Advanced Search
Content Type: Examples
After the British government announced a national lockdown, Derbyshire Police used drones to capture footage of people rambling, walking their dogs, and taking photos in the Peak District. The move was widely criticised as heavy-handed and counter-productive; however, the government followed up by saying that people should stay near their homes for exercise and not travel unnecessarily and granting police new powers to enforce the lockdown.
Source: https://www.bbc.co.uk/news/uk-england-…
Content Type: Examples
In a widely circulated animated heat map, the geospatial visualisation company Tectonix GEO in partnership with the location technology company X-Mode used the secondary locations of anonymised mobile devices that were active on a single beach in in Ft Lauderdale, FL during spring break to show how the beach-goers fanned out across the US afterwards, potentially carrying infection with them. Although the visualisation was instructive in showing how contagion spreads, it was unclear whether any…
Content Type: Examples
The Ministry of Administration and Local Self-Government of the Republic of Srpska, an entity within Bosnia and Herzegovina, published the full and hometowns of the first 30 people who broke quarantine on March 23. The move was condemned by the Initiative for Monitoring the European Integration of Bosnia and Herzegovina, arguing that the move could lead to discrimination, stigmatisation, and even lynching, that there was no legal basis for removing protection from personal data, and…
Content Type: Examples
The European Commission urged Europe's telecoms giants, including Deutsche Telekom and Orange, to share their users' mobile data streams from across the region to help predict the spread of the coronavirus "for the common good". In a letter in response, Dutch Renew MEP Sophie In't Veld stressed that that data must remain anonymised, and questioned the usefulness of aggregating very large quantities of location data from millions of Europeans who are locked down. Meanwhile, questions are being…
Content Type: Examples
Argentina's Public Prosecutor's Office will start installing an app on the smartphones of those who violate government-ordered quarantine in the cities of Santa Fé and Rosario. The app will be installed by the province's Criminal Investigation Agency to track those who are under criminal investigation for violating quarantine. The app will send reports to the the MPA investigation office and coordinated by the Attorney General's Office. Individuals will be required to sign a document…
Content Type: Examples
On March 23, Argentina's immigration agency, Dirección Nacional de Migraciones (DNM), announced that anyone arriving in the country would be required to install the free COVID-19 Ministry of Health app on their phone for 14 days to ensure they comply with quarantine rules in order to protect the population. The Office of the Chief of Staff had instructed the DNM to adopt this policy when it launched the app, also on March 23. Since launch, the number of unnecessary permissions the app requests…
Content Type: Examples
Researchers at Germany's Robert Koch Institute and Fraunhofer Heinrich Hertz Institute are working on an app that uses Bluetooth connections between smartphones and is compliant with GDPR to anonymously save the distance and duration of contact between people on the smartphone to make it possible to digitally reconstruct infection chains. The idea is being copied from Singapore's TraceTogether app, which detects other users who have also installed the app. If someone tests positive, they can…
Content Type: Examples
Indonesian Ministry of Communication and Informatics/KOMINFO official website)
On Thursday, 26 March 2020, the Indonesian Minister of Communication and Informatics, Johnny G. Plate, issued the Ministerial Decree No. 159/2000 to facilitate the cooperation between the Government and telecommunication companies in developing a tracking app called TraceTogether. The app collects 14 days of mobile phone location data from the infected person, and then matches it to location data collected by…
Content Type: Examples
The Israeli Ministry of Health's mobile app, "The Shield", is intended to alert users if they have been at a location in Israel at the same time as a known COVID-19 patient.
The app, which is available for both Android and iOS, works by collecting the GPS and WiFi network (SSID) information of a user's mobile device throughout the day. This data is saved only on the mobile device and is not transmitted to the Ministry of Health, other government agencies, or any organisation. The locations…
Content Type: Examples
In a partnership with G3 Global Berhad, a system combining thermal scanning technology and facial recognition from SenseTime has been put in place at Malaysia's King's Palace. The combination is intended to trigger alerts, as well as detect and identify people even when they're wearing face masks in order to detect infected individuals in a non-contact way without requiring added manpower.
