Advanced Search
Content Type: Long Read
The Chief Surveillance Commissioner, The Rt Hon Sir Christopher Rose’s Annual Report 2011 - 12 did not refer to social networks but to overt investigations using the internet as a surveillance tool, stating that:
“5.17 A frequent response to my Inspectors’ enquiries regarding a reduction in directed surveillance is that ‘overt’ investigations using the Internet suffice. My Commissioners have expressed concern that some research using the Internet may meet the criteria of directed…
Content Type: Long Read
Online covert activity
3.10 The growth of the internet, and the extent of the information that is now available online, presents new opportunities for public authorities to view or gather information which may assist them in preventing or detecting crime or carrying out other statutory functions, as well as in understanding and engaging with the public they serve. It is important that public authorities are able to make full and lawful use of this information for their statutory purposes. Much…
Content Type: Report
SUMMARY
In the UK, local authorities* are looking at people’s social media accounts, such as Facebook, as part of their intelligence gathering and investigation tactics in areas such as council tax payments, children’s services, benefits and monitoring protests and demonstrations.
In some cases, local authorities will go so far as to use such information to make accusations of fraud and withhold urgently needed support from families who are living in extreme poverty.
THE PROBLEM
Since 2011…
Content Type: Long Read
Office of Surveillance Commissioners Guidance - Covert surveillance of Social Networking Sites (SNS)
Covert surveillance of Social Networking Sites (SNS)
289. The fact that digital investigation is routine or easy to conduct does not reduce the need for authorisation. Care must be taken to understand how the SNS being used works. Authorising Officers must not be tempted to assume that one service provider is the same as another or that the services provided by a single provider are the same.
289.1 Whilst it is the responsibility of an individual to set privacy settings to protect…
Content Type: Long Read
Dear Sir/Madam,
Freedom of information act request
RE: Social media monitoring / social media intelligence
FOIA REQUEST
For definition of social media intelligence please see background explanation below. We further note the comments of the Office of Surveillance Commissioners Annual Report 2016 cited below.
1. In 2016 the Rt Hon Lord Judge, then Chief Surveillance Commissioner, wrote to all Local Authorities regarding use of social media in investigations. Please confirm whether you are…
Content Type: Explainer
Social media platforms are a vast trove of information about individuals, including their personal preferences, political and religious views, physical and mental health and the identity of their friends and families.
Social media monitoring, or social media intelligence (also defined as SOCMINT), refers to the techniques and technologies that allow the monitoring and gathering of information on social media platforms such as Facebook and Twitter which provides valuable intelligence to others…
Content Type: Long Read
It is common for families with no recourse to public funds who attempt to access support from local authorities to have their social media monitored as part of a ‘Child in Need’ assessment.
This practice appears to be part of a proactive strategy on the part of local authorities to discredit vulnerable families in order to refuse support. In our experience, information on social media accounts is often wildly misinterpreted by local authorities who make serious and unfounded allegations…
Content Type: Report
It is common for families with no recourse to public funds who attempt to access support from local authorities to have their social media monitored as part of a 'Child in Need' assessment. This practice appears to be part of a proactive strategy on the part of local authorities to discredit vulnerable families in order to refuse support. In our experience, information on social media accounts is often wildly misinterpreted by local authorities who make serious and unfounded allegations…
Content Type: News & Analysis
This week, we read that a former Apple contractor who blew the whistle on the company’s programme to listen to users’ Siri recordings has decided to go public, in protest at the lack of action taken as a result of the July 2019 disclosures. The news adds to a series of revelations that have been reported over the past months.
While the issue raises serious questions regarding the compatibility of such practices with data protection laws, at the same time, it highlights a wider problem that…
Content Type: News & Analysis
GDPR was hard won. PI, together with other civil society actors, fought from the beginning for a version of the law that offers the strongest rights and protections in the face of intense industry lobbying.
Holding the hidden data ecosystem to account
Two years ago, we committed to using GDPR to seek to hold to account the hidden data ecosystem - those companies that amass and exploit large amounts of our data for profit.
