Advanced Search
Content Type: Press release
In a remarkable development in Privacy International's four year legal battle against the UK Government's powers to hack phones and computers on a massive scale, the UK Supreme Court has agreed to hear the London-based charity's case in December 2018.
Privacy International's case stems from a decision by the Investigatory Powers Tribunal (a specialised court set up to hear complaints against government surveillance, including surveillance carried out by the UK intelligence agencies) finding…
Content Type: News & Analysis
We found the above image here.
Background
Email is hard to secure. For years we've been trying to build security on top of email, such as through technologies like Pretty Good Privacy (PGP) and the open source implementation: GnuPG (GPG).
What happened
In the past 48 hours, there have been very scary looking reports recommending people switch off PGP in their email clients.
The TL;DR version of this post is:
PGP is not broken by this attack
You absolutely should not stop…
Content Type: Press release
Today, as the Data Protection Bill reaches its final stages, Privacy International has written to the leaders of the main UK political parties asking for public commitment to not use the exemption provided in the Bill to target voters - both online and offline - in all local and national forthcoming elections or by-elections.
Privacy International has long been concerned about the exploitation of peoples’ data and the opaque data ecosystem, and the impact of such practices on the democratic…
Content Type: News & Analysis
En el 2011 se liquidó el DAS. Las violaciones, excesos y abusos de la inteligencia estatal que comenzaban por la intimidad y terminaban con la vida de los ciudadanos habían producido condenas judiciales a varios exdirectores: claro indicador de que se necesitaba un cambio. Siete años ha tenido el Estado colombiano para ordenar la casa y esta semana someterá sus récords de derechos humanos al examen de los miembros de Naciones Unidas. La evaluación analizará, entre otros…
Content Type: News & Analysis
Los frecuentes escándalos sobre el abuso de la vigilancia estatal en actividades de inteligencia, la exagerada obligación legal que tienen las empresas de telefonía de retener los datos de las comunicaciones de sus usuarios por cinco años o la manera como se diluye el concepto de privacidad en el Código de Policía serán parte del examen que se haga en el seno de la ONU sobre la forma como Colombia cumple sus compromisos de derechos humanos.
Dirigido por los Estados y con el auspicio del…
Content Type: News & Analysis
In the lead-up to the 30th session of the Universal Periodic Review which took place on 10 May 2018, Fundación Karisma, a partner organisation in the Privacy International Network, joined a coalition of civil society groups in Colombia to raise more awareness about the country's human rights record.
As part of the joint effort, the coalition produced factsheets on various human rights in the Colombian context, including the right to privacy. It is available in both English and Spanish.
Content Type: Long Read
If you operate an internet company in Russia, you aren’t necessarily surprised to one day open the door to someone, grasping in one hand a bundle of wires and in the other a letter from a government agency demanding access to your servers, with a black box wedged under one arm.
Internet companies in Russia are required by law to store the content of users’ communications for six months and the metadata of users’ communications for three years, essentially meaning that what a person does…
Content Type: Long Read
Hasn't Facebook said it would give European data protection to all of their users?
Yes, but only in very vague language. In an initial reaction to the Cambridge Analytica scandal, Mark Zuckerberg declared that Facebook would apply the EU General Data Protection Regulation (GDPR) “in spirit” to their 2 billion users worldwide. When questioned by members of the US Congress, Zuckerberg declared that "[a]ll the same controls will be available around the world". Representative Green sought…
Content Type: Report
Artificial Intelligence (AI) is part of our daily lives. This technology shapes how people access information, interact with devices, share personal information, and even understand foreign languages. It also transforms how individuals and groups can be tracked and identified, and dramatically alters what kinds of information can be gleaned about people from their data.
AI has the potential to revolutionise societies in positive ways. However, as with any scientific or technological…
Content Type: Press release
Privacy International (PI) has today sent a detailed report and list of questions to the UK Prime Minister, Theresa May, following her admission that failures in the UK system governing intelligence sharing with international partners helped facilitate the detention, retention and “appalling treatment” of Abdel Hakim Belhaj and Fatima Boudchar.
