Search
Content type: Report
In this new briefing, we identify the most significant concerns on the UN Countering Terrorist Travel Programme (CTTP), and put forward a range of recommendations to mitigate some of the human rights risks associated with the surveillance of travellers. We based our briefing on publicly available information and our own research, outlining the purposes and activities of this UN programme. We shared a draft of this briefing with the United Nations Office of Counter- Terrorism (OCT), which…
Content type: Long Read
In this new briefing, we identify the most significant concerns on the UN Countering Terrorist Travel Programme (CTTP), and put forward a range of recommendations to mitigate some of the human rights risks associated with the surveillance of travellers. We based our briefing on publicly available information and our own research, outlining the purposes and activities of this UN programme. We shared a draft of this briefing with the United Nations Office of Counter- Terrorism (OCT), which…
Content type: Examples
The Guangzhou Public Transportation Group has installed a biometric tablet next to bus drivers' seats so they can check the temperature and identity of every passenger who boards. The tablets will also photograph each passenger, allowing them to be identified by China's facial recognition network in the hope of helping control the spread of the novel coronavirus by enabling contact tracing for anyone displaying symptoms. The Group claims the data so gathered will only be used in the interests…
Content type: Examples
Metrolinx, the public transport agency for the Canadian province of Ontario says that, on request, it gave Toronto Public Health contact information associated with registered Presto payment cards used on specific trips, after a 40-year-old man was diagnosed with coronavirus (COVID-19). The agency revealed the news on Twitter and said that compelling circumstances affecting the health and safety of individuals under the Ontario privacy act (FIPPA) permits the disclosure of personal…
Content type: Examples
India has begun stamping the hands of people arriving at airports in the states of Maharashtra and Karnataka to specify the date until which they must remain in quarantine. The government is also using airline and railway reservation data to track suspected infections and find hand-stamped people who had promised not to travel. Kerala authorities have used telephone call records, CCTV footage, and mobile phone GPS systems to trace contracts of COVID-19 patients, and published detailed time and…
Content type: Examples
In February 2019, the city of Rio de Janeiro announced that its police security operation for the annual five-day Carnival would include facial recognition and vehicle license plate cameras to identify wanted individuals and cars. Municipal officials said the system would help reduce thefts and robberies; critics dissented on the basis that a period when people are wearing masks, heavy makeup, glitter, and costumes is a bad time to test the technology.
https://riotimesonline.com/brazil-news/…
Content type: News & Analysis
Last year Privacy International conducted research into information left on rental cars after they are returned. Every car we rented contained readily apparent personal information about past drivers and other passengers, including information such as their past locations, smart phone identifier, and entered locations, including a school.
Off the back of the research, PI wrote to rental companies and car-share schemes in continental Europe, the UK, and the US to enquire about the companies’…
Content type: Examples
In 2014, NYC Planning Labs Chris Whong was sent and made public a complete a complete dump of historical trip and fare logs from New York City taxis in response to a Freedom of Information request. The more than 20GB of uncompressed data comprising more than 173 million individual trips included pickup and drop-off locations and times and other metadata - but also personally identifiable information about the driver. Careful analysis enabled researchers to deanonymise the entire dataset,…
Content type: Long Read
The era where we were in control of the data on our own computers has been replaced with devices containing sensors we cannot control, storing data we cannot access, in operating systems we cannot monitor, in environments where our rights are rendered meaningless. Soon the default will shift from us interacting directly with our devices to interacting with devices we have no control over and no knowledge that we are generating data. Below we outline 10 ways in which this exploitation and…
Content type: Report
When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.
Seems fairly innocuous? Wrong. Your name and…
Content type: Press release
Press Release: New report shows how car rental companies are failing to protect drivers' information
A new report by Privacy International shows how car rental companies and car-share schemes are failing to protect drivers' personal information, such as their location, smart phone contents, and place of residence.
The report is here: https://privacyinternational.org/node/987
Key points
Privacy International (PI) rented a series of internet-connected cars and examined the information which was collected and retained on the rental cars' infotainment system*. Every car PI rented…
Content type: Examples
By 2017, facial recognition was developing quickly in China and was beginning to become embedded in payment and other systems. The Chinese startup Face++, valued at roughly $1 billion, supplies facial recognition software to Alipay, a mobile payment app used by more than 120 million people; the dominant Chinese ride-hailing service, Didi; and several other popular apps. The Chinese search engine Baidu is working with the government of popular tourist destination Wuzhen to enable visitors to…
Content type: Examples
For some months in 2017, in one of a series of high-risk missteps, Uber violated Apple's privacy guidelines by tagging and identifying iPhones even after their users had deleted Uber's app. When Apple discovered the deception, CEO Tim Cook told Uber CEO Travis Kalanick to cease the practice or face having the Uber app barred from the App Store.
External Link to Story
https://www.nytimes.com/2017/04/23/technology/travis-kalabnick-pushes-uber-and-himself-to-the-precipice.html
Content type: Case Study
As society heads toward an ever more