Search
Content type: News & Analysis
The short answer is yes.
I'm sure many of you have seen people with stickers over their webcams and wondered why (probably writing that person off as paranoid). But it's well known in tech circles that a camera in a computer or smartphone can be turned on remotely by an attacker with the resources, time, and motivation.
Security is hard, and our defences are weak. The capability of an adversary to attack your devices doesn't necessarily hinge upon a consumer choice of…
Content type: Advocacy
Privacy International has today submitted comments to a U.S. government consultation on whether the US Department of Homeland Security (DHS) should keep the social media details of individuals travelling to the US in so-called “Alien Files” documenting all immigrants.
We’ve urged that they don’t, and that they review and stop all similar social media surveillance by the DHS.
The systematic surveillance of social media is an increasingly dangerous trend …
Content type: Long Read
On 8 September 2017, the Investigatory Powers Tribunal decided to refer questions to the Court of Justice of the European Union (‘CJEU’) concerning the collection of bulk communications data (‘BCD’) by the Security Intelligence Agencies from mobile network operators.
The BCD regime was initially secret. In an earlier judgment, the Investigatory Powers Tribunal ruled that the regime was not compliant with the European Convention on Human Rights prior to its public avowal, but (subject to…
Content type: Press release
On 5 October 2017, Privacy International will appear before the UK Court of Appeal to continue its challenge to the British government's large scale hacking powers. The case questions the decision by the Investigatory Powers Tribunal (IPT) to sanction the UK government's power to hack broad categories of people or property without any individualised suspicion.
TIMELINE AND KEY POINTS
- Privacy International began fighting bulk government hacking in 2014 at the…
Content type: Explainer
What is integrated policing?
Integrated policing is the collection and centralisation of data used for policing purposes. In the era of ‘big data’, companies – often the same companies offering infrastructures for smart cities – are offering interfaces that allow police easier access to datasets. Smart cities are cities where projects are deployed to use the collection and analysis of data to attempt to provide better targeted services to inhabitants.
With the proliferation of surveillance…
Content type: News & Analysis
This blog was written by Fundación Karisma, a member of the Privacy International Network. It does not necessarily reflect the views or position of Privacy International.
The Colombian General Prosecutor said recently that the blocking of IMEI is not working. He is talking about a registry created in 2011 that aims to reduce cellphone theft by blocking reportedly stolen phones of Colombian networks.
Fundación Karisma has been following this program and now, after six years…
Content type: Long Read
European Court of Human Rights Intervention
On 15 September 2017, Privacy International filed an intervention to the European Court of Human Rights in Association Confraternelle de la Presse Judiciare and 11 Other Applications v. France. This case challenges various surveillance powers authorised under the French Intelligence Act of 24 July 2015 as incompatible with Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy…
Content type: Advocacy
On 13 September 2017, Privacy International, in partnership with 30+ national human rights organisations, launched an international campaign for greater transparency around secretive intelligence sharing activities between governments. As part of this campaign, PI wrote to national intelligence oversight bodies in over 40 countries seeking information about the intelligence sharing activities of their governments. PI has created an interactive map which illustrates the countries…
Content type: Press release
Key points
Privacy International surveyed 21 EU member states' legislation on data retention and examined their compliance with fundamental human rights standards
0 out of the 21 States examined by PI are currently in compliance with these standards (as interpreted in two landmark judgements by the Court of Justice of the European Union: Tele-2/Watson and Digital Rights Ireland)
Privacy International is calling for:
EU member states to review their legislation on data retention…
Content type: Advocacy
This report sheds light on the current state of affairs in data retention regulation across the EU post the Tele-2/Watson judgment. Privacy International has consulted with digital rights NGOs and industry from across the European Union to survey 21 national jurisdictions (Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, France, Germany, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United…
Content type: Case Study
Cities around the world are deploying collecting increasing amounts of data and the public is not part of deciding if and how such systems are deployed.
Smart cities represent a market expected to reach almost $760 billion dollars by 2020. All over the world, deals are signed between local governments and private companies, often behind closed doors. The public has been left out of this debate while the current reality of smart cities redefines people’s right to privacy and creates new…
Content type: Case Study
Our connected devices carry and communicate vast amounts of personal information, both visible and invisible.
What three things would you grab if your house was on fire? It’s a sure bet your mobile is going to rank pretty high. It’s our identity, saying more about us than we perhaps realise. It contains our photos, calendar, internet browsing, locations of where we go, where we’ve been, our emails, social media. It holds our online banking, notes with half written poems, shopping lists, shows…
Content type: Case Study
Gig economy jobs that depend on mobile applications allow workers’ movements to be monitored, evaluated, and exploited by their employers.
The so-called “gig economy” has brought to light employers’ increasing ability and willingness to monitor employee performance, efficiency, and overall on-the-job conduct. Workplace surveillance of gig economy workers often happens without employees’ awareness or consent. This is especially evident in the app-based gig economy, where apps act both as an…
Content type: Case Study
Police and security services are increasingly outsourcing intelligence collection to third-party companies which are assigning threat scores and making predictions about who we are.
The rapid expansion of social media, connected devices, street cameras, autonomous cars, and other new technologies has resulted in a parallel boom of tools and software which aim to make sense of the vast amount of data generated from our increased connection. Police and security services see this data as an…
Content type: News & Analysis
Privacy International and Metamorphosis have today written to authorities in Macedonia to provide information and call for assurances regarding government surveillance in Macedonia.