Yesterday, in a letter written to Belhaj and Boudchar and read out in the UK parliament, Prime Minister May made the extraordinary admission that “The…
Content Type: News & Analysis
Following on from the publication of our ‘Digital Stop and Search’ report last month, into the use of intrusive technology that enables officers to download all of the data stored on our mobile phones, we are pleased that Scotland's Justice Sub-Committee on Policing have been scrutinising Police Scotland over their use of the technology.
During the hearing by Scotland's Justice Sub-Committee on Policing on 10th May John Finnie MSP stated he personally did not feel reassured, after grilling…
Content Type: Advocacy
Today Privacy International, with TACD, published a document detailing 10 things that US companies need to know about the forthcoming General Data Protection Regulation (GDPR).
People’s data should be treated with the highest privacy protections no matter where they are based. Privacy is a fundamental human right and data protection is intrinsically linked to it. While GDPR is not perfect, it does provide enforceable rights and obligations. If US companies want to demonstrate true commitment…
Content Type: Report
The use of biometric technology in political processes, i.e. the use of peoples’ physical and behavioural characteristics to authenticate claimed identity, has swept across the African region, with 75% of African countries adopting one form or other of biometric technology in their electoral processes. Despite high costs, the adoption of biometrics has not restored the public’s trust in the electoral process, as illustrated by post-election violence and legal challenges to the results of…
Content Type: Examples
A data breach at the Internet Research Agency, the Russian troll farm at the centre of Russia's interference in the 2016 US presidential election, reveals that one way the IRA operated was to use identities stolen from Americans. Using these accounts and other fake ones, the troll farm interacted via social media with genuine US activists and recruited them to participate in and help organise rallies, all in the interests of aggravating long-standing American social divisions.
https://…
Content Type: Examples
According to whistleblower Christopher Wylie, during the 2014 US midtern elections, Cambridge Analytica, needing data to complete the new products it had promised to political advisor Steve Bannon, harvested private information from the Facebook profiles of more than 50 million users without their permission. There was enough information about 30 million of these users to match them to other records and build psychographic profiles.
After the news became public in March 2018, Facebook…
Content Type: Examples
In March 2018, Facebook announced it was scrapping plans to show off new home products at its developer conference in May, in part because revelations about the use of internal advertising tools by Cambridge Analytica have angered the public. The new products were expected to include connected speakers with digital assistant and video chat; they are now undergoing a review to ensure that they incorporate the right approach to user data. At the developer conference the company will also explain…
Content Type: Examples
Users downloading their Facebook histories have been startled to find that the company has been collecting call and SMS data. The company has responded by saying users are in control of what's uploaded to Facebook. However, the company also says it's a widely used practice when users first sign in on their phones to a messaging or social media app to begin by uploading the phone's contact list. That data then becomes part of the company's friend recommendation algorithm. On versions of Android…
Content Type: Examples
The Houston, Texas-based online dating startup Pheramor claims to use 11 "attraction genes" taken from DNA samples in its matchmaking algorithm. Launched in February 2018 in Houston with 3,000 users, Pheramor also encourages users to connect it to their social media profiles so it can datamine them for personality traits and common interests. Members pay $19.99 plus a $10 monthly fee and send in a cheek swab using a kit Pheramor supplies. In response, the company combines the genetic and social…
Content Type: Examples
Behind the colourful bicycles and games rooms, Silicon Valley tech giants operate a strict code of secrecy, relying on a combination of cultural pressure, digital and physical surveillance, legal threats, and restricted stock to prevent and detect not only criminal activity and intellectual property theft but also employees and contracts who speak publicly about their working conditions. Apple has long been known for requiring employees to sign project-specific non-disclosure agreements (NDAs…
Content Type: Examples
The small, portable GrayKey box, costing $15,000 for an internet-connected version tied to a specific location or $30,000 for an offline version usable anywhere, takes two minutes to install proprietary software designed to guess an iPhone's passcode. Intended for use by law enforcement officials, the box can take from a few hours to crack a short passcode to several days for a longer one. Once cracked, the passcode is displayed on the iPhone's screen; then the iPhone can be reconnected to the…
Content Type: Examples
As part of its attempt to keep its 40,000 drivers operating on the streets of London after Transport for London ruled in October 2017 it was not "fit and proper" to run a taxi service, Uber has promised to share its anonymised data on travel conditions and journey times. TfL said in February 2018 that sharing travel pattern data could help it improve understanding of operators' services.
