Privacy International https://privacyinternational.org/ en Tracking the Global Response to COVID-19 https://privacyinternational.org/key-resources/3460/tracking-global-response-covid-19 <span class="field field--name-title field--type-string field--label-hidden">Tracking the Global Response to COVID-19</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/460" typeof="schema:Person" property="schema:name" datatype="">caitlinb</span></span> <span class="field field--name-created field--type-created field--label-hidden">Thursday, March 19, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Tech companies, governments, and international agencies have all announced measures to help contain the spread of the COVID-19 virus.</p> <p>Some of these measures impose severe restrictions on people’s freedoms, including to their privacy and other human rights. Unprecedented levels of surveillance, data exploitation, and misinformation are being tested across the world.</p> <p>Many of those measures are based on extraordinary powers, only to be used temporarily in emergencies. Others use exemptions in data protection laws to share data.</p> <p>Some may be effective and based on advice from epidemiologists, others will not be. But all of them must be temporary, necessary, and proportionate.</p> <p>It is essential to keep track of them. When the pandemic is over, such extraordinary measures must be put to an end and held to account.</p> <p>This page will be updated as measures are reported.</p> <p>This is a collective project led by PI alongside its global Network. But we also need your help. If you know of an example we can add and track, please contact us with an open source link, at <a href="https://dev.privacyinternational.org/contact">https://privacyinternational.org/contact</a><em>.</em></p></div> <div class="field field--name-field-resource-type field--type-entity-reference field--label-above"> <div class="field__label">Related learning resources</div> <div class="field__items"> <div class="field__item"><a href="/learning-resources/analysing-responses-covid-19" hreflang="en">Analysing responses to Covid-19</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/fighting-global-covid-19-power-grab" hreflang="en">Fighting the Global Covid-19 Power-Grab</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/732" hreflang="en">News and Analysis</a></div> <div class="field__item"><a href="/taxonomy/term/734" hreflang="en">Reports</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/115" hreflang="en">Scenario_02.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>Tech companies, governments, and international agencies have all announced measures to help contain the spread of the COVID-19 virus. Unprecedented levels of surveillance, data exploitation, and misinformation are being tested across the world.</p></div> </div> Thu, 19 Mar 2020 14:54:48 +0000 caitlinb 3460 at https://privacyinternational.org The EU needs to provide assistance to migrants affected by Covid-19. But their latest proposal does nothing of the kind. https://privacyinternational.org/news-analysis/3582/eu-emergency-fund-greece <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div id="field-language-display"><div class="js-form-item form-item js-form-type-item form-type-item js-form-item- form-item-"> <label>Language</label> English </div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Amid calls from <a href="https://www.unhcr.org/news/press/2020/3/5e836f164/rights-health-refugees-migrants-stateless-must-protected-covid-19-response.html">international organisations</a> and <a href="http://www.arsis.gr/en/protect-the-most-vulnerable-to-ensure-protection-for-everyone-restore-legality-toprotect-refugees-and-the-society-at-large-amidst-the-pandemic/#more-23532">civil society</a> urging for measures to protect the migrant populations in Greece and elsewhere, last week, the European Commission submitted a <a href="https://ec.europa.eu/transparency/regdoc/rep/1/2020/EN/COM-2020-145-F1-EN-MAIN-PART-1.PDF">draft proposal to amend the general budget 2020</a> in order to, among other measures, provide assistance to Greece in the context of the COVID-19 outbreak.</p> <p>Both at the Turkish-Greek border and in the camps on the Greek islands, there are <a href="https://www.msf.org/urgent-evacuation-squalid-camps-greece-needed-over-covid-19-fears">severe concerns</a> not only about the dire situation in which these people are being forced to live but also on the impact of public health and efforts to curtail the spread of the virus.</p> <p>The government itself has called the overcrowded camps, where more than 40,000 asylum-seekers are currently trapped as <a href="https://www.reuters.com/article/us-health-coronavirus-greece-camp/greece-quarantines-camp-after-migrants-test-coronavirus-positive-idUSKBN21K0OB">a “ticking health bomb”</a>. Today, Greece has announced that it has quarantined a camp on the outskirts of Athens after at least 20 migrants tested positive for the virus.</p> <p>The EU urgently needs to step up and provide assistance to protect the health and safety of people trapped in camps on the Greek islands - not just to protect their welfare, but to contain the virus itself.</p> <p>Unfortunately, the current proposal does everything but that. While the title may refer to the Covid-19 outbreak, the proposed distribution of funds will do little to ensure the safety of migrants in light of the Covid-19 pandemic.</p> <h2 id="What-will-the-proposed-budget-cover">What will the proposed budget cover?</h2> <p>The <a href="https://privacyinternational.org/challenging-drivers-surveillance">EU has for some time now been diverting aid funds</a> to training and financing EU and non-EU security forces and equipping them with surveillance capabilities as part of broader EU efforts to stop migration to Europe. This is another proposal to the same direction.</p> <p>The Commission proposes to provide “EUR 350 million to meet the needs resulting from the increased migration pressure in Greece” due to the conflict in Syria and the problems with the implementation of the EU-Turkey agreement.</p> <p>In their announcement, the Commission further highlights the effective protection of the external borders of Greece and Bulgaria as a key driving factor for providing additional funds.</p> <blockquote> <p>Specifically, the Commission proposes to allocate:</p> <ul><li>220m on creating yet another five Multi-Purpose Reception and Identification Centres (MPRICs) in the Greek islands in 2020.</li> <li>10m on Voluntary Return and Reintegration Assistance (AVRR) programmes</li> <li>50m for services in the new camps and emergency items</li> <li>50m to be available under the Internal Security Fund (ISF) Borders &amp; Visa to cover deployment and operational costs of border guards and police officers at the external border of Greece and/or Bulgaria and acquisition of relevant equipment</li> <li>10m to Frontex to coordinate a return programme for the quick return of persons without the right to stay to countries of origin from Greece.</li> <li>10m to European Asylum Support Office (EASO) for the deployment of experts in Greece.</li> </ul></blockquote> <p>This budget distribution does not tackle the issues raised by the pandemic. Instead, it once again aims at increasing surveillance and control over migrants in yet another attempt to counter migration.</p> <p>Referring to ‘relevant equipment’ for border control, the budget doesn’t clarify what this is and there is no way to know to what equipment this refers to. Similarly, there is no control on the plans around the camps construction that are primarily built to keep people in camps rather than provide them shelter. “<a href="https://www.refugee.info/greece/islands-asylum-information--greece/reception-and-identification-procedure?language=en">Identification procedures</a>”, which include police or Frontex asking migrants questions, take their fingerprints and picture, and surveillance are the primary means to secure their access to camps and that they stay locked in.</p> <h2 id="How-could-the-funds-actually-be-used">How could the funds actually be used?</h2> <p>In the context of a global pandemic, while everyone is at risk of carrying or contracting the virus, migrant populations can be disproportionately affected because of their existing precarious social, economic and legal contexts. Undocumented migrants or asylum seekers may, for example, be confined in unsanitary and cramped conditions making social distancing impossible. Others may not seek proper care for fear of being reported to the authorities, or if their inability to work means they fear being charged for any access.</p> <p>To alleviate such fears, <a href="https://www.independent.co.uk/news/world/europe/coronavirus-portugal-migrants-asylum-seekers-treatment-residents-a9431831.html">Portugal recently announced</a> that all migrants and asylum seekers currently residing in the country have the same rights as Portuguese residents for purposes of receiving treatment for coronavirus. This is an example of how good national policy may encourage migrants to seek medical assistance without fear of deportation or other consequences relating to their residence status - and help fight the virus.</p> <p>Last week, <a href="https://privacyinternational.org/advocacy/3490/covid-19-doesnt-discriminate-based-immigration-status-nor-should-home-office">PI signed a letter</a> with 40 other organisations asking the UK government to take measures to protect migrant populations at risk of Covid-19 and allow them to access healthcare for free and safely.</p> <p>On 25 March, <a href="http://www.arsis.gr/en/protect-the-most-vulnerable-to-ensure-protection-for-everyone-restore-legality-toprotect-refugees-and-the-society-at-large-amidst-the-pandemic/#more-23532">121 organisations signed an open letter</a> calling Greece and the EU to take urgent action to prevent a COVID-19 outbreak in Greek refugee camps. The European Commission should take into account their demands that have not been reflected in the proposal.</p> <p>We call for the EU to reconsider its proposal to ensure it aims at promoting the protection of migrants during the pandemic instead of using Covid-19 crisis as an excuse to increase control over them.</p> <h2 id="Related-reading">Related reading</h2> <ul><li><a href="https://www.privacyinternational.org/long-read/3221/eu-funds-surveillance-around-world-heres-what-must-be-done-about-it">The EU Funds Surveillance Around the World: Here’s What Must be Done About it</a></li> <li><a href="https://www.privacyinternational.org/news-analysis/3223/europes-shady-funds-border-forces-sahel">Europe’s Shady Funds to Border Forces in the Sahel</a></li> <li><a href="https://privacyinternational.org/advocacy/3220/policy-briefing-future-eu-trust-fund-africa"><span>Policy Briefing - The Future of the EU Trust Fund for Africa</span></a></li> <li><a href="https://privacyinternational.org/advocacy/3219/policy-briefing-eu-neighbourhood-development-and-international-cooperation-instrument"><span>Policy Briefing - The EU Neighbourhood, Development and International Cooperation Instrument</span></a></li> </ul></div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/communities-risk" hreflang="en">Communities at Risk</a></div> <div class="field__item"><a href="/learn/migrants" hreflang="en">Migrants</a></div> <div class="field__item"><a href="/learn/immigration-enforcement" hreflang="en">Immigration Enforcement</a></div> <div class="field__item"><a href="/learn/migration-and-borders" hreflang="en">Migration and Borders</a></div> <div class="field__item"><a href="/learn/tech-border" hreflang="en">Tech at the Border</a></div> <div class="field__item"><a href="/learn/surveillance-industry" hreflang="en">Surveillance Industry</a></div> </div> </div> <div class="field field--name-field-location-region-locale field--type-entity-reference field--label-above"> <div class="field__label">Location</div> <div class="field__items"> <div class="field__item"><a href="/location/greece" hreflang="en">Greece</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-above"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/contesting-government-data-and-system-exploitation" hreflang="en">Contesting Government Data and System Exploitation</a></div> <div class="field__item"><a href="/strategic-areas/safeguarding-peoples-dignity" hreflang="en">Safeguarding Peoples&#039; Dignity</a></div> <div class="field__item"><a href="/what-we-do/demand-humane-approach-immigration" hreflang="en">Demand a Humane Approach to Immigration</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/challenging-drivers-surveillance" hreflang="en">Challenging the Drivers of Surveillance</a></div> <div class="field__item"><a href="/campaigns/fighting-global-covid-19-power-grab" hreflang="en">Fighting the Global Covid-19 Power-Grab</a></div> <div class="field__item"><a href="/protecting-migrants-borders-and-beyond" hreflang="en">Protecting migrants at borders and beyond</a></div> </div> </div> <div class="field field--name-field-education-course field--type-entity-reference field--label-above"> <div class="field__label">Education material</div> <div class="field__items"> <div class="field__item"><a href="/education/data-and-surveillance" hreflang="en">Data and Surveillance</a></div> </div> </div> <div class="field field--name-field-targeted-adversary field--type-entity-reference field--label-above"> <div class="field__label">Target Profile</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/692" hreflang="en">European Union</a></div> </div> </div> </div> </div> Thu, 02 Apr 2020 11:17:52 +0000 staff 3582 at https://privacyinternational.org Bluetooth tracking and COVID-19: A tech primer https://privacyinternational.org/explainer/3536/bluetooth-tracking-and-covid-19-tech-primer <span class="field field--name-title field--type-string field--label-hidden">Bluetooth tracking and COVID-19: A tech primer</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">tech-admin</span></span> <span class="field field--name-created field--type-created field--label-hidden">Tuesday, March 31, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples <a href="https://www.businessinsider.com/singapore-coronavirus-app-tracking-testing-no-shutdown-how-it-works-2020-3">in Singapore</a> and <a href="https://www.telegraph.co.uk/news/2020/03/30/nhs-developing-coronavirus-contact-tracing-app-successful-use/">emerging plans in the UK</a>.</p> <p>Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone which can be used in order to track movements such as GPS and WiFi. Telecommunications operators ('telcos') are also handing over customer data which can show the cell towers phones have connected to, and therefore triangulate an individual's location. Internet companies are also providing access to location data they have derived. In this piece we will focus on Bluetooth technology.</p> <p>Whilst we will highlight some of the dangers and risks associated with this technology, the aim of this piece is to provide more detail on the technology itself, rather than a deep dive into the risks and whether or not Bluetooth technology should be used. We welcome those debates.</p> <p class="extract">TL;DR: Bluetooth is arguably one of the more accurate technologies in terms of proximity identification, in this instance, proximity to other phones using a specified app. Arguably, it is also the least intrusive form of tracking given that it is based on proximity to other phones using the app rather than actual location e.g. GPS or cell tower data. In this context, it can be understood more so as an interaction tracking tool. Data can be 'localised' and shared in accordance with a policy e.g. the Bluetooth devices you connect to are not shared unless for example you come into contact with someone who believes they have Covid-19 (as testing is still relatively rare). It is unclear whether anonymisation *may* in reality be possible; Bluetooth technology still has the potential to deanonymise vast swaths of the population and if implemented like Singapore's Trace Together, share sensitive personal data.</p> <h3>Why Bluetooth?</h3> <p>At first glance, using this technology makes sense - there are <a href="https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/">3.5 billion smartphone users worldwide</a>, and people carry their phones with them everywhere they go making them a perfect candidate for location-based tracking of population movements.</p> <p>However, whilst large numbers own smart phones, it is still less than 50% of the world's population, and questions must be raised about effectiveness of location tracking related to usage of the app. Unless there is a high level of adoption, will it work? In Singapore for example, <a href="https://www.economist.com/briefing/2020/03/26/countries-are-using-apps-and-data-networks-to-keep-tabs-on-the-pandemic">the Economist reported</a> that the app TraceTogether has been downloaded by 735,000 people — 13% of the population.</p> <p>Considering the number of smartphone users, the base level of computer literacy and awareness of the problem, the deployment of such technology may only benefit those who need it the least, a <a href="http://www.thenewhumanitarian.org/opinion/2020/03/30/coronavirus-apps-technology">lesson we learned from the humanitarian sector in situations of crisis</a>.</p> </div> <div class="field field--name-field-repeating-image-and-text field--type-entity-reference-revisions field--label-above"> <div class="field__label">Repeating Image and Text</div> <div class="field__items"> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/bluetooth%20chip%20on%20phone.png?itok=yaKxtpkb 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/bluetooth%20chip%20on%20phone.png?itok=bSdnZZ97 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/bluetooth%20chip%20on%20phone.png?itok=bSdnZZ97" alt="Samsung SGH-F480V controller board with Samsung BTEM48B2SB - Bluetooth / FM Module highlighted" typeof="foaf:Image" /> </picture> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">Samsung SGH-F480V controller board with Samsung BTM48B2SB - Bluetooth / FM Module highlighted. Original image © Raimond Spekking / CC BY-SA 4.0 (via Wikimedia Commons)</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><h3>Just what <em>is</em> Bluetooth?