The volume of drug trafficking on darknet markets is at an all-time high. While harm reduction is a well-researched topic in general, only a few studies have examined harm reduction on the darknet. Actors on the supply-side of darknet drug trade (operators and vendors) deal with harm reduction because of their economic interests. Many darknet markets share information on harm reduction on their info pages, and vendors often provide instructions for safe drug use in product descriptions. Harm reduction activities also take place on the demand-side, drug users share important information with each other on forums. The goal of this research is the in-depth examination of this information and its evaluation with the active involvement of stakeholders.

 

Findings from this in-depth examination and evaluation of peer harm reduction on the darknet can be exploited both by policy makers and practitioners. On the one hand, re-evaluating the darknet drug trade from  a  community  point  of  view  may  have  implications  for  darknet  policing.  On  the  other  hand,  the practical  evaluation  of  the  phenomenon  can  influence  the  development  of  targeted  harm  reduction programs. In line with the global nature of drug trafficking on the darknet, this research is designed to enable cross-country comparison and intercontinental knowledge transfer, and thus to have an impact in Canada, in the European Union and beyond.

Over the last several years political actors worldwide have begun harnessing the digital power of social media, where once described as “liberation technology” (Diamond, 2010) is now being observed as a possible weapon used to disrupt multilateral diplomacy and threaten liberal democratic norms and values.  This  project  studies  the  way  China  in  particular  utilizes  digital  techniques  to  undermine democracy  in  countries  such  as  Canada.  China  serves  as  a  compelling  case  study  concerning  the weaponization of disinformation as the tactics they utilize include subtle, indirect as well as forms of digital subversion through the spread of digital disinformation in domestic as well as international politics. The project will also examine the tactics used by China to disrupt electoral politics in the U.S. and Taiwan in order to gain profound insight of the extent to which China’s interference in Canadian politics could become much more severe and insidious.

​

A  fair,  transparent  democratic  process  is  the  basis  of  protecting  the  human  rights  stated  in  our constitution. Recent evidence suggests that our election system has been influenced by powerful foreign totalitarian  state.  There  is  a  pressing  need  to  respond  to  the  situation.  The  PI,  Benjamin  Fung,  is  a Professor  and  Canada  Research  Char  in  Data  Mining  for  Cybersecurity  at  McGill  University.  He  will contribute  his  expertise  of  AI  and  digital  forensics  to  analyze  the  collected  disinformation.  The  Co- Investigator, Simon Hogue, is Assistant Professor at the Royal Military College Saint-Jean. His research specialty is in the areas of surveillance studies and democracy, political participation and citizenship in the digital age. The research partner is DisinfoWatch, a Canadian-based disinformation monitoring and debunking platform. Part of the disinformation will be collected via DisinfoWatch. The research results will be shared with DisinfoWatch and the Vice Chair of the Special Committee on the Canada–People’s Republic of China Relationship in the Parliament.

As it is the nature of democracy, politicians normally face opposition by various groups. For example, major international business deals, regulatory concessions, and large procurement contracts can be criticized. However,  democratic  institutions  being  open  and  free,  allegations  of  conflict  of  interest, bribery, and corruption are one of the most damaging and difficult forms of opposition. They can be as simple as raising doubts about some connections among decision makers. Libel is difficult to sue if democratic discussions are formulated in questions instead of accusations.

​

Disinformation attackers can use social media to spin actual news about government projects and add false claims that make them appear as blame to a specific person, group, organization, or business. The claims rely on assumptions and/or fabricated facts, both very difficult to verify beyond reasonable doubt. Emotions are also stirred as opponents thereby rely on noble feelings to fabricate divisions. Their  arguments  use  citizens’ fears  of  mistaken  trust,  anger  for  misuse  of  public  funds,  and  due diligence error by oversight agencies. Mismanagement of these attacks can damage democracy for several years with risk of irrecoverable trust.

We propose to develop an ontology and knowledge graph, both published under open-source licenses, to enable future research and help model how disinformation attackers use social media to create false dissension. An empirical study of past events and public opinion can serve to reveal patterns of attack. A survey of political staffs in both Parliament of Canada and US Congress will help connect with the  practitioner  community,  identify  salient  cases  of  disinformation  campaigns  against  politicians, especially   cross-sectional   (gender,   ethnicity,   identity),   and   develop   a   joint   research-learning community to help strengthen democracy.

