Advanced Search
Content Type: Examples
Argentina's Public Prosecutor's Office will start installing an app on the smartphones of those who violate government-ordered quarantine in the cities of Santa Fé and Rosario. The app will be installed by the province's Criminal Investigation Agency to track those who are under criminal investigation for violating quarantine. The app will send reports to the the MPA investigation office and coordinated by the Attorney General's Office. Individuals will be required to sign a document…
Content Type: Examples
On March 23, Argentina's immigration agency, Dirección Nacional de Migraciones (DNM), announced that anyone arriving in the country would be required to install the free COVID-19 Ministry of Health app on their phone for 14 days to ensure they comply with quarantine rules in order to protect the population. The Office of the Chief of Staff had instructed the DNM to adopt this policy when it launched the app, also on March 23. Since launch, the number of unnecessary permissions the app requests…
Content Type: Examples
Researchers at Germany's Robert Koch Institute and Fraunhofer Heinrich Hertz Institute are working on an app that uses Bluetooth connections between smartphones and is compliant with GDPR to anonymously save the distance and duration of contact between people on the smartphone to make it possible to digitally reconstruct infection chains. The idea is being copied from Singapore's TraceTogether app, which detects other users who have also installed the app. If someone tests positive, they can…
Content Type: Examples
Indonesian Ministry of Communication and Informatics/KOMINFO official website)
On Thursday, 26 March 2020, the Indonesian Minister of Communication and Informatics, Johnny G. Plate, issued the Ministerial Decree No. 159/2000 to facilitate the cooperation between the Government and telecommunication companies in developing a tracking app called TraceTogether. The app collects 14 days of mobile phone location data from the infected person, and then matches it to location data collected by…
Content Type: Examples
The Israeli Ministry of Health's mobile app, "The Shield", is intended to alert users if they have been at a location in Israel at the same time as a known COVID-19 patient.
The app, which is available for both Android and iOS, works by collecting the GPS and WiFi network (SSID) information of a user's mobile device throughout the day. This data is saved only on the mobile device and is not transmitted to the Ministry of Health, other government agencies, or any organisation. The locations…
Content Type: Examples
In a partnership with G3 Global Berhad, a system combining thermal scanning technology and facial recognition from SenseTime has been put in place at Malaysia's King's Palace. The combination is intended to trigger alerts, as well as detect and identify people even when they're wearing face masks in order to detect infected individuals in a non-contact way without requiring added manpower.
Source: https://www.biometricupdate.com/202003/biometric-checks-and-facial-recognition-payments-to-…
Content Type: Examples
In Jojutla, a municipality in the southern state of Morelos, the government is using drones, normally used for security tasks such as reducing homicides, to surveille gatherings in public parks and plazas and tell people to go home, at the same time distributing hand sanitiser gel and face masks on public roads, in popular neighbourhoods, and on public transport. So far there are no confirmed cases of COVID-19 in Jojutla, and only two confirmed and 23 suspected in the state.
Source: https://…
Content Type: Examples
A web form to screen COVID-19 cases developed by the Mexico City government collects a wide range of personal information such as name, age, telephone number, home address, social network username, and cellphone number. The privacy notice establishes that such data may be transferred to a vast array of judicial and administrative federal and local authorities.
Source: https://test.covid19.cdmx.gob.mx/
Writer: Mexico City government
Publication: Mexico City government
Content Type: Examples
Owing to concerns about the possibility of spreading the coronavirus via banknotes and payment cards, Russia has begun testing its Unified Biometric System (EBS) for payments at a selection of grocery stores including Lenta supermarkets. The Russian bank VTB plans a mass roll-out for mid-2020. For the beginning of 2021, Promsvyazbank is planning trials of facial biometric payments, a system the bank is negotiating to introduce with several retail chains. Facial biometric payments are made…
Content Type: Examples
Managed from a purpose-built coronavirus control centre, Moscow's network of 100,000 cameras equipped with facial recognition technology is being used to ensure that anyone placed under quarantine stays off the streets. Officials claim the centre can also be used to track international arrivals and monitor social media for misinformation.
