Search
Content type: Long Read
IntroductionHarnessing new digital technology to improve people’s health is now commonplace across the world. Countries and international organisations alike are devising digital health strategies and looking to emerging technology to help solve tricky problems within healthcare. At the same time, more and more start-ups and established tech companies are bringing out new, and at times innovative, digital tools aimed at health and wellbeing.
Content type: Long Read
In a roundtable available on YouTube, co-hosted with Garden Court Chambers, Privacy International brought together immigration law practitioners to discuss how they’ve used privacy and data protection law to seek information or redress for their clients.Index:1. UK Border 20252. Super-complaint and judicial review challenge to data sharing3. Mobile phone seizure and extraction4. Freedom of Information Act requestsThe dystopian future: UK Border 2025To set the scene on how the future may look…
Content type: Long Read
Governments around the world are increasingly making registration in national digital ID systems mandatory for populations, justifying its need on a range of issues from facilitating access to services, to national security and fighting against corruption. This is an attempt to create a "foundational identity" for an individual, or "a single source of truth" about who someone is, according to a government agency. These identity systems are run by governments, sometimes by private companies, or…
Content type: Long Read
This piece was last updated in June 2021.
In many countries, access to social protection (such as welfare programmes or healthcare) is made conditional on producing a form of identification (“ID”). But obtaining a recognised and accurate ID is often a process riddled with discriminatory designs, bureaucracy and technical failures that prevent individuals from accessing the services they are entitled to. Even when people eventually get an ID, it might not accurately reflect who they are,…
Content type: Explainer
The UK Home Office provides basic subsistence support to people who are in the process of applying for asylum, as well as to those whose applications have been refused and are appealing their cases, in the form of an ‘Aspen Card’ - basically it’s a debit payment card, which can be used in any shop that accepts VISA debit payments. At the time of writing the programme is managed by corporate giant corporate giant Sodexo, but the administration of the payment system is soon going to go to a new…
Content type: Examples
A study of 17 Android mobile contact tracing apps from 17 different countries found that most government-sponsored contact tracing apps are insecure and risk exposing users’ privacy and data. The researchers used the presence or absence of six basic hardening techniques: name obfuscation (just one app of the 17), string encryption (29%), asset/resource encryption (6%), class encryption (6%), root detection (41%), and emulator detection (18%) as indicators of the overall level of in-app security…
Content type: Examples
A detailed analysis of Pakistan’s app, which was developed by the Ministry of IT and Telecom and the National Information Technology Board and which offers dashboards for each province and state, self-assessment tools, and popup hygiene reminders, finds a number of security issues. Among them: the app uses hard-coded credentials, which it sends insecurely, to communicate with the government server, and it downloads the exact coordinates of infected people in order to provide a map of their…
Content type: Examples
Excluded groups such as sex workers and asylum seekers are being left behind in the UK’s COVID-19 response as control measures amplify existing health inequalities and put life-saving advice and care further out of reach.
The closure of services and some GP registrations, a lack of access to technology, distrust and fear of authorities, unsuitable or insecure accommodation, and reduced income are among the many challenges facing people in vulnerable circumstances in England.
Doctors of…
Content type: Long Read
This research was commissioned as part of Privacy International’s global research into data exploitative technologies used to curtail women’s access to reproductive rights.
Read about Privacy International’s Reproductive Rights and Privacy Project here and our research findings here.
1. What are the barriers to access safe and legal abortion care?
Even though abortion is legal in certain cases in Argentina, different types of barriers restrict the access to legal abortions, contribute…
Content type: Examples
As part of its planning for the 2020 Olympic Games, due to be held in Tokyo, Japan approved a law that would allow the government to conduct a survey to identify vulnerable Internet of Things devices. The National Institute of Information and Communications Technology staff who carry out the survey, who will be supervised by the Ministry of Internal Affairs and Communications, are required to follow strict rules in attempting to hack into these devices: they are only allowed to use default…
Content type: Explainer
This is the third part of Understanding Identity Systems. Read Part 1: Why ID?, and Part 2: Discrimination and Identity.
Biometrics
Biometrics are the physiological and behavioural characteristics of individuals. This could be fingerprints, voice, face, retina and iris patterns, hand geometry, gait or DNA profiles. However, the legal definition of ‘biometrics’ may differ – in some contexts, it may be defined by law, whereas in others it may not have, or only have…
Content type: Examples
In May 2018, UK-based security researcher Robert Wiggins discovered that the mobile app TeenSafe, marketed as a secure app for iOS and Android, was storing data it collected on servers hosted on Amazon's cloud without a password and openly accessible. The app lets parents monitor their children's text messages, location, browsing history, and apps, as well as who they called and when, and does not require parents to obtain their children's consent. The insecurely stored 10,200 records included…
Content type: Examples
At the 2016 Usenix Workshop on Offensive Technologies, researchers from the University of Michigan presented the results of tests that showed that industrial vehicles - a 2006 semi-trailer and a 2001 school bus - were subject to the same security flaws as had already been found in domestic cars. Via digital signals sent within a big truck's internal network, the researchers were able to change the truck's instrument panel readout, trigger unintended acceleration, and even disable part of the…
Content type: Examples
In March 2016, a hacker group identifying itself as Anonymous Philippines defaced the website of the Philippine Commission on the Elections (Comelec), leaving a message that accused Comelec of not doing enough to secure the voting machines due to be used in the general election the following month. That same day, LulzSec Piliphinas, a different but related hacker group, posted online a link to a 338GB database it claimed was the entire electoral register of 54.36 million Filipinos. Trend Micro…
Content type: Examples
Facebook has come under fire after leaked documents revealed the social media site has been targeting potentially vulnerable children.
The allegations suggest the company is gathering information on young people who “need a confidence boost” to facilitate predatory advertising practices.
Confidential documents obtained by The Australian reportedly show how Facebook can exploit the moods and insecurities of teenagers using the platform for the benefit of advertisers.…
Content type: Case Study
Invisible and insecure infrastructure is facilitating data exploitation
Many technologies, including those that are critical to our day-to-day lives do not protect our privacy or security. One reason for this is that the standards which govern our modern internet infrastructure do not prioritise security which is imperative to protect privacy.
What happened?
An example of this is Wi-Fi, which is now on its sixth major revision (802.11ad). Wi-Fi was always designed to be a verbose in…
Content type: Case Study
For those concerned by reporting of Facebook’s exploitation of user data to generate sensitive insights into its users, it is worth taking note of WeChat, a Chinese super-app whose success has made it the envy of Western technology giants, including Facebook. WeChat has more than 900 million users. It serves as a portal for nearly every variety of connected activity in China. Approximately 30% of all time Chinese users spend on the mobile internet centers around…