Source: https://www.biometricupdate.com/202003/biometric-checks-and-facial-recognition-payments-to-…
Content Type: Examples
In Jojutla, a municipality in the southern state of Morelos, the government is using drones, normally used for security tasks such as reducing homicides, to surveille gatherings in public parks and plazas and tell people to go home, at the same time distributing hand sanitiser gel and face masks on public roads, in popular neighbourhoods, and on public transport. So far there are no confirmed cases of COVID-19 in Jojutla, and only two confirmed and 23 suspected in the state.
Source: https://…
Content Type: Examples
A web form to screen COVID-19 cases developed by the Mexico City government collects a wide range of personal information such as name, age, telephone number, home address, social network username, and cellphone number. The privacy notice establishes that such data may be transferred to a vast array of judicial and administrative federal and local authorities.
Source: https://test.covid19.cdmx.gob.mx/
Writer: Mexico City government
Publication: Mexico City government
Content Type: Examples
Owing to concerns about the possibility of spreading the coronavirus via banknotes and payment cards, Russia has begun testing its Unified Biometric System (EBS) for payments at a selection of grocery stores including Lenta supermarkets. The Russian bank VTB plans a mass roll-out for mid-2020. For the beginning of 2021, Promsvyazbank is planning trials of facial biometric payments, a system the bank is negotiating to introduce with several retail chains. Facial biometric payments are made…
Content Type: Examples
Managed from a purpose-built coronavirus control centre, Moscow's network of 100,000 cameras equipped with facial recognition technology is being used to ensure that anyone placed under quarantine stays off the streets. Officials claim the centre can also be used to track international arrivals and monitor social media for misinformation.
Source: https://www.france24.com/en/20200324-100-000-cameras-moscow-uses-facial-recognition-to-enforce-quarantine
Writer: Sam Ball
Publication: France 24
Content Type: Examples
The success of South Korea's efforts to combat the coronavirus without a national lockdown and without suspending civil rights depended in part on preparation put in place after the 2015 MERS epidemic and in part on the country's network of private testing labs, which enabled the country to quickly set up drive-in testing, with the results rapidly texted back to mobile phones. Positive results set in motion aggressive contact-tracing incorporating CCTV footage, mobile phone tracking data, and…
Content Type: Examples
A newly-enacted Slovakian law, inspired by similar laws in Singapore, South Korea, and Taiwan, allows the country's Public Health Office to use location data from mobile phones to track people ordered to quarantine to ensure they are not breaking the rules. The angry public response on privacy grounds forced the government to clarify: it will only collect limited data and use it only in connection with the coronavirus outbreak, the data will only be accessible by the Public Health Office; and…
Content Type: Examples
Estonia's Government Crisis Commission has instructed the state statistical office, Statistics Estonia, to use mobile geolocation data from companies such as Telia, Elisa, and Tele 2 in order to study people's movements to prevent the spread of COVID-19. Statistics Estonia hoped to launch the project during the week of March 24, 2020. Mart Mägi, the director general of Statistics Estonia, said the intention was to analyse people's movements before and after emergency measures were implemented,…
Content Type: Examples
A day after John Tory, the mayor of the City of Toronto, told thousands of attendees at an online event hosted by TechTO that the city was gathering cellphone location data from telecoms in order to identify areas where residents were still congregating despite the city's social distancing rules, he withdrew the claim. City staff explained that an offer had been made to share anonymous cellphone location data with the City and it had been passed along to Toronto Public Health and the Emergency…
Content Type: Examples
The Rio de Janeiro City Hall has signed an agreement with telecomunications company TIM to use geolocation data to develop "heat maps" by cross-referencing epidemological hubs with high population density locations. Under the agreement, TIM will pinpoint the movement of its users across Rio de Janeiro through antennae-facilitated geolocation triangulation and send it online to the local government to enable it to monitor whether individuals are complying with isolation measures and assess…
Content Type: Report
On 12 December 2018 a member of Lancashire Police Department UK told viewers of a Cellebrite webinar that they were using Cellebrite's Cloud Analyser to obtain cloud based 'evidence'. In response to a Freedom of Information request Hampshire Constabulary told Privacy International they were using Cellebrite Cloud Analyser.
They are not alone. In Cellebrite's 2019 Annual Trend Survey, Cellebrite found that law enforcement is increasingly using 'cloud extraction.' But the…
Content Type: Examples
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…
Content Type: Examples
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.
“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.
“This means a Bluetooth connection can be established without pairing the devices at all.…
Content Type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content Type: Examples
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content Type: Examples
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum…