Search
Content type: Examples
In July 2018, Robert Mueller, the special prosecutor appointed to look into Russian interference in the 2016 US presidential election, charged 12 Russian intelligence officers with hacking Hillary Clinton's campaign and the Democratic National Committee by spearphishing staffers. The charges include conspiracy to commit an offence against the US, aggravated identity theft, conspiracy to launder money, and conspiracy to access computers without authorisation. The hack led to the release of…
Content type: Examples
The Tel-Aviv-based private intelligence firm Black Cube, which is largely staffed by former Israeli intelligence operatives, was involved in a campaign to attack NGOs and businessman-turned-philanthropist George Soros during Hungary's election campaign. Between December 2017 and March 2018, agents using false identities secretly recorded the results of contacts with Hungarian NGOs and individuals connected to Soros. The recordings began appearing in the press three weeks before the election,…
Content type: Examples
A database compiled through investigations conducted in 2018 by the Guardian and the Undercover Research Group network of activists shows that undercover police officers spied on 124 left-wing activist groups between 1970 and 2007. The police infiltrated 24 officers over that time within the Socialist Workers Party, which, with a membership of a few thousand, advocates revolution to ablish capitalism. Four of these undercover officers began sexual relationships with deceived female members, and…
Content type: Examples
Under a clause in the country's computer crime act that criminalises uploading content that is false or causes "panic", in 2018, Thailand's ruling military junta pursued a criminal investigation into a live feed on the Facebook page belonging to the rising Future Forward Party. The postings claimed that the governing party, the National Council for Peace and Order, which seized power in 2014 was using the threat of lawsuits to recruit former MPs from rival parties. The NCPO has promised to hold…
Content type: Examples
In September 2018, when Massachusetts state police tweeted a map of responses to fires and explosions during a gas emergency, they inadvertently revealed that they were closely monitoring several activist groups, including a Facebook group for Mass Action Against Police Brutality, the Coalition to Organize and Mobilize Boston Against Trump, Facebook 413, Facebook MA Activism, and Resistance Calendar. The image was taken down and cropped after half an hour, but it spurred journalists to ask…
Content type: Examples
In July 2018, members of the Internal Security Organisation, Uganda's counterintelligence agency, raided South African telecommunications provider MTN's Uganda data centre in Mutundwe. In a letter to the police, MTN said the ISO kidnapped a data manager who worked for the contractor that ran the data centre on MTN's behalf, Huawei Technologies. Moses Keefah Musasizi was taken to the ISO head office in Nakasero and held for four hours before being forced to grant access to the data centre and…
Content type: Examples
The proposed extension to the Trans Mountain pipeline, which would connect Alberta and British Columbia in parallel to the existing pipeline and triple its capacity, was controversial for years before Canada approved the project in 2016. In 2014, the British Columbia Civil Liberties Association complained to the Security Intelligence Review Committee that the Canadian Security Intelligence Service was spying on anti-pipeline activists and sharing the information it collected about "radicalised…
Content type: Examples
At the 2017 Champions League Final, South Wales Police deployed an automated facial recognition system that wrongly identified more than 2,000 people in Cardiff as potential criminals. The system's cameras watched 170,000 people arrive in Cardiff for the football match between Real Madrid and Juventus, and identified 2,470 potential matches. According to the force's own figures, 92% (2,297) of these matches were false positives. SWP has also deployed the technology at the annual Elvis festival…
Content type: Examples
In May 2018, the ACLU of Northern California obtained documents under a FOIA request showing that Amazon was essentially giving away its two-year-old Rekognition facial recognition tools to law enforcement agencies in Oregon and Orlando, Florida. Amazon defended the move by saying the technology has many useful purposes, including finding abducted children and identify attendees at the 2018 wedding of Britain's Prince Harry and Meghan Markle. The company markets Rekognition as useful for…
Content type: Examples
In August 2018, two lawsuits, were filed against NSO Group, one brought in Israel by a Qatari citizen and the other in Cyprus by Mexican journalists and activists. All the plaintiffs had been targeted by the company's Pegasus spyware, which takes control of targets' phones when they click on links sent via carefully crafted phishing messages. The company claims that it sells the technology to governments on condition that they use it exclusively against criminals and it is not responsible for…
