Advanced Search
Content Type: Long Read
Introduction
Why We Are So Concerned about Government Hacking for Surveillance
Scope of Our Safeguards
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4. Judicial Authorisation
5. Integrity of information
6. Notification
7. Destruction and Return of Data
8. Oversight and Transparency
9. Extraterritoriality
10. Effective Remedy
Commentary on each
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4.…
Content Type: Press release
A new investigation published today by Privacy International reveals the role of an American data-based digital advertising company in the highly divisive online re-election campaign of Kenyan president Uhuru Kenyatta.
In the run-up to Kenya's presidential election in August 2017, paid advertisements for two mysterious sites dominated Google searches for election-related terms and flooded Kenyans' social media feeds. All linked back to either 'The Real Raila', a virulent attack campaign…
Content Type: People
Joanna Oniszk is our Resources Director. She joined us in 2015 to take on donor coordination and financial management of the organisation. She has over ten years of experience in variety of finance and management roles in corporate sector, international organisations and charities and holds an MA in Economics.
Content Type: News & Analysis
Recently, a text from a local telecommunications company inquired whether its subscribers knew that they could now enroll their voice so they could access various services securely and conveniently. This added a further dynamic to the on-going debate in several quarters on the accelerated adoption of biometrics in Kenya. Does Kenya have the necessary framework in place to safeguard the privacy and security of its citizens? The reality is, innovators will not wait for an optimal…
Content Type: People
Tom is a Research Officer with Privacy International and is responsible for research and dissemination in the Global South. He leads our research on fintech and identity. He has a PhD in African Studies from the University of Edinburgh, exploring ethnicity and politics in East Africa. He has a MSc in African Studies fro the University of Edinburgh, and a BA in Politics and Philosophy from the University of York. He has taught in Tanzanian universities, and has a particular interest in…
Content Type: People
Ed is a Senior Technologist at Privacy International. He is responsible for our technical security and research, and leads the development of our security framework and tech engagement with our International Network.
Content Type: People
Caroline is Privacy International’s Legal Director and General Counsel. She leads the legal advocacy at PI and counsels PI’s programmes on legal strategy and risk. Caroline is a US-qualified lawyer who previously specialised in privacy and intellectual property litigation at a prominent US law firm. Caroline received her law degree from Yale Law School and her undergraduate degree in Anthropology from the University of California, Berkeley. After law school, Caroline…
Content Type: People
Alexandrine is Directory of Strategy at Privacy International. She manages and oversees the development and delivery of Privacy International's strategic portfolio aimed at ensuring that innovative solutions serve individual and communities and protection their dignity rather than state power and corporate interest. This portfolio explores issues of digital identity, protecting communities at risk online, the digitisation of access to economic, social and cultural rights, and the use of data…
Content Type: Report
When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.
Seems fairly innocuous? Wrong. Your name and…
Content Type: Press release
Press Release: New report shows how car rental companies are failing to protect drivers' information
A new report by Privacy International shows how car rental companies and car-share schemes are failing to protect drivers' personal information, such as their location, smart phone contents, and place of residence.
The report is here: https://privacyinternational.org/node/987
Key points
Privacy International (PI) rented a series of internet-connected cars and examined the information which was collected and retained on the rental cars' infotainment system*. Every car PI rented…
Content Type: Examples
A 2009 paper by the US National Academy of Sciences found that among forensic methods only DNA can reliably and consistency match evidence to specific individuals or sources. While it's commonly understood that techniques such as analysis of blood spatter patterns are up for debate, other types of visual evidence have been more readily accepted. In 2015 the FBI announced that virtually all of its hair analysis testing was scientifically indefensible, and in 2016 the Texas Forensic Science…
Content Type: Examples
In 2016, researchers discovered that the personalisation built into online advertising platforms such as Facebook is making it easy to invisibly bypass anti-discrimination laws regarding housing and employment. Under the US Fair Housing Act, it would be illegal for ads to explicitly state a preference based on race, colour, religion, gender, disability, or familial status. Despite this, some policies - such as giving preference to people who already this - work to ensure that white…
Content Type: Examples
In 2017, an automated facial recognition dispenser was installed in one of the busiest toilets in Beijing in order to prevent theft of toilet paper rolls, chiefly by elderly residents. Would-be users must remove hats and glasses and stand in front of a high-definition camera for three seconds in order to receive a 60cm length. Users have complained of software malfunctions that force them to wait, the lack of privacy, and difficulty getting the machines to work. The last of these led the city…
Content Type: Examples
A US House of Representatives oversight committee was told in March 2017 that photographs of about half of the adult US population are stored in facial recognition databases that can be accessed by the FBI without their knowledge or consent. In addition, about 80% of the photos in the FBI's network are of non-criminals and come from sources such as passports. Eighteen states supply driver's licences under arrangement with the FBI. In response, privacy advocates and politicians called for…
Content Type: Examples
Few people realise how many databases may include images of their face; these may be owned by data brokers, social media companies such as Facebook and Snapchat, and governments. The systems in use by Snap and the Chinese start-up Face++ don't save facial images, but map detailed points on faces and store that data instead. The FBI's latest system, as of 2017, gave it the ability to scan the images of millions of ordinary Americans collected from millions of mugshots and the driver's licence…
