Advanced Search
Content Type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content Type: Examples
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content Type: Examples
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum…
Content Type: Case Study
In Peru, you get asked for your fingerprint and your ID constantly - when you’re getting a new phone line installed or depositing money in your bank account – and every Peruvian person has an ID card, and is included in the National Registry of Identity – a huge database designed to prove that everyone is who they say they are. After all, you can change your name, but not your fingerprint.
However, in 2019 the National Police of Peru uncovered a criminal operation that was doing just that:…
Content Type: Advocacy
This stakeholder report is a submission by Privacy International (PI), the National Coalition of Human Rights Defenders Kenya (NCHRD-K), The Kenya Legal & Ethical Issues Network on HIV and AIDS (KELIN), and Paradigm Initiative.
PI, NCHRD-K, KELIN, and Paradigm Initiative wish to bring their concerns about the protection and promotion of the right to privacy, and other rights and freedoms that privacy supports, for consideration in Kenya’s upcoming review at the 35th session of the Working…
Content Type: Long Read
Sitting on the ground inside an unadorned courtyard in Koira Tegui, one of Niamey’s most popular districts, Halimatou Hamadou shows a copy of what, she’s been told, is a certificate of birth.
The 33 year old woman, who’s unable to read and write, received it days earlier during a crowded public ceremony at a nearby primary school.
“It’s my first document ever,'' she says, with surprise.
Thanks to the paper, she’ll be able to take part in a crucial passage for the future of Niger: the…
Content Type: Long Read
In this piece we examine mobile phone extraction, relying on publicly available information and Privacy International’s experience from conducting mobile phone extraction using a Cellebrite UFED Touch 2. We welcome input from experts in the field. This is a rapidly developing area. Just as new security features are announced for phones, so too new methods to extract data are found.
[All references can be found in the pdf version below.]
General explanation of mobile phone…
Content Type: News & Analysis
Photo by Daniel Jensen on Unsplash
Everyone is talking about Facebook's end-to-end encryption plans and the US, UK and Australian government's response. Feeling lost? Here is what you need to know.
What's Facebook trying to do?
First let's be clear: Facebook has many faults when it comes to privacy. It's also suffered a number of security failures recently. See here for instance.
In response to their successive failures to protect your privacy, Facebook announced in their 'pivot to privacy…
Content Type: News & Analysis
The global counter-terrorism agenda is driven by a group of powerful governments and industry with a vested political and economic interest in pushing for security solutions that increasingly rely on surveillance technologies at the expenses of human rights.
To facilitate the adoption of these measures, a plethora of bodies, groups and networks of governments and other interested private stakeholders develop norms, standards and ‘good practices’ which often end up becoming hard national laws…
Content Type: Advocacy
Privacy International's submission to the consultation initiated by the UN Special Rapporteur on counter-terrorism and human rights on the impact on human rights of the proliferation of “soft law” instruments and related standard-setting initiatives and processes in the counter-terrorism context.
In this submission Privacy International notes its concerns that some of this “soft law” instruments have negative implications on the right to privacy leading to violations of other human…
Content Type: Case Study
This time, Amtis travels to year 2030 to get a sense of how the data rights framework played out:
I just moved into a new apartment and everything was a mess. My stuff was all over the place and I couldn't find anything. I received a notification on my dashboard that a delivery drone had arrived with my package.
Data rights dashboard
The dashboard showed me a summary report with information about how my data was handled: which company processed my order, the type of data that was collected…
Content Type: Case Study
In this third leap to 2030, Amtis sees that people have created national data funds where citizens and governments together own the data that is being generated by sensors or by the services people use.
Here’s how Amtis lives this time:
Smart commuto-mobile
In the busiest parts of the city there are no more cars. There are only special lanes for drones, houndopacks – fast robots that run like dogs to deliver packages, and smart commuto-mobiles – slim electric booths where you can sit on your…
Content Type: Case Study
In this next leap to year 2030, Amtis lives the life of a data labourer, being paid wages for data inputs. Here’s how Amtis begins the story:
I am in my green pyjamas, but I can’t say for sure if it’s morning or evening. My eyes are red from staring at screens. I am discouraged and very tired. Of course, all these emotions and reactions are registered by my Playbour – my pocket-sized smart console that has basically become my entire life. It’s my connection to family, friends and the world; my…
Content Type: Video
Video courtesy of CPDP (https://www.cpdpconferences.org/)
What is the impact of online gender-based violence on survivors? What should be the role of companies in fighting this phenomenon? What is the link between the right to privacy? In this panel, which took place at CPDP in February 2019, academics, civil society and government representatives discuss the issue of online gender based violence with a privacy lens.