Content type: Examples
In what appears to be an extension of China's tracking of its Muslim citizens, 3,300 of the 11,500 Chinese pilgrims joining the 2018 hajj to Mecca were outfitted with GPS trackers. When photos were shown of the first group preparing to depart wearing trackers around their necks, the state-run Chinese Islamic Association claimed it was to make the trip safer for them. Each device reportedly contains a QR code connected to an app that reveals the wearer's picture, passport number, address, and…
Content type: Examples
In September 2018 the UK's Information Commissioner found that it was likely that during 2017 a number of migrant rough sleepers were reported to the Home Office enforcement teams by the homelessness charity St. Mungo's. The finding followed a complaint from the Public Interest Law Unit. The charity claimed it passed on these details when people wanted to return home. The Home Office halted its policy of deporting migrant rough sleepers in December 2017 and the government was to pay hundreds of…
Content type: Examples
In internet scans conducted between August 2016 and August 2018, Canada's Citizen Lab identified a total of 45 countries in which operators of Israel-based NSO Group's Pegasus spyware may be conducting surveillance operations. Pegasus is mobile phone spyware that targets are coerced into installing via a carefully constructed phishing attack; clicking on the exploit link installs the spyware without the user's knowledge or permission and bypasses the phone's security protections to send the…
Content type: Impact Case Study
What Happened
On 5 June 2013, The Guardian published the first in a series of documents disclosed by Edward Snowden, a whistleblower who had worked with the NSA. The documents revealed wide-ranging mass surveillance programs conducted by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), which capture the communications and data of hundreds of millions of people around the world. In addition to revealing the mass surveillance programs of the…
Content type: Examples
In November 2016, the security contractor Krytowire discovered that cheap Chinese Android phones often include pre-installed software that monitors users' locations, messaging, and contacts, and sends the gathered information to China every 72 hours. Shanghai Adups Technology Company, the Chinese firm responsible for the software, said its code had been installed on more than 700 million phones, cars, and other devices without informing users, but that it was not intended for American phones.…
Content type: Examples
As part of an ongoing hacker vendetta against surveillance apps installed by abusive partners, in July 2018 a hacker targeted SpyHuman, an India-based company that offers software that monitors Android devices, claiming the software should be taken off the market. Once someone gains physical access to a device and installs the software, SpyHuman's app will intercept phone calls and messages, track GPS locations, read social media messages, and even turn on the device's microphone. The collected…
Content type: Examples
In July 2018, members of the Internal Security Organisation, Uganda's counterintelligence agency, raided South African telecommunications provider MTN's Uganda data centre in Mutundwe. In a letter to the police, MTN said the ISO kidnapped a data manager who worked for the contractor that ran the data centre on MTN's behalf, Huawei Technologies. Moses Keefah Musasizi was taken to the ISO head office in Nakasero and held for four hours before being forced to grant access to the data centre and…
Content type: Examples
Although the US rejected a "National Data Center" approach in 1966, eventually instead passing the 1974 Privacy Act, in 2018 the House of Representatives proposed a national database of all 40 million recipients of benefits under the Supplemental Nutrition Assistance Program (SNAP, formerly known as "food stamps"). The proposed legislation assigned the creation of the database to the Department of Agriculture, with help from private vendors and would collect Social Security numbers, birthdates…
Content type: Examples
Rising suspicion of benefits claimants in the UK led by 2018 to the Department of Work and Pensions' adoption of numerous surveillance tactics, including using social media postings, gym memberships, airport footage, and surveillance video from public buildings including supermarkets, to build cases against claimants. Rates of attempted suicide doubles for disabled claimants between 2007 and 2014, and TV programmes promoting the idea of "lazy skivers" have led to an increase in hate crimes…
Content type: Examples
In July 2018 Walmart filed a patent on a system of sensors that would gather conversations between cashiers and customers, the rattle of bags, and other audio data to monitor employee performance. Earlier in 2018, Amazon was awarded a patent on a wristaband that would monitor and guide workers in processing items. UPS uses sensors to monitor whether its drivers are wearing seatbelts and when they open and close truck doors. All these examples, along with others such as technology that allows…