Here’s some of the action we’ve taken:
In Nov 2018,…
Content Type: Advocacy
Privacy International sent a letter to the Investigatory Powers Commissioner’s Office (IPCO) addressing social media monitoring carried out by Local Authorities.
The submission builds on a campaign and research carried out by PI highlighting the growth of social media monitoring across Local Authorities, as well as the general lack of internal oversight for some of these activities. After providing an introduction to the research and the findings, the letter highlights each of PI’s concerns…
Content Type: Case Study
You have the right to decent standards and dignity at work, and the right to join a union to protect yourself and your rights. That might come as a shock to Amazon - who have been using Covid-19 as a reason to undermine those rights.
Chris Smalls, an organiser and now former Amazon warehouse assistant manager, led a walkout at a New York City facility and within days he’d been fired under a dubious pretext.
The walkout was to ensure workers’ safety - they were asking for the warehouse to be…
Content Type: Examples
As the first confirmed coronavirus case in Pakistan, Yahyah Jaffery became a pariah after his identity, photograph, and home address were leaked on social media. Similar leaks about dozens of other patients and medical staff followed. The contact tracing system being used for coronavirus was originally developed by the country's Inter-Service Intelligence (ISI) to combat terrorism; it is based on a new data hub in Islamabad that will collect information from the ISI tracking system and share…
Content Type: Examples
A remote-controlled yellow and black robot dog built by Boston Dynamics has been deployed in a Singapore central park for a two-week trial in which the dog politely, in a female voice, in English, reminds cyclists and joggers to stay at least one metre apart. Breaking the lockdown rules attracts fines and even jail time. Residents are only allowed to leave home alone for essential trips and must wear a mask at all times in public.
Other robots being trialled include a small car. The robot dog…
Content Type: Examples
Under the country's emergency laws, on May 4 the Hungarian government announced it would suspend parts of GDPR and exempted authorities from key provisions such as subject access rights, the right to request erasures, and providing notice that personal information is being collected and stored as long as the data is being collected under the rubric of coronavirus-related health protection.
The changes will remain in place until the government declares the end of the emergency. Opposition…
Content Type: Examples
Only 16% of Australians had downloaded the country's COVIDSafe app by May 3, a week after its launch on April 26, even though most said they support the federal government's coronavirus contact tracing app. In an Ipsos poll, 80% of those who said they were unlikely to download the app cited privacy concerns such as who holds and has access to the data, and which country's law applies. The government has said its goal is for at least half of the population to download and install the app.…
Content Type: Examples
The Australian journalist Chris Buckley, who reports for the New York Times, was forced to leave China on April 10 after 24 years of reporting on the country, bringing the number of journalists forced out of the country in the last year to 19.
After travelling to Wuhan to report on the unfolding outbreak on the day the city was locked down in January, he was told to stop when his press card expired in February. The division of the Foreign Ministry responsible for international media…
Content Type: Examples
The Egyptian president, Abdel-Fattah el-Sissi, has approved 18 amendments to the country's emergency law that allow him and security agencies additional powers. Only five of the amendments are clearly related to public health.
Along with closing schools and universities, quarantining people returning to the country, postpone taxes and utility payments, and provide economic support, additions include expanded powers to ban public and private meetings, protects, celebrations, and other forms of…
Content Type: Examples
A parliamentary panel granted Israel's Shin Bet security service an additional three weeks to use mobile phone data to track people infected with the coronavirus; prime minister Benjamin Netanyahu had requested a six-week extension while his government drafts legislation to regulate the data use in line with requirements imposed by the Israeli Supreme Court. Testimony given to the parliament's intelligence subcommittee showed that the Shin Bet surveillance was the reason it was possible to…
Content Type: Examples
After a call from a vendor, India's state-owned Broadcast Engineering Consultants Limited (BECIL) put out an expression of interest for electronic bracelets and accompanying software for use to ensure that COVID-19 patients do not violate their quarantine orders.
