Search
Content type: Long Read
27th March 2019
(In order to click the hyperlinks in the explainer below, please download the pdf version at the bottom of the page).
Content type: Long Read
24th February 2020
Valentine’s Day is traditionally a day to celebrate relationships, but many relationships that begin romantically can quickly become controlling, with partners reading emails, checking texts and locations of social media posts. This can be just the beginning.
Today, Friday 14th February, Privacy International and Women’s Aid are launching a series of digital social media cards giving women practical information on how to help stay safe digitally from control and abuse.
Did you know that…
Content type: News & Analysis
30th April 2019
A mobile device is a huge repository of sensitive data, which could provide a wealth of information about its owner and many others with whom the user interacts.
Companies like Cellebrite, MSAB and Oxygen Forensics sell software and hardware to law enforcement. Once your phone is connected to one of these mobile phone extraction tools, the device extracts, analyses and presents the data contained on the phone.
What data these tools can extract and what method is used will depend on the…
Content type: Examples
8th December 2018
In September 2018, researchers discovered that websites accessed via mobile phones could access an array of device sensors, unlike apps, which request permissions for such access. The researchers found that 3,695 of the top 100,000 websites incorporate scripts that tap into one or more sensors, including Wayfair, Priceline, and Kayak. Unlike location sensors, motion, lighting, and proximity sensors have no mechanism for notifying users and requesting permission. Ad blockers were not effective…
Content type: Examples
12th April 2020
A Telegram user reports that Uzbekistan authorities are confiscating mobile phones, audio/video equipment, bank cards, and other storage media from those in quarantine, claiming that the move is necessary to limit the spread of fear and disinformation about the virus.
Source: https://thediplomat.com/2020/03/how-is-central-asia-handling-covid-19/
Writer: Colleen Wood
Publication: The Diplomat
Content type: Examples
16th April 2020
The Department of Health in the US state of Kansas is tracking residents' locations via a platform called Unacast, which compares aggregated GPS mobile phone data from before and after the implementation of social distancing and grades each county on its compliance. As of April 1, 45 of 105 Kansas counties had received an F rating, and the state as a whole had managed a C. Unacast says the data it has access to is updated every other day and publishes updated ratings on all 50 US states.…
Content type: Examples
12th April 2020
The US Centers for Disease Control and Prevention, in conjunction with local and state governments, are using location data collected by the mobile advertising industry from millions of cellphones in order to better understand how Americans are moving during the COVID-19 pandemic and how those movements affect the spread of the disease. The goal is to create a portal that federal, state, and local officials can use to study geolocation from up to 500 US cities and see which retail…
Content type: Examples
1st April 2020
In a widely circulated animated heat map, the geospatial visualisation company Tectonix GEO in partnership with the location technology company X-Mode used the secondary locations of anonymised mobile devices that were active on a single beach in in Ft Lauderdale, FL during spring break to show how the beach-goers fanned out across the US afterwards, potentially carrying infection with them. Although the visualisation was instructive in showing how contagion spreads, it was unclear whether any…
Content type: News & Analysis
26th August 2020
A new report by the UN Working Group on mercenaries analyses the impact of the use of private military and security services in immigration and border management on the rights of migrants, and highlights the responsibilities of private actors in human rights abuses as well as lack of oversight and, ultimately, of accountability of the system.
Governments worldwide have prioritised an approach to immigration that criminalises the act of migration and focuses on security.
Today, borders are not…
Content type: Examples
28th April 2020
The Turkish Health Ministry's Pandemic Isolation Tracking Project is using mobile device location data to track patients diagnosed with COVID-19 and ensure they obey the government's quarantine requirements. Violators will be sent warning messages and their information will be shared with the police if they do not return to isolation. Law enforcement officers can access individuals' information during road stops. Before launching the system, the Communications Directorate obtained permissions…
Content type: Long Read
20th April 2020
‘Let’s build an app for that’ has become the response to so many things. It’s no surprise it’s happening now.
