Search
Content type: Long Read
Our briefing, “When Spiders Share Webs: The creeping expansion of INTERPOL’s interoperable policing and biometrics entrench externalised EU borders in West Africa”, explores the concerning human rights implications of the use of interoperable data-driven policing capabilities and biometric technologies in West African countries rolled out by the International Criminal Police Organisation (INTERPOL)’s European Union (EU)-funded West African Police Information System (WAPIS) programme. We make a…
Content type: Long Read
The fourth edition of PI’s Guide to International Law and Surveillance provides the most hard-hitting past and recent results on international human rights law that reinforce the core human rights principles and standards on surveillance. We hope that it will continue helping researchers, activists, journalists, policymakers, and anyone else working on these issues.The new edition includes, among others, entries on (extra)territorial jurisdiction in surveillance, surveillance of public…
Content type: Advocacy
Privacy International had suggested the Human Rights Committee consider the following recommendations for the UK government:Review and reform the IPA 2016 to ensure its compliance with Article 17 of the ICCPR, including by removing the powers of bulk surveillance;Abandon efforts to undermine the limited safeguards of the IPA 2016 through the proposed Investigatory Powers Amendment Bill;Refrain from taking any measures that undermine or limit the availability of encrypted communications or other…
Content type: Advocacy
Dejusticia, Fundación Karisma, and Privacy International submitted a joint stakeholder report on Colombia to the 44th session of the Universal Periodic Review at the UN Human Rights Council.Our submission raised concerns regarding the protection of the rights to freedom of expression and opinion, to privacy, and to personal data protection; the shutdown of civil society spaces; protection of the right to protest; and protection of the rights of the Venezuelan migrant and refugee population.…
Content type: News & Analysis
Our mobile phones contain all kinds of data that ranges from photos, videos and emails to information about our health, the places we visit and our leisure time. This data is often relied upon by law enforcement authorities in criminal investigations.
Mobile phone extraction (MPE) tools are used for this purpose as they enable police and other authorities to download content and associated data from people’s phones. These tools are supplied by private companies to security forces and…
Content type: Press release
In a landmark judgment, handed down today (Monday 30 January 2023), the Investigatory Powers Tribunal have found that there were “very serious failings” at the highest levels of MI5 to comply with privacy safeguards from as early as 2014, and that successive Home Secretaries did not to enquire into or resolve these long-standing rule-breaking despite obvious red flags.
Human rights organisations Liberty and Privacy International, who brought this significant legal case in January 2020, have…
Content type: Report
End-to-end encryption (E2EE) contributes significantly to security and privacy. For that reason, PI has long been in favour of the deployment of robust E2EE.Encryption is a way of securing digital communications using mathematical algorithms that protect the content of a communication while in transmission or storage. It has become essential to our modern digital communications, from personal emails to bank transactions. End-to-end encryption is a form of encryption that is even more private.…
Content type: Explainer
Introduction/Background
Electronic tags have been a key part of criminal justice offender management for over 20 years, being used in the United States since the mid 1980’s and in the UK and some other commonwealth countries since 2003. In 2021 the UK introduced GPS tagging for immigration bail.
The tag is predominantly used to curtail the liberties of individuals. For those on criminal bail its intended use includes managing return into communities while deterring reoffending.
As we explore…
Content type: News & Analysis
What if we told you that every photo of you, your family, and your friends posted on your social media or even your blog could be copied and saved indefinitely in a database with billions of images of other people, by a company you've never heard of? And what if we told you that this mass surveillance database was pitched to law enforcement and private companies across the world?
This is more or less the business model and aspiration of Clearview AI, a company that only received worldwide…
Content type: Advocacy
PI, together with 30 national and international civil society organisations (CSOs), release an open letter calling on Parliament and relevant stakeholders to halt and ban the use of live facial recognition technology (LFRT) by the police and private companies.We believe that the use of LFRT poses significant and unmitigable risks to our society. We do not believe that it can ever be safely deployed in public spaces or for mass surveillance purposes.The open letter comes as a result of a recent…
Content type: News & Analysis
As Amnesty International and Forbidden Stories continue to publish crucial information about the potential targets of NSO Group’s spyware, we know this much already: something needs to be done.
