonable tradeoffs between convenience and safety?