</h3> <p>Named after the 10th Century King Harald &quot;Bluetooth&quot; Gormsson who unified Scandinavia — and whose runic initials comprise the logo — Bluetooth is a wireless, low-power, and therefore short-distance, set of protocols used primarily to connect devices directly to each other in order to transfer data, such as video and audio.</p> <p>A 'protocol' in computer science is simply a set of rules or procedures for transmitting data, in this case between phones or devices, such as your Bluetooth headphones. Being 'short-distance' means that it can only communicate to other devices which are close-by, hence the level of accuracy of the location (or proximity to other devices) it tracks.</p> <p>Since the release of iOS 5 (Q4 2011), Windows Phone 8.1 (Q3 2014), BlackBerry 10 (Q1 2013), and Android Jelly Bean (4.3 - Q3 2012), mobile phone operating systems have supported a further subset of Bluetooth protocols known as Bluetooth Low Energy (&quot;Bluetooth LE&quot;). Although Bluetooth and Bluetooth LE are not directly compatible with each other, i.e. they have different rules about how to communicate, most modern Bluetooth chips are designed to talk both &quot;Classic&quot; and &quot;LE&quot; as they share a frequency range, meaning they can also share an antenna.</p> <p>As the name suggests, the Bluetooth LE protocol is a far lower-power type of Bluetooth connection than Bluetooth Classic, making it ideal for low-power devices, or where only small amounts of data need to be transferred. Unlike Bluetooth Classic, which is designed for sustained data transfer, Bluetooth LE &quot;sleeps&quot; between connections.</p> <h3>Bluetooth for tracking?</h3> <p>Most of us who've encountered Bluetooth use it to send files between devices, connect a wireless mouse, or to wirelessly listen to music. However using Bluetooth for proximity tracking has been done commercially for over a decade - as part of <a href="https://privacyinternational.org/case-studies/800/case-study-smart-cities-and-our-brave-new-world">&quot;Smart Cities&quot;</a>, as stickers or keyrings allowing people to locate lost objects, or <a href="https://www.nytimes.com/interactive/2019/06/14/opinion/bluetooth-wireless-tracking-privacy.html">in stores to track clients' interests and movements</a>.</p> <p>Bluetooth tracking is done by measuring the Received Signal Strength Indicator (&quot;RSSI&quot;) of a given Bluetooth connection to estimate the distance between devices. Simply put: the stronger the signal, the closer the devices are to each other. Bluetooth LE devices are also able to change their transmission power, meaning they can further limit the range of the signal. Bluetooth 5.1, released in late 2019 (and so yet to gain any real market penetration), supports Radio Direction Finding (&quot;RDF&quot;) meaning it can get an effective accuracy of ~1cm.</p> <p>A key feature of Bluetooth LE, which is attractive when thinking about location or interaction tracking, is that like many aspects of smartphones, Bluetooth LE is noisy. It's like the person in the room who won't stop talking. Bluetooth LE devices use broadcast &quot;advertising&quot; to announce their presence to other Bluetooth LE devices — constantly saying &quot;I'm here&quot; to any device that's close enough to hear it. By design, adverts are broadcast at a fixed time interval, which can be set anywhere between 20ms and 10.24s apart (in 0.625ms increments) depending on how urgent these connections are.</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/channels.png?itok=fZzBmq2u 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/channels.png?itok=djNSoKy- 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/channels.png?itok=djNSoKy-" alt="2.4GHz spectrum showing advertising channels and WiFi channels" typeof="foaf:Image" /> </picture> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">2.4GHz spectrum showing advertising channels and WiFi channels</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p>Because the radio frequency range used by Bluetooth (2.4~2.48GHz) is incredibly congested — by WiFi, embedded devices, garage door openers, baby monitors, <a href="https://www.intel.co.uk/content/www/uk/en/products/docs/io/universal-serial-bus/usb3-frequency-interference-paper.html">unshielded USB 3 cables</a>, and even microwave ovens amongst other things — BLE transmits these advertisements in three different parts of the spectrum (the beginning, end, and middle, avoiding WiFi channels) in order to try and overcome any interference.</p> <p>A BLE advert contains information which is extremely useful for tracking; information about the device (including the device's type and MAC address (an identifier)), and a payload containing the data being advertised. In the case of Covid-19 tracking, this payload appears to be a Universally Unique Identifier &quot;UUID&quot;.</p> <p>A UUID is a series of 128 numbers, represented in <a href="https://en.wikipedia.org/wiki/Hexadecimal">hexadecimal notation</a>. UUIDs are (usually) derived in one of two ways; either (pseudo-)randomly generated, or derived from a property of the device — e.g. phone number, MAC address, IMEI or similar — and the time of generation.</p> <p>Because these UUIDs are practically unique, they are an ideal way of identifying and consistently referring to a <em>single</em> device.</p> <h3>Bluetooth sounds ideal!</h3> <p>Of the various tracking technologies, Bluetooth certainly has the potential of being one of the least invasive purely based on its relatively low transmission radius, however there are significant drawbacks.</p> <p>As mentioned earlier, Bluetooth LE (and Bluetooth in general) is incredibly noisy. How noisy? Open Bluetooth search on your phone and see how many devices you can see.</p> <p>Because the Bluetooth protocols broadcast information about the device such as MAC address, the approaches so far have tried to mitigate the risks of people identifying a single contact by only recording identifiers provided in the Bluetooth payload by contact tracking app, the aforementioned UUID.</p> <p>To break this down, if you have Bluetooth turned on, your phone will broadcast its MAC address, as well as other device information, alongside the payload. A MAC address is a unique identifier used by networking devices, and is physically set in the Bluetooth chip in your phone. However, the app that uses Bluetooth technology can seek to anonymise the identity of the phone by only storing a UUID instead of the MAC address.</p> <p>To further try and obscure a single phone over time, the UUIDs broadcasted by the app may be regularly regenerated. i.e. you won't always have the same one. In order to keep track of the changes whilst still being able to tie them to an individual device, these UUIDs are either generated centrally — pushed down by the app's central server to your phone — or are generated on the device itself, and registered with the app.</p> <p>This doesn't, of course, stop the people operating the app (in this case a Government) — who have the database linking UUIDs to phone numbers — from deanonymising individuals. Indeed, they may consider this a feature rather than a bug, but it's important to think of the scale involved.</p> <p>The Singapore app TraceTogether, which uses Bluetooth connections to log other phones in close proximity, works by alerting those who have been in close proximity to a user who tests positive for Covid-19, to self-isolate. So if an individual who tests positive for Covid-19 uploads a list of UUIDs i.e. the people the infected person has been in close proximity to, then that's potentially hundreds if not thousands of people that the government contacts.</p> <p>Given the speed at which this virus can spread, and if there was significant adoption of the app, it wouldn't take long until a significant number of the population are tracked by the app.</p> <h3>Abuse of Bluetooth</h3> <p>The risks associated with using Bluetooth for location (or proximity) tracking do not just occur at the time the data is collected, but continue as long as it is stored — <em>in particular</em> once it has been linked to an individual. Thus <a href="https://privacyinternational.org/news-analysis/3461/extraordinary-powers-need-extraordinary-protections">there are concerns about how data such as these could be repurposed by Governments</a>.</p> <p>The desire for proximity tracking apps to force or encourage people to keep their Bluetooth turned on at all times creates additional risks. Whilst the effective range of Bluetooth is around 10m it can easily be further than that; Bluetooth can potentially transmit up to 100m. Because (as discussed) Bluetooth is noisy, that means anyone in the vicinity can track / is able to keep a log of the MAC addresses etc which is an intrinsic part of the Bluetooth protocol.</p> <p>What this means is that if we have our Bluetooth constantly on and constantly broadcasting, we need to be aware what other apps on our phone are using this information, what permissions they have been granted and how this could benefit commercial tracking which uses Bluetooth technology.</p> <h3>Security</h3> <p>A further negative with Bluetooth is its security.</p> <p><a href="https://www.kb.cert.org/vuls/id/304725/" title="Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange">Time</a> <a href="https://www.eurekalert.org/pub_releases/2019-11/osu-dfc111419.php" title="Design flaw could open Bluetooth devices to hacking - New research shows the way devices 'talk' to apps leaves them vulnerable">after</a> <a href="https://www.theverge.com/2019/8/16/20808597/bluetooth-device-flaw-hackers-vulnerability-data-encryption-cybersecurity-knob" title="Bluetooth vulnerability could expose device data to hackers">time</a>, <a href="https://phoenixts.com/blog/hacking-bluetooth-devices-bluebugging-bluesnarfing-bluejacking/">Bluetooth security has been found &quot;wanting&quot;</a> - with <a href="https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/" title="Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag">the latest Android vulnerability, &quot;BlueFrag&quot;</a>, affecting Android 8, 8.1 &amp; 9, and <a href="https://www.cbronline.com/news/apple-cves-google">critical bugs in Apple Bluetooth</a> allowing anyone in the vicinity to remotely execute code — that is, run any software they like — without any user interaction. Apple's BLE also implements some anti-tracking techniques such as MAC address randomisation, however their implementation has <a href="https://arxiv.org/abs/1904.10600">significant drawbacks</a>, with a motivated attacker able to bypass it entirely.</p> <h3>To conclude</h3> <p>Bluetooth LE has the capability of being both the least intrusive of tracking technologies (based on proximity between <em>people choosing to use the app</em>), whilst at the same time being highly intrusive in movement and interaction tracking (because its proximity is so small, and works as broadcast), and deanonymisation will necessarily cascade as the infection continues to spread, and uptake of apps increase.</p> <p>As with everything we're seeing in the age of Covid-19, we must be highly aware of the limitations of the choices we are offered. It is also important that technical and legal safeguards around the processing and storage of data — especially when those data can be used for deanonymisation — are not bypassed or ignored in the rush to deploy technology, however well-meaning or indeed vital it may be. It's also important to ensure that there exists a genuine need to use location tracking that is supported by the scientific evidence, given contact tracing <a href="https://www.thelancet.com/journals/langlo/article/PIIS2214-109X(20)30074-7/fulltext">is more effective</a> at earlier stages of tackling pandemics.</p> <p>Balancing the risks of location tracking also involves consideration of whether the apps will be effective given the down-sides. In the example of the United Kingdom, as identified by the Big Data Institute, this not only relates to adoption of the app - they estimate that over 60 per cent of the UK’s population would have to be using the app for digital contact tracing to reach enough people as they become infected. It is also essential, in their view, that people identified by the contact tracing app be promptly tested. This may require a significantly higher rate of testing that we’ve so far seen in the UK. As of March 24, UK government data shows 90,436 people have been tested in Britain (population 66.44 million) compared to <a href="https://www.wired.co.uk/article/uk-coronavirus-spread-app-phone-data">more than 330,000 in South Korea (population 51.47m)</a>.</p> <p>Alternatives to using Bluetooth include the use of apps collecting GPS and Wifi location data and storing everything on a central server, or government authorities going directly to telecommunications operators themselves. Despite the drawbacks of Bluetooth, some of which we've explored in this primer, with the use of changing UUIDs, apps only tracking other users, and opt-in of upload of localised data, it's a far less intrusive tracking method than some alternatives.</p> </div> </div> </div> </div> </div> <div class="field field--name-field-resource-type field--type-entity-reference field--label-above"> <div class="field__label">Related learning resources</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/35" hreflang="en">Explainers</a></div> </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/communications-surveillance" hreflang="en">Communications Surveillance</a></div> <div class="field__item"><a href="/learn/comms-surveillance-tech" hreflang="en">Comms Surveillance Tech</a></div> <div class="field__item"><a href="/learn/direct-access-government" hreflang="en">Direct Access by Government</a></div> <div class="field__item"><a href="/learn/location-surveillance-technology" hreflang="en">Location Surveillance Technology</a></div> <div class="field__item"><a href="/learn/smartphones" hreflang="en">Smartphones</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-above"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/790" hreflang="en">Promote Strong Cyber Security and Protections for People</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/fighting-global-covid-19-power-grab" hreflang="en">Fighting the Global Covid-19 Power-Grab</a></div> </div> </div> <div class="field field--name-field-audience-and-purpose field--type-entity-reference field--label-above"> <div class="field__label">Audiences and Purpose</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/627" hreflang="en">Informing the concerned</a></div> </div> </div> <div class="field field--name-field-act field--type-entity-reference field--label-above"> <div class="field__label">Act with us</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/747" hreflang="en">Protect people</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/729" hreflang="en">We campaign publicly for solutions</a></div> <div class="field__item"><a href="/reveal" hreflang="en">We uncover and expose</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/730" hreflang="en">Educational</a></div> <div class="field__item"><a href="/taxonomy/term/738" hreflang="en">Tech</a></div> </div> </div> <div class="field field--name-field-principle-or-recommendatio field--type-entity-reference field--label-above"> <div class="field__label">What PI is calling for</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/836" hreflang="en">Technologies, laws, and policies contain modern safeguards to protect people from exploitation.</a></div> <div class="field__item"><a href="/taxonomy/term/482" hreflang="en">Data should be protected</a></div> <div class="field__item"><a href="/taxonomy/term/485" hreflang="en">Limit data analysis by design</a></div> <div class="field__item"><a href="/taxonomy/term/483" hreflang="en">Responsible security</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/148" hreflang="en">apple-iphone-6s-plus[1].jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. The aim of this piece is to provide more detail on the technology itself, rather than a deep dive into the risks and whether or not Bluetooth technology should be used.</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key points</div> <div class="field__item"><ul><li>The risks associated with using Bluetooth for tracking do not just occur at the time the data is collected, but continue as long as it is stored <span><span>—</span></span> <em>in particular</em> once it has been linked to an individual</li> <li>Alternatives to Bluetooth include apps collecting GPS and Wifi location data, or government authorities going directly to telecommunications operators themselves</li> <li>Despite the drawbacks of Bluetooth, some of which we've explored in this primer, it's a far less intrusive tracking method than some alternatives</li> </ul></div> </div> Tue, 31 Mar 2020 13:45:59 +0000 tech-admin 3536 at https://privacyinternational.org Covid-19 doesn't discriminate based on immigration status - nor should the Home Office https://privacyinternational.org/advocacy/3490/covid-19-doesnt-discriminate-based-immigration-status-nor-should-home-office <div class="node node--type-advocacy-briefing node--view-mode-token group-one-column ds-2col-stacked-fluid clearfix"> <div class="group-header"> <div class="field field--name-field-targeted-adversary field--type-entity-reference field--label-above"> <div class="field__label">Target Profile</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/742" hreflang="en">Government</a></div> </div> </div> <div class="field field--name-field-audience-and-purpose field--type-entity-reference field--label-above"> <div class="field__label">Audiences and Purpose</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/628" hreflang="en">Feeding our followers</a></div> <div class="field__item"><a href="/taxonomy/term/624" hreflang="en">Generalised audience education for inspiration</a></div> <div class="field__item"><a href="/taxonomy/term/627" hreflang="en">Informing the concerned</a></div> </div> </div> <div class="field field--name-field-act field--type-entity-reference field--label-above"> <div class="field__label">Act with us</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/747" hreflang="en">Protect people</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/729" hreflang="en">We campaign publicly for solutions</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/736" hreflang="en">Advocacy</a></div> <div class="field__item"><a href="/taxonomy/term/767" hreflang="en">Public action</a></div> </div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>Privacy International has joined JCWI, Liberty, Medact and other UK civil society organisations to call on Priti Patel, the UK Home Secretary to enact urgent changes to ensure the safety of migrants in light of the Covid-19 pandemic.