Search
Content type: Long Read
1. What is the issue?Governments and international organisations are developing and accessing databases to pursue a range of vague and ever-expanding aims, from countering terrorism and investigating crimes to border management and migration control.These databases hold personal, including biometric, data of millions if not billions of people, and such data is processed by technologies, including Artificial Intelligence (AI), to surveil, profile, predict future behaviour, and ultimately make…
Content type: Report
First published in 2017, PI’s Guide to International Law and Surveillance is an attempt to collate relevant excerpts from these judgments and reports into a single principled guide that will be regularly updated. This is the fourth edition of the Guide. It has been updated it to reflect the most relevant legal developments until March 2024.The Guide aspires to be a handy reference tool for anyone engaging in campaigning, advocacy, and scholarly research, on these issues. The fourth…
Content type: Report
Over the past years, data retention regulation imposing generalised and indiscriminate data retention obligations to telecommunication companies and Internet service provides has been introduced in various jurisdictions across the world. As the data retention practices across the world have evolved this new report is an attempt to shed some light on the current state of affairs in data retention regulation across ten key jurisdictions. Privacy International has consulted with human…
Content type: Advocacy
Privacy International had suggested the Human Rights Committee consider the following recommendations for the UK government:Review and reform the IPA 2016 to ensure its compliance with Article 17 of the ICCPR, including by removing the powers of bulk surveillance;Abandon efforts to undermine the limited safeguards of the IPA 2016 through the proposed Investigatory Powers Amendment Bill;Refrain from taking any measures that undermine or limit the availability of encrypted communications or other…
Content type: Advocacy
BackgroundThe Snowden revelations and subsequent litigation have repeatedly identified unlawful state surveillance by UK agencies. In response, the UK Parliament passed the highly controversial Investigatory Powers Act 2016 (IPA), which authorised massive, suspicionless surveillance on a scale never seen before, with insufficient safeguards or independent oversight.Privacy International led legal challenges to this mass surveillance regime both before and after the Act became law. The Act…
Content type: Advocacy
Privacy International joined civil society efforts to call the South African Parliament not to approve the draft General Intelligence Laws Amendment Bill 2023 (GILAB), which was approved by the Cabinet and introduced in Parliament.
The Bill was proposed by the South African government, after the Constitutional Court found the Regulation of Interception of Communications Act of 2002 (RICA) unconstitutional on multiple grounds.
The draft Bill fails to meet the human rights standards on many…
Content type: Advocacy
Dejusticia, Fundación Karisma, and Privacy International submitted a joint stakeholder report on Colombia to the 44th session of the Universal Periodic Review at the UN Human Rights Council.Our submission raised concerns regarding the protection of the rights to freedom of expression and opinion, to privacy, and to personal data protection; the shutdown of civil society spaces; protection of the right to protest; and protection of the rights of the Venezuelan migrant and refugee population.…
Content type: Long Read
We won our case against the UK’s Security Service (MI5) and the Secretary of State for the Home Department (SSHD). The Investigatory Powers Tribunal (IPT) – the judicial body responsible for monitoring UK’s intelligence and security agencies – held that MI5 acted unlawfully by knowingly holding people’s personal data in systems that were in breach of core legal requirements. MI5 unlawfully retained huge amounts of personal data between 2014 and 2019. During that period, and as a result of these…
Content type: Report
End-to-end encryption (E2EE) contributes significantly to security and privacy. For that reason, PI has long been in favour of the deployment of robust E2EE.Encryption is a way of securing digital communications using mathematical algorithms that protect the content of a communication while in transmission or storage. It has become essential to our modern digital communications, from personal emails to bank transactions. End-to-end encryption is a form of encryption that is even more private.…
Content type: Advocacy
Despite repeated recommendations by the UN Human Rights Council and the UN General Assembly to review, amend or enact national laws to ensure respect and protection of the right to privacy, national laws are often inadequate and do not regulate, limit or prohibit surveillance powers of government agencies as well as data exploitative practices of companies.
Even when laws are in place, they are seldom enforced. In fact PI notes how it is often only following legal challenges in national or…
Content type: Explainer
Following sustained reporting by researchers, journalists and activists around the world, including recent disclosures exposed by the PegasusProject, the surveillance industry is facing scrutiny like never before.
