Advanced Search
Content Type: Advocacy
BackgroundThe Snowden revelations and subsequent litigation have repeatedly identified unlawful state surveillance by UK agencies. In response, the UK Parliament passed the highly controversial Investigatory Powers Act 2016 (IPA), which authorised massive, suspicionless surveillance on a scale never seen before, with insufficient safeguards or independent oversight.Privacy International led legal challenges to this mass surveillance regime both before and after the Act became law. The Act…
Content Type: Examples
Just as China uses technology system called "Integrated Joint Operations Platform" to control and surveil the persecuted population of Uighurs while restricting their movement and branding dissent as "terrorism", the Israeli military is using facial recognition and a massive database of personal information to control millions of Palestinians in the occupied West Bank. In November 2021, NSO Group's Pegasus spyware was found on the phones of six Palestinian human rights activists, three of whom…
Content Type: Examples
The Israeli minister of public security has joined police in denying claims in an article in Calcalist that the country's police force have used NSO Group's Pegasus software to spy on the phones of people who led protests against former premier Benjamin Netanyahu. Calcalist reported that the surveillance was carried out without court supervision or oversight of how the data was used. The daily Haaretz newspaper also reported that it had seen a 2013 invoice in which NSO billed police @@2.7…
Content Type: Video
Please note the views expressed in the video are the interviewee's own and do not necessarily reflect the views of PI.
In his interview, Alexandru told us that he started to work for Uber in 2018. Despite being aware of negative experiences of others, he felt that everything was running smoothly, and for a while, Uber met his expectations.
However, in 2021, he received a notice from Uber that they had noticed fraudulent activity associated with his account. He went on social media and…
Content Type: Video
Please note the views expressed in the video are the interviewee's own and do not necessarily reflect the views of PI.
Driver X (he wishes to remain anonymous) has been working for Uber for five years. After working for Uber for two and half years, he suddenly received a message telling him that his account had been temporarily suspended and asking him not to call Uber while the investigation was pending. He was baffled, as he had an excellent record and rating, with plenty of positive…
Content Type: Long Read
What if your boss was an algorithm? What would you do if your employer suddenly fired you or reduced your pay without telling you why? And without being willing to give you a reason when you ask for one?
This is not science fiction or some far-fetched reality. Millions of people worldwide are working in the gig economy sector for companies like Uber, Deliveroo, Bolt, Just Eat… And this could be the future of work for people working outside the gig economy, as surveillance technologies are…
Content Type: Video
Update: Pa has since won a settlement from UberPlease note the views expressed in the video are interviewee's own and do not necessarily reflect the views of PI.Pa used to work for Uber. After some time, Uber started asking him to submit a picture of himself to the platform to confirm it was indeed him who had completed the job. However, with time, the frequency of the requests increased. In the beginning, the requests for a picture only happened once a week, but as time went by Pa told us that…
Content Type: Press release
Amnesty International, Privacy International and The Centre for Research on Multinational Corporations (SOMO) have published a report uncovering NSO Group’s entire corporate structure, tracking the global money trail of both public and private investment into the lucrative spyware company.
Amnesty International and other rights groups have documented dozens of cases of NSO Group’s products being used by repressive governments across the world to put activists, journalists, and opposition…
Content Type: Report
In this briefing, Amnesty International, PI and The Centre for Research on Multinational Corporations (SOMO) discuss the corporate structure of NSO group, one of the surveillance industry's well-known participants. The lack of transparency around NSO Group’s corporate structure and the lack of information about the relevant jurisdictions within which it operates are significant barriers in seeking prevention of, and accountability for, human rights violations reportedly linked to NSO Group’s…
Content Type: Explainer
What is hacking?
Hacking refers to finding vulnerabilities in electronic systems, either to report and repair them, or to exploit them.
Hacking can help to identify and fix security flaws in devices, networks and services that millions of people may use. But it can also be used to access our devices, collect information about us, and manipulate us and our devices in other ways.