</p></div> </div> <div class="clearfix text-formatted field field--name-field-footnotes field--type-text-long field--label-above"> <div class="field__label">Footnotes</div> <div class="field__item"><p>Photo: Docs Not Cops</p></div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/143" hreflang="en">nurses_docs_not_cops.max-760x504.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key advocacy points</div> <div class="field__item"><ul><li>Privacy International has joined JCWI, Liberty, Medact and other UK civil society organisations <a href="https://www.jcwi.org.uk/Handlers/Download.ashx?IDMF=a135b52c-e9d0-469c-aad8-3dde31aec7a1">to call on Priti Patel</a>, the UK Home Secretary to enact urgent changes <a href="https://www.jcwi.org.uk/protecting-migrants-from-covid-19">to ensure the safety of migrants</a> in light of the Covid-19 pandemic.</li> <li>One of our key demands is to ensure that migrants can access healthcare for free and safely: this means immediately suspending all NHS charging and data sharing with immigration enforcement, and launching a public information campaign that makes clear that healthcare services are available and safe for all migrants and asylum seekers to use.</li> </ul></div> </div> </div> <div class="group-left"> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>The letter has been signed by more than 40 organisations and <a href="https://www.jcwi.org.uk/add-your-name-to-the-open-letter">it is open for individuals to sign</a>.</p> <p>At the moment, the Department of Health and Social Care has given no assurance that NHS data will not be shared with the Home Office and used for immigration enforcement, including for those people with a confirmed coronavirus diagnosis.</p> <p>Assurances which were confirmed by the Irish government as part of their response to COVID-19: last week, during a Parliamentary debate, <a href="https://www.oireachtas.ie/en/debates/debate/seanad/2020-03-20/8/">Irish Minister of Health Simon Harris declared</a> that "<em>as the Minister for Health I want to provide an assurance to those people that the health service will treat them with dignity and with absolute privacy and patient confidentiality, as will their social work system, during this time of emergency. We want people to come forward to be tested</em>". A decision welcomed which shows that such changes to existing policies are on the cards.</p> <p>Not only will this help vulnerable who are in need of healthcare, it is an essential requirement in the broader battle against Covid-19 in the UK.</p> <h2>The impact of Covid-19 on migrants</h2> <p>While everyone is at risk of carrying or contracting the virus, migrant populations can be disproportionately affected because of their existing precarious social, economic and legal contexts.</p> <p>For example, they might not seek proper care <a href="https://www.theguardian.com/uk-news/2018/nov/28/asylum-seekers-too-afraid-to-seek-nhs-care-report-says">for fear of being reported</a> to the Home Office, or if their inability to work means they fear <a href="https://www.medact.org/2019/resources/briefings/patients-not-passports/">being charged for any access</a>.</p> <p>In the UK, the hostile environment and data-sharing arrangements effectively build a border through hospitals, schools, police stations and communities, and pose a real threat to the well-being of people with uncertain immigration status.</p> <p>Similarly, those who find themselves in detention centres are put at risk through over-crowding, lack of access to healthcare, and access to sanitary facilities. Last week, <a href="https://www.theguardian.com/uk-news/2020/mar/21/home-office-releases-300-from-detention-centres-amid-covid-19-pandemic">the UK Home Office announced the release</a> of a third of the more than 900 people currently being held in immigration detention because of their vulnerability to Covid-19.</p> <p>Unfortunately, we are yet to see these measures elsewhere. In the Moria camp on the island of Lesbos, for instance, <a href="https://www.theguardian.com/global-development/2020/mar/18/the-greek-refugees-battling-to-prevent-covid-19-with-handmade-face-masks">close to 20,000 people live in a space designed for just under 3,000</a>. The first case of Covid-19 was confirmed on the island a few days ago.</p> <p>There are severe concerns not only about the dire situation in which these people are being forced to live but also the impact of public health and efforts to curtail the spread of the virus, and protect as many people as possible from it.</p> <h2>Why privacy is relevant when we talk about migration</h2> <p>Privacy is foundational to who we are as human beings, and every day it helps us define our relationships with the outside world. It is how we seek to protect ourselves and society against arbitrary and unjustified use of power, by controlling what can be known about us and done to us, while protecting us from those who aim to exert control over our data, and ultimately all aspects of our lives.</p> <p>In the context of migrant populations, many of who are in particularly vulnerable situations, privacy offers people autonomy, protection from arbitrary interference, and dignity.</p> <p>The UK immigration and asylum system is still reeling from the Windrush Scandal and other failures. A crucial part of ensuring it treats people fairly and with dignity is ensuring people's privacy and other rights are protected. How these stand up as this crises develops will reveal the extent to which lessons from past failures have been learned, or ignored.</p></div> <div class="field field--name-field-repeating-image-and-text field--type-entity-reference-revisions field--label-inline"> <div class="field__label">Repeating Image and Text</div> <div class="field__items"> <div class="field__item"><div class="paragraph-formatter"><div class="paragraph-info"></div> <div class="paragraph-summary"></div> </div> </div> </div> </div> </div> <div class="group-footer"> <div class="field field--name-field-target field--type-entity-reference field--label-inline"> <div class="field__label">Target Stakeholders</div> <div class="field__items"> <div class="field__item"><div class="taxonomy-term taxonomy-term--type-target taxonomy-term--view-mode-default ds-1col clearfix"> </div> </div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-inline"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><div class="taxonomy-term taxonomy-term--type-campaigns taxonomy-term--view-mode-default ds-1col clearfix"> <div class="clearfix text-formatted field field--name-description field--type-text-long field--label-hidden field__item"><p>In the rush to respond to Covid-19 and its aftermath, government and companies are exploiting data with few safeguards. PI is acting to ensure that this crisis isn't abused.</p></div> <div class="field field--name-field-icon field--type-image field--label-hidden field__item"> <img src="/sites/default/files/2020-04/Wire%202020-04-01%20at%2018.27.26.jpg" width="1448" height="965" alt="Photo by engin akyurt on Unsplash" typeof="foaf:Image" /> </div> <div class="clearfix text-formatted field field--name-field-text field--type-text-long field--label-hidden field__item"><p>Tech companies, governments, and international agencies have all announced measures to help contain the spread of the COVID-19 virus.</p> <p>Some of these measures impose severe restrictions on people’s freedoms, including to their privacy and other human rights. Unprecedented levels of surveillance, data exploitation, and misinformation are being tested across the world.</p> <p>Many of those measures are based on extraordinary powers, only to be used temporarily in emergencies. Others use exemptions in data protection laws to share data.</p> <p>Some may be effective and based on advice from epidemiologists, others will not be. But all of them must be temporary, necessary, and proportionate.</p> <p>It is essential to keep track of them. When the pandemic is over, such extraordinary measures must be put to an end and held to account.</p> <p><a href="https://pvcy.org/signup">Get all our Covid-19 updates straight to your inbox.</a></p></div> </div> </div> </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field field--name-field-icon field--type-image field--label-hidden field__item"> <img src="/sites/default/files/2020-03/44-PI_Website_Topic_Partners%20Network.jpg" width="3000" height="1200" alt="globes graphic" typeof="foaf:Image" /> </div> </div> </div> </div> <div class="field__item"> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field field--name-field-icon field--type-image field--label-hidden field__item"> <img src="/sites/default/files/2020-03/8-PI_Website_Topic_Cross-Border.jpg" width="3000" height="1200" alt="border wall graphic" typeof="foaf:Image" /> </div> <div class="clearfix text-formatted field field--name-description field--type-text-long field--label-hidden field__item"><p>Migrants are bearing the burden and losing agency in their migration experience: their fate is being put in the hands of systems that are feeding the surveillance and data exploitation ecosystem.</p></div> </div> </div> </div> <div class="field__item"> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field field--name-field-icon field--type-image field--label-hidden field__item"> <img src="/sites/default/files/2020-03/21-PI_Website_Topic_Migration%20Borders.jpg" width="3000" height="1200" alt="passports graphic" typeof="foaf:Image" /> </div> </div> </div> </div> <div class="field__item"> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field field--name-field-icon field--type-image field--label-hidden field__item"> <img src="/sites/default/files/2020-02/21-PI_Website_Topic_Migration%20Borders.jpg" width="3000" height="1200" alt="migration and borders graphic" typeof="foaf:Image" /> </div> <div class="clearfix text-formatted field field--name-description field--type-text-long field--label-hidden field__item"><p>There are few places in the world where an individual is as vulnerable as at the border of a foreign country.</p></div> </div> </div> </div> <div class="field__item"> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field field--name-field-icon field--type-image field--label-hidden field__item"> <img src="/sites/default/files/2020-03/22-PI_Website_Topic_Police.jpg" width="3000" height="1200" alt="police vans" typeof="foaf:Image" /> </div> </div> </div> </div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><div class="taxonomy-term taxonomy-term--type-programmes taxonomy-term--view-mode-default ds-1col clearfix"> <div class="field field--name-taxonomy-term-title field--type-ds field--label-hidden field__item"><h2> <a href="/strategic-areas/safeguarding-peoples-dignity" hreflang="en">Safeguarding Peoples&#039; Dignity</a> </h2> </div> <div class="clearfix text-formatted field field--name-description field--type-text-long field--label-hidden field__item"><p>The promises made with innovation have not been enjoyed by all equally. Innovative solutions can be designed to empower and serve individuals and communities, rather than state and corporate power. A new approach to data and technology must be established to make this a reality. </p></div> </div> </div> <div class="field__item"><div class="taxonomy-term taxonomy-term--type-programmes taxonomy-term--view-mode-default ds-1col clearfix"> <div class="field field--name-taxonomy-term-title field--type-ds field--label-hidden field__item"><h2> <a href="/what-we-do/demand-humane-approach-immigration" hreflang="en">Demand a Humane Approach to Immigration</a> </h2> </div> <div class="clearfix text-formatted field field--name-description field--type-text-long field--label-hidden field__item"><p>Large amounts of data are being requested from migrants, from their fingerprints to their digital data trails, to identity their credibility and worthiness, and to monitor, track, and profile them.</p></div> </div> </div> </div> </div> </div> </div> Wed, 25 Mar 2020 10:42:06 +0000 staff 3490 at https://privacyinternational.org Extraordinary powers need extraordinary protections https://privacyinternational.org/news-analysis/3461/extraordinary-powers-need-extraordinary-protections <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div id="field-language-display"><div class="js-form-item form-item js-form-type-item form-type-item js-form-item- form-item-"> <label>Language</label> English </div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>In the last few days, PI and its Network have been <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19">recording and documenting</a> the measures being proposed by various governments, international institutions and companies to help contain the spread of Covid-19.</p> <p>In a recent development, <a href="https://www.theguardian.com/world/2020/mar/19/plan-phone-location-data-assist-uk-coronavirus-effort">the Guardian have reported</a> that the UK government is the latest to seek to use mobile phone location and other traffic data from telecommunication operators to help with measures the government may develop next as part of the response to Covid-19.</p> <p>It comes despite the UK government's chief scientific adviser, Sir Patrick Vallance, saying that the most useful period of time for location tracking had already passed and that such a measure “would have been a good idea in January”.</p> <p>It was reported that the data to be obtained would be delayed by 12-24 hrs, i.e. not be done in realtime, and would be used to:</p> <ul><li>identify patterns in terms of people’s movements, and see if people are following government advice to avoid public places including pubs, bars and restaurants;</li> <li>send health alerts in specific locations, and</li> <li>inform decision-making by health services.</li> </ul><p>From what is known so far, it is unclear if the telecommunication operators would be providing access to the raw data they hold, or whether they would be running the analysis of the data themselves based on criteria and parameters set by the government.</p> <p>Either scenario raises concerns about how these processes will be regulated, how transparent the telecom operators and government will be about how they are partnering, and the oversight mechanisms they will be subject to, if any.</p> <p>Similar initiatives are starting to be deployed by <a href="https://www.haaretz.com/israel-news/.premium-netanyahu-s-coronavirus-coup-israelis-basic-rights-now-on-life-support-1.8686543">Israel</a> and <a href="https://frask.de/coronavirus-deutscher-mobilfunkbetreiber-gibt-bewegungsdaten-weiter/">Germany</a>, whilst others are exploring such proposals including in <a href="https://www.reddit.com/r/belgium/comments/fko5j1/maggie_de_block_authorize_proximus_telenet_and/">Belgium</a>, <a href="https://www.asstel.it/comunicato-stampa-asstel-le-imprese-di-tlc-collaborano-con-le-autorita-per-il-contrasto-del-virus-covid-19/">Italy</a>, and <a href="https://newsarmenia.am/news/armenia/v-armenii-zaymutsya-sborom-i-analizom-dannykh-po-rasprostraneniyu-koronavirusa/">Armenia</a>.</p> <h3 id="What’s-the-issue">What’s the issue?</h3> <p>First and foremost, there is limited evidence to suggest that movement data or location data proved useful in tackling and predicting the spread of MERS or Ebola, as discussed below. As this crisis unfolds, it is essential that any and every measure is undertaken only on the advice of health experts and is based on evidence.</p> <p>Aside from that, it is not clear that sufficient consideration is being given to the safeguards necessary to protect people and their data in the short-term and long-term.</p> <p>Countries such as the UK already have <a href="https://privacyinternational.org/node/3170">sweeping powers</a> for bulk interception, bulk hacking, and long-term data retention, <a href="https://privacyinternational.org/node/3356">which are not always subject to effective oversight</a>. PI has ongoing human rights concerns regarding the use of such powers. Those concerns apply equally to the bulk collection of location and traffic data.</p> <p>No matter the urgency required, it does not justify new initiatives being deployed without risk assessments or safeguards not being enforced when fundamental rights are at stake.</p> <p>If safeguards are not embedded within such proposals and mitigations strategies are not adopted, the risk is that unregulated, unaccountable systems will be put in place – not just for the time period necessary to tackle COVID-19 – but as the foundation for long-term mass surveillance and data exploitation systems.</p> <h3 id="What-kind-of-data-Metadata">What kind of data: Metadata</h3> <p>What these governments are after is what is called <a href="https://privacyinternational.org/taxonomy/term/106">metadata</a>, which is any set of data that describes and gives information about other data such as the timestamp of an electronic message, the name of the sender, the name of a recipient, the location of the device, etc.</p> <p>Nearly every use of technology and interaction on a technological device generates metadata for all users and entities involved in the transaction.</p> <p>Presumed as less valued or less important than content data, as illustrated by the fact metadata enjoys fewer protections than content data, metadata provides access to highly sensitive information and provides incredible insights about people, their behaviours and connections.