Advanced Search
Content Type: Examples
In 2018, based on an analysis of 270,000 purchases between October 2015 and December 2016 on a German ecommerce site that sells furniture on credit, researchers at the National Bureau of Economic Research found that variables such as the type of device could be used to estimate the likelihood that a purchaser would default. The difference in rates of default between users of iOS and Android was about the same as the difference between a median FICO credit score and the 80th percentile of FICO…
Content Type: Examples
The common reporting standard brought in by the UK's HMRC in 2018 require tax authorities to automatically exchange information on millions of citizens living abroad. In response, an EU citizen domiciled in Italy who formerly lived in the UK and maintains a UK bank account, filed a complaint with the UK's data protection regulator arguing that sharing this data exposed her to risk of cyber hacking or accidental leaks and therefore violates GDPR. Developed by the OECD, the common reporting…
Content Type: Examples
In September 2017, the UN Capital Development Fund, the UN Development Programme, and the non-profit San Francisco-based startup Kiva, which has worked for 13 years as a crowd-funded microlending platform announced a joint initiative to open up financial services to the 20% of the Sierra Leone population - 7 million citizens - who have no credit history or proof of formal identity and are therefore unable to start businesses, raise loans, or generally access mainstream financial services. The…
Content Type: Examples
A flaw in the official 2018 UK Conservative Party conference app granted both read and write access to the private data of senior party members, including cabinet ministers, to anyone who logged in by second-guessing the email address they used to sign into the app. Twitter users claimed that one leading politician, Boris Johnson, had his avatar briefly replaced by a pornographic image, while another, Michael Gove, had his replaced by that of media magnate Rupert Murdoch. The app was…
Content Type: Explainer
This is the third part of Understanding Identity Systems. Read Part 1: Why ID?, and Part 2: Discrimination and Identity.
Biometrics
Biometrics are the physiological and behavioural characteristics of individuals. This could be fingerprints, voice, face, retina and iris patterns, hand geometry, gait or DNA profiles. However, the legal definition of ‘biometrics’ may differ – in some contexts, it may be defined by law, whereas in others it may not have, or only have…
Content Type: Explainer
This is the second part of Understanding Identity Systems. Read Part 1: Why ID?, and Part 3: The Risks of ID.
The existing identity landscape
Every country has an existing landscape of ways in which people can identify themselves. This can include an existing ID card system, but also a range from birth registration, to passports, to driver licenses. The effectiveness of these systems may be unevenly distributed, or otherwise problematic.
The nature of the existing ID landscape…
Content Type: Explainer
Introduction
Of all the data-intensive initiatives that a government can introduce, some of the largest are ID systems. They have implications across a broad range of human and civil rights. How do we begin to critique an ID system, to begin to understand its strengths and weaknesses? There are a series of issues that we believe should be addressed in the development of any ID system.
This could be of particular relevance to civil society organisations (CSOs): this is because civil…
Content Type: Examples
In January 2019, it was discovered that the HIV-positive status of 14,200 people in Singapore, as well as their identification numbers and contact details, had been leaked online. According to a statement of the Ministry of Health, records leaked include 5,400 Singaporeans diagnosed as HIV-positive before January 2013, and 8,800 foreigners diagnosed before December 2011. Patient names, identification numbers, phone numbers, addresses, HIV test results and medical information was included in the…
Content Type: Explainer
Photo credit: warrenski
Mandatory SIM card registration eradicates the potential for anonymity of communications, enables location-tracking, and simplifies communications surveillance and interception. By facilitating the creation of an extensive database of user information, it places individuals at risk of being tracked or targeted, and having their private information misused. In the absence of comprehensive data protection legislation and judicial oversight, SIM users' information can be…
Content Type: Examples
Shortly before the November 2018 US midterm elections, the Center for Media and Democracy uncovered documents showing that the multi-billionaire Koch brothers have developed detailed personality profiles on 89 percent of the US population with the goal of using them to launch a private propaganda offensive to promote Republican candidates. The brothers have also developed "persuasion models" and partnered with cable and satellite TV providers to target voters with tailored messaging during TV…
Content Type: Examples
In 2018, 17 US states and the District of Columbia filed suit to block the addition of a citizenship question to the 2020 census. Emails released as part of the lawsuit show that the administration began pushing to add the question as early as the beginning of 2017, claiming it was to improve enforcement of the 1965 Voting Rights Act. Critics, however, say the question will depress response rates, make the count more expensive and less accurate, and believe the question is intended to…
Content Type: Examples
The Tel-Aviv-based private intelligence firm Black Cube, which is largely staffed by former Israeli intelligence operatives, was involved in a campaign to attack NGOs and businessman-turned-philanthropist George Soros during Hungary's election campaign. Between December 2017 and March 2018, agents using false identities secretly recorded the results of contacts with Hungarian NGOs and individuals connected to Soros. The recordings began appearing in the press three weeks before the election,…
Content Type: Examples
"Buzzer teams" - teams employed to amplify messages and create a buzz on social media - were used by all candidates in the 2017 Indonesian general elections. Coordinated via WhatsApp groups, many of the teams opened fake accounts to spread both positive and negative messages, as well as hate speech. The operators of the most influential accounts could command $1,400 for a single tweet.