In the latest move, eighteen U.S. lawmakers have today demanded that the U.S. government imposes sanctions on four non-US surveillance companies for, as they mention in their letter, facilitating “disappearance, torture and murder of human rights activists and journalists”.
The move…
Content type: Examples
The 20 years since the 9/11 attacks have fundamentally changed the way the New York Police Department operates, leading it to use facial recognition software, licence plate readers, and mobile X-ray vans, among other surveillance tools for both detecting and blocking potential terrorist attacks and solving minor crimes. Surveillance drones monitor mass protests, antiterrorism officers interrogate protesters, and the NYPD’s Intelligence Division uses antiterror tactics against gang violence and…
Content type: Examples
The Myanmar military are stopping people in the street, checking through the data on their phones, and taking them to jail if they find suspicious messages or photos. At least 5,100 people were still in jail many months after opposing the February 1, 2021 military takeover. The spontaneous searches also deter individuals from continuing to post on social media or lead them to create new accounts they hope will evade detection, and avoid crowded streets where police or soldiers are likely to be…
Content type: News & Analysis
After almost 20 years of presence of the Allied Forces in Afghanistan, the United States and the Taliban signed an agreement in February 2020 on the withdrawal of international forces from Afghanistan by May 2021. A few weeks before the final US troops were due to leave Afghanistan, the Taliban had already taken control of various main cities. They took over the capital, Kabul, on 15 August 2021, and on the same day the President of Afghanistan left the country.
As seen before with regime…
Content type: News & Analysis
As Amnesty International and Forbidden Stories continue to publish crucial information about the potential targets of NSO Group’s spyware, we know this much already: something needs to be done.
But what exactly needs to be done is less obvious. Even though this is not the first time that the world has learned about major abuses by the surveillance industry (indeed, it’s not even the first time this month), it’s difficult to know what needs to change.
So how can the proliferation and use of…
Content type: Long Read
Additionally, in January 2020 Privacy International and UK-based NGO Liberty filed a new claim against MI5 and the Secretary of State for the Home Department in the Investigatory Powers Tribunal (the “Ungoverned Spaces Case”, this time, the case sought to hold MI5 and the SSHD accountable for systemic, long-term failures in the way they handle and retain millions of people’s personal data. As part of this claim, PI requested that the IPT re-opens parts of the original BPD/BCD. This aspect of…
Content type: News & Analysis
What happened
On 22 July 2021, the Investigatory Powers Tribunal (IPT) issued a declaration on our challenge to the UK bulk communications regime finding that section 94 of the Telecommunications Act 1984 (since repealed by the Investigatory Powers Act 2016) was incompatible with EU law human rights standards. The result of the judgment is that a decade’s worth of secret data capture has been held to be unlawful. The unlawfulness would have remained a secret but for PI’s work.
You…
Content type: Examples
In 2019, interviews with Hong Kong protesters destroying smart lampposts revealed that many distrusted the government's claim that they would only take air quality measurements and help with traffic control, largely because of the comprehensive surveillance net the Chinese government was using to control and oppress the minority Uighur population in the Xinjiang region. As part of their response to this threat, the protesters wore masks, carried umbrellas, and travelled on foot, using online…
Content type: Examples
A British freedom of information tribunal ruled that for national security reasons police in England and Wales may refuse to say whether they are using Stingrays, also known as IMSI-catchers, which are capable of tracking thousands of mobile phones and intercepting their calls, text messages, and other data. In 2016, the Bristol Cable found that police forces had bought hundreds of thousands of these devices disguised in public spending data by the acronym CCDC. Privacy International, which…
Content type: Long Read
The Grand Chamber of the European Court of Human Rights ruled that the UK government’s historical mass interception program violates the rights to privacy and freedom of expression. The Court held that the program “did not contain sufficient “end-to-end” safeguards to provide adequate and effective guarantees against arbitrariness and the risk of abuse.” As a result the Court ruled that UK law "did not meet the “quality of law” requirement and was therefore incapable of keeping the “…
Content type: Explainer
What is social media monitoring?
