Search
Content type: News & Analysis
This post was written by PI Technologist Ed Geraghty.
At the very heart of ThornSec’s design is that we assume our security will fail. There is nothing perfect on this earth (except kittens). The entire point is to fail well. For charities and NGOs that are fragile, poorly resourced, and often at risk, this is relatively novel thinking. We prepare for that with a strict adherence to good security practice.
It is exactly this element of novelty that makes us more open than your…
Content type: News & Analysis
This post was written by PI Policy Officer Lucy Purdon.
In 1956, US Presidential hopeful Adlai Stevenson remarked that the hardest part of any political campaign is how to win without proving you are unworthy of winning. Political campaigning has always been a messy affair and now the online space is where elections are truly won and lost. Highly targeted campaign messages and adverts flood online searches and social media feeds. Click, share, repeat; this is what political engagement looks…
Content type: Advocacy
Privacy International's comments to the Article 29 Working Party Guidelines on automated individual decision-making and profiling are here.
Content type: News & Analysis
We work to collect the minimum amount of data that we need from you to do our jobs within the resources we have, and to protect and use that data in an ethical manner. We are expanding the ways we engage with our supporters, by rebuilding our tech services to ensure that we continue to live up to that commitment.
Here we explain what data we have access to, what we collect, and how we work to protect your data. This piece is more explanatory than our policy statement which is available here.…
Content type: News & Analysis
Overview
CIPIT is currently investigating how the privacy of Kenyan citizens was affected by the use of biometric data during the just concluded 2017 general and repeat elections. The IEBC is mandated by law to register voters, verify their registration details and conduct elections. Accordingly, the IEBC is the custodian of the public voter register. There have been reports that individuals received SMS texts from candidates vying for various political seats during the campaign period of the…
Content type: Advocacy
This briefing consolidates Privacy International's concerns on the UK Data Protection Bill as it reached Report Stage in the House of Lords.
Content type: Long Read
The battle for Kenyan voters’ allegiance in the 2017 Presidential election was fought on social media and the blogosphere. Paid advertisements for two mysterious, anonymous sites in particular started to dominate Google searches for dozens of election-related terms in the months leading up to the vote. All linked back to either “The Real Raila”, a virulent attack campaign against presidential hopeful Raila Odinga, or Uhuru for Us, a site showcasing President Uhuru Kenyatta’s accomplishments. As…
Content type: Long Read
Introduction
Why We Are So Concerned about Government Hacking for Surveillance
Scope of Our Safeguards
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4. Judicial Authorisation
5. Integrity of information
6. Notification
7. Destruction and Return of Data
8. Oversight and Transparency
9. Extraterritoriality
10. Effective Remedy
Commentary on each
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4.…
Content type: Press release
A new investigation published today by Privacy International reveals the role of an American data-based digital advertising company in the highly divisive online re-election campaign of Kenyan president Uhuru Kenyatta.
In the run-up to Kenya's presidential election in August 2017, paid advertisements for two mysterious sites dominated Google searches for election-related terms and flooded Kenyans' social media feeds. All linked back to either 'The Real Raila', a virulent attack campaign…
Content type: People
Joanna Oniszk is our Resources Director. She joined us in 2015 to take on donor coordination and financial management of the organisation. She has over ten years of experience in variety of finance and management roles in corporate sector, international organisations and charities and holds an MA in Economics.
Content type: News & Analysis
Recently, a text from a local telecommunications company inquired whether its subscribers knew that they could now enroll their voice so they could access various services securely and conveniently. This added a further dynamic to the on-going debate in several quarters on the accelerated adoption of biometrics in Kenya. Does Kenya have the necessary framework in place to safeguard the privacy and security of its citizens? The reality is, innovators will not wait for an optimal…
Content type: People
Ed is a Senior Technologist at Privacy International. He is responsible for our technical security and research, and leads the development of our security framework and tech engagement with our International Network.
Content type: People
Caroline is Privacy International’s Legal Director and General Counsel. She leads the legal advocacy at PI and counsels PI’s programmes on legal strategy and risk. Caroline is a US-qualified lawyer who previously specialised in privacy and intellectual property litigation at a prominent US law firm. Caroline received her law degree from Yale Law School and her undergraduate degree in Anthropology from the University of California, Berkeley. After law school, Caroline…
Content type: People
Alexandrine is Directory of Strategy at Privacy International. She manages and oversees the development and delivery of Privacy International's strategic portfolio aimed at ensuring that innovative solutions serve individual and communities and protection their dignity rather than state power and corporate interest. This portfolio explores issues of digital identity, protecting communities at risk online, the digitisation of access to economic, social and cultural rights, and the use of data…
Content type: Report
When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.
Seems fairly innocuous? Wrong. Your name and…
Content type: Press release
Press Release: New report shows how car rental companies are failing to protect drivers' information
A new report by Privacy International shows how car rental companies and car-share schemes are failing to protect drivers' personal information, such as their location, smart phone contents, and place of residence.