https://www.theguardian.com/world/2018/jul/23/indonesias-fake-twitter-account-factories-jakarta-politic…
Content Type: Examples
On the night of June 23, 2016, as the polls closed Britain's Sky News broadcast what sounded like a concession statement from Nigel Farage, the leader of the campaign to leave the EU, plus a YouGov exit poll indicating that the country had voted to remain; over an hour later, Farage reiterated his concession to the Press Association. The combination pushed up the pound on the world's foreign exchanges. A few hours later, when the true result was announced, the pound crashed - but in between a…
Content Type: Examples
Facebook ads purchased in May 2016 by the Internet Research Agency, a notorious Russian troll farm, urged users to install the FaceMusic app. When installed, this Chrome extension gained wide access to the users' Facebook accounts and web browsing behaviour; in some cases it messaged all the user's Facebook Friends. The most successful of these ads specifically targeted American girls aged 14 to 17 and said the app would let them play their favourite music on Facebook for free and share it…
Content Type: Examples
In July 2018, Robert Mueller, the special prosecutor appointed to look into Russian interference in the 2016 US presidential election, charged 12 Russian intelligence officers with hacking Hillary Clinton's campaign and the Democratic National Committee by spearphishing staffers. The charges include conspiracy to commit an offence against the US, aggravated identity theft, conspiracy to launder money, and conspiracy to access computers without authorisation. The hack led to the release of…
Content Type: Examples
In May 2018, a report form Strathmore University's Centre for Intellectual Property and Information Technology (CIPIT) found that some staff at Kenya's Independent Electoral and Boundaries Commission who were mandated to protect voter data made millions of Kenyan shillings by illegally selling private voter data to politicians during the 2017 general election. CIPIT collected campaign messages sent by candidates for MP, Member of County Assembly, the Senate, and representative of women. Any…
Content Type: Examples
In March 2018, Indian Congress president Rahul Gandhi tweeted that the Naramendra Modi app issued by India's ruling Bharatiya Janata Party was leaking user data. The app is intended to spearhead BJP's social media strategy in the run-up to the 2019 general elections; the party hopes to use it to mobilise 100 million BJP members and has set a target of 100,000 downloads for each district. Both privacy activists and political rivals complained that the app asks for too many permissions, is…
Content Type: Examples
In November 2018, the UK government announced it would pilot voter ID for in 11 local authorities during thte 2019 local elections in order to gain insight into ensuring voting security and lowering the risk of voter fraud. The Cabinet Office deemed the pilots conducted in five local authorities during the 2018 local elections to be a success. Four models of checking are under consideration: photo ID (Pendle, East Staffordshire, Woking); one photo or up to two non-photo IDs (Ribble Valley,…
Content Type: Examples
Shortly before the 2018 US midterm elections, Georgia secretary of state and gubernatorial candidate Brian Kemp accused Georgia's Democratic Party of hacking into the state's voter registration database, though without providing any evidence to support the claim. The motives behind the claim were unclear, but a report published by WhoWhatWhy suggested that the claim may have referred to a cybersecurity investigation conducted by the Democrats that uncovered significant flaws in the state's…
Content Type: Examples
In August 2018, the US Democratic National Committee notified the FBI that the San Francisco-based security company Lookout and the cloud service provider DigitalOcean had detected an attempted hack targeted at the DNC voter database. The attack took the form of a fake DNC login page intended to trick people into disclosing their usernames and passwords thinking they were accessing the DNC's VoteBuilder platrform. Lookout believes it found the site within 30 minutes of its going up online, but…
Content Type: Examples