Chair: Gloria González Fuster, VUB -LSTS (BE)
Moderator: Valerie…
Content Type: Impact Case Study
What HappenedOn 5 June 2013, The Guardian published the first in a series of documents disclosed by Edward Snowden, a whistleblower who had worked with the NSA. The documents revealed wide-ranging mass surveillance programs conducted by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), which capture the communications and data of hundreds of millions of people around the world. In addition to revealing the mass surveillance programs of the NSA…
Content Type: Examples
In April 2018, the Austrian cabinet agreed on legislation that required asylum seekers would be forced to hand over their mobile devices to allow authorities to check their identities and origins. If they have been found to have entered another EU country first, under the Dublin regulation, they can be sent back there. The number of asylum seekers has dropped substantially since 2016, when measures were taken to close the Balkan route. The bill, which must pass Parliament, also allows the…
Content Type: Long Read
Written jointly by Privacy International and the American Civil Liberties Union (ACLU).
In a landmark decision earlier this month, the European Court of Human Rights ruled that one of the mass surveillance programs revealed by Edward Snowden violates the rights to privacy and freedom of expression. While the case challenges the U.K. government’s mass interception of internet traffic transiting its borders, the court’s judgment has broader implications for mass spying programs in Europe and…
Content Type: Examples
In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device manufacturers - Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung, the FTC recommends that manufacturers should deploy these updates more quickly and suggests that manufacturers should…
Content Type: Impact Case Study
What is the problem
Business models of lots of companies is based on data exploitation. Big Tech companies such Google, Amazon, Facebook; data brokers; online services; apps and many others collect, use and share huge amounts of data about us, frequently without our explicit consent of knowledge. Using implicit attributes of low-cost devices, their ‘free’ services or apps and other sources, they create unmatched tracking and targeting capabilities which are being used against us.
Why it is…
Content Type: Impact Case Study
What happenedIn the aftermath of 9/11, Governments across the world rushed to legislate to expand surveillance. GovernmentsMoved to limit debate and reduce consultations as they legislated with speed.Created new systems to collect data on all travellers, for the purpose of profiling and risk scoring.Expanded identity schemes, and began demanding biometrics, particularly at borders.Developed financial surveillance mechanisms on an unprecedented scale.What we didFew non-governmental…
Content Type: Impact Case Study
What is the problem
In the 1990s privacy was often maligned as a ‘rich Westerner’s right’. We were told often that non-Westerners didn’t need privacy and had different cultural attitudes and would greet surveillance policies and technologies — often exported from the West.
Global civil society was composed mostly of a few individuals with no resources but great passion. The larger and more established NGOs, such as consumer and human rights organisations were less interested in ‘digital’ and ‘…
Content Type: Impact Case Study
[Photo By Ludovic Courtès - Own work, CC BY-SA 3.0] Last update: 14 December 2022What is the problem and why it is importantUntil the early '10s, the right to privacy had been sidelined and largely unaddressed within the UN human rights monitoring mechanisms, despite being upheld as a fundamental human right in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights (ICCPR).Beyond the ICCPR General Comment No.16: Article 17 (…
Content Type: Impact Case Study
What happenedStrong and effective data protection law is a necessary safeguard against industry and governments' quest to exploit our data. A once-in-a-generation moment arose to reform the global standard on data protection law when the European Union decided to create a new legal regime. PI had to fight to ensure it wasn't a moment where governments and industry would collude to reduce protections.In January 2012, the European Commission published a proposal to comprehensively reform the…
Content Type: Advocacy
On 6 March 2018, Privacy International participated in an interactive dialogue with the UN Special Rapporteur on the right to privacy at the 37th Ordinary Session of the Human Rights Council in Geneva. We highlighted the growing trend of governments embracing hacking to facilitate their surveillance activities, and recommended the development of a human rights analysis of government hacking for surveillance purposes, with the view to forming specific…
Content Type: Press release
26 March 2015
The UN's top human rights body, the Human Rights Council, today has passed a landmark resolution endorsing the appointment of an independent expert on the right to privacy. For the first time in the UN's history, an individual will be appointed to monitor, investigate and report on privacy issues and alleged violations in States across the world.
The resolution, which appoints a Special Rapporteur on the right to privacy for an initial period of three years, was spearheaded…
Content Type: Advocacy
In this submission, Privacy International provides the Committee with their observations to the written replies of the Pakistani government and with additional, up to date information to that contained in the brieing submitted to the Committee in advance of the adoption of the list of issues in 2016.