Hacking comprises a range of ever-evolving techniques. It can be done remotely, but it can also include physical…
Content Type: Long Read
On 8 January 2021, the UK High Court issued a judgment in the case of Privacy International v. Investigatory Powers Tribunal. The Secretary of State for Foreign and Commonwealth Affairs and Government Communication Headquarters (GCHQ) appeared as interested parties to the case.
After our initial reaction, below we answer some of the main questions relating to the case.
NOTE: This post reflects our initial reaction to the judgment and may be updated.
What’s the ruling all about?
In…
Content Type: Frequently Asked Questions
On 8 January 2021, the UK High Court issued a judgment in the case of Privacy International v. Investigatory Powers Tribunal. The Secretary of State for Foreign and Commonwealth Affairs and Government Communication Headquarters (GCHQ) appeared as interested parties to the case.
After our initial reaction, below we answer some of the main questions relating to the case.
NOTE: This post reflects our initial reaction to the judgment and may be updated.
Content Type: News & Analysis
Today, the UK High Court has quashed a decision by the Investigatory Powers Tribunal (IPT) and held that section 5 of the Intelligence Services Act (ISA) 1994 does not permit the issue of general warrants to authorise property interference and certain forms of computer hacking.
The Court referred to cases dating back to the 18th century, which demonstrate the common law’s insistence that the Government cannot search private premises without lawful authority even in the national security…
Content Type: Press release
Today, the UK High Court has quashed a decision by the Investigatory Powers Tribunal (IPT), and ruled that section 5 of the Intelligence Services Act (ISA) 1994 does not permit the issuing of general warrants to authorise property interference and certain forms of computer hacking.
The Court referred to cases dating back to the 18th century, which demonstrate the common law’s insistence that the Government cannot search private premises without lawful authority even in the context of national…
Content Type: Examples
Many of the steps suggested in a draft programme for China-style mass surveillance in the US are being promoted and implemented as part of the government’s response to the pandemic, perhaps due to the overlap of membership between the National Security Commission on Artificial Intelligence, the body that drafted the programme, and the advisory task forces charged with guiding the government’s plans to reopen the economy. The draft, obtained by EPIC in a FOIA request, is aimed at ensuring that…
Content Type: Long Read
This week saw the release of a coronavirus tracking app within the United Kingdom, initially to be trialled in the Isle of Wight. Privacy International has been following this closely, along with other ‘track and trace’ apps like those seen in over 30 other countries.
The UK’s app is no different. It is a small part of a public health response to this pandemic. As with all the other apps, it is vital that it be integrated with a comprehensive healthcare response, prioritise people, and…
Content Type: Examples
The whistleblower said they were unable to find any legitimate reason for the high volume of the requests for location information. “There is no other explanation, no other technical reason to do this. Saudi Arabia is weaponising mobile technologies,” the whistleblower claimed.
The data leaked by the whistleblower was also seen by telecommunications and security experts, who confirmed they too believed it was indicative of a surveillance campaign by Saudi Arabia.
The data shows requests for…
Content Type: Examples
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…
Content Type: Examples
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.
“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.
“This means a Bluetooth connection can be established without pairing the devices at all.…
Content Type: Video
You’re a witness or a victim or a suspect of a crime; or even just travelling going on holiday. Officials demand your phone, then disappear with it. What happened to your phone? What happened to your data? What will happen to you?
We all generate vast amounts of data using our mobile phones - more than most of us are aware of - and that data has become increasingly attractive to law enforcement agencies around the world, enabled by ‘extraction technologies’ supplied by companies like…
Content Type: Case Study
In early May 2019, it was revealed that a spyware, exploiting a vulnerability in Facebook’s WhatsApp messaging app, had been installed onto Android and iOS phones. The spyware could be used to turn on the camera and mic of the targeted phones and collect emails, messages, and location data. Citizen Lab, the organization that discovered the vulnerability, said that the spyware was being used to target journalists and human rights advocates in different countries around the world. The spyware…
Content Type: News & Analysis
On 24 October 2019, the Swedish government submitted a new draft proposal to give its law enforcement broad hacking powers. On 18 November 2019, the Legal Council (“Lagråd”), an advisory body assessing the constitutionality of laws, approved the draft proposal.
