This report describes the results of two independent security audits of Smart Sheriff, one by researchers who collaborated at the 2015 Citizen Lab Summer Institute (held at the Munk School of Global Affairs, University of Toronto), and the other by the auditing firm Cure53. The combined audits identified twenty-six security vulnerabilities in recent versions of Smart Sheriff (versions 1.7.5 and under). These vulnerabilities could be leveraged by a malicious actor to take control of nearly all Smart Sheriff accounts and disrupt service operations.
In response to the call for submissions of the United Nations Special Rapporteur on freedom of opinion and expression regarding the use of encryption and anonymity in digital communications, the Citizen Lab and independent researcher Collin Anderson have submitted a joint analysis, entitled “The need for democratization of digital security solutions to ensure the right to freedom of expression.”
Building on past network measurements, legal, and policy analyses undertaken by the OpenNet Initiative, we set out to apply a mixed-methods approach to better understand the current situation. Our analysis is set in the context not only of the 2013 IGF, but amidst increasingly intense debates about free expression and access to information, and rapid technological change and development.