</p> <h3 id="Anonymised-data-is-there-a-such-a-thing">Anonymised data, is there a such a thing?</h3> <p>Often when raising concerns about the use of metadata, such as mobile data and location data, those wanting to use such information will tell you that they are mitigating the risks because they are anonymising the data.</p> <p>But it has been well-documented that current (slightly outdated) methods used to anonymise data are not sufficient, and especially when aggregating with other sources of data, it is possible to re-identify. Many governments may already have access to those other data sources under their existing surveillance powers, such as the ability to request identifying subscriber data from telecommunications companies.</p> <p>Joint research <a href="https://news.mit.edu/2013/how-hard-it-de-anonymize-cellphone-data">by MIT and the Université Catholique de Louvain</a> even found that it only takes four (random) data points to de-anonymise 95% of users.</p> <h3 id="How-has-such-data-been-used-in-prior-public-health-crises">How has such data been used in prior public health crises?</h3> <p>It is not the first time we are hearing such ideas proposed for “public good” and in particular in a time of crisis. When the Ebola crisis broke out in West Africa in 2014 and then when South Korea faced an outbreak of Middle East Respiratory Syndrome (MERS) in 2015, mobile phone data was used to predict the evolution of the outbreak and to monitor patterns in peope’s movements with the aim of tackling the spread.</p> <p>As studies by Harvard’s Sean McDonald have shown <a href="https://www.academia.edu/21348760/Ebola_A_Big_Data_Disaster">shown,</a> there is limited evidence to suggest that movement data or location data proved useful in tackling and predicting the spread of either of those two diseases.</p> <p><span>For example, during the Ebola crisis people pushed for the use of mobile phone data, using examples of how it had been used to predict vector-borne diseases.</span> But Ebola was not a vector-borne disease which meant “that the same probabilities aren’t a useful indicator of transmission.” And in the case of South Korea no information was ever made publicly available about how the data was used, and whether the phone data made a difference, and so no evidence that it the location data (and the imposition of quarantine) helped contain the virus.</p> <p>And yet, since then we have seen countless initiatives in the humanitarian and development sector to track and monitor people’s movements by institutions liked <a href="https://www.unglobalpulse.org/2017/06/un-global-pulse-and-gsma-announce-release-of-mobile-data-for-social-good-report/">UN Global Pulse</a>, the <a href="https://www.gsma.com/betterfuture/aiforimpact">GSMA</a>, as well as companies such as <a href="https://dataforgood.fb.com/tools/disaster-maps/">Facebook</a>, amongst many initiatives to use (big) data “for good”.</p> <p>The use of data and technology is changing and will continue to transform the way <a href="https://privacyinternational.org/taxonomy/term/94">development programmes are delivered and humanitarian assistance</a> can be provided to ensure more people can benefit, more rapidly and more effectively. But, in this complex interplay of assessing the benefits and challenges, it is necessary to ensure any attempts to help do not create new risks, or expose people to harm.</p> <h3 id="The-risks-and-harms-the-impact-on-people">The risks and harms: the impact on people</h3> <p>In addition to questioning the usefulness of using mobile data tracking for managing health pandemics in the way governments are proposing, given the existing powers for governments to surveil and exploit data, and the lack of transparency and accountability of such systems, our concerns are heightened.</p> <p>Mobile network usage data including location data, especially when aggregated with other sources, can provide great insights into people’s behaviours, movements and social networks, and making use of such intelligence for other purposes than those foreseen when the data was collected <a href="https://privacyinternational.org/report/2509/humanitarian-metadata-problem-doing-no-harm-digital-era">raises a lot of concerns</a>, both about decisions made on the basis of that information, and how the information can be used against people in future.</p> <p>The risks associated with using such data are varied, and already <a href="https://privacyinternational.org/examples/metadata">well-documented</a>. We’ve seen how mobile data, metadata such as <a href="https://privacyinternational.org/examples?field_type_of_abuse_target_id_2%5B%5D=516">location data</a>, have been used to <a href="https://privacyinternational.org/examples/1865/royal-parks-covertly-tracks-visitors-mobile-phone-data">track visitors</a> in public spaces, <a href="https://privacyinternational.org/examples/1927/gps-data-indicates-economic-gap-between-crowds-attending-presidential-inauguration">monitoring women at protests</a>, amongst <a href="https://privacyinternational.org/examples">others</a>.</p> <p>If this mobile data is used to identify geographic areas at risk and/or people at risk as outlined in various government proposals, what are the measures being taken to ensure it is being used solely for the purpose of tackling the spread of Covid-19 and not for further law enforcement and national security purposes?</p> <h3 id="What-happens-after-the-storm">What happens after the storm?</h3> <p>One of the biggest concerns around this sort of initiative and <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19">others measures announced</a> to respond to the Covid-19 is: what happens after?</p> <p>Once a government has given itself such powers, it is rare that they will vote to remove them - it is therefore vitally important that <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19">the measures we are tracking</a> have hard expiration dates. The UK government, for example, has set a lengthy 2 year sunset clause on the emergency powers it is currently passing through the British parliament, with 6 month <a href="https://publications.parliament.uk/pa/bills/cbill/58-01/0122/en/20122en.pdf">renewal periods</a>.</p> <p>There is without doubt the temptation for governments to repurpose any systems that have been put exceptionally in place for dealing with a health crisis - after all, it has already been paid for and deployed. Ensuring this doesn’t happen involves both listening to the health experts in a position to decide whether such powers are necessary, and holding any governments ignoring them and people’s safety to account.</p></div> <div class="field field--name-field-location-region-locale field--type-entity-reference field--label-above"> <div class="field__label">Location</div> <div class="field__items"> <div class="field__item"><a href="/location/united-kingdom" hreflang="en">United Kingdom</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-above"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/contesting-government-data-and-system-exploitation" hreflang="en">Contesting Government Data and System Exploitation</a></div> <div class="field__item"><a href="/taxonomy/term/776" hreflang="en">Realise Our Rights to Live with Dignity</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/fighting-global-covid-19-power-grab" hreflang="en">Fighting the Global Covid-19 Power-Grab</a></div> </div> </div> <div class="field field--name-field-date field--type-datetime field--label-above"> <div class="field__label">Date</div> <div class="field__item"><time datetime="2020-03-20T12:00:00Z" class="datetime">Friday, March 20, 2020</time> </div> </div> </div> </div> Fri, 20 Mar 2020 15:15:30 +0000 staff 3461 at https://privacyinternational.org ...it protects those fleeing from persecution https://privacyinternational.org/case-study/3416/it-protects-those-fleeing-persecution <span class="field field--name-title field--type-string field--label-hidden">...it protects those fleeing from persecution</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/43" typeof="schema:Person" property="schema:name" datatype="">staff</span></span> <span class="field field--name-created field--type-created field--label-hidden">Wednesday, March 18, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><span> </span> </p> <p><span><span><span><span>There are </span><a href="https://www.unhcr.org/uk/figures-at-a-glance.html">29.4 million refugees and asylum seekers</a><span> across the globe today. These are people who have fled their countries due to conflict, violence or persecution seeking protection in safer environments. </span></span></span></span></p> <p><span><span><span><span>People have protected those in need fleeing from dire situations since antiquity. However, over recent years, European countries have become increasingly hostile towards refugees - treating them as criminals instead of people in need.</span></span></span></span></p> <p><span> </span><span><span><span><span>In 2017, German authorities passed a law allowing immigration officials to </span><a href="https://www.theverge.com/2017/3/3/14803852/germany-refugee-phone-data-law-privacy"><span>seize data</span></a></span><span><span> from the devices of asylum seekers to determine their identities and nationalities. In the first 6 months of enforcement </span></span><span><a href="https://www.wired.co.uk/article/europe-immigration-refugees-smartphone-metadata-deportations"><span>8,000 phones</span></a><span> were searched. Similar legislation has been passed in Austria, Denmark and Belgium, and has been operating in the UK and Norway for years.</span></span></span></span></p> <p><span><span><span><span>Smartphones have </span><a href="https://www.infomigrants.net/en/post/7841/smartphones-lifeline-or-liability"><span>helped thousands of migrants</span></a><span> to travel safely to Europe, helping them to translate and navigate, find safe and open routes and contact their family. However, European governments have weaponised these devices, turning the smartphones into intrusive and unjustified legitimacy tests for seeking asylum.</span></span></span></span></p> <p><span><span><span><span>What is more the assumption that obtaining data from digital devices leads to reliable evidence is flawed, even more in the case of asylum seekers: in the course of a long and dangerous trip, they may have swapped phones, they may have accessed certain sites or liked certain social media activity for a whole variety of reasons, and they may have been in touch with people whose name spelling appears on watchlists for a whole variety of reasons.</span></span></span></span></p> <p><span><span><span><span>Such <a href="https://privacyinternational.org/news-analysis/2781/communities-risk-how-governments-are-using-tech-target-migrants">unjustifiable intrusions to their privacy</a> prey upon refugees and asylum seekers in extremely vulnerable positions, who have little option but to comply, stripping them of their dignity. </span></span></span></span></p> <p><span><span><span><span>Privacy protections provide much needed limitations on these powers, which turn refugees and asylum seekers from rights holders under the refugee convention into suspects, with the burden to prove their legitimacy. </span></span></span></span></p> <blockquote> <p><span><span><span>(1) Everyone has the right to seek and to enjoy in other countries asylum from persecution. (2) This right may not be invoked in the case of prosecutions genuinely arising from non-political crimes or from acts contrary to the purposes and principles of the United Nations. <strong>Article 14, Right to asylum</strong></span></span></span><span> </span></p> </blockquote> <p><span> </span> </p></div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/communities-risk" hreflang="en">Communities at Risk</a></div> <div class="field__item"><a href="/learn/migrants" hreflang="en">Migrants</a></div> <div class="field__item"><a href="/learn/immigration-enforcement" hreflang="en">Immigration Enforcement</a></div> <div class="field__item"><a href="/learn/social-media-surveillance" hreflang="en">Social Media Surveillance</a></div> <div class="field__item"><a href="/learn/smartphones" hreflang="en">Smartphones</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-above"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/contesting-government-data-and-system-exploitation" hreflang="en">Contesting Government Data and System Exploitation</a></div> <div class="field__item"><a href="/taxonomy/term/787" hreflang="en">Modernise the Rule of Law and Strengthen Surveillance Safeguards</a></div> <div class="field__item"><a href="/strategic-areas/safeguarding-peoples-dignity" hreflang="en">Safeguarding Peoples&#039; Dignity</a></div> <div class="field__item"><a href="/what-we-do/demand-humane-approach-immigration" hreflang="en">Demand a Humane Approach to Immigration</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/protecting-migrants-borders-and-beyond" hreflang="en">Protecting migrants at borders and beyond</a></div> </div> </div> <div class="field field--name-field-education-course field--type-entity-reference field--label-above"> <div class="field__label">Education material</div> <div class="field__items"> <div class="field__item"><a href="/education/data-and-surveillance" hreflang="en">Data and Surveillance</a></div> </div> </div> <div class="field field--name-field-targeted-adversary field--type-entity-reference field--label-above"> <div class="field__label">More about this Adversary</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/830" hreflang="en">Surveillance Industry</a></div> </div> </div> <div class="field field--name-field-resource-type field--type-entity-reference field--label-above"> <div class="field__label">Related learning resources</div> <div class="field__items"> <div class="field__item"><a href="/learning-resources/privacy-matters" hreflang="en">Privacy Matters</a></div> </div> </div> <div class="field field--name-field-act field--type-entity-reference field--label-above"> <div class="field__label">Act with us</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/747" hreflang="en">Protect people</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/movement" hreflang="en">We create a global movement</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/736" hreflang="en">Advocacy</a></div> </div> </div> <div class="field field--name-field-principle-or-recommendatio field--type-entity-reference field--label-above"> <div class="field__label">What PI is calling for</div> <div class="field__items"> <div class="field__item"><a href="/demand/the-future-we-want" hreflang="en">The future we want</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/140" hreflang="en">Article 14.png</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p><span><span><span><span>If you are persecuted at home, you have the right to seek protection in another country.</span></span></span></span></p></div> </div> Wed, 18 Mar 2020 14:27:01 +0000 staff 3416 at https://privacyinternational.org The UN’s Legal Identity Task Force: Opportunities and Risks https://privacyinternational.org/news-analysis/3395/uns-legal-identity-task-force-opportunities-and-risks <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div id="field-language-display"><div class="js-form-item form-item js-form-type-item form-type-item js-form-item- form-item-"> <label>Language</label> English </div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Unlikely as it may seem, the UN institution that has one of the greatest potential to impact upon people’s rights around the world is now the <a href="https://unstats.un.org/home/about/">UN Statistics Division</a>. And why is that?</p> <p>Last week, they had a crucial meeting where they endorsed the <a href="https://unstats.un.org/unsd/statcom/51st-session/documents/2020-15-CRVS-E.pdf">UN’s Legal Identity Agenda</a> and the <a href="https://unstats.un.org/legal-identity-agenda/">UN’s Legal Identity Task Force</a>. The stakes could hardly be higher. One of the UN’s Sustainable Development Goals, SDG 16.9, states that “by 2030 provide legal identity for all including free birth registrations”. As has previously been <a href="https://privacyinternational.org/long-read/2237/sustainable-development-goals-identity-and-privacy-does-their-implementation-risk">observed by Privacy International</a>, the interpretation of SDG 16.9 has been the subject of much debate. Rather than being purely about civil registration, it has been interpreted by some international bodies, governments, and the private sector to justify intrusive identification systems. The establishment of the UN’s Legal Identity Agenda and the Legal Identity Task Force begin to give a bit more clarity on these issues. However, the key question remains: Will we see them tackle issues of civil registration alone, or will their work justify the implementation of repressive ID systems that exclude, exploit and surveil?</p> <p>Civil registration, for example the registration of births and deaths, has <a href="https://www.tandfonline.com/doi/abs/10.1080/00220388.2017.1316378">advantages for individuals</a>, and there is no doubt that efforts must be made to strengthen civil registration systems. The problem is that we have seen this take a path that leads to systems that have major implications for people’s rights. For example, the interpretation of SDG 16.9 has long been used by powerful institutions and the private sector to justify <a href="https://privacyinternational.org/long-read/2237/sustainable-development-goals-identity-and-privacy-does-their-implementation-risk">the use of biometrics and similar technologies</a>. Similarly, in the recent Huduma Namba case in the Kenyan court, the implementation of a giant and potentially exclusionary biometric ID system was justified by the government on the grounds of its necessity for improving civil registration systems. Thus we’ve seen how the clear need for civil registration has been distorted by governments, international bodies, and the private sector to serve their own ends.