Apps are notorious for their lack of security and privacy safeguards, exploiting people’s data and devices. Now we’re being asked to trust governments with their proposed apps -- of which there are many. These are the very same governments who have been keen to exploit data in the past. For instance, PI currently has four outstanding legal cases arising from the last times governments…
Content type: Examples
19th March 2020
Thailand's National Broadcasting and Telecommunication Commission (NBTC) provided a SIM card to every foreigner and Thai who had travelled from countries that have have been designated as "high risk" for COVID-19 infections (at the time, China, Hong Kong, South Korea, Italy, and Macau). According to NBTC secretary-general Thakorn Tanthasit, the AoT Airports' new application had more than 7,000 downloads in its first five days. The sim card will be used together with the AoT Airports application…
Content type: Examples
28th April 2020
When the phone belonging to an American University student in Taiwan, who was subject to 14 days' quarantine after returning from Europe, ran out of battery power, in less than hour he had received phone calls from four different local administrative units, a text message notifying him he would be arrested if he had broken quarantine, and a visit from two police officers. The phone tracking system uses phone signals to triangulate locations of the more than 6,000 people subject to home…
Content type: Examples
28th April 2020
By May 11, the Swiss Federal Office of Public Health, working with EFPL and ETH Zurich, will launch a secure, decentralised system for contact tracing developed by the Decentralised Privacy-Preserving-Proximity Tracing (DP-3T) international consortium, whose Swiss partners are Ubique and PocketCampus. Other international partners include UCl, KU Leuven, TU Delft, the University of Oxford, and the Universirty of Torino. The system has been posted to Github as an open source protocol and will…
Content type: Examples
8th April 2020
The global secure solutions integrator SuperCom has begun piloting a modified version of the company's PureHeath platform, which incorporates a specially designed "PureCare" smartphone and "PureTag" ankle bracelet, aimed at ensuring that people comply with quarantine requirements during the coronavirus pandemic. The expectation is that the smartphones, which are easier to distribute at scale, will be used widely, while the ankle bracelets will be reserved for high-risk individuals. The company…
Content type: Examples
12th August 2019
In October 2018, the Singapore-based startup LenddoEFL was one of a group of microfinance startups aimed at the developing world that used non-traditional types of data such as behavioural traits and smartphone habits for credit scoring. Lenddo's algorithm uses numerous data points, including the number of words a person uses in email subject lines, the percentage of photos in a smartphone's library that were taken with a front-facing camera, and whether they regularly use financial apps on…
Content type: Examples
1st April 2020
Although the alerts about contacts with people infected by the coronavirus sent out via SMS by the South Korean government do not include names, the information included about people who tested positive for coronavirus, and their past locations can be revealingly detailed in some cases. Those who have been identified by this means have suffered offline and/or online harassment; others, without being specifically identified by name, have been mocked. A survey has found that as a result people…
Content type: Examples
12th April 2020
On March 9, SK Telecom began providing South Korea's Gyeongbuk Provincial Police Agency with its Geovision population analysis service and GIRAF platform. The company claims that the combination can analyse mobile geolocation data across the country in real time, create visualisations, and show how many people are in 10x10 metre lattices, enabling police to send officers where they're needed to enforce distancing measures. The company is in talks with the Korean National Police Agency to expand…
Content type: Examples
19th March 2020
With 6,300 COVID-19 cases and more than 40 reported deaths, the South Korean government launched a smarphone app (Android first, iPhone due on March 20) to monitor citizens on lockdown as part of its "maximum" action to contain the outbreak. The app keeps patients in touch with care workers and uses GPS to keep track of their location to ensure they don't break quarantine. The government said the tracking was essential to manage the case load (at the time, 30,000 people) and prevent "super…
Content type: Examples
12th April 2020
The government has issued a substantial rewrite of a controversial proposal to track people using their phones and other devices in the bid to contain Covid-19. AmaBhungane, an investigative journalism newsroom, said the first “directions” – issued last week by the minister of communications – raised "serious concerns for their vagueness and lack of privacy protections”. The new regulations provide more judicial oversight, restrict the purpose to contact tracing, and aim to ensure that…
Content type: Examples
28th April 2020
The regulations brought in to curb the spread of COVID-19 in South Africa included directions published by the minister of communications and digital technologies that critics claimed violated the country's constitution. On the plus side, the regulations ordered service providers to ensure continued provision of internet and telecommunications services, and enabled temporary licensing of spectrum bands, which could increase internet capacity. However, the regulations also make publishing a…
Content type: Examples
12th April 2020
The South African National Institute for Communicable Diseases and the Council for Scientific and Industrial Research will partner with Telkom and Samsung to create a track and trace system specifically for the South African context, which includes high levels of economic inequality, poverty, and overcrowding. The system will collate data sources such as GIS in order to track those who may be infected and those whom they may expose to the virus. In some communities, the Department of Health…
Content type: Examples
19th December 2018
In November 2016, the security contractor Krytowire discovered that cheap Chinese Android phones often include pre-installed software that monitors users' locations, messaging, and contacts, and sends the gathered information to China every 72 hours. Shanghai Adups Technology Company, the Chinese firm responsible for the software, said its code had been installed on more than 700 million phones, cars, and other devices without informing users, but that it was not intended for American phones.…
Content type: Examples
19th May 2020
Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices.
