Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

01 Jun 2020
Italy has launched Immuni, one of the first contact tracing apps based on the Apple-Google API. The app is opt-in, and includes an explanation of the privacy and security measures in its setup. The app collects anonymously bluetooth tokens that are automatically randomised, but does not collect GPS
11 May 2020

The combination of poverty, crowded living conditions, and lack of access to running water place Europe's 10 million Roma at particular risk from the coronavirus, leading in some countries to their scapegoating as potential hotspots for illness, according to an Open Society Foundations report. In Sofia people are only allowed to leave Roma neighbourhoods through police checkpoints if they can produce a work contract or urgent reason. In Slovakia, five Roma settlements were put under quarantine in early April; four have since had the quarantine lifted. Many Roma people have lost their jobs and may not be eligible for state compensation schemes, and many families do not have either broadband connections or sufficient devices to support distance learning for their children.

Writer: Shaun Walker
Publication: Guardian
 

06 May 2020
Serbian MPs voted 155-0, with one not voting and one abstention, to lift the state of emergency that was declared on March 15 and repeal 11 emergency ordinances covering work, tax, debt, and criminal justice on the basis that the conditions for lifting it have been met. The change lifts curfews and
13 May 2020
The Slovak Constitutional Court declared unconstitutional parts of the newly amended telecommunication law that permitted state authorities to access telcommunications data for the purposes of contact tracing. The parliament approved the legislation in March, but the court ruled that the need for
08 May 2020
As part of their preparations to ease the lockdown, French authorities have added AI tools into the CCTV cameras in the Paris Metro to detect the number of passengers who are wearing face masks. The system is also being used in outdoor markets and buses in Cannes. Although it is mandatory to wear a
13 May 2020
Taking advantage of the pandemic to close US borders, the Trump administration is also spreading coronavirus infection by deporting detainees to receiving countries such as Guatemala, where 20% of infections are deportees. Guatemala has only two hospitals and a scattering of smaller regional medical
12 May 2020
The controversial Israeli spyware company NSO Group's US arm, Westbridge, has been trying to pitch its phone hacking software to US law enforcement agencies such as the San Diego Police Department, particularly a tool called "Phantom", which the complany claims can overcome encryption, track
19 May 2020
Cameras repurposed as "fever-detecting" aren't designed for and are not very good at detecting infections, but businesses, airlines, major employers, and public officials are nonetheless reacting to the coronavirus pandemic by spending large sums to buy them without understanding their limitations
08 May 2020
At a press conference, Israeli prime minister Benjamin Netanyahu suggested that microchipping everyone, beginning with children returning to school and kindergarten as the coronavirus lockdown ends; the chip would sound an alarm whenever anyone gets too close much as a car does. Security experts
12 May 2020
Any user of India's Aaorgya Setu contact tracing app can now request deletion of the data they've entered according to the Aaorgya Seta Emergency Data Access and Knowledge Sharing Protocol, 2020, which specifies the definition, collection, processing, and storage of the data the app collects. The
28 Apr 2020
Many of the technologies used to combat the coronavirus pandemic, including monitoring and analysing social media posts, telecommunications location data, and the use of sensors, were first tested on refugees during the 2015 crisis and are now being repurposed in the name of public health. In 2019
08 May 2020
Among the regulations governing restaurants as the US State of Maine's moves into a phased reopening is a requirement to maintain customer records for contact tracing purposes, including one customer's name and contact information per party and those of the table's server. The regulations also
01 Apr 2020

The Myanmar Ministry of Union Government Office, Ministreay Health and Sports, Ministry of Transport and Communications, and youth tech expert Ko Htoo Myint Naung have collaborated on a mobile app to monitor people ordered to quarantine, adapted from other similar apps developed in countries such as South Korea. The app, which is available in Myanmar and English, allows both citizens and foreign residents to report on their health condition. Mobile operators will provide free SIM cards and 1GB of internet data for people under quarantine. A database of all registered and quarantined people will be used to build appropriate action plans.

Writer:  Myanmar News Agency
Publication: Global New Light of Myanmar
 

13 May 2020
In designing its Healthy Together contact tracing app, the US state of Utah opted for a GPS and Bluetooth-based design created by social media startup Twenty; it does not use the Google-Apple API. The goal is for the app to assist the 1,200 Utah Department of Health workers who are doing phone call
18 May 2020
France, like the UK, opted to develop its own contact tracing app. "StopCovid", using a centralised design developed by the Pan-European Privacy-Preserving Proxity Tracing (PEPP-PT) group, which created a framework called ROBust and the privacy-presERving proximity Tracing protocol (ROBERT). French
19 May 2020

Security researchers have found seven problems with the NHSx contact tracing app including: weaknesses in registration that could allow attackers to steal encryption keys; storing unencrypted data on handsets; generating a new random ID code only once a day; and design decisions with respect to Bluetooth connections that could enable tracking. These questions are independent of whether the app is centralised or decentralised.

Writer: BBC; Chris Culnane and Vanessa Teague
Publication: BBC; State of IT
 

21 May 2020
As the waning pandemic leads to signs that the protest movement is resuming, China is moving to draft new national security legislation and incorporate it into Hong Kong's Basic Law, bypassing the territory's Legislative Council. Elections for the Council are due to be held in September, and Chinese
22 May 2020
Following a similar effort in the Netherlands, the UK is planning a national research programme in collaboration with universities, water companies, and public research bodies to detect coronavirus in sewage for use as an early warning system for future outbreaks of COVID-19. About half of those
21 May 2020
Immunity passports are likely to increase discrimination and threaten fairness and public health - and won't work for practical reasons. First and foremost, scientists do not yet know whether infection confers immunity or for how long; the serological tests so far developed are insufficiently
21 May 2020

In an analysis, the smartphone privacy company Jumbo Privacy finds that Care19, North Dakota's official COVID-19 contact tracing app, sends latitude and longitude data and a unique user advertising identifier to Foursquare and other data to Google servers and the bug-tracking Bugfender. The app's privacy policy does not disclose this third-party sharing. The app development company, ProudCrowd, said it would update the privacy policy and that the data-sharing agreement does not allow Foursquare to collect or use the Care19 data beyond returning the names of nearby businesses. North Dakota officials say future versions of the app will incorporate Apple-Google's new Exposure Notification API.



Writer: Steven Melendez
Publication: Fast Company