Editorial, 7 July 2022
A researcher from the Northcentral University of Arizona accuses the Canadian lab of putting the interests of pro-independence supporters before scientific verification.
Jonathan Scott, a malware researcher at Northcentral University of Arizona, published a 60-page report on Twitter on Monday 4 July entitled “Uncovering Citizen Lab. Debunking CatalanGate”, in which he accuses the Canadian technology and human rights laboratory Citizen Lab of having acted with a complete lack of scientific rigour in the report it published on 18 April on spying on Catalan pro-independence supporters.
Jonathan Scott, who is a PhD student at Northcentral University and who has created the association “hacktree.org” to support ethical hackers, analyses the report christened ‘CatalanGate’ by Citizen Lab and detects numerous shortcomings, obscure points and unjustified conclusions. “My report provides evidence that negates the central claims made by Citizen Lab in its Catalan Gate report,” he says.
Scott says that “the CatalanGate report has been presented to the world as the scientific discovery of a global threat. In the same way that medical reports require proof of claim that can be verified by professionals, the same applies to allegations of spyware infection. It is clear that the pressure to publicise CatalanGate has neglected its scientific verification and validation. There is no evidence for more than 55% of the allegedly attacked or infected Catalans”.
“When a crime is reported, the investigator always asks “When did this happen?” and if the answer is: “I don’t know, they told me it happened”, how can the victim act correctly? There are people who were told they were infected with spyware and who live every day believing they have been raped when in fact this is not the case. It is time for people to know the truth,” writes Scott in the conclusions of his report.
This scientist has had to write “Discovering Citizen Lab. Debunking CatalanGate” based solely on the data that Citizen Lab included in its report on the alleged spying on 67 people in favour of Catalan independence and on his technical ability to investigate it thanks to his knowledge of malicious software and indirect investigations.
Throughout his study, he denounces the collusion between pro-independence leaders and the heads of Citizen Lab to create a CatalanGate that included the largest number of alleged spied on individuals. He also highlights the fact that infections are attributed to domains that were not operational at 86% of the times when the attacks supposedly took place, and suggests that some of the 67 cases included in Citizen Lab’s CatalanGate may be false positives or even have been created on purpose to increase the number of victims.
“Deunking CatalanGate” includes a review of Citizen Lab’s information on the alleged victims of espionage with the Pegasus and Candiru programmes, highlighting that half of the cases acknowledge that they do not know when they were attacked and, overall, concludes that the Canadian laboratory does not base its claims of espionage on reliable and verifiable data. More than two months ago, Scott asked the directors of Citizen Lab to provide him with the forensic analyses on the basis of which they had reached the conclusions of its CatalanGate. He has received no reply.