But what exactly needs to be done is less obvious. Even though this is not the first time that the world has learned about major abuses by the surveillance industry (indeed, it’s not even the first time this month), it’s difficult to know what needs to change.
So how can the proliferation and use of…
Content type: News & Analysis
Around the world, we see migration authorities use technology to analyse the devices of asylum seekers. The UK via the Policing Bill includes immigration officers amongst those who can exercise powers to extract information from electronic devices. There are two overarching reasons why this is problematic:
The sole provision in the Policing Bill to extract information rests on voluntary provision and agreement, which fails to account for the power imbalance between individual and state. This…
Content type: News & Analysis
It is difficult to imagine a more intrusive invasion of privacy than the search of a personal or home computer ... when connected to the internet, computers serve as portals to an almost infinite amount of information that is shared between different users and is stored almost anywhere in the world.
R v Vu 2013 SCC 60, [2013] 3 SCR 657 at [40] and [41].
The controversial Police Crime Sentencing and Courts Bill includes provision for extracting data from electronic devices.
The Bill…
Content type: Examples
During the Black Lives Matter protests of summer 2020, US police took advantage of a lack of regulation and new technologies to expand the scope of people and platforms they monitor; details typically emerge through lawsuits, public records disclosures, and stories released by police department PR as crime prevention successes. A report from the Brennan Center for Justice highlights New York Police Department threats to privacy, freedom of expression, and due process and the use of a predator…
Content type: News & Analysis
The Police, Crime, Sentencing and Courts (PCSC) Bill is currently being scrutinised by numerous civil society organisations such as Amnesty International UK and Liberty for its damaging impacts on peaceful protests, however it also contains important provisions regarding when, if and how the police and other governmental authorities can extract data from your phones and other electronic devices.
Chapter 3 of the PCSC Bill is a legislative response to the UK's Information Commissioner's Office…
Content type: Long Read
As more and more of us feel compelled to cover our faces with masks, companies that work on facial recognition are confronted with a new challenge: how to make their products relevant in an era where masks have gone from being seen as the attribute of those trying to hide to the accessory of good Samaritans trying to protect others.
Facewatch is one of those companies. In May 2020, they announced they had developed a new form of facial recognition technology that allows for the…
Content type: Long Read
The Law Enforcement Data Service (LEDS) is a unified, common interface to a new mega-database currently being developed by the Home Office National Law Enforcement Data Programme (NLEDP).
It might not sound like the most exciting thing in the world (and it isn't!) - but it will have a profound impact on policing and surveillance in the UK for generations.
We believe that the development of the programme poses a threat to privacy and other rights and must be subjected to strong oversight,…
Content type: Case Study
Facial recognition technology (FRT) is fairly present in our daily lives, as an authentication method to unlock phones for example. Despite having useful applications, FRT can also be just another technology used by those in power to undermine our democracies and carry out mass surveillance. The biometric data collected by FRT can be as uniquely identifying as a fingerprint or DNA. The use of this technology by third parties, specially without your consent, violates your right to privacy.
The…
Content type: Case Study
Well into the 21st century, Serbia still does not have a strong privacy culture, which has been left in the shadows of past regimes and widespread surveillance. Even today, direct police and security agencies’ access to communications metadata stored by mobile and internet operators makes mass surveillance possible.
However, a new threat to human rights and freedoms in Serbia has emerged. In early 2019, the Minister of Interior and the Police Director announced that Belgrade will receive “a…
Content type: Report
The majority of people today carry a mobile phone with them wherever they go, which they use to stay connected to the world. Yet an intrusive tool, known as an International Mobile Subscriber Identity catcher, or “IMSI catcher” is a form of surveillance equipment that enables governments and state authorities to conduct indiscriminate surveillance of mobile devices, and by extension, on users.
IMSI catchers can do much more than monitor and intercept mobile communications. Designed to imitate…
Content type: News & Analysis
IMSI catchers (or stingrays as they are known in the US) are one of the surveillance technologies that has come to the forefront again in the protests against police brutality and systemic racism that have been sparked by the murder of George Floyd on 25 May 2020.
