Search
Content type: Long Read
This piece was originally published in Just Security in November 2017.
The upcoming expiration of Section 702 of the Foreign Intelligence Surveillance Act (FISA) has launched a fresh wave of debate on how the statute’s “backdoor search loophole” allows the U.S. government to access Americans’ communications by searching information gathered on foreign intelligence grounds without a warrant. But while discussion about domestic information sharing is important, a critical…
Content type: Long Read
Photo Credit: AU UN IST / Tobin Jones
El 25 de septiembre 2017, el presidente de Paraguay objetó la totalidad de una propuesta de Ley denominada “que regula la activación del servicio de telefonía móvil”, disponiendo la creación de un registro de huellas dactilares de todos los usuarios de servicios móviles, y la desconexión dentro de un año a todos quienes no se hayan incorporado a este registro, todo ello bajo la excusa de disminuir los robos de identidad en la activación de…
Content type: Report
The smart city market is booming. National and local governments all over the world expect their cities to become more efficient, more sustainable, cleaner and safer by integrating technology, increasing data generation and centralising data to provide better services. From large multinationals to small start-ups, companies want their slice of the multi-billion dollars per year pie of municipal budgets and long-term government contracts.
But do smart cities even exist? And are our cities…
Content type: Long Read
Government hacking is unlike any other form of existing surveillance technique. Hacking is an attempt to understand a system better than it understands itself, and then nudging it to do what the hacker wants. Fundamentally speaking, hacking is therefore about causing technologies to act in a manner the manufacturer, owner or user did not intend or did not foresee.
Governments can wield this power remotely, surreptitiously, across jurisdictions, and at scale. A single hack can affect many…
Content type: Report
This report sheds light on the current state of affairs in data retention regulation across the EU post the Tele-2/Watson judgment. Privacy International has consulted with digital rights NGOs and industry from across the European Union to survey 21 national jurisdictions (Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, France, Germany, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom).…
Content type: Long Read
On 8 September 2017, the Investigatory Powers Tribunal decided to refer questions to the Court of Justice of the European Union (‘CJEU’) concerning the collection of bulk communications data (‘BCD’) by the Security Intelligence Agencies from mobile network operators.
The BCD regime was initially secret. In an earlier judgment, the Investigatory Powers Tribunal ruled that the regime was not compliant with the European Convention on Human Rights prior to its public avowal, but (subject to…
Content type: Long Read
European Court of Human Rights Intervention
On 15 September 2017, Privacy International filed an intervention to the European Court of Human Rights in Association Confraternelle de la Presse Judiciare and 11 Other Applications v. France. This case challenges various surveillance powers authorised under the French Intelligence Act of 24 July 2015 as incompatible with Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy…
Content type: Report
In this paper, Privacy International explores* what it means to be secure, and how governments and companies enact policies and laws that undermine security globally. Good cyber security policies and practices put people and their rights at the centre. By prioritising the individual and protecting people, devices and networks, governments could take advantage of a real opportunity - to give something technically complex a human element. In short, giving the tin man a heart.
*This…
Content type: Long Read
This piece was originally published in Just Security in August 2017
We recently published an analysis in Lawfare of the United Kingdom’s surveillance framework as it relates to the proposed U.S.-U.K. agreement for cross-border law enforcement data requests. Implementing the U.S.-U.K. agreement is subject to passage of draft legislation proposed by the Justice Department to Congress in July 2016 (“U.S. DOJ legislation”), which will set standards that approved partners like the U.K.…
Content type: Long Read
This piece was originally published in Lawfare in July 2017.
The United Kingdom has been a key partner in the United States’ efforts to reform the process that law enforcement officials use to make cross-border requests for data. These efforts address both foreign governments’ requests for data stored in the U.S. and reciprocal requests by the U.S. government for data stored abroad. As part of these efforts, the U.S. and the U.K. have negotiated a draft bilateral agreement (“U…
Content type: Long Read
6 July 2017
Full briefing: UK-US Intelligence Sharing Arrangements
Urgent transparency is needed regarding the UK’s intelligence sharing arrangements with the United States, which allows UK and US agencies to share, by default, any raw intelligence and methods and techniques related to the acquisition of such intelligence. In a recent YouGov poll, three quarters of Britons said that they want the UK Government to tell the public what safeguards govern these arrangements. Privacy…
Content type: Long Read
In January 2017, Kenya’s information and communication technology regulator, the Communications Authority of Kenya, announced that it was spending over 2 billion shillings (around 14 million USD) on new initiatives to monitor Kenyans’ communications and regulate their communications devices. The press lit up with claims of spying, and members of Kenya’s ICT community vowed to reject the initiatives as violating Kenyans’ constitutional rights, including the right to privacy (Article 31…
Content type: Long Read
This piece was originally published in Lawfare in May 2017.
This post is part of a series written by participants of a conference at Georgia Tech in Surveillance, Privacy, and Data Across Borders: Trans-Atlantic Perspectives.
Cross-border law enforcement demands have become increasingly important to law enforcement in the digital age. Digital evidence in one jurisdiction—such as the United States—is often necessary to investigate a crime that has effects in another jurisdiction…
Content type: Long Read
Disclaimer: This piece was written in April 2017. Since publishing, further information has come out about Cambridge Analytica and the company's involvement in elections.
Recently, the data mining firm Cambridge Analytica has been the centre of tons of debate around the use of profiling and micro-targeting in political elections. We’ve written this analysis to explain what it all means, and the consequences of becoming predictable to companies and political campaigns.