For over two years, Macedonia has endured a prolonged and severe political crisis - including wide scale protests and acts of violence against parliamentarians - following reports that the governing party had been unlawfully intercepting the phone calls of some 20,000 people, including, activists, journalists…
Content type: Advocacy
Privacy International and Metamorphosis have today written to authorities in Macedonia to provide information and call for assurances regarding government surveillance in Macedonia.
For over two years, Macedonia has endured a prolonged and severe political crisis - including wide scale protests and acts of violence against parliamentarians - following reports that the governing party had been unlawfully intercepting the phone calls of some 20,000 people, including,…
Content type: Long Read
This piece was originally published in Just Security in August 2017
We recently published an analysis in Lawfare of the United Kingdom’s surveillance framework as it relates to the proposed U.S.-U.K. agreement for cross-border law enforcement data requests. Implementing the U.S.-U.K. agreement is subject to passage of draft legislation proposed by the Justice Department to Congress in July 2016 (“U.S. DOJ legislation”), which will set standards that approved partners like the U.K.…
Content type: News & Analysis
What do Honduras, Pakistan, and Switzerland have in common? They are all bound to respect and protect the right to privacy under Article 17 of the International Covenant on Civil and Political Rights. And in July 2017, they all also happened to be under the scrutiny of the UN Human Rights Committee, which found the countries’ human rights record wanting in many respects, including the scope of their surveillance legislation.
Intelligence sharing
Reviewing Pakistan, the Committee…
Content type: News & Analysis
Privacy International (PI) has today written to the Danish Ministry of Foreign Affairs following further concerning reports about the export of internet surveillance equipment from the country.
We are calling for the government to carry out a full re-assessment of the human rights risks associated with the export of such internet surveillance equipment, and to revoke all licenses where there is a risk to human rights or if the law governing surveillance in the destination country is…
Content type: Long Read
This piece was originally published in Lawfare in July 2017.
The United Kingdom has been a key partner in the United States’ efforts to reform the process that law enforcement officials use to make cross-border requests for data. These efforts address both foreign governments’ requests for data stored in the U.S. and reciprocal requests by the U.S. government for data stored abroad. As part of these efforts, the U.S. and the U.K. have negotiated a draft bilateral agreement (“U…
Content type: News & Analysis
Photo Credit: MoD UK
‘Security’ in the policy world has practically no currency without a specific prefix. For example, we could discuss 'national' security as distinct from 'consumer' security or 'energy' security. ‘Cyber’ security is the new prefix on the policy block, and it is gradually forcing a rethink on what it means to be secure in a modern society. In the course of Privacy International’s work globally, we have observed that many governments frame cyber security as national security…
Content type: Long Read
In January 2017, Kenya’s information and communication technology regulator, the Communications Authority of Kenya, announced that it was spending over 2 billion shillings (around 14 million USD) on new initiatives to monitor Kenyans’ communications and regulate their communications devices. The press lit up with claims of spying, and members of Kenya’s ICT community vowed to reject the initiatives as violating Kenyans’ constitutional rights, including the right to privacy (Article 31…
Content type: News & Analysis
The Privacy International Network recently submitted joint stakeholder reports for seven partner countries - India, South Africa, Morocco, Tunisia, Brazil, the Philippines and Indonesia - as part of the 27th session of the Universal Periodic Review (1 to 12 May 2017).
Communications surveillance was a major area of concern, as we observed that these policies and practices remain largely opaque, complex and vague. In…
Content type: Advocacy
On 28 June 2017, Privacy International sent a letter and briefing to the Mexican government following reports indicating that Mexican authorities had used NSO Group’s Pegasus spyware to target journalists and human rights defenders working to expose government corruption and human rights abuses. NSO Group is a surveillance technology company that sells products and services, including malware, exclusively to government clients.
These attacks were designed to compromise the mobile phones of…
Content type: Advocacy
This stakeholder report is a submission by Asociación por los Derechos Civiles (ADC) and Privacy International (PI). The Asociación por los Derechos Civiles (ADC) is a non-governmental, non-pro t organisation based in Buenos Aires that promotes civil and social rights in Argentina and other Latin American countries. It was founded in 1995 with the purpose of helping to strengthen a legal and institutional culture that guarantees the fundamental rights of the people, based on respect…
Content type: Advocacy
This stakeholder report is a submission by Privacy International (PI). PI is a human rights organisation that works to advance and promote the right to privacy and government surveillance around the world. Privacy International wishes to bring concerns about the protection and promotion of the right to privacy for consideration in Pakistan’s upcoming review at the 28th session of the Working Group on the Universal Periodic Review.
Content type: Press release
Please find attached a copy of the briefing along with promotional photographs with the briefing.
Privacy International has today sent top EU and UK Brexit negotiators* a briefing on their vulnerability to potential surveillance by each other, and others. Brexit negotiations are to begin today.
The global privacy rights NGO has highlighted to the negotiators the risk of sophisticated surveillance capabilities being deployed against each other and by others, and provided…
Content type: Advocacy
Privacy International welcomes this opportunity to engage in a dialogue over the implementation of the UN Security Council Resolution 2322 (2016), specifically as they related to intelligence sharing and mutual legal assistance mechanisms to access cross-border data.
Content type: News & Analysis
The past few years have seen a huge rise in the number of attacks both active and passive, against organisations big and small. Attacks against organisations happen for a multitude of reasons: extortion via "ransomware", exfiltration of commercial secrets, or just "the lulz". While this can be crippling to a commercial business, it can potentially be devastating to an NGO, especially those which work to hold powerful institutions to account. The types of information held by such NGOs could…