The report is here: https://privacyinternational.org/node/987
Key points
Privacy International (PI) rented a series of internet-connected cars and examined the information which was collected and retained on the rental cars' infotainment system*. Every car PI rented…
Content type: Examples
A 2009 paper by the US National Academy of Sciences found that among forensic methods only DNA can reliably and consistency match evidence to specific individuals or sources. While it's commonly understood that techniques such as analysis of blood spatter patterns are up for debate, other types of visual evidence have been more readily accepted. In 2015 the FBI announced that virtually all of its hair analysis testing was scientifically indefensible, and in 2016 the Texas Forensic Science…
Content type: Examples
In 2016, researchers discovered that the personalisation built into online advertising platforms such as Facebook is making it easy to invisibly bypass anti-discrimination laws regarding housing and employment. Under the US Fair Housing Act, it would be illegal for ads to explicitly state a preference based on race, colour, religion, gender, disability, or familial status. Despite this, some policies - such as giving preference to people who already this - work to ensure that white…
Content type: Examples
In 2017, an automated facial recognition dispenser was installed in one of the busiest toilets in Beijing in order to prevent theft of toilet paper rolls, chiefly by elderly residents. Would-be users must remove hats and glasses and stand in front of a high-definition camera for three seconds in order to receive a 60cm length. Users have complained of software malfunctions that force them to wait, the lack of privacy, and difficulty getting the machines to work. The last of these led the city…
Content type: Examples
A US House of Representatives oversight committee was told in March 2017 that photographs of about half of the adult US population are stored in facial recognition databases that can be accessed by the FBI without their knowledge or consent. In addition, about 80% of the photos in the FBI's network are of non-criminals and come from sources such as passports. Eighteen states supply driver's licences under arrangement with the FBI. In response, privacy advocates and politicians called for…
Content type: Examples
Few people realise how many databases may include images of their face; these may be owned by data brokers, social media companies such as Facebook and Snapchat, and governments. The systems in use by Snap and the Chinese start-up Face++ don't save facial images, but map detailed points on faces and store that data instead. The FBI's latest system, as of 2017, gave it the ability to scan the images of millions of ordinary Americans collected from millions of mugshots and the driver's licence…
Content type: Examples
By 2017, facial recognition was developing quickly in China and was beginning to become embedded in payment and other systems. The Chinese startup Face++, valued at roughly $1 billion, supplies facial recognition software to Alipay, a mobile payment app used by more than 120 million people; the dominant Chinese ride-hailing service, Didi; and several other popular apps. The Chinese search engine Baidu is working with the government of popular tourist destination Wuzhen to enable visitors to…
Content type: Examples
For a period between the end of October and November 3 2016 the heating and hot water systems in two buildings in the city of Lappeenranta, Finland were knocked out by a distributed denial of service attack designed to make the systems fail. The systems responded by repeatedly rebooting the main control circuit, which meant that the heating was never working - at a time when temperatures had already dropped below freezing. Specialists in building maintenance noted that companies often skimp on…
Content type: Examples
In 2015, the Swedish startup hub Epicenter began offering employees microchip implants that unlock doors, operate printers, and pay for food and drink. By 2017, about 150 of the 2,000 workers employed by the hub's more than 100 companies had accepted the implants. Epicenter is just one of a number of companies experimenting with this technology, which relies on Near Field Communication (NFC). The chips are biologically safe, but pose security and privacy issues by making it possible to track…
Content type: Examples
The payday lender Wonga announced in April 2017 that a data breach at the company affected an estimated 270,000 customers, 245,000 of them in the UK and the rest in Poland. The company sent those it thought were affected messages warning that it believed there may have been illegal and unauthorised access to some of the data in their accounts. Wonga was already controversial because of the high rates of interest in charged, and findings by the UK's financial regulator that it had made loans to…
Content type: Examples
In 2017, an anonymous whistleblower sent a letter to Green party peer Jenny Jones alleging that a secretive Scotland Yard unit was illegally monitoring the private emails of campaigners and journalists. The letter included a list of ten people and the passwords to their email accounts and claimed the police were using an India-based operation that did the work of hacking emails, shredding documents, and using sex as a method of infiltration. Jones's background includes a decade on the…
Content type: Examples
In 2017, when user Robert Martin posted a frustrated, disparaging review of the remote garage door opening kit Garadget on Amazon, the peeved owner briefly locked him out of the company's server and told him to send the kit back. After complaints on social media and from the company's board members, CEO Denis Grisak reinstated Martin's service. The incident highlighted the capricious and fine-grained control Internet of Things manufacturers can apply and the power they retain over devices…
Content type: Examples
A 2017 research report found that the most vulnerable smartphone users are the ones whose devices are most open to fraud and harassment. Cheaper, low-end devices are less secure to begin with, and they are also less often replaced than their more expensive counterparts made by. Apple and Google. At any given time there are millions of Android devices that are open to known exploits. Worse, the poorer population that owns these phones are more likely to use them as their sole means of accessing…