Content type: Examples
In 2018, documents filed in a court case showed that a few days before the 2017 inauguration of US president Donald Trump - timing that may have been a coincidence - two Romanian hackers took over 123 of the police department's 187 surveillance cameras in Washington, DC with the intention of using police computers to email ransomware to more than 179,000 accounts. The prosecution also said the alleged hackers had stolen banking credentials and passwords and could have used police computers to…
Content type: Examples
A 2016 Privacy International report on Syrian state surveillance found that between 2007 and 2012 the Assad regime spent millions of dollars on building a nationwide communications monitoring system. By 2012, this surveillance capability helped the Syrian government target and murder journalists, including American Sunday Times reporter Marie Colvin and French photographer Rémi Ochlik in 2012, both covering the war. In 2018, the Colvin family filed a video of the journalists' final moments…
Content type: Examples
The US company Securus provides a cellphone tracking service that can locate almost any cellphone in the US within seconds by obtaining data from major carriers via a system used by marketers and other companies. In 2018, former Mississippi County, Missouri, sheriff Cory Hutcheson was charged in state and federal courts for using the service to track people's phones, including those of other police officers, without court orders. Securus, which also provides and monitors calls to inmates in…
Content type: News & Analysis
European leaders met last week in Brussels to discuss what is supposed to be two separate issues, the next trillion euro-plus budget and migration. In truth, no such separation exists: driven by nationalists and a political mainstream unable to offer any alternative but to implement their ideas, the next budget is in fact all about migration.
This strategy contained within the budget will get the approval of Hilary Clinton, who recently told the Guardian that ‘Europe needs to get a handle on…
Content type: Advocacy
Image source
The EU extensively bolsters the surveillance and border control capabilities of governments around the world – and is set to dramatically increase such support. Below, we look at how some of these existing funds are being used, how their proposed expansion will undermine people’s privacy around the world for decades to come, and what needs to be done about it.
Migration has dominated the recent EU agenda and will once again be central during this week’s European Council meeting…
Content type: News & Analysis
Taylor Swift may be tracking you, particularly if you were at her Rose Bowl show in May.
According to an article published by Vanity Fair, at Swift’s concert at the California stadium, fans were drawn to a kiosk where they could watch rehearsal clips. At the same time – and without their knowledge - facial-recognition cameras were scanning them, and the scans were then reportedly sent to a “command post” in Nashville, where they were compared to photos of people who are known…
Content type: News & Analysis
Photo credit: Screenshot from video produced by ICRC, ‘What are metadata’, accessible here.
“The platform [Facebook] does not intentionally cause harm to users. Too often, however, Facebook’s business model allows harm to occur.”
The Editorial Board, The Financial Times, 2 December 2018
Imagine if a recipient of humanitarian aid was prevented from accessing a loan because they were deemed ‘uncreditworthy’ for receiving assistance? Or if a refugee was denied asylum…
Content type: News & Analysis
Why is a privacy organisation working with the humanitarian sector, and why does it matter? We may seem like strange bedfellows, but today's ever-growing digital world means that, more and more, people who receive humanitarian assistance are being exposed to unexpected threats.
According to the 2018 Global Humanitarian Overview, there are more than 134 million people across the world in need humanitarian assistance. Of these, about 90.1 million will receive aid of some form. It is…
Content type: Press release
Key Points
A new report by Privacy International and the International Committee of the Red Cross finds that the humanitarian sector’s use of digital and mobile technologies could have detrimental effects for people receiving humanitarian aid.
This is because these digital systems generate a ‘data trail’ that is accessible and exploitable by third parties for non-humanitarian purposes. This metadata can be used to infer extremely intimate details, such as someone’s travel patterns or…
Content type: Report
New technologies continue to present great risks and opportunities for humanitarian action. To ensure that their use does not result in any harm, humanitarian organisations must develop and implement appropriate data protection standards, including robust risk assessments.
However, this requires a good understanding of what these technologies are, what risks are associated with their use, and how we can try to avoid or mitigate them. This joint report by Privacy International and the…