A hundred companies responded. BECIL saw the idea as an opportunity to sell a patient surveillance system to municipal corporations, private companies, welfare resident societies, and central government departments. BECIL, which was…
Content Type: News & Analysis
In a legal challenge brought by French activist group, La Quadrature du Net (LGDN), the Conseil d’État, the French highest court, has ruled that the use of drones by the police in the context of monitoring compliance with Covid-19 lockdown measures was unlawful.
The ruling found that the imagery and footage captured by drones flying at a low altitude was personal data to the extent that individuals filmed were identifiable. Consequently, the operation of drones by the police amounted…
Content Type: Examples
A security lapse exposed one of the core databases of the coronavirus self-test symptom checker app launched by India's largest cellphone network, Jio, shortly before the government lockdown began in late March.
The database, which had no password protection and contained millions of logs and records collected during the last two weeks in April, was found by security researcher Anurag Sen on May 1.
Some of the exposed records included individuals who answered a series of questions to create a…
Content Type: Examples
Authorities in South Korea, which had been successful in containing the coronavirus early on due to its aggressive testing programme, began trying to trace more than 5,500 people who visited a group of bars between April 2 and May 6 because a single infected customer led to a new outbreak. More than 3,000, some of them for fear of being stigmatised as gay, remained out of reach while the number of cases rose to 101. Gay people have little protection in South Korea, and the news of the…
Content Type: Examples
The Indian state of Madhya Pradesh created a COVID-19 dashboard that displayed the names of at least 5,400 quarantined people, their device IDs and names, their OS version, app version codes, current GPS coordinates, and office GPS coordinates. Shortly after the dashboard's existence was posted on Twitter by a French programmer, MAP-IT, the state's IT centre in Bhopal that developed the system, replied that it had been taken down, saying the information was intended to be confidential.
Source…
Content Type: Examples
Shortly after launch, security researcher Baptiste Robert discovered that India's contact tracing app, Aarogya Setu ("Health Bridge"), allows users to spoof their GPS location, find out how many people reported themselves as infected within any 500-metre radius, and mount a triangulation attack to confirm someone else's suspected positive diagnosis. The app, which was created by the government's National Informatics Centre, uses GPS to track people's movements rather than Bluetooth as many…
Content Type: Examples
The rush to incorporate greater safety from the coronavirus is bringing with it a new wave of workplace surveillance as companies install tracking software to determine who may have been exposed and which areas need deep cleaning if an employee gets infected; monitor social distancing; and use Bluetooth beacons embedded in badges to locate employees.
Companies are also installing thermal cameras to take employees' temperature as they enter the workplace or public area. Companies are also…
Content Type: Examples
Amazon has spent $10 million to buy 1,500 cameras to take the temperature of workers from the Chinese firm Zhejiang Dahua Technology Company even though the US previously blacklisted Dahua because it was alleged to have helped China detain and monitor the Uighurs and other Muslim minorities.
The cameras work by comparing a person’s radiation with a separate infrared calibration device and uses face detection technology to make sure it is looking for heat in the right part of the subjects…
Content Type: Examples
In a technical analysis of the UK NHSx contact tracing app for iOS, security engineers find that Apple's Bluetooth design makes it harder to detect iPhones running the app in background mode, and the app is using "keepalive" notifications in order to keep the app able to make the necessary connections. The researchers believe this workaround will work sufficiently well for users in populated areas. The app appears to abide by the privacy safeguards listed in the paper released by the National…
Content Type: Examples
Moscow's first attempts to introduce digital methods by which residents could obtain digital passes to move around the city failed as the website collapsed numerous times and the app required them to get a pass for every single move rather than only to drive a car, as the government has stated. City authorities blamed DDoS attackers for the website problems and Muscovites' stupidity for the app issues and similar difficulties with SMS messages. There was also confusion over whether certain…
Content Type: Examples
The global pandemic that has been declared by COVID-19 is already affecting countries of Latin America and the Caribbean. Recognizing the seriousness of this health crisis and the legal possibility for governments to take exceptional measures to control the pandemic, it is essential to remember that these must be carried out in strict accordance with human rights standards.
Signed by AlSur, a consortium of 11 civil society organizations and academia from various Latin American and Caribbean…