Content Type: Examples
By 2017, facial recognition was developing quickly in China and was beginning to become embedded in payment and other systems. The Chinese startup Face++, valued at roughly $1 billion, supplies facial recognition software to Alipay, a mobile payment app used by more than 120 million people; the dominant Chinese ride-hailing service, Didi; and several other popular apps. The Chinese search engine Baidu is working with the government of popular tourist destination Wuzhen to enable visitors to…
Content Type: Examples
For a period between the end of October and November 3 2016 the heating and hot water systems in two buildings in the city of Lappeenranta, Finland were knocked out by a distributed denial of service attack designed to make the systems fail. The systems responded by repeatedly rebooting the main control circuit, which meant that the heating was never working - at a time when temperatures had already dropped below freezing. Specialists in building maintenance noted that companies often skimp on…
Content Type: Examples
In 2015, the Swedish startup hub Epicenter began offering employees microchip implants that unlock doors, operate printers, and pay for food and drink. By 2017, about 150 of the 2,000 workers employed by the hub's more than 100 companies had accepted the implants. Epicenter is just one of a number of companies experimenting with this technology, which relies on Near Field Communication (NFC). The chips are biologically safe, but pose security and privacy issues by making it possible to track…
Content Type: Examples
The payday lender Wonga announced in April 2017 that a data breach at the company affected an estimated 270,000 customers, 245,000 of them in the UK and the rest in Poland. The company sent those it thought were affected messages warning that it believed there may have been illegal and unauthorised access to some of the data in their accounts. Wonga was already controversial because of the high rates of interest in charged, and findings by the UK's financial regulator that it had made loans to…
Content Type: Examples
In 2017, an anonymous whistleblower sent a letter to Green party peer Jenny Jones alleging that a secretive Scotland Yard unit was illegally monitoring the private emails of campaigners and journalists. The letter included a list of ten people and the passwords to their email accounts and claimed the police were using an India-based operation that did the work of hacking emails, shredding documents, and using sex as a method of infiltration. Jones's background includes a decade on the…
Content Type: Examples
In 2017, when user Robert Martin posted a frustrated, disparaging review of the remote garage door opening kit Garadget on Amazon, the peeved owner briefly locked him out of the company's server and told him to send the kit back. After complaints on social media and from the company's board members, CEO Denis Grisak reinstated Martin's service. The incident highlighted the capricious and fine-grained control Internet of Things manufacturers can apply and the power they retain over devices…
Content Type: Examples
A 2017 research report found that the most vulnerable smartphone users are the ones whose devices are most open to fraud and harassment. Cheaper, low-end devices are less secure to begin with, and they are also less often replaced than their more expensive counterparts made by. Apple and Google. At any given time there are millions of Android devices that are open to known exploits. Worse, the poorer population that owns these phones are more likely to use them as their sole means of accessing…
Content Type: Examples
Facebook has come under fire after leaked documents revealed the social media site has been targeting potentially vulnerable children.
The allegations suggest the company is gathering information on young people who “need a confidence boost” to facilitate predatory advertising practices.
Confidential documents obtained by The Australian reportedly show how Facebook can exploit the moods and insecurities of teenagers using the platform for the benefit of advertisers.…
Content Type: Examples
In 2017, Uber began a programme experimenting with using psychology and social science insights to influence when, where, and how long its drivers work. Among other techniques, Uber auto-loaded the next fare to encourage the driver equivalent of binge TV-watching; reminded drivers when they're close to their earnings targets to keep them from logging off; and used game-style graphics and small-value awards to keep drivers at the wheel. The company also had male managers adopt female…
Content Type: Examples
Connecticut police have used the data collected by a murder victim's Fitbit to question her husband's alibi. Richard Dabate, accused of killing his wife in 2015, claimed a masked assailant came into the couple's home and used pressure points to subdue him before shooting his wife, Connie. However, her Fitbit's data acts as a "digital footprint", showing she continued to move around for more than an hour after the shooting took place. A 2015 report from the National Institute of…
Content Type: Examples
Even after they move out, domestic abusers may retain control over their former residence via Internet of Things devices and the mobile phone apps that control them. Using those tools, abusers can confuse, intimidate, and spy upon their former spouses and partners. Lack of knowledge about how these technologies work means that those who complain are often not taken seriously. Even the victims themselves may believe it's all in their minds; lawyers are struggling to develop language to add to…
Content Type: Examples
A 2017 lawsuit filed by Chicagoan Kyle Zak against Bose Corp alleges that the company uses the Bose Connect app associated with its high-end Q35 wireless headphones to spy on its customers, tracking the music, podcasts, and other audio they listen to and then violates their privacy rights by selling the information without permission. The case reflects many of the concerns associated with Internet of Things devices, which frequently arrive with shoddy security or dubious data…
Content Type: News & Analysis
13 June 2016
"State capacity to conduct surveillance may depend on the extent to which business enterprises cooperate with or resist such surveillance” notes the Special Rapporteur on freedom of expression in his report on the role of the private sector to respect human rights in the digital age. The Special Rapporteur will present its findings and recommendations to the Human Rights Council on Thursday.
It is no longer sufficient for companies to simply point the finger at…