Social media monitoring refers to the monitoring, gathering and analysis of information shared on social media platforms, such as Facebook, Twitter, Instagram and Reddit.
It may include snooping on content posted to public or private groups or pages. It may also involve “scraping” – grabbing all the data from a social media platform, including content you post and data about your behaviour (such as what you like and share).
Through scraping and other tools…
Content type: Explainer
What is an IMSI catcher?
‘IMSI’ stands for ‘international mobile subscriber identity’, a number unique to your SIM card. IMSI catchers are also known as ‘Stingrays’.
An ‘IMSI catcher’ is a device that locates and then tracks all mobile phones that are connected to a phone network in its vicinity, by ‘catching’ the unique IMSI number.
It does this by pretending to be a mobile phone tower, tricking mobile phones nearby to connect to it, enabling it to then intercept the data from that phone…
Content type: Report
Human rights defenders across the world have been facing increasing threats and harms as result of the use of digital and technological tools used by governments and companies which enable the surveillance, monitoring and tracking of individuals and communities. They are continuously at risk of violence, intimidation and surveillance as a direct consequence of the work they do. Such surveillance has been shown to lead to arbitrary detention, sometimes to torture and possibly to extrajudicial…
Content type: Long Read
What’s the ruling all about?
The Constitutional Court of South Africa in a historic judgment declared that bulk interception by the South African National Communications Centre is unlawful and invalid. Furthermore, the Constitutional Court found that the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA) 1) was deficient in failing to provide at least a post-notification procedure for subjects of interception; 2) failed to ensure the…
Content type: News & Analysis
Traduction réalisée par Nadine Blum.
Le 29 mai, le Congrès nigérien a voté une loi permettant au gouvernement d’intercepter largement certaines communications électroniques. La loi rend légale l’interception de communications, autorisée par le gouvernement, sans protections appropriées ni mécanismes de contrôle.
La loi a été adoptée avec 104 votes pour – le Parlement nigérien compte 171 membres – et sans la participation de l’opposition qui a boycotté la loi. L’opposition a affirmé…
Content type: News & Analysis
On 29 May, Niger’s Congress voted on a law allowing for broad interception powers of certain electronic communications by the government. The bill makes it lawful for the government to approve the interception of communications without appropriate safeguards or oversight mechanisms.
The law passed with 104 votes – the Nigerien parliament has 171 members – without the participation of the opposition that boycotted the law. The opposition claimed that
the law will allow those, for…
Content type: Examples
The whistleblower said they were unable to find any legitimate reason for the high volume of the requests for location information. “There is no other explanation, no other technical reason to do this. Saudi Arabia is weaponising mobile technologies,” the whistleblower claimed.
The data leaked by the whistleblower was also seen by telecommunications and security experts, who confirmed they too believed it was indicative of a surveillance campaign by Saudi Arabia.
The data shows requests for…
Content type: Examples
BT, owner of UK mobile operator EE, is in talks with the government about using its phone location and usage data to monitor whether coronavirus limitation measures such as asking the public to stay at home are working. The information EE supplies would be delayed by 12 to 24 hours, and would provide the ability to create movement maps that show patterns. The data could also feed into health services' decisions, and make it possible to send health alerts to the public in specific locations.…
Content type: News & Analysis
In mid-2019, MI5 admitted, during a case brought by Liberty, that personal data was being held in “ungoverned spaces”. Much about these ‘ungoverned spaces’, and how they would effectively be “governed” in the future, remained unclear. At the moment, they are understood to be a ‘technical environment’ where personal data of unknown numbers of individuals was being ‘handled’. The use of ‘technical environment’ suggests something more than simply a compilation of a few datasets or databases.
The…
Content type: News & Analysis
Today Advocate General (AG) Campos Sánchez-Bordona of the Court of Justice of the European Union (CJEU), issued his opinions (C-623/17, C-511/18 and C-512/18 and C-520/18) on how he believes the Court should rule on vital questions relating to the conditions under which security and intelligence agencies in the UK, France and Belgium could have access to communications data retained by telecommunications providers.
The AG addressed two major questions:
(1) When states seek to impose…