</p> <p>The key aspect of <a href="https://unstats.un.org/unsd/statcom/51st-session/documents/2020-15-CRVS-E.pdf">UN’s Legal Identity Agenda</a> is to “ensure a holistic and interoperable approach between civil registration, vital statistics production and identity management” . While there’s nothing inherently wrong with developing the capacity of states to implement civil registration systems, the model that they are proposing creates severe risks. We have seen protests in India over the development of a National Population Register in India and <a href="https://www.bbc.co.uk/news/world-asia-india-50903056">fears over the exclusion of Muslims,</a> and its <a href="https://thewire.in/tech/aadhaar-infra-npr-nrc">close links to the Aadhaar identity scheme</a>. The Task Force <a href="https://unstats.un.org/unsd/statcom/51st-session/documents/BG-Item3k-Overview-E.pdf">praises the assigning of a unique identification number to everybody at birth</a>: “assigning a unique identifier, most commonly referred to as a personal identification number (PIN) or unique identifier number (UNIN) to each individual upon birth and retiring it only after the individual’s death”</p> <p>The very creation of this ‘unique identifier’ sets the foundation for and is the facilitator of surveillance, by giving the ability to link information on an individual from birth, through childhood and into adulthood. In addition to establishing a system of surveillance, linking these systems has almost unparalleled powers at different stages to exclude, to deny access to goods and services to particular individuals and groups. This can include groups that are historically marginalised, as we saw with <a href="https://privacyinternational.org/legal-action/nubian-rights-forum-and-others-v-attorney-general-kenya">the case in Kenya</a>, as well as <a href="https://privacyinternational.org/long-read/2544/exclusion-and-identity-life-without-id">migrants</a>.</p> <p>If you build these capabilities of surveillance and exclusion into the civil registration system, it so closely integrates them into the functioning of the state that they may never be untangled. A key question to ask at this stage is: will the Task Force’s pursuit a single model for what these systems will look like lead to the overlooking of the already known abuses resulting from centralised identity systems, especially when these systems are designed with surveillance and exclusion at their core?</p> <p>The Task Force <a href="https://unstats.un.org/unsd/statcom/51st-session/documents/BG-Item3k-Overview-E.pdf">seems to be cognisant of some of the risks</a> to people’s rights that emerge from the implementation of identity systems. They are clear on the importance of comprehensive data protection regimes:</p> <blockquote> <p>Since the collection, use, sharing, accessing, merging and otherwise processing of personal data in legal identity systems constitutes an interference with the right to privacy and other rights, States must demonstrate that each of these acts have a legitimate objective and are a necessary and proportionate means to achieve that objective. All Member States should adopt comprehensive data protection and privacy laws.</p> </blockquote> <p>They are concerned with removing barriers to people, particularly from marginalised communities, in exercising their rights and accessing services. They are concerned about the spread of unique identifiers - like a single ID number that follows people for life - and the risks that this poses as they can “facilitate the linking of personal information across all databases that use these identifiers, allowing comprehensive profiling of the persons concerned” The conclusion of the Task Force is that the use of these identifiers by the private sector must be “Function creep, for instance into private sector use, should be avoided.”</p> <p>We expect that each of these areas of concerns be reflected in the work of the Task Force. We expect them to recommend concrete steps to ensure the safeguards are in place. Some of the more troubling aspects of the Task Force’s approach, for example their failure to problematise the use of biometric credentials issued by identity management agencies, need to also be opened up to public scrutiny, if they are to meet the commitment of the Task Force to upholding and protecting human rights.</p> <p>The Task Force will be conducting <a href="https://unstats.un.org/legal-identity-agenda/pilot-countries/">pilot studies of their approach in various countries</a>: as of yet, they have not made public the identity of these countries, and we’d urge them to do so as soon as possible. In conducting these pilot studies, they must be aware that their recommendations have the potential to lead to the introduction of identity systems that have the potential to lead to human rights abuses and great harm. They have an opportunity to reflect on what has been done badly so far, by so many across the world, and what the lessons learned are so they develop guidance and present an approach to identity which empowers people and protects their rights. They must always remember differences between the civil registration and identity management systems: for example, the former can be mandatory, whereas courts have <a href="https://privacyinternational.org/long-read/2299/initial-analysis-indian-supreme-court-decision-aadhaar">again</a> and <a href="https://privacyinternational.org/long-read/3373/kenyan-court-ruling-huduma-namba-identity-system-good-bad-and-lessons">again</a> found that biometric IDs are not. They must establish that their recommendations are purely surrounding civil registration systems, and must not be used to justify more intrusive or extensive identification systems. They must also use their skills and expertise to develop the civil registration and vital statistics infrastructure of the countries in question in a way which protects fundamental rights, and empowers and serves people. This way, and by being explicit in the dangers posed by this work, they can make the world a better place.</p> <p>Finally, they must not forget the real experts, who combine the day-to-day work in communities with a deep knowledge of the problems related to identity that people face: civil society. Starting a meaningful, inclusive and open engagement with civil society organisations - on an international, national and local level - is perhaps the most powerful tool that the Task Force would have at its disposal in protecting the rights of individuals and communities.</p></div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/biometrics" hreflang="en">Biometrics</a></div> <div class="field__item"><a href="/learn/identity" hreflang="en">Identity</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-above"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/774" hreflang="en">ID, Identity and Identification</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/demanding-identity-systems-our-terms" hreflang="en">Demanding identity systems on our terms</a></div> </div> </div> <div class="field field--name-field-date field--type-datetime field--label-above"> <div class="field__label">Date</div> <div class="field__item"><time datetime="2020-03-11T12:00:00Z" class="datetime">Wednesday, March 11, 2020</time> </div> </div> </div> </div> Wed, 11 Mar 2020 16:00:03 +0000 staff 3395 at https://privacyinternational.org Kenyan Court Ruling on Huduma Namba Identity System: the Good, the Bad and the Lessons https://privacyinternational.org/long-read/3373/kenyan-court-ruling-huduma-namba-identity-system-good-bad-and-lessons <span class="field field--name-title field--type-string field--label-hidden">Kenyan Court Ruling on Huduma Namba Identity System: the Good, the Bad and the Lessons</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">tech-admin</span></span> <span class="field field--name-created field--type-created field--label-hidden">Monday, February 24, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><h3>Background</h3> <p>Kenya’s National Integrated Identity Management Scheme (NIIMS) is a biometric database of the Kenyan population, that will eventually be used to give every person in the country a unique “Huduma Namba” for accessing services. This system has the aim of being the <a href="https://www.justiceinitiative.org/uploads/b107f39d-a904-4c0a-9dd7-7ec1fe6b0100/briefing-kenya-niims-20200129.pdf">“single point of truth”</a>, a biometric population register of every citizen and resident in the country, that then links to multiple databases across government and, potentially, the private sector. </p> <p>NIIMS was introduced as an amendment in a <a href="http://kenyalaw.org/kl/fileadmin/pdfdownloads/AmendmentActs/2018/StatuteLawMischellaneousNo18of2018.pdf">Miscellaneous Amendments Act</a> that became law on the 31 December 2018. Following a challenge by civil society, with some concessions (including the important caveat that registration could not be mandatory), Kenya’s High Court <a href="https://privacyinternational.org/news-analysis/2774/civil-society-achieves-change-risks-still-remain-kenyas-new-biometric-id-system">ruled</a> in April 2019 that the biometric enrolment could begin. Between April and May 2019, the Government claims that the biometric data of <a href="https://www.the-star.co.ke/news/2019-05-24-36-million-registered-for-huduma-namba/">36 million people</a> were collected and stored.</p> <p>As with Aadhaar in India before it, the case of the Huduma Namba in Kenya raises serious concerns from privacy through to exclusion. As with <a href="https://privacyinternational.org/long-read/2299/initial-analysis-indian-supreme-court-decision-aadhaar">Aadhaar</a>, the case ended up in court. One of the petitioners was the <a href="http://nubianrightsforum.org">Nubian Rights Forum</a>, an NGO that supports members of an historically-marginalised community that struggles to get identity documentation. Privacy International’s Dr Tom Fisher was proud to provide <a href="https://privacyinternational.org/legal-action/nubian-rights-forum-and-others-v-attorney-general-kenya">expert witness testimony</a> for the case, providing an international perspective on the key issues emerging in biometric identity systems around the world. Privacy International was able to highlight the privacy and security risks inherent in the types of systems under development in Kenya. The case was heard in September 2019, with the ruling handed down on the 30 January 2020. The full judgment is available <a href="http://kenyalaw.org/caselaw/cases/view/189189/">here</a>.</p> <p>The judgment has significant implications for Kenya and beyond. It has a direct impact on the roll out of NIIMS and adds to the growing body of cases around the world dealing with the challenges posed by centralised biometric identity systems.</p> <p>PI's analysis of the judgment is split into three parts. The clear wins, based on the demands of civil society, the parts that make some small steps forward but could have been better and the dissapointing losses.</p> <p>As we note at the end, the judgment is the subject of appeal.</p> <h3>Welcomed</h3> <p>These are the key points in the judgment that we welcome.</p> <h5>System roll-out halted</h5> <p>The key order from the Court was that the Government could not proceed with the implementation of NIIMS until there is "an appropriate and comprehensive regulatory framework on the the implementation of NIIMS". What this framework looks like exactly, for example if it is primary or secondary legislation, is not spelled out. What is clear, however, is the Court's acknowledgment that "a law that affects a fundamental right or freedom should be clear and unambiguous" (paragraph 921), this "applies to any law that seeks to protect or secure personal data, particularly in light of the grave effects of breach of the data already alluded to" (paragraph 922).</p> <p>Such a framework must be compliant with the applicable constitutional requirements identified in the judgment (as discussed further below). The importance of this order, should not be understated as it is a clear indication from the Court that the lack of legal safeguards means that the Government must take action before taking any further steps in rolling out NIIMS. This is in contrast to the <a href="https://privacyinternational.org/long-read/2299/initial-analysis-indian-supreme-court-decision-aadhaar">Aadhaar judgment in India</a> which "impressed upon" the respondents, in that case, the Indian Government, the need to "bring out a robust data protection regime". Yet a year and a half on, India still has no data protection law in place.</p> <p>However, what this looks like in practice in Kenya is highly dependent on (a) the behaviour of the Government and (b) what such safeguards look like. Therefore, the Kenyan Government's <a href="https://www.kenyans.co.ke/news/49261-high-court-clears-government-issue-huduma-namba">statement</a> following the judgment that it has "commenced the process towards generation and issuance of Huduma Nambas and Huduma Namba electronic identity cards to those who were registered", has led to concern that the Court's order is not being taken seriously, and the Government is steaming ahead with its plans. For this and other reasons, the Petitioners (the Nubian Rights Forum) have <a href="https://twitter.com/NubianRights/status/1230040687690833926?s=20">appealed</a> and sought an urgent application to stay the implementation aspects of the Huduma Namba. </p> <h5>Collection of DNA &amp; GPS data unconstitutional</h5> <p>The other two specific orders from the Court related to collection of GPS co-ordinates and DNA under the NIIMS legislative framework (the Registration of Persons Act as modified by the Miscellaneous Amendments Act). The Court's analysis of the inclusion of these data points was scathing. The Court recognised that this data is personal, sensitive and intrusive and requires protection. They noted the lack of justification and evidence provided by the Government on the need to collect this data; the lack of specific safeguards; and the inability of the Government to even handle it. Ultimately concluding that:</p> <p>(i) The collection of DNA and GPS co-ordinates for purposes of identification is intrusive and unnecessary, and to the extent that it is not authorised and specifically anchored in empowering legislation, it is unconstitutional and a violation of Article 31 of the Kenyan Constitution (the Right to Privacy)</p> <p>(ii) The sections in the Registration of Persons Act requiring such collection, conflict with Article 31 and are unconstitutional, null and void.</p> <blockquote> <p>It was our finding that because of the specificity of the information that DNA may disclose and the harm disclosure may cause not just to the data subject but other family members in terms of both identfication and genetic information, DNA information requires and justfies a particular and specific legal protection. Likewise, we found that specific authorization anchored in law is required for the use of GPS coordinates in light of the privacy risks we identified in terms of their possible use to track and identify a person’s location. Accordingly, we found that the provision for collection of DNA and GPS coordinates in the impugned amendments, without specific legislation detailing out the appropriate safeguards and procedures in the said collection, and the manner and extent that the right to privacy will be limited in this regard, is not justifiable. (paragraph 1039)</p> </blockquote> <blockquote> <p>Accordingly, we find that the provision for collection of DNA and GPS coordinates in the impugned amendments, without specific legislation detailing out the appropriate safeguards and procedures in the collection, and the manner and extent that the right to privacy will be limited in this regard, is not justifiable. The Respondents in this respect conceded that they will not collect DNA and GPS coordinates, and that in any event they have no capacity to do so. However, our position is that as long as the collection of DNA and GPS coordinates remain a provision in the impugned amendments, there is the possibility that they can be abused and misused, and thereby risk violating the rights to privacy without justification. (paragraph 919)</p> </blockquote> <p>In practical terms, the <a href="https://privacyinternational.org/news-analysis/2774/civil-society-achieves-change-risks-still-remain-kenyas-new-biometric-id-system">earlier decision</a> of the court in April 2019 meant that DNA and GPS data were not collected as part of the data collection for the Huduma Namba during April/May 2019. As a result, choosing to collect this data would result in the need for a further extensive data collection exercise. However, the inclusion of a provision for collecting DNA and GPS data within the framework left the door open for such a possibility in the future, and for possible abuse. It is therefore important that the Court has highlighted the collection of such sensitive data requires justification and safeguards and in the clear absence of these, firmly declared these provisions unconstitutional.</p> <h5>Need for regulation of identity systems</h5> <p>The need for clear safeguards anchored in legislation and the absence of these in Kenya, is a clear theme throughout the Court's judgment. This is what has ultimately led to the Court's orders and stalled the Government's plans for now. Whilst such safeguards will not address more fundamental questions relating to the need for the identity system in the first place and can only be judged on their merits and detail, they can be an important mechanism for damage control. They also squarely underline that an identity system must be supported by strong regulation and that this should be in place before such a system is rolled out.</p> <p>The number of issues where the Court extolled the need for further regulation is extensive:</p> <blockquote> <p>"It is thus our finding that the legislative framework on the protection of children’s biometric data collected in NIIMS is inadequate, and needs to be specifically provided for (paragraph 823)</p> </blockquote> <blockquote> <p>Biometric data and personal data in NIIMS shall only be processed if there is an appropriate legal framework in which sufficient safeguards are built in to protect fundamental rights ... To this extent we find that the legal framework on the operations of NIIMS is inadequate, and poses a risk to the security of data that will be collected in NIIMS.