The vulnerability, codenamed BIAS (Bluetooth Impersonation AttackS), impacts the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR/EDR, or just Bluetooth Classic.
The BIAS attack
The BIAS security flaw resides in how devices handle the link key,…
Content type: Examples
19th December 2018
In July 2018, researchers at the London-based security and mobile commerce firm Upstream Systems found that millions of cheap smartphones sold in developing countries lacking privacy protections come with pre-installed apps that harvest users' data for the purpose of targeting advertising and that can only be removed with difficulty. One such app, which Singtech includes on the thousands of smartphones it sells in Myanmar and Cambodia, as well as others sold in Brazil or made by Indian and…
Content type: Examples
26th March 2020
The new Singaporean app, TraceTogether, developed by the Government Technology Agency in collaboration with the Ministry of Health was launched on March 20 after eight weeks of development. The app, which can be downloaded by anyone with a Singapore mobile number and a Bluetooth-enabled smartphone, asks users to turn on Bluetooth and location services, and enable push notifications. The app works by exchanging short-distance Bluetooth signals between phones to detect other users within two…
Content type: Examples
12th April 2020
With more than 71,000 Serbian citizens returning to the country, primarily from Germany, Austria, Italy, and France, the government has introduced systems to ensure they obey the country's self-isolation rules. The government monitors telephone numbers, especially Italian ones, and pays special attention to communities with a large influx of people from elsewhere.
https://advox.globalvoices.org/2020/03/30/covid-19-pandemic-adversely-affects-digital-rights-in-the-balkans/#
Source: https://…
Content type: News & Analysis
13th January 2020
Maddie Stone, formally a Senior reverse engineer and tech lead on the Android security team, shockingly revealed a number of examples of how pre-installed apps on Android devices can undermine users privacy and security in her BlackHat USA talk in August 2019. The video of the talk only recently became available to the public in late December 2019.
The apps in question come preloaded on a device when it is purchased and often can't be removed. Stone reveals a litany of abuses carried out by…
Content type: Examples
16th April 2020
The city of Moscow is planning to use smartphone geolocation functions to track foreign tourists' movements through the city to prevent outbreaks of COVID-19 after Russia reopens its borders. Moscow accounts for two-thirds of all cases in the country. Moscow City Hall is considering a system that would provide daily updates on tourists' movements using their SIM card data and show when residents come into contact with them; it is already buying location data from Russia's three biggest telecom…
Content type: Examples
19th March 2020
Russian authorities are using surveillance cameras, facial recognition systems, and geolocation to enforce a two-week quarantine regime affecting 2,500 people. Chinese citizens are banned from entering Russia; Russians and citizens of other countries who arrive from China are required to go through two weeks of quarantine. Police raid hotels to find Chinese citizens who arrived before border controls began, and bus drivers have been ordered to call their dispatchers if they see Chinese citizens…