What does…
Content type: Report
This investigation focuses on the techniques, tools and culture of Kenyan police and intelligence agencies’ communications surveillance practices. It focuses primarily on the use of surveillance for counterterrorism operations. It contrasts the fiction and reality of how communications content and data is intercepted and how communications data is fed into the cycle of arrests, torture and disappearances.
Communications surveillance is being carried out by Kenyan state actors, essentially…
Content type: Report
This stakeholder report is a submission by Privacy International (PI). PI is a human rights organisation that works to advance and promote the right to privacy and ght surveillance around the world. Privacy International wishes to bring concerns about the protection and promotion of the right to privacy for consideration in Pakistan’s upcoming review at the 28th session of the Working Group on the Universal Periodic Review.
Content type: State of Privacy
Introduction
Acknowledgment
The State of Surveillance in Thailand is the result of a collaboration by Privacy International and Thai Netizen Network.
Right to Privacy
The constitution
Thailand experienced a coup d'etat in May 2014. According to Mishari Muqbil and Arthit Suriyawongkul, “their [the junta's] modus operandi seems to be the direct command of ministries and semi-governmental organisations to carry out tasks irrespective of existing legislation.”
Following…
Content type: Long Read
This briefing highlights opportunities for NGOs to raise issues related to the right to privacy before some selected UN human rights bodies that have the mandate and the capacity to monitor and provide recommendations and redress.
The briefing provides some examples based on Privacy International’s experience and points at additional resources and guides. While this guide focuses on the work of NGOs, information to UN human rights mechanisms can be sent by other civil society actors…
Content type: Long Read
In this special briefing for International Women’s Day 2017, we explore through the work of the Privacy International Network some areas of concern being addressed in relation to privacy, surveillance, women’s rights, and gender. Coding Rights demonstrates the important of generating and disseminating gendered content on issues of surveillance in Latin America as a means of inciting informed action. In Chile, Derechos Digitales explored the booming market of mobile applications related to…
Content type: Long Read
Introduction
A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. Yet hacking presents unique and grave threats to our privacy and security. It is far more intrusive than any other surveillance technique, capable of accessing information sufficient to build a detailed profile of a person, as well as altering or deleting that information. At the same time, hacking not only undermines the security of targeted systems, but also has…
Content type: Long Read
This piece was orignally published in Slate in February 2017
In 2015, the FBI obtained a warrant to hack the devices of every visitor to a child pornography website. On the basis of this single warrant, the FBI ultimately hacked more than 8,700 computers, resulting in a wave of federal prosecutions. The vast majority of these devices—over 83 percent—were located outside the United States, in more than 100 different countries. Now, we are in the midst of the first cases…
Content type: Report
This investigation looks at how surveillance is being conducted in Thailand. The first part of the investigation focuses on the ties between telecommunication companies and the state, and the second part of the investigation focuses on attacks conducted in order to attempt to circumvent encryption.
Content type: Long Read
The use of IMSI catchers[1] to arrest individuals is rarely documented — as IMSI catchers are used secretively in most countries. The arrest of Colombian drug lord Henry López Londoño in Argentina is therefore a rare opportunity to understand both how IMSI catchers are used, and also the complexity of their extraterritorial use.
In October 2012, Londoño — also known as Mi Sangre (“My Blood”) — was arrested in Argentina. His arrest was the result of cooperation between the Dirección de…
Content type: Long Read
The move to digital payments, without an adequate legal framework, is a double-blow to privacy. India is proving to be the case study of how not to do the move to the cashless society. We are seeing in India the deeper drives to digital: linking financial transactions to identity. On the 8th November, Prime Minister Modi of India announced that 500 and 1,000 rupee notes – 86% of the money supply – would be removed from circulation. The initial justification for this was to tackle the…
Content type: Long Read
In July 2015, representatives of a private company met in a parking lot in Pretoria, South Africa to sell phone tapping technology to an interested private buyer. What they did not know was that this buyer was a police officer. The police had been tipped off that the company was looking to offload the surveillance technology, an IMSI catcher, to anyone who would buy it. It is illegal to operate such surveillance technology as a private citizen in South Africa, and illegal to buy…
Content type: Report
Privacy International’s investigation contains evidence of the Syrian government’s ambitious plans and projects to monitor the national communications infrastructure, the technical details of which are revealed for the first time. Hundreds of original documents also highlight surveillance trade in this region leading up to and during the Arab Spring, which involved companies from around the world.
Content type: Long Read
Tech firms and governments are keen to use algorithms and AI, everywhere. We urgently need to understand what algorithms, intelligence, and machine learning actually are so that we can disentangle the optimism from the hype. It will also ensure that we come up with meaningful responses and ultimately protections and safeguards.
Many technologists emerge from University, College or graduate courses with the impression that technology is neutral and believe that all systems they apply their…
Content type: Long Read
This piece was written by Ashley Gorski, who is an attorney at the American Civil Liberties Union, and PI legal officer Scarlet Kim and originally appeared in The Guardian here.
In recent weeks, the Hollywood film about Edward Snowden and the movement to pardon the NSA whistleblower have renewed worldwide attention on the scope and substance of government surveillance programs. In the United States, however, the debate has often been a narrow one, focused on the…
Content type: Long Read
On 17 October 2016, the Investigatory Powers Tribunal handed down judgment in a case brought by Privacy International against the Foreign Secretary, the Home Secretary and the three Security and Intelligence Agencies (MI5, MI6 and GCHQ).
The case concerned the Agencies’ acquisition and use of bulk personal datasets (‘BPD’) – datasets that contain personal data about individuals, the majority of whom are unlikely to be of intelligence interest, such as passport databases and finance-related…