Privacy International believes that even where governments conduct hacking in connection with legitimate activities, such as gathering evidence in a criminal investigation, they may struggle to demonstrate that hacking as…
Content Type: Long Read
[Photo credit: Images Money]
The global counter-terrorism agenda is driven by a group of powerful governments and industry with a vested political and economic interest in pushing for security solutions that increasingly rely on surveillance technologies at the expenses of human rights.
To facilitate the adoption of these measures, a plethora of bodies, groups and networks of governments and other interested private stakeholders develop norms, standards and ‘good practices’ which often end up…
Content Type: News & Analysis
A new UK Times report claims that “WhatsApp, Facebook and other social media platforms will be forced to disclose encrypted messages from suspected terrorists, paedophiles and other serious criminals under a new treaty between the UK and the US.”
Several other media outlets have followed up on the report, with headlines such as “UK and US set to sign treaty allowing UK police ‘back door’ access to WhatsApp and other ‘end to end encrypted’ messaging platforms”.
While the…
Content Type: Examples
The Lumi by Pampers nappies will track a child's urine (not bowel movements) and comes with an app that helps you "Track just about everything". The activity sensor that is placed on the nappy also tracks a baby's sleep.
Concerns over security and privacy have been raised, given baby monitors can be susceptible to hackers and any app that holds personal information could potentially expose that information.
Experts say the concept could be helpful to some parents but that there…
Content Type: Long Read
Details of case:
R (on the application of Privacy International) (Appellant) v Investigatory Powers Tribunal and others (Respondents)
[2019] UKSC 22
15 May 2019
The judgment
What two questions was the Supreme Court asked to answer?
Whether section 67(8) of RIPA 2000 “ousts” the supervisory jurisdiction of the High Court to quash a judgment of the Investigatory Powers Tribunal for error of law?
Whether, and, if so, in accordance with what principles, Parliament may by…
Content Type: Examples
In August 2018, banks and merchants had begun tracking the physical movements users make with input devices - keyboard, mouse, finger swipes - to aid in blocking automated attacks and suspicious transactions. In some cases, however, sites are amassing tens of millions of identifying "behavioural biometrics" profiles. Users can't tell when the data is being collected. With passwords and other personal information used to secure financial accounts under constant threat from data breaches, this…
Content Type: Examples
In October 2018, researcher Johannes Eichstaedt led a project to study how the words people use on social media reflect their underlying psychological state. Working with 1,200 patients at a Philadelphia emergency department, 114 of whom had a depression diagnosis, Eichstaedt's group studied their EMRs and up to seven years of their Facebook posts. Matching every person with a depressive diagnosis with five who did not, to mimic the distribution of depression in the population at large, from…
Content Type: Examples
In 2018, economists Marianne Bertrand and Emir Kamenica at the University of Chicago Booth School of Business showed that national divisions are so entrenched that details of what Americans buy, do, and watch can be used to predict, sometimes with more than 90% accuracy, their politics, race, income, education, and gender. In a paper published by the National Bureau of Economic Research, the economists taught machine algorithms to detect patterns in decades of responses to three long-running…
Content Type: Examples
In 2017, Britain's' two biggest supermarkets, Tesco and Sainsbury's, which jointly cover 45% of the UK's grocery market, announced they would offer discounts on car and home insurance based on customers' shopping habits. For example, based on data from its Nectar card loyalty scheme, Sainsbury's associates reliable, predictable patterns of visits to stores with safer and more cautious driving, and therefore offers those individuals cheaper insurance. For some products, Sainsbury's also mines…