An International Mobile Subscriber Identity catcher – in short an “IMSI catcher” – is an intrusive piece of technology that can be used to locate and track all mobile phones that are switched on in a certain area. It does so by…
Content type: Press release
Today, the ICO has issued a long-awaited and critical report on Police practices regarding extraction of data from people's phones, including phones belonging to the victims of crime.
The report highlights numerous risks and failures by the police in terms of data protection and privacy rights. The report comes as a result of PI’s complaint, dating back to 2018, where we outlined our concerns about this intrusive practice, which involves extraction of data from devices of victims, witnesses…
Content type: Long Read
In December 2019, the Information Rights Tribunal issued two disappointing decisions refusing appeals brought by Privacy International (PI) against the UK Information Commissioner.
The appeals related to decisions by the Information Commissioner (IC), who is responsible for the UK’s Freedom of Information regime, concerning responses by the Police and Crime Commissioner for Warwickshire and the Commissioner of Police for the Metropolis (The Metropolitan Police) to PI’s freedom of information…
Content type: Case Study
IMSI catchers – International Mobile Subscriber Identity catchers – are a particularly intrusive technology being used by police to monitor protesters and intercept their personal information and communications.
IMSI catchers have been used - officially or in secret - across the globe to monitor protests, including in the US and Germany; in the UK, police forces have refused to disclose any information on their use but documents obtained by the Bristol cable show that nine police forces have…
Content type: Report
On 12 December 2018 a member of Lancashire Police Department UK told viewers of a Cellebrite webinar that they were using Cellebrite's Cloud Analyser to obtain cloud based 'evidence'. In response to a Freedom of Information request Hampshire Constabulary told Privacy International they were using Cellebrite Cloud Analyser.
They are not alone. In Cellebrite's 2019 Annual Trend Survey, Cellebrite found that law enforcement is increasingly using 'cloud extraction.' But the…
Content type: Case Study
The increasing deployment of highly intrusive technologies in public and private spaces such as facial recognition technologies (FRT) threaten to impair our freedom of movement. These systems track and monitor millions of people without any regulation or oversight.
Tens of thousands of people pass through the Kings Cross Estate in London every day. Since 2015, Argent - the group that runs the Kings Cross Estate - were using FRT to track all of those people.
Police authorities rushed in secret…
Content type: Long Read
The UK’s Metropolitan Police have began formally deploying Live Facial Recognition technology across London, claiming that it will only be used to identify serious criminals on “bespoke ‘watch lists’” and on “small, targeted” areas.
Yet, at the same time, the UK’s largest police force is also listed as a collaborator in a UK government-funded research programme explicitly intended to "develop unconstrained face recognition technology", aimed “at making face…
Content type: Case Study
In 2015, James Bates was charged with first-degree murder in the death of Victor Collins. Collins was found floating face down in Bates’ hot tub in November 2015. Bentonville police served two search warrants ordering Amazon to turn over the “electronic data in the form of audio recordings, transcribed records, text records and other data contained on the Amazon Echo device” in Bates’ home.
The reason for the warrants? According to the police, just because the device was in the house that…
Content type: Case Study
In 2015, a man in Connecticut was charged with murdering his wife based on evidence from her Fitbit. Richard Dabate, the accused, told the police that a masked assailant came into the couple’s suburban home at around 9am on 23 December 2015, overpowering Dabate then shooting his wife as she returned through the garage.
However, the victim’s fitness tracker told a different story. According to data from the device, which uses a digital pedometer to track the wearer’s steps, Dabate’s wife was…
Content type: Case Study
In early May 2019, it was revealed that a spyware, exploiting a vulnerability in Facebook’s WhatsApp messaging app, had been installed onto Android and iOS phones. The spyware could be used to turn on the camera and mic of the targeted phones and collect emails, messages, and location data. Citizen Lab, the organization that discovered the vulnerability, said that the spyware was being used to target journalists and human rights advocates in different countries around the world. The spyware…