With only days to go before the 2018 US midterm elections, a federal judge ruled that the state of Georgia must change its "exact match" law that required voter registrations with even the tiniest variation from other official identifications to be flagged as potential non-citizens unless they could produce proof of identity. A group of civil rights groups sued Republican secretary of state Brian Kemp, in charge of the elections despite also running for governor, to change the procedure, which…
Content Type: Examples
A 2018 study of the use of biometric technology for voter identification and verification in Ghana in 2012 called the effort a failure. It's not enough, the researchers argue, for biometrics to be technically sound; for the technology to function as intended registration centres must have real-time connectivity to an electronic national register, electoral officials need to be trained intensively both to operate the machines and to handle outliers and breakdowns. The biometrics themselves are…
Content Type: Examples
In 2018, the UK Information Commissioner's Office fined Emma's Diary, a site offering pregnancy and childcare advice owned by Lifecycle Marketing (Mother and Baby) Ltd, £140,000 for collecting and selling personal information belonging to more than 1 million people without disclosing in the site's privacy policy how it would be used. Although Lifecycle denied the allegations, the ICO found that the company sold the data to Experian Marketing Services to build into profiles for use by the…
Content Type: Examples
A database compiled through investigations conducted in 2018 by the Guardian and the Undercover Research Group network of activists shows that undercover police officers spied on 124 left-wing activist groups between 1970 and 2007. The police infiltrated 24 officers over that time within the Socialist Workers Party, which, with a membership of a few thousand, advocates revolution to ablish capitalism. Four of these undercover officers began sexual relationships with deceived female members, and…
Content Type: Examples
Under a clause in the country's computer crime act that criminalises uploading content that is false or causes "panic", in 2018, Thailand's ruling military junta pursued a criminal investigation into a live feed on the Facebook page belonging to the rising Future Forward Party. The postings claimed that the governing party, the National Council for Peace and Order, which seized power in 2014 was using the threat of lawsuits to recruit former MPs from rival parties. The NCPO has promised to hold…
Content Type: Examples
In September 2018, Google warned a selection of US senators and their aides that their Gmail accounts were being targeted by foreign government hackers. Google has issued warnings of phishing attempts by state-sponsored actors since 2012, though getting a notice does not mean the account has been compromised.
https://www.cnet.com/news/google-warns-us-senators-of-foreign-hackers-targeting-their-gmail-accounts/
Writer: Richard Nieva
Publication: CNet
Content Type: Examples
In September 2018, when Massachusetts state police tweeted a map of responses to fires and explosions during a gas emergency, they inadvertently revealed that they were closely monitoring several activist groups, including a Facebook group for Mass Action Against Police Brutality, the Coalition to Organize and Mobilize Boston Against Trump, Facebook 413, Facebook MA Activism, and Resistance Calendar. The image was taken down and cropped after half an hour, but it spurred journalists to ask…
Content Type: Examples
A combination of entrenched and litigious voting machine manufacturers with immense control over their proprietary software and a highly complex and fragmented voting infrastructure mean that even though concerns were raised as early as 2004 about the security of US voting machines, the 2018 midterm election saw little improvement. The machines in use in the more than 10,000 US election jurisdictions are all either optical-scan or direct-recording electronic (DRE). Optical-scan, which scans…
Content Type: Examples
In the run-up to the November 2018 US midterm elections, Vice tested Facebook's new system of mandatory "Paid for" disclosure intended to bring greater transparency to the sources of ads relating to "issues of national importance". Placing political ads requires a valid ID and proof of residence. Vice found that Facebook quickly approved ads the site attempted to place that named Islamic State, US vice president Mike Pence, and Democratic National Committee chair Tom Perez in the "Paid for"…