(paragraphs 884 &amp; 5)</p> </blockquote> <blockquote> <p>There is thus a need for a clear regulatory framework that addresses the possibility of exclusion in NIIMS. Such a framework will need to regulate the manner in which those without access to identity documents or with poor biometrics will be enrolled in NIIMS (paragraph 1012)</p> </blockquote> <p>Each of these frameworks must also be subject to scrutiny to ensure that they do provide safeguards rather than just legislate for rights intrusive practices.</p> <h5>Acknowledgement of the risks that may arise with biometric identity systems.</h5> <p>We are pleased that in its consideration of the risks to the right to privacy and to data protection of data attendant with the design of, and security of NIIMS, that the Court accepted the evidence of Privacy International's Dr Tom Fisher:</p> <h6> Exclusion:</h6> <blockquote> <p>In this respect we are persuaded by the evidence of Dr. Fisher, the 1st Petitioner’s expert witness as to the risks that may arise with biometric identity systems. He deposed that identity systems can lead to exclusion, with individuals not being able to access goods and services to which they are entitled, thus potentially impacting upon other rights, including social and economic rights. He stated that exclusion as a result of an identification system can come in two forms. Firstly, in cases where individuals who are entitled to but are not able to get an identification card or number that is used for service provision in the public and private spheres. Secondly, that even people enrolled on to biometric systems can suffer exclusion arising from biometric failure in their authentication. (paragraph 876)</p> </blockquote> <h6>Data breaches:</h6> <blockquote> <p>On data breaches, Dr. Fisher averred that breaches associated with identity systems tend to be large in scale, with rectification either being impossible or incurring a significant cost. Further, that the breaches affect individuals in a number of ways, whether identity theft or fraud, financial loss or other damage. His view was that the more data and the more sensitive that data, the higher the risk. With regard to the concern of function creep, Dr. Fisher averred that the mere existence of data in a centralised identification system leads to the temptation to use it for purposes not initially intended, what he referred to as ‘mission or function creep (paragraph 877)</p> </blockquote> <h6>Need for safeguards regarding access and retention of data:</h6> <blockquote> <p>The concerns of access to and retention of data was explained by Dr. Fisher as arising from the fact that the introduction of an identity system entails the mass collection, aggregation and retention of people’s personal data which has implications on the right to privacy. It was his averment therefore, that adequate safeguards should be put in place to ensure that such data is relevant and not excessive in relation to the purposes for which it is stored, and that it is preserved in a form which permits identification of the data subjects for no longer than is required. Further, that the law must also afford adequate guarantees that retained personal data is efficiently protected from misuse and abuse. (paragraph 878)</p> </blockquote> <p>This led the Court to find the following:</p> <blockquote> <p>Our view as regards the centralized storage of the biometric data of data subjects is that there will be risks of attacks or unauthorized access which exist with any storage of other personal data, but the most important risks are related to the misuse of the biometric data because this is data which are uniquely linked with individuals, which cannot be changed and are universal, and the effects of any abuse of misuse of the data are irreversible. The misuse can result in discrimination, profiling, surveillance of the data subjects and identity theft. In addition, as a result of the central storage of biometric data, in most cases the data subject has no information or control over the use of his or her biometric data. (paragraph 880)</p> </blockquote> <blockquote> <p>all biometric systems, whether centralised or decentralised, and whether using closed or open source technology, require a strong security policy and detailed procedures on its protection and security which comply with international standards. (paragraph 883)</p> </blockquote> <p>Concluding that:</p> <blockquote> <p>the biometric data and personal data in NIIMS shall only be processed if there is an appropriate legal framework in which sufficient safeguards are built in to protect fundamental rights (paragraph 884)</p> </blockquote> <p>Again, however, it remains to be seen whether the Government will follow the Court's ruling in introducing a legal framework that deals with the serious risks that emerge from the collection and use of biometrics.</p> <h5>Importance of a strong and enforced data protection framework</h5> <p>Another key aspect of the judgment is the acknowledgment of the importance of having a data protection framework. This was a core concern for the petitioners given that when NIIMS was announced no such framework was in place in Kenya.  The Kenyan Data Protection Act was passed in 2019 and the Court sought further submissions on it, before issuing the judgment. There are numerous issues with the Act, more below. However, important points, relevant for the introduction of any identity system, are:</p> <ul><li>the need for a Data Protection Act to be in place (as opposed to India, as mentioned above); and</li> <li>recognition by the Court that, it does not stop and end with the legal framework, but that "once in force, data protection legislation must also be accompanied by effective implementation and enforcement" (paragraph 1035) and "adequate protection of the data requires the operationalisation of the said legal framework." (paragraph 1036)</li> </ul><h3>The Court tried, but did not go far enough</h3> <p>As outlined in the section above in some respects the Court took some positive positions on issues previously ignored or misjudged, but there are some positions it took where the Court fell short of making a judgment that goes far enough. This includes the Court's analysis of the of the safeguards provided by the Kenyan Data Protection Act and the Court's position with regards the Petitioner's arguments on exclusion.</p> <h5>Kenya's Data Protection Act - still wanting</h5> <p>As noted above, we are pleased that the Court found i) that for an “adequate| legal framework to be in place the mere existence of a law is not sufficient, and “adequate protection of the data requires the operationalisation of the said legal framework" and that  ii) a law must be "accompanied by effective implementation and enforcement” to be adequate. (paragraphs 853 and 1035)</p> <p>These are two very important points that PI has been advocating for as effective and adequate data protection is not yet a reality in many countries even where data protection laws are in place. We therefore welcome the acknowledgment by the Court that the mere existence of a data protection law, without effective enforcement and accountability, does mean that a robust data protection framework exists.</p> <p>Whilst the adoption of the Data Protection Act was a significant development to ensure the protection of people and their personal data, the law adopted in November 2019 falls short of international standards as we highlighted in our <a href="https://privacyinternational.org/advocacy/3348/analysis-kenyas-data-protection-act-2019">joint analysis</a> with our Kenyan partners. And even for the protections it does afford, the real test of its effectiveness will be in its enforcement.</p> <p>Some of parts of the Data Protection Act which the Court praises and sees as concrete safeguards as part of the deployment of NIIMS are problematic as those particular provisions in the Act have shortcomings. One of those areas of concern relates to the independence of the office of the data commissioner. We and our partners are concerned that the establishment, under the new law, of the office as a body corporate does not grant this office the necessary institutional and financial independence to execute its mandate effectively. In order to ensure the necessary independence and effectiveness of the Data Commissioner, a Statutory Commission would be preferred to a State Office.</p> <p>This point is particularly important given the reliance and expectation of the Court on the Data Commissioner to develop and operationalise various regulations including circumstances when it can exempt the operation of the Act, and issue data sharing codes on the exchange of personal data between government departments (paragraph 852). If the office of the Data Commissioner is not independent from the executive than there are concerns that any regulations it develops would fall short of respecting the essence of the Data Protection Act and instead be used to reinforce the interests and the agenda of the Government.</p> <h5>Recognition of risk of exclusion but does not address the issue    </h5> <p>The Court concluded:</p> <blockquote> <p>We were unable to discern violation of the right to equality and non-discrimination from the evidence presented before us. (paragraph 1043)</p> </blockquote> <p>Having worked closely with the Nubian Rights Forum on this case, and given the challenges that the Nubians face, this was deeply disappointing. This is expressed in the Nubian Rights Forum's <a href="https://twitter.com/NubianRights/status/1230040687690833926?s=20">statement</a> on their appeal.</p> <p>On the issue of exclusion, the Court noted:</p> <blockquote> <p>We note that all the parties are agreed that the use of digital data is the way of the future. The challenge is to ensure, among other things, that no one is excluded from the NIIMS and the attendant services. This may occur due to lack of identity documents, or lack of or poor biometric data, such as fingerprints. In our view, there may be a segment of the population who run the risk of exclusion for the reasons already identified in this judgment. There is thus a need for a clear regulatory framework that addresses the possibility of exclusion in NIIMS. Such a framework will need to regulate the manner in which those without access to identity documents or with poor biometrics will be enrolled in NIIMS. Suffice to say that while we recognize the possibility of this exclusion, we find that it is in itself not a sufficient reason to find NIIMS unconstitutional. (paragraph 1012)</p> </blockquote> <p>It is important and welcome that the Court acknowledged that people can be excluded from a system like NIIMS; and, further, that this results in the exclusion from essential services. That a system like NIIMS can exclude, rather than include, is an essential step in understanding the impact of these identity systems.</p> <p>However, the solution presented by the Court is only partial, and fails to deal with the complete issue. We agree that there is a need to ensure that nobody is excluded from NIIMS on the basis of the lack of biometrics or the required documents and we hope that the new framework on this is radical in scope: the issues pertaining to biometric failure and lack of documentation are linked to broader social exclusion and marginalisation. The measures to ensure that people are not excluded by NIIMS must reflect those challenges, and provide genuine - and swift - redress for those impacted.</p> <p>Yet ultimately, this is never going to be the complete solution. Basing access to essential services on a single system – and thus a single point of failure – is always going to risk exclusions. It leaves people open to failings in the technology, or bureaucratic delays, that deny people access to their rights. It also leaves open the possibilities of political manipulations, and it gives the state a vastly powerful tool to exclude individuals or communities in the future.</p> <p>The solution is that there must be alternatives presented to NIIMS, and that the system be genuinely non-mandatory for accessing services. Other options must be available for those who cannot or do not want to enrol in NIIMS, this can only increase the inclusivity of the broader identity ecosystem.</p> <h3>Missed Opportunities</h3> <p>The case before the High Court provided a space to question the Government's policy, process and practice, and yet the High Court missed a number of opportunities, including in relation to questioning the overall purpose and make-up of the system. The lack of public participation characterises the concerning introduction of identity systems around the world and therefore, the Court's findings in this regard are also disappointing.</p> <h5>Failure to question the purpose of NIIMS</h5> <p>It is key that a data-intensive system, like an identity system, has a <a href="https://privacyinternational.org/explainer/2669/understanding-identity-systems-part-1-why-id">clearly stated purpose</a>. As the <a href="https://privacyinternational.org/sites/default/files/2018-09/Data%20Protection%20COMPLETE.pdf">Charter of Fundamental Rights of the European Union </a>states, “Everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specified purposes”. </p> <p>How does the Kenyan court describe the purpose of NIIMS?</p> <blockquote> <p>the biometric data collected is necessary to the stated purposes of NIIMS as is clear that the system can only provide trustworthy information about the identity of the person if the characteristics of that person are stored in its database.  (paragraph 787)</p> </blockquote> <p>On a technical level, this is questionable: there are ways of providing trustworthy identity without a centralised biometric database. On a legal level, this is also problematic. As the Indian constitutional expert Gautam Bhatia has <a href="https://indconlawphil.wordpress.com/2020/02/08/notes-from-a-foreign-field-the-kenyan-high-courts-judgment-on-the-national-biometric-id-system/">pointed out</a>, this is a tautology: the purpose of the biometric identification system is a biometric identification system. Without a clear purpose, it becomes impossible to assess the impact of a system like NIIMS. It leaves us with no real justification of why a system that risks people's rights should be introduced at all. </p> <h5>Sufficient public participation?    </h5> <p>Identity systems, particularly national identity systems, are often introduced without the firm and rigorous debate that such a major measure deserves. There are countless examples of identity systems pushed through by decree, diktat, or through means that allow less democratic accountability, denying the systems a mandate. We <a href="https://privacyinternational.org/feature/1100/identity-policies-clash-between-democracy-and-biometrics">saw this</a> with the Federal Biometric Identification System for Security (SIBIOS) in Argentina, introduced by decree in 2011, NADRA biometric database in Pakistan which was introduced while Pakistan was under military rule, and the law establishing Aadhaar in India was passed as a money bill, limiting debate.</p> <p>Before the Court was this exact issue surrounding public participation in the process by which NIIMS thought a Miscellaneous Amendments Act became law. The Court found that the use of such an act, as well as the process of public participation, was lawful.This issue is part of the appeal by the Nubian Rights Forum.</p> <p>The important fact is that detailed, engaged public participation in the development of an identity system is crucial. These projects are large, complex, and expensive - touching upon every aspect of people's lives. It is essential that there is discussion, consultation and debate; moreover, that this goes beyond the deployment of a system to the engagement with the public, stakeholders and civil society.</p> <h3>Conclusion</h3> <p>The Nubain Rights Forum has filed an <span>appeal</span>, and so this ruling by the High Court is unlikely to be the final word. As we've set out above, the judgment makes some important findings, in particular on the need for strong legal protections. However, it is also disappointing in a number of respects, and the burden of demonstrating the risks, as opposed to why NIIMS is an appropriate solution, falls disproportionately on those challenging the system. However, it is thanks to their hard work and efforts that safeguards must now be put in place. A lesson not just for the Kenyan Government, but Governments elsewhere considering implementing digital identity systems.</p> <p>Privacy International, and our network of partners, will continue to follow this case and analyse - and challenge - these systems around the world.