A young Tibetan woman living in Northern India takes a trip back to her village in Tibet to visit family. For the last two years she has been working for Drewla, a Tibetan NGO that provides ways for Tibetans inside Tibet to connect with the diaspora online. The trip does not go as planned.
When she reaches the Nepalese-Tibetan border she is immediately taken into detention and held for two months. Chinese authorities interrogate her about her employment in Dharamsala. The young woman denies being involved in any political activities and insists she went to Dharamsala for studies. The authorities presented a stack of chat transcripts from conversations she has had online. They explained to her that they have been monitoring Drewla and knew about its activities. They eventually released the woman and allowed her to travel to her village with a message for her colleagues back in Dharamsala: “You are not welcome to return to Tibet”
Drewla was indeed under surveillance. Researchers at the Citizen Lab at the University of Toronto ran an investigation into the networks of Drewla and other Tibetan organizations in 2009 and found they were all infected by malware that connected to GhostNet, a digital espionage network.1 The goal of GhostNet was to maintain clandestine access to computer networks and communications for as long as possible.
Tibetans were not the only targets. GhostNet infiltrated over a thousand computers in over one hundred countries around the world. The command and control servers used to operate the malware were traced back to China, and the targets all had a common connection: geopolitical interest to the People’s Republic of China (PRC). Exposing this network revealed to the world a dark truth that Tibetans had known for years: China uses targeted malware as a form of digital espionage to spy on its opponents.
The Tibetan community has been targeted by digital espionage for over 20 years by groups with ties to the PRC. These coordinated campaigns aim to infiltrate the communications and data of key people and organizations in the Tibetan community to disrupt and subvert the goals of the Tibet movement.
This type of spying violates rights to privacy, assembly, and free speech. Digital espionage is a form of transnational repression that extends the reach of authoritarian states beyond their borders to surveil, harass, and intimidate political dissidents and marginalized groups. By infiltrating digital communications and preemptively identifying dissent, the PRC aims to counteract any challenges to its authority, both domestically and internationally.
Digital espionage campaigns against the Tibetan movement have been widely documented by threat intelligence companies and research groups.2 Missing from these reports are the voices of the community and discussion of how decades of digital spying impact the movement.
The arduous history of digital espionage against the Tibetan community acts as a canary in the coal mine for global civil society. The experience of the Tibet movement provides a warning that harnessing the power of information technology for social movements requires vigilant attention to digital security.
This report documents the history of digital espionage against the Tibetan community through first hand accounts of targeted people and groups. These stories reveal the harms of digital transnational repression and show how the Tibetan movement has built capacity to defend against the threat. The Tibetan community has taken ownership of the challenges it faces online developing digital security training, capacity building, and incident response capabilities. These efforts culminated in 2018, when the Tibet Action Institute launched the Tibetan Computer Emergency Readiness Team (TibCERT), which seeks to foster collaboration on digital security in the Tibetan community, respond to security incidents, and provide Tibetans in Tibet with the latest information on censorship and surveillance. TibCERT is a natural progression of the digital security work that Tibet Action Institute had been carrying out in the community for over a decade.
The stories shared in this report present the harms of digital threats while also offering a message of empowerment, which shows how social movements can persevere in the face of authoritarianism and continue to speak truth to power.
The report is structured in three sections outlined below:
This section recounts the early history of how the Tibetan movement came online and the digital threats that soon followed.
This section shares stories from members of the Tibetan community who have been targeted by digital espionage. Their testimonies document the history and impact of digital threats against the Tibet movement.
This section describes the remarkable digital resilience built by the Tibetan community in response to digital espionage and reflects on what civil society can learn from this experience.