From this learning process, new research assets will be developed to help future research. A dataset of  curated  news  and  discussions  is  developed,  serving  to  identify  disinformation  indicators  from factual  data.

Prior research in usable security primarily focuses on the security and privacy experiences of users from medium-high socio-economic backgrounds, similar physical and cognitive abilities, and ethnic backgrounds. Thus, the needs of underrepresented users, such as those from low-SES areas has not been explored. These users may face different security and privacy risks due to their backgrounds, circumstances, or experiences, so it is important to understand their security and privacy behaviours. For  example,  low-SES  users  may  have  lower  overall  cybersecurity  literacy,  due  to  limited  learning opportunities, which may make them more susceptible to security and privacy risks. This project aims to understand the security and privacy behaviours and mental models of youth (12-17-year-olds) from low-SES areas. The long-term objective of our research is to use the findings from this project to design tailored interventions to improve the security and privacy of low-SES youth.

With regards to context, this project will focus on low-SES youth’s security and privacy behaviours online and their mental models of various online risks.

Cybersecurity is commonly explored in terms of the national security and organizational risks of data breaches, and the technical and legal mechanisms that can be used to protect, prevent and redress such breaches. There is another dimension to cybersecurity: the extent to which individual security and dignity can be compromised. This edited collection will explore the technical and legal dimensions of the security of self, such as technology-facilitated abuse, social media, the sharing culture, and reputational harm. The collection will have a Canadian focus, and be open access (probably with uOttawa Press).

Because the mere concept of “Security of Self” may need to be brainstormed and unpacked, we are hoping to first convene all interested authors for a workshop where we will discuss and try to draft a common understanding of the concept. The workshop will also be an opportunity for colleagues to share the topic/idea they want to develop in their chapter, so everybody is aware of what is in the collection (making it easy to build links across chapters; but also helping us highlight potential gaps in the collection).

The  decentralized  finance  (DeFi)  industry  is  broadly  defined as  transparent,  open-source  and permissionless online financial products and services developed by enterprises and/or individuals. Among growing financial products are crypto tokens, such as UniCrypt or DIA, which are online fungible assets created  through  smart  contracts  enabled  by decentralized  blockchain  platforms. Ethereum is one such platform, hosting over 450,000 smart contracts issuing crypto tokens which, altogether, had a market cap of over 150 billion US dollars in 2022. Such worth, coupled with the decentralized and pseudo-anonymous features of crypto transactions, creates an appealing setting for hacks leading to [cyber]thefts. Indeed, hacks targeting DeFi software and incurring losses of millions of dollars have been recorded weekly. Given the transparency of blockchain platforms (and their related crypto tokens) and the frequent publications of hacks, there exists a unique research opportunity to better understand hackers’ target selection that leads to successful thefts, and the financial behaviors of their victims once such an event has taken place.

​

Moreover,  crime  opportunity  theory  (Cook,  1986)  provides  a framework  to  understand  the interaction between victims and offenders in  such predatory crimes. It uses the theory of markets to describe and predict how offenders and victims interact. Cook (1986) assumes that offenders are  rational  and selective  and  will choose  targets  with  higher  payoffs  and fewer  risks  of  legal consequences. Meanwhile, victims respond to crime with self-protective measures.

According to the Pew Research Center, TikTok is one of the most popular social media platforms in recent years (Pew Research Center, 2022). In 2021, 5 years after its inception, it already had over 800 million subscribers (Li et al., 2021). Like YouTube, Instagram or Facebook, TikTok promotes user experience by offering content powered by a recommendation algorithm calibrated on a series of variables, such as “likes”, comments, and time spent on each video, or content (Golden & Danks, 2021). Through its immersive infrastructure, TikTok has supported multiple phenomena that have gone viral, such as "handwashing" during Covid-19 (Basch et al., 2022). However, it differs from other social media platforms by the challenges, dances and lip- syncing initiated by its users, which comes with great potential for attraction and imitation. Also, TikTok's algorithm puts users at greater risk of unintentionally encountering disturbing contents (Fang et. al., 2019). These features have been appropriated by radical and extremist movements such as the Boogaloo Boys (Clayton, 2020), the Islamic State (Weimann & Masri, 2020), or anti- Semitism groups (Weimann & Marsi, 2021). The purpose of this project is to explore the various facets of anti-women (anti-feminist) hate speech on TikTok, a topic that has not yet been the subject of much research.

 

To do so, and based on the Canadian center for Cyber Security (2022), we will adopt a socio-technical approach, considering anti-feminist and cyber-hate as the result of a mediation between technology and humans. We will deploy a digital qualitative method of observation by "immersion" in the TikTok environment and proceed to the collection and content analysis of videos, posts, hashtags, and accounts, related to antifeminism. Our entry point into this ecosystem will be the identification of hashtags with hateful connotations toward women.

Across Canada, corporations have a duty to notify authorities – and, in most cases, consumers – should they suffer a data breach that is believed to have created a “real risk of significant harm” to said consumers’ personal information. While such an obligation can be found in a number of Federal and Provincial laws, as well as in US and European legislation, there is little data available to establish whether it has had its desired effect, i.e. whether it truly helps protect consumers’ personal information. Furthermore, the data that is available seems to indicate that only a fraction of detected data breaches are divulged  to  the  proper  agencies,  which  in  turn  suggests that  there  is  a  lack  of  effectiveness pertaining to these obligations or,  rather,  to the legal  dispositions that created them.  In 2022,  the Federal  Government  presented  Bill  C-27, An  Act  to  enact  the  Consumer  Privacy  Protection  Act,  the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts. Among its numerous goals, the Act aims to reform personal information protection on a federal level. The timing is therefore perfect to study the effectiveness of data breach notification laws to gather a better understanding of why several corporations seem to disregard their obligation. Such a study could help guide legislative changes.

​

Our  research  will  therefore  aim  to  answer  the  following question:  How  can  we  improve  the effectiveness of data breach notification laws in Canada? To do so, we will approach the three Canadian bodies  that  receive  data  breach notification  notices  (the  Commission  d’accès  à  l’information du Québec, the Office of the Privacy Commissioner of Alberta, and the Office of the Privacy Commissioner of Canada) to gather as much data as possible on the number and types of notices that were received in past years. By crossing this data with existing legal and security studies, we aim to gather a better understanding  of  the  relative  impact  of  breach  notification  laws  and  how  to  improve  their effectiveness.

This project aims to identify and analyse current and emerging challenges concerning the policing of financially motivated cybercrime. Financially motivated cybercrimes include cyber-enabled crimes typically thought of as frauds and scams as well as cyber-dependent crimes extending to exfiltrating and selling stolen data as well as ransomware attacks. The project will therefore extend to cybercrimes, including cyber frauds, business email compromise,  identity  theft, malware/ransomware, and  other  potential  extortion  offences.

 

Adopting  a comparative perspective between Australia and Canada, the project will leverage qualitative interviews with sworn and unsworn members of law enforcement agencies concerning the perceived challenges now and over the next 3-5 years. These challenges will be framed according to endogenous factors – including organisational design; knowledge, capabilities, and resources of cybercrime teams – and exogenous factors including the nature and evolution of diverse cyber-criminal harms. By focusing on two countries with similar political systems as well as socio-economic structures, the project will identify insights relevant for both countries independently and collectively. Furthermore, the comparative approach will ensure these findings are likely to be relevant for many other countries, most notably the Five Eyes. The findings will advance research related to financially motivated cybercrime and policing in addition to police policy and practice.

Almost 5 billion individuals worldwide use social networking sites (SNS) today, and 78% of Canadians visit such sites regularly. SNS play an important part in how individuals communicate, get news and even learn new skills. A good example of the educational potential of SNS is the information security (infosec) community on Twitter. This community is extremely active in sharing information about threat actors, security tools and techniques and strategies to protect corporate networks. Recent research suggests  that  hackers  are  also  active  users  of  Twitter,  first to take  advantage  of  all  the  infosec knowledge published on the network, and second to network with and learn from other hackers. This implies that Twitter is a double-edged sword that helps security professionals secure their corporate network, but also enhance hackers’ attacks. The extent to which Twitter can and is used to advance malicious attacks remains unknown at this point.

 

The general aim of this project is to assess the impact of Twitter on the effectiveness of hackers’ attacks on corporate networks. To do so, we will collect all hacking-related tweets, whether they come from the infosec or hacking community. We will map the diffusion of information and relationship ties across both communities, to identify key players and determine whether hackers appear to improve their skills as they become more exposed to information security tweets and users. The outcome of this project will be an understanding of the structure of the hacking community on Twitter, and the evolution of this community over a period of 2 years. Our findings will shape policies on the investigation and monitoring of malicious hackers online, as well as offer practical indications of how and what hackers learn that can be used to enhance today and tomorrow’s corporate defenses.