It was May of 2012 at a security conference in Calgary, Alberta, when professor Ron Deibert heard a former high-ranking official suggest he should be prosecuted.

This wasn't too surprising. In Deibert's world, these kinds of things occasionally get whispered through the grapevine, always second-hand. But this time he was sitting on a panel with John Adams, the former chief of the Communications Security Establishment Canada (CSEC), the National Security Agency's little-known northern ally. Afterward, he recalls, the former spy chief approached and casually remarked that there were people in government who wanted Deibert arrested—and that he was one of them.

Adams was referring to Citizen Lab, the watchdog group Deibert founded over a decade ago at the University of Toronto that's now orbited by a globe-spanning network of hackers, lawyers, and human rights advocates. From exposing the espionage ring that hacked the Dalai Lama to uncovering the commercial spyware being sold to repressive regimes, Citizen Lab has played a pioneering role in combing the Internet to illuminate covert landscapes of global surveillance and censorship. At the same time, it's also taken the role of an ambassador, connecting the Internet's various stakeholders from governments to security engineers and civil rights activists.

"When it comes to Citizen Lab, what you have is methodical, careful, but passionate people," says Gus Hosein, the director of the UK-based Privacy International and a longtime acquaintance of Deibert's. "That is what I wish every academic research institution was, but clearly they've been allowed a degree of freedom that others in academia aren't given."

Citizen Lab first made waves in 2009 with "Tracking GhostNet," a report which exposed a vast electronic spying network that had compromised more than 1,200 computers in 103 countries, ensnaring Tibetan activists, embassies, media outlets, and many others. But it was the boldness of the research—which involved gaining control of an unsecured malware server off the coast of China—that seemed to take the government by surprise. While Citizen Lab only scanned unsecured, public-facing systems, the powers that be apparently thought what they were doing was illegal.

"It's a bit freaky to hear that," Deibert said when he recalled the Calgary encounter in an interview with Ars. "When people ask, 'are you worried about the Chinese or some other adversary out there,' I say I'm always a bit more worried about my own government, because this is the kind of thing I hear occasionally."

One year after Edward Snowden, such sentiments are commonplace—not just in the computer security crowd. In March, Reporters Without Borders added the NSA and its British counterpart GCHQ as "Enemies of the Internet" in their annual report on surveillance and censorship. The US Department of Justice countered with an update to its own "Cyber Most Wanted" list, indicting five Chinese military hackers it claims have been conducting economic espionage on US targets—even as leaks continue to show the US engages in the same activities.

Meanwhile, commercial hacking tools and massive-scale intrusion systems like the NSA's TURBINE and QUANTUM further illustrate that the Internet has become what people like Deibert always feared: a militarized zone, where entire networks are twisted into weapons of state power. "We have these enormous agencies that are relics of the Cold War whose budgets have ballooned after 9/11 operating in total secrecy, and at the very same time we're going through probably the most profound revolution in communications in human history," says Deibert.

Nevertheless, Citizen Lab has earned its reputation in part by borrowing from the playbook of those intelligence agencies. The result is what Deibert describes as a "hacker hothouse," where security expertise, politics, and ethics collide.

Prying for the people

Starting out in the basement of the Munk School of Global Affairs with a handful of students in the Spring of 2001, Deibert's Citizen Lab now operates out of a third-story office on Bloor Street, on the northwest edge of the University of Toronto campus. But like the agencies its members often criticize, Citizen Lab has collaborators operating everywhere, supplying information about how state power is being exercised in cyberspace.

Deibert doesn't mind the comparison. In fact, much of his inspiration for the Lab came from working inside the Canadian Department of Foreign Affairs in the mid-'90s, where he studied the use of satellite reconnaissance for arms control verification. The working group he was part of conceptualized a kind of "earth monitoring system" to enforce bans on nuclear testing—a worldwide system of satellites, underwater fences, and seismic stations designed to hold entire nations to account.

It was here that Deibert peered into the dark realm of global intelligence and geopolitics and saw a battle being quietly fought behind the scenes. "There's this whole world of big power politics, a struggle to compete for political advantage deep beneath the surface," he says. "I was dumbfounded that this area was so important to world politics but so understudied."

Deibert brought that experience to bear when he received a grant from the Ford Foundation in 2001. He wanted Citizen Lab to be like an intelligence agency for civil society—a kind of ersatz NSA for the people that used open source tools and intelligence to watch the watchers without cracking passwords or breaking into systems. He wanted to turn the spook world on its head, recruiting hackers, lawyers, and policy experts that could operate in the daylight of academia and, crucially, with institutional backing.

These days Deibert is more judicious with the intelligence agency metaphor, worried it could endanger the lives of collaborators in places where the Lab's work might be misunderstood as a form of state spying. One such partner, the Pakistani digital rights group Bytes For All, is routinely the subject of threats and intimidation from state agencies and radical groups, he says. Many others are based in countries where security research can result in intimidation, imprisonment, or worse. (A Citizen Lab spokesperson did not respond when we asked how many employees and collaborators the group has.)

Obviously, Citizen Lab doesn't have the massive technical resources, secrecy, and often-questionable legal authorities of an NSA or a CSEC. But Deibert is nonetheless concerned enough to tone down the rhetoric and describe the Lab in terms of its academic mission.

Still, when it comes to what a "people's intelligence agency" might look like, it's hard to find a better template than the one created by Citizen Lab. And its hacker ethos is reflected in those it calls its allies.

"When you think about hacking as a civic ethic—this idea of lifting the lid and seeing what's beneath the surface—this all comes together," says Deibert. "The idea of hacking and hacktivism seemed to me a really powerful way of motivating people; not hacking and breaking the law, but hacking as the spirit of curiosity about technological systems."