</p></div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/biometrics" hreflang="en">Biometrics</a></div> <div class="field__item"><a href="/learn/id-systems" hreflang="en">ID Systems</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/safeguarding-peoples-dignity" hreflang="en">Safeguarding Peoples&#039; Dignity</a></div> <div class="field__item"><a href="/taxonomy/term/774" hreflang="en">ID, Identity and Identification</a></div> </div> </div> <div class="field field--name-field-location-region-locale field--type-entity-reference field--label-inline"> <div class="field__label">Location</div> <div class="field__items"> <div class="field__item"><a href="/location/kenya" hreflang="en">Kenya</a></div> </div> </div> <div class="field field--name-field-legal-proceedings field--type-entity-reference field--label-above"> <div class="field__label">Our legal action</div> <div class="field__items"> <div class="field__item"><a href="/legal-action/nubian-rights-forum-and-others-v-attorney-general-kenya" hreflang="en">Nubian Rights Forum and others V. The Attorney General (Kenya)</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/demanding-identity-systems-our-terms" hreflang="en">Demanding identity systems on our terms</a></div> </div> </div> <div class="field field--name-field-targeted-adversary field--type-entity-reference field--label-above"> <div class="field__label">Target Profile</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/742" hreflang="en">Government</a></div> </div> </div> <div class="field field--name-field-date field--type-datetime field--label-above"> <div class="field__label">Date</div> <div class="field__item"><time datetime="2020-02-21T12:00:00Z" class="datetime">Friday, February 21, 2020</time> </div> </div> <div class="field field--name-field-audience-and-purpose field--type-entity-reference field--label-above"> <div class="field__label">Audiences and Purpose</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/630" hreflang="en">Helping experts with our analyses</a></div> <div class="field__item"><a href="/taxonomy/term/631" hreflang="en">Helping partners and other NGOs know our stance</a></div> </div> </div> <div class="field field--name-field-principle-or-recommendatio field--type-entity-reference field--label-above"> <div class="field__label">What Pi is calling for</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/487" hreflang="en">Identities under our control</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/advocacy" hreflang="en">We demand change and litigate</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/736" hreflang="en">Advocacy</a></div> <div class="field__item"><a href="/taxonomy/term/739" hreflang="en">Impact</a></div> <div class="field__item"><a href="/taxonomy/term/737" hreflang="en">Legal</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/63" hreflang="en">Kenya High Court.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>PI presents its analysis of the Huduma Numba judgment in three parts: the clear wins, the parts that make some small steps forward but could have been better and the dissapointing losses.</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>Kenya High Court accepts evidence provided by PI on the risks to the right to privacy and to data protection of data attendant with the design of, and security of NIIMS.</li> <li>The judgment acknowledges the importance of having a data protection framework.</li> <li>Kenya High Court fails to support Petitioner's arguments on exclusion, and judges that it could not discern violation of the right to equality and non-discrimination.</li> </ul></div> </div> Mon, 24 Feb 2020 17:55:53 +0000 tech-admin 3373 at https://privacyinternational.org Why Does Reproductive Health Surveillance in India Need Our Urgent Attention? https://privacyinternational.org/long-read/3368/why-does-reproductive-health-surveillance-india-need-our-urgent-attention <span class="field field--name-title field--type-string field--label-hidden">Why Does Reproductive Health Surveillance in India Need Our Urgent Attention?</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">tech-admin</span></span> <span class="field field--name-created field--type-created field--label-hidden">Monday, February 24, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><em>This piece was written by Aayush Rathi and Ambika Tandon, who are policy officers at the Centre for Internet and Society (CIS) in India. The piece was originally published on the website Economic Policy Weekly India <a href="https://www.epw.in/engage/article/data-infrastructures-inequities-why-does-reproductive-health-surveillance-india-need-urgent-attention">here</a>.</em></p> <p><em>In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices unveils the gendered power differentials wedded into taken-for-granted “benign” monitoring processes. The unpacking of the Mother and Child Tracking System and the National Health Stack reveals the neo-liberal aspirations of the Indian state. </em></p> <h2><strong>Framing Reproductive Health as a Surveillance Question</strong></h2> <p>The approach of the postcolonial Indian state to healthcare has been Malthusian, with the prioritisation of family planning and birth control (Hodges 2004). Supported by the notion of socio-economic development arising out of a “modernisation” paradigm, the target-based approach to achieving reduced fertility rates has shaped India’s reproductive and child health (RCH) programme (Simon-Kumar 2006). </p> <p>This is also the context in which India’s abortion law, the Medical Termination of Pregnancy (MTP) Act, was framed in 1971, placing the decisional privacy of women seeking abortions in the hands of registered medical practitioners. The framing of the MTP act invisibilises females seeking abortions for non-medical reasons within the legal framework. The exclusionary provisions only exacerbated existing gaps in health provisioning, as access to safe and legal abortions had already been curtailed by severe geographic inequalities in funding, infrastructure, and human resources. The state has concomitantly been unable to meet contraceptive needs of married couples or reduce maternal and infant mortality rates in large parts of the country, mediating access along the lines of class, social status, education, and age (Sanneving et al 2013).</p> <p>While the official narrative around the RCH programme transitioned to focus on universal access to healthcare in the 1990s, the target-based approach continues to shape the reality on the ground. The provision of reproductive healthcare has been deeply unequal and, in some cases, violent, as is the case with mass sterilisation camps and forced sterilisation in hospitals. These targets have been known to be met through the practice of forced, and often unsafe, sterilisation, in conditions of absence of adequate provisions or trained professionals, pre-sterilisation counselling, or alternative forms of contraception (Sama and PLD 2018). Further, patients have regularly been provided cash incentives, foreclosing the notion of free consent, especially given that the target population of these camps has been women from marginalised economic classes in rural India.</p> <p>Placing surveillance studies within a feminist praxis allows us to frame the reproductive health landscape as more than just an ill-conceived, benign monitoring structure. The critical lens becomes useful for highlighting that taken-for-granted structures of monitoring are wedded with power differentials: genetic screening in fertility clinics, identification documents such as birth certificates, and full-body screeners are just some of the manifestations of this (Adrejevic 2015). Emerging conversations around feminist surveillance studies highlight that these data systems are neither benign nor free of gendered implications (Andrejevic 2015). In continual remaking of the social, corporeal body as a data actor in society, such practices render some bodies normative and obfuscate others, based on categorisations put in place by the surveiller. </p> <p>In fact, the history of surveillance can be traced back to the colonial state where it took the form of systematic sexual and gendered violence enacted upon indigenous populations in order to render them compliant (Rifkin 2011; Morgensen 2011). Surveillance, then, manifests as a “scientific” rationalisation of complex social hieroglyphs (such as reproductive health) into formats enabling administrative interventions by the modern state. Lyon (2001) has also emphasised how the body emerged as the site of surveillance in order for the disciplining of the “irrational, sensual body”—essential to the functioning of the modern nation-state—to effectively happen.</p> <h2><strong>Questioning the Information and Communications Technology  for Development and Big Data for Development Rhetoric</strong></h2> <p>Information and Communications Technology (ICT) and data-driven approaches to the development of a robust health information system, and by extension, welfare, have been offered as solutions to these inequities and exclusions in access to maternal and reproductive healthcare in the country. </p> <p>The move towards data-driven development in the country commenced with the introduction of the Health Management Information System in Andhra Pradesh in 2008, and the Mother and Child Tracking System (MCTS) nationally in 2011. These are reproductive health information systems (HIS) that collect granular data about each pregnancy from the antenatal to the post-natal period, at the level of each sub-centre as well as primary and community health centre. The introduction of HIS comprised cross-sectoral digitisation measures that were a part of the larger national push towards e-governance; along with health, thirty other distinct areas of governance, from land records to banking to employment, were identified for this move towards the digitalised provisioning of services (MeitY 2015).   </p> <p>The HIS have been seen as playing a critical role in the ecosystem of health service provision globally. HIS-based interventions in reproductive health programming have been envisioned as a means of: (i) improving access to services in the context of a healthcare system ridden with inequalities; (ii) improving the quality of services provided, and (iii) producing better quality data to facilitate the objectives of India’s RCH programme, including family planning and population control. Accordingly, starting 2018, the MCTS is being replaced by the RCH portal in a phased manner. The RCH portal, in areas where the ANMOL (ANM Online) application has been introduced, captures data real-time through tablets provided to health workers (MoHFW 2015).</p> <p>A proposal to mandatorily link the Aadhaar with data on pregnancies and abortions through the MCTS/RCH has been made by the union minister for Women and Child Development as a deterrent to gender-biased sex selection (Tembhekar 2016). The proposal stems from the prohibition of gender-biased sex selection provided under the Pre-Conception and Pre-Natal Diagnostics Techniques (PCPNDT) Act, 1994. The approach taken so far under the PCPNDT Act, 2014 has been to regulate the use of technologies involved in sex determination. However, the steady decline in the national sex ratio since the passage of the PCPNDT Act provides a clear indication that the regulation of such technology has been largely ineffective. A national policy linking Aadhaar with abortions would be aimed at discouraging gender-biased sex selection through state surveillance, in direct violation of a female’s right to decisional privacy with regards to their own body.</p> <p>Linking Aadhaar would also be used as a mechanism to enable direct benefit transfer (DBT) to the beneficiaries of the national maternal benefits scheme. Linking reproductive health services to the Aadhaar ecosystem has been critiqued because it is exclusionary towards women with legitimate claims towards abortions and other reproductive services and benefits, and it heightens the risk of data breaches in a cultural fabric that already stigmatises abortions. The bodies on which this stigma is disproportionately placed, unmarried or disabled females, for instance, experience the harms of visibility through centralised surveillance mechanisms more acutely than others by being penalised for their deviance from cultural expectations.  This is in accordance with the theory of "data extremes,” wherein marginalised communities are seen as  living on the extremes of  data capture, leading to a data regime that either refuses to recognise them as legitimate entities or subjects them to overpolicing in order to discipline deviance (Arora 2016). In both developed and developing contexts, the broader purpose of identity management has largely been to demarcate legitimate and illegitimate actors within a population, either within the framework of security or welfare.</p> <h2><strong>Potential Harms of the Data Model of Reproductive Health Provisioning</strong></h2> <p>Informational privacy and decisional privacy are critically shaped by data flows and security within the MCTS/RCH. No standards for data sharing and storage, or anonymisation and encryption of data have been implemented despite role-based authentication (NHSRC and Taurus Glocal 2011). The risks of this architectural design are further amplified in the context of the RCH/ANMOL where data is captured real-time. In the absence of adequate safeguards against data leaks, real-time data capture risks the publicising of reproductive health choices in an already stigmatised environment. This opens up avenues for further dilution of autonomy in making future reproductive health choices. </p> <p>Several core principles of informational privacy, such as limitations regarding data collection and usage, or informed consent, also need to be reworked within this context.[1] For instance, the centrality of the requirement of “free, informed consent” by an individual would need to be replaced by other models, especially in the context of reproductive health of  rape survivors who are vulnerable and therefore unable to exercise full agency. The ability to make a free and informed choice, already dismantled in the context of contemporary data regimes, gets further precluded in such contexts. The constraints on privacy in decisions regarding the body are then replicated in the domain of reproductive data collection. </p> <p>What is uniform across these digitisation initiatives is their treatment of maternal and reproductive health as solely a medical event, framed as a data scarcity problem. In doing so, they tend to amplify the understanding of reproductive health through measurable indicators that ignore social determinants of health. For instance, several studies conducted in the rural Indian context have shown that the degree of women’s autonomy influences the degree of usage of pregnancy care, and that the uptake of pregnancy care was associated with village-level indicators such as economic development, provisioning of basic infrastructure and social cohesion. These contextual factors get overridden in pervasive surveillance systems that treat reproductive healthcare as comprising only of measurable indicators and behaviours, that are dependent on individual behaviour of practitioners and women themselves, rather than structural gaps within the system.</p> <p>While traditionally associated with state governance, the contemporary surveillance regime is experienced as distinct from its earlier forms due to its reliance on a nexus between surveillance by the state and private institutions and actors, with both legal frameworks and material apparatuses for data collection and sharing (Shepherd 2017). As with historical forms of surveillance, the harms of contemporary data regimes accrue disproportionately among already marginalised and dissenting communities and individuals. Data-driven surveillance has been critiqued for its excesses in multiple contexts globally, including in the domains of predictive policing, health management, and targeted advertising (Mason 2015). In the attempts to achieve these objectives, surveillance systems have been criticised for their reliance on replicating past patterns, reifying proximity to a hetero-patriarchal norm (Haggerty and Ericson 2000). Under data-driven surveillance systems, this proximity informs the preexisting boxes of identity for which algorithmic representations of the individual are formed. The boxes are defined contingent on the distinct objectives of the particular surveillance project, collating disparate pieces of data flows and resulting in the recasting of the singular offline self into various 'data doubles' (Haggerty and Ericson 2000). Refractive, rather than reflective, the data doubles have implications for the physical, embodied life of individual with an increasing number of service provisioning relying on the data doubles (Lyon 2001). Consider, for instance,  apps on menstruation, fertility, and health, and wearables such as fitness trackers and pacers, that support corporate agendas around what a woman’s healthy body should look, be or behave like (Lupton 2014). Once viewed through the lens of power relations, the fetishised, apolitical notion of the data “revolution” gives way to what we may better understand as “dataveillance.”</p> <h2><strong>Towards a Networked State and a Neo-liberal Citizen</strong></h2> <p>Following in this tradition of ICT being treated as the solution to problems plaguing India’s public health information system, a larger, all-pervasive healthcare ecosystem is now being proposed by the Indian state (NITI Aayog 2018). Termed the National Health Stack, it seeks to create a centralised electronic repository of health records of Indian citizens with the aim of capturing every instance of healthcare service usage. Among other functions, it also envisions a platform for the provisioning of health and wellness-based services that may be dispensed by public or private actors in an attempt to achieve universal health coverage. By allowing private parties to utilise the data collected through pullable open application program interfaces (APIs), it also fits within the larger framework of the National Health Policy 2017 that envisions the private sector playing a significant role in the provision of healthcare in India. It also then fits within the state–private sector nexus that characterises dataveillance. This, in turn, follows broader trends towards market-driven solutions and private financing of health sector reform measures that have already had profound consequences on the political economy of healthcare worldwide (Joe et al 2018).</p> <p>These initiatives are, in many ways, emblematic of the growing adoption of network governance reform by the Indian state (Newman 2001). This is a stark shift from its traditional posturing as the hegemonic sovereign nation state. This shift entails the delayering from large, hierarchical and unitary government systems to horizontally arranged, more flexible, relatively dispersed systems.