Source: https://www.france24.com/en/20200324-100-000-cameras-moscow-uses-facial-recognition-to-enforce-quarantine
Writer: Sam Ball
Publication: France 24
Content Type: Examples
The success of South Korea's efforts to combat the coronavirus without a national lockdown and without suspending civil rights depended in part on preparation put in place after the 2015 MERS epidemic and in part on the country's network of private testing labs, which enabled the country to quickly set up drive-in testing, with the results rapidly texted back to mobile phones. Positive results set in motion aggressive contact-tracing incorporating CCTV footage, mobile phone tracking data, and…
Content Type: Examples
A newly-enacted Slovakian law, inspired by similar laws in Singapore, South Korea, and Taiwan, allows the country's Public Health Office to use location data from mobile phones to track people ordered to quarantine to ensure they are not breaking the rules. The angry public response on privacy grounds forced the government to clarify: it will only collect limited data and use it only in connection with the coronavirus outbreak, the data will only be accessible by the Public Health Office; and…
Content Type: Examples
Estonia's Government Crisis Commission has instructed the state statistical office, Statistics Estonia, to use mobile geolocation data from companies such as Telia, Elisa, and Tele 2 in order to study people's movements to prevent the spread of COVID-19. Statistics Estonia hoped to launch the project during the week of March 24, 2020. Mart Mägi, the director general of Statistics Estonia, said the intention was to analyse people's movements before and after emergency measures were implemented,…
Content Type: Examples
A day after John Tory, the mayor of the City of Toronto, told thousands of attendees at an online event hosted by TechTO that the city was gathering cellphone location data from telecoms in order to identify areas where residents were still congregating despite the city's social distancing rules, he withdrew the claim. City staff explained that an offer had been made to share anonymous cellphone location data with the City and it had been passed along to Toronto Public Health and the Emergency…
Content Type: Examples
The Rio de Janeiro City Hall has signed an agreement with telecomunications company TIM to use geolocation data to develop "heat maps" by cross-referencing epidemological hubs with high population density locations. Under the agreement, TIM will pinpoint the movement of its users across Rio de Janeiro through antennae-facilitated geolocation triangulation and send it online to the local government to enable it to monitor whether individuals are complying with isolation measures and assess…
Content Type: Report
On 12 December 2018 a member of Lancashire Police Department UK told viewers of a Cellebrite webinar that they were using Cellebrite's Cloud Analyser to obtain cloud based 'evidence'. In response to a Freedom of Information request Hampshire Constabulary told Privacy International they were using Cellebrite Cloud Analyser.
They are not alone. In Cellebrite's 2019 Annual Trend Survey, Cellebrite found that law enforcement is increasingly using 'cloud extraction.' But the…
Content Type: Examples
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…
Content Type: Examples
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.
“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.
“This means a Bluetooth connection can be established without pairing the devices at all.…
Content Type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content Type: Examples
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content Type: Examples
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum…
Content Type: Case Study
The right to privacy is crucial to protect a couple’s equal rights within marriage.
The recent rise of spyware as an “off-the-shelf” product that anyone can purchase has been extremely worrying, as installing spyware on someone else’s phone means getting access to their contacts, their messages, their google searches, their location and more - all without them knowing.
Spyware is, increasingly, becoming another way for abusive spouses to control and monitor their partners. Nearly a third of…
Content Type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples in Singapore and emerging plans in the UK.
Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone…
Content Type: Case Study
In Peru, you get asked for your fingerprint and your ID constantly - when you’re getting a new phone line installed or depositing money in your bank account – and every Peruvian person has an ID card, and is included in the National Registry of Identity – a huge database designed to prove that everyone is who they say they are. After all, you can change your name, but not your fingerprint.
However, in 2019 the National Police of Peru uncovered a criminal operation that was doing just that:…
Content Type: Examples
Together with Norwegian company Simula the Norwegian Institute of Public Health is developping a voluntary app to track users geolocation and slow the spread of Covid-19. Running in the background, the app will collect GPS and Bluetooth location data and store them on a server for 30 days. If a user is diagnosed with the virus, its location data can be user to trace all the phones that have been in close contact with the person. Authorities will use this data to send an SMS only to those phones…