https://uk.reuters.com/article/us-uber-britain/uber-to-share-its-london-data-in-latest-charm-…
Content Type: Examples
The accuracy of Facebook's ad targeting sometimes leads users to believe that Facebook is spying on them by tapping the microphones in their phones. Facebook has denied the practice - and is likely telling the truth because uploading and scanning the amount of audio data such a system would involve an unattainable amount of processing power to understand context.
It sounds believable: Joanna Stern's mother told her to buy the decongestant Sudafed in the morning, and by afternoon she sees…
Content Type: Examples
The CEO of MoviePass, an app that charges users $10 a month in return for allowing them to watch a movie every day in any of the 90% of US theatres included in its programme, said in March 2018 that the company was exploring the idea of monetising the location data it collects. MoviePass was always open about its plans to profit from the data it collects, but it seems likely that its 1.5 million users assumed that meant ticket sales, movie choice, promotions, and so on - not detailed tracking…
Content Type: Examples
The Danish company Blip Systems deploys sensors in cities, airports, and railway stations to help understand and analyse traffic flows and improve planning. In the UK's city of Portsmouth, a network of BlipTrack sensors was installed in 2013 by VAR Smart CCTV, and the data it has collected is used to identify problem areas and detect changing traffic patterns. The city hope that adding more sensors to identify individual journeys will help reduce commuting times, fuel consumption, and vehicular…
Content Type: Examples
In 2015, the University of Arizona began tracking freshman students’ ID card swipes as part of a project to try to lower the rate at which students drop out or leave for another university. The cards, which include an embedded sensor and are given to all students, can be read at almost 700 locations, including the entrance to residence halls and the student recreation centre, the library, and vending machines. The published policy for the CatCard student IDs does not disclose the practice.
In a…
Content Type: Examples
Designed for use by border guards, Unisys' LineSight software uses advanced data analytics and machine learning to help border guards decide whether to inspect travellers more closely before admitting them into their country. Unisys says the software assesses each traveller's risk beginning with the initial intent to travel and refines its assessment as more information becomes available at each stage of the journey - visa application, reservation, ticket purchase, seat selection, check-in, and…
Content Type: Examples
On August 1, 2017, Wisconsin company Three Square Market began offering its employees the option of implanting a tiny chip between their thumb and index finger. The chip enables employees to wave at hand at any of the company's RFID readers in order to enter the building, pay for food in the cafeteria, or use other company services. More than 50 out of the 80 staff at its headquarters volunteered; a few are said to be considering incorporating the chip into a piece of jewellery rather than have…
Content Type: Examples
Like other countries, the US began incorporating RFID chips into its passports in 2006. The chips, which store passport information including name, date of birth, passport number, photo, and biometric identifiers, enable machine-readable border controls like those now seen at an increasing number of airports. For authentication and to prevent counterfeiting and tampering, the chips also include a cryptographic signature (certificate) that authenticates the country issuing the passport. This…
Content Type: Examples
Car companies have long collected data about the consumers who buy their cars. Now, they hope to aggregate and sell customer preferences to outside vendors for marketing purposes much as online tech giants like Google and Facebook already do. The companies say that exploiting this data will help them improve the driving experience, enabling predictive maintenance and enhancing driving intelligence. A study published in July 2017 by the US Government Accountability Office found that none of the…
Content Type: Examples
In 2012, Durham Constabulary, in partnership with computer science academics at Cambridge University, began developing the Harm Assessment Risk Tool (HART), an artificial intelligence system designed to predict whether suspects are at low, moderate, or high risk of committing further crimes in the next two years. The tool is used to decide whether to recommend referral to the rehabilitation programme Checkpoint, which aims to reduce reoffending by helping remediate the individual's problems,…