[2] The former govern through the power of rules and law, while the latter take the shape of self-regulating networks such as public–private contractual arrangements (Snellen 2005). ICTs have been posited as an effective tool in enabling the transition to network governance by enhancing local governance and interactive policymaking enabling the co-production of knowledge (Ferlie et al 2011). The development of these capabilities is also critical to addressing “wicked problems” such as healthcare (Rittel and Webber 1973).[3] The application of the techno-deterministic, data-driven model to reproductive healthcare provision, then, resembles a fetishised approach to technological change. The NHSRC describes this as the collection of data without an objective, leading to a disproportional burden on data collection over use (NHSRC and Taurus Glocal 2011). </p> <p>The blurring of the functions of state and private actors is reflective of the neo-liberal ethic, which produces new practices of governmentality. Within the neo-liberal framework of reproductive healthcare, the citizen is constructed as an individual actor, with agency over and responsibility for their own health and well-being (Maturo et al 2016). </p> <h2><strong>“Quantified Self” of the Neo-liberal Citizen</strong></h2> <p>Nowhere can the manifestation of this neo-liberal citizen can be seen as clearly as in the “quantified self” movement. The quantified self movement refers to the emergence of a whole range of apps that enable the user to track bodily functions and record data to achieve wellness and health goals, including menstruation, fertility, pregnancies, and health indicators in the mother and baby. Lupton (2015) labels this as the emergence of the “digitised reproductive citizen,” who is expected to be attentive to her fertility and sexual behaviour to achieve better reproductive health goals. The practice of collecting data around reproductive health is not new to the individual or the state, as has been demonstrated by the discussion above. What is new in this regime of datafication under the self-tracking movement is the monetisation of reproductive health data by private actors, the labour for which is performed by the user. Focusing on embodiment draws attention to different kinds of exploitation engendered by reproductive health apps. Not only is data about the body collected and sold, the unpaid labour for collection is extracted from the user. The reproductive body can then be understood as a cyborg, or a woman-machine hybrid, systematically digitising its bodily functions for profit-making within the capitalist (re)production machine (Fotoloulou 2016). Accordingly, all major reproductive health tracking apps have a business model that relies on selling information about users for direct marketing of products around reproductive health and well-being (Felizi and Varon nd).  </p> <p>As has been pointed out in the case of big data more broadly, reproductive health applications (apps) facilitate the visibility of the female reproductive body in the public domain. Supplying anonymised data sets to medical researchers and universities fills some of the historical gaps in research around the female body and reproductive health. Reproductive and sexual health tracking apps globally provide their users a platform to engage with biomedical information around sexual and reproductive health. Through group chats on the platform, they are also able to engage with experiential knowledge of sexual and reproductive health. This could also help form transnational networks of solidarity around the body and health  (Fotopoulou 2016).</p> <p>This radical potential of network-building around reproductive and sexual health is, however, tempered to a large extent by the reconfiguration of gendered stereotypes through these apps. In a study on reproductive health apps on Google Play Store, Lupton (2014) finds that products targeted towards female users are marketed through the discourse of risk and vulnerability, while those targeted towards male users are framed within that of virility. Apart from reiterating gendered stereotypes around the male and female body, such a discourse assumes that the entire labour of family planning is performed by females. This same is the case with the MCTS/RCH.</p> <p>Technological interventions such as reproductive health apps as well as HIS are based on the assumption that females have perfect control over decisions regarding their own bodies and reproductive health, despite this being disproved in India. The Guttmacher Institute (2014) has found that 60% of women in India report not having control over decisions regarding their own healthcare. The failure to account for the husband or the family as stakeholder in decision-making around reproductive health has been a historical failure of the family planning programme in India, and is now being replicated in other modalities. This notion of an autonomous citizen who is able to take responsibility of their own reproductive health and well-being does not hold true in the Indian context. It can even be seen as marginalising females who have already been excluded from the reproductive health system, as they are held responsible for their own inability to access healthcare.  </p> <h2><strong>Concluding remarks</strong></h2> <p>The interplay that emerges between reproductive health surveillance and data infrastructures is a complex one. It requires the careful positioning of the political nature of data collection and processing as well as its hetero-patriarchal and colonial legacies, within the need for effective utilisation of data for achieving developmental goals. Assessing this discourse through a feminist lens identifies the web of power relations in data regimes. This problematises narratives of technological solutions for welfare provision.</p> <p>The reproductive healthcare framework in India then offers up a useful case study to assess these concerns. The growing adoption of ICT-based surveillance tools to equalise access to healthcare needs to be understood in the socio-economic, legal, and cultural context where these tools are being implemented. Increased surveillance has historically been associated with causing the structural gendered violence that it is now being offered as a solution to. This is a function of normative standards being constructed for reproductive behaviour that necessarily leave out broader definitions of reproductive health and welfare when viewed through a feminist lens. Within the larger context of health policymaking in India, moves towards privatisation then demonstrate the peculiarity of dataveillance as it functions through an unaccountable and pervasive overlapping of state and private surveillance practises. It remains to be seen how these trends in ICT-driven health policies affect access to reproductive rights and decisional privacy for millions of females in India and other parts of the global South. </p></div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/gender" hreflang="en">Gender</a></div> <div class="field__item"><a href="/learn/poverty" hreflang="en">Poverty</a></div> <div class="field__item"><a href="/learn/women" hreflang="en">Women</a></div> <div class="field__item"><a href="/learn/data-exploitation" hreflang="en">Data Exploitation</a></div> <div class="field__item"><a href="/learn/economic-social-and-cultural-rights" hreflang="en">Economic, social and cultural rights</a></div> <div class="field__item"><a href="/learn/sexual-and-reproductive-rights" hreflang="en">Sexual and Reproductive Rights</a></div> <div class="field__item"><a href="/learn/health-data" hreflang="en">Health Data</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/776" hreflang="en">Realise Our Rights to Live with Dignity</a></div> </div> </div> <div class="field field--name-field-location-region-locale field--type-entity-reference field--label-inline"> <div class="field__label">Location</div> <div class="field__items"> <div class="field__item"><a href="/location/india" hreflang="en">India</a></div> </div> </div> <div class="field field--name-field-partner field--type-entity-reference field--label-inline"> <div class="field__label">More about our partner</div> <div class="field__items"> <div class="field__item"><a href="/partners/centre-internet-and-society" hreflang="en">Centre for Internet and Society</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/677" hreflang="en">Reproductive Rights and Privacy Project</a></div> </div> </div> <div class="field field--name-field-date field--type-datetime field--label-above"> <div class="field__label">Date</div> <div class="field__item"><time datetime="2020-02-13T12:00:00Z" class="datetime">Thursday, February 13, 2020</time> </div> </div> <div class="field field--name-field-principle-or-recommendatio field--type-entity-reference field--label-above"> <div class="field__label">What Pi is calling for</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/482" hreflang="en">Data should be protected</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/reveal" hreflang="en">We uncover and expose</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/736" hreflang="en">Advocacy</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/62" hreflang="en">CIS Post.png</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>CIS, PI's partner in India, posits health monitoring as surveillance and not merely as a “data problem.”</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>The unpacking of the Mother and Child Tracking System and the National Health Stack reveals the neo-liberal aspirations of the Indian state. </li> <li>Assessing the reproductive healthcare framework in India with a feminist lens identifies the web of power relations in data regimes.</li> </ul></div> </div> Mon, 24 Feb 2020 17:53:00 +0000 tech-admin 3368 at https://privacyinternational.org Women’s Aid and Privacy International launch digital information cards to help women stay safe on Valentine’s Day https://privacyinternational.org/long-read/3366/womens-aid-and-privacy-international-launch-digital-information-cards-help-women <span class="field field--name-title field--type-string field--label-hidden">Women’s Aid and Privacy International launch digital information cards to help women stay safe on Valentine’s Day</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">tech-admin</span></span> <span class="field field--name-created field--type-created field--label-hidden">Monday, February 24, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Valentine’s Day is traditionally a day to celebrate relationships, but many relationships that begin romantically can quickly become controlling, with partners reading emails, checking texts and locations of social media posts. This can be just the beginning.</p> <p>Today, Friday 14th February, Privacy International and Women’s Aid are launching a series of digital social media cards giving women practical information on how to help stay safe digitally from control and abuse.</p> <p> </p> <h3><strong>Did you know that your location could be made public when you post on apps?</strong></h3></div> <div class="field field--name-field-repeating-image-and-text field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-02.jpg?itok=4XX1y1e_ 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-02.jpg?itok=PswHPJQJ 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-02.jpg?itok=PswHPJQJ" alt="Did you know that your location could be made public when you post on apps?" typeof="foaf:Image" /> </picture> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-03.jpg?itok=v3CvOyAX 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-03.jpg?itok=n2Oj-DOP 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-03.jpg?itok=n2Oj-DOP" alt="Did you know that your location could be made public when you post on apps?" typeof="foaf:Image" /> </picture> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-04.jpg?itok=RzGOsX9p 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-04.jpg?itok=Q17Nk7Om 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-04.jpg?itok=Q17Nk7Om" alt="Did you know that your location could be made public when you post on apps?" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><h3><strong>How do they seem to know everything? Have they guessed my password?</strong></h3></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-05.jpg?itok=VokUllTI 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-05.jpg?itok=F0OVSQP_ 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-05.jpg?itok=F0OVSQP_" alt="How do they seem to know everything? Have they guessed my password?" typeof="foaf:Image" /> </picture> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-06.jpg?itok=Ky67FgQ5 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-06.jpg?itok=esh4Eoc9 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-06.jpg?itok=esh4Eoc9" alt="How do they seem to know everything? Have they guessed my password?" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><h3><strong>How can I make my social media safe and secure?</strong></h3></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-07.jpg?itok=YraGXpX9 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-07.jpg?itok=tcmgfmH8 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-07.jpg?itok=tcmgfmH8" alt="How can I make my social media safe and secure?" typeof="foaf:Image" /> </picture> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-08.jpg?itok=4F9UJeSs 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-08.jpg?itok=CXzhdr_e 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-08.jpg?itok=CXzhdr_e" alt="How can I make my social media safe and secure?" typeof="foaf:Image" /> </picture> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-09.jpg?itok=_tuiUtbF 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-09.jpg?itok=IJZvUXza 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-09.jpg?itok=IJZvUXza" alt="How can I make my social media safe and secure?" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><h3><strong>How can I stop someone putting spyware on my phone?</strong></h3></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-10.jpg?itok=hA2CbwYl 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-10.jpg?itok=hEDeO4bC 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-10.jpg?itok=hEDeO4bC" alt="How can I stop someone putting spyware on my phone?" typeof="foaf:Image" /> </picture> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-03/privacy-media-cards-v7-11.jpg?itok=X-uZAp5E 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-11.jpg?itok=VIPqm0CI 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-03/privacy-media-cards-v7-11.jpg?itok=VIPqm0CI" alt="How can I stop someone putting spyware on my phone?" typeof="foaf:Image" /> </picture> </div> </div> </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/lgbtiq" hreflang="en">LGBTIQ+</a></div> <div class="field__item"><a href="/learn/gender" hreflang="en">Gender</a></div> <div class="field__item"><a href="/learn/women" hreflang="en">Women</a></div> <div class="field__item"><a href="/learn/social-media-surveillance" hreflang="en">Social Media Surveillance</a></div> <div class="field__item"><a href="/learn/privacy" hreflang="en">Privacy</a></div> <div class="field__item"><a href="/learn/smartphones" hreflang="en">Smartphones</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/safeguarding-peoples-dignity" hreflang="en">Safeguarding Peoples&#039; Dignity</a></div> <div class="field__item"><a href="/taxonomy/term/791" hreflang="en">Protect People and Communities Online</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/when-social-media-makes-you-target" hreflang="en">When Social Media makes you a target</a></div> </div> </div> <div class="field field--name-field-type-of-abuse field--type-entity-reference field--label-above"> <div class="field__label">Type of abuse</div> <div class="field__items"> <div class="field__item"><a href="/examples/women" hreflang="en">Women</a></div> </div> </div> <div class="field field--name-field-audience-and-purpose field--type-entity-reference field--label-above"> <div class="field__label">Audiences and Purpose</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/624" hreflang="en">Generalised audience education for inspiration</a></div> <div class="field__item"><a href="/taxonomy/term/627" hreflang="en">Informing the concerned</a></div> </div> </div> <div class="field field--name-field-principle-or-recommendatio field--type-entity-reference field--label-above"> <div class="field__label">What Pi is calling for</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/836" hreflang="en">Technologies, laws, and policies contain modern safeguards to protect people from exploitation.</a></div> <div class="field__item"><a href="/taxonomy/term/838" hreflang="en">People and communities can protect their data and rights, resist and object to exploitation by governments and industry.</a></div> <div class="field__item"><a href="/taxonomy/term/481" hreflang="en">People must know what data is generated and processed</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/movement" hreflang="en">We create a global movement</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/730" hreflang="en">Educational</a></div> <div class="field__item"><a href="/taxonomy/term/731" hreflang="en">Guides</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/69" hreflang="en">privacy-media-cards-v7-01_1.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>Valentine’s Day is traditionally a day to celebrate relationships, but many relationships that begin romantically can quickly become controlling, with partners reading emails, checking texts and locations of social media posts. This can be just the beginning.</p> <p>Today, Friday 14th February, Privacy International and Women’s Aid are launching a series of digital social media cards giving women practical information on how to help stay safe digitally from control and abuse.</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>Privacy International and Women’s Aid are launching a series of digital social media cards giving women practical information on how to help stay safe digitally from control and abuse.</li> </ul></div> </div> Mon, 24 Feb 2020 17:52:26 +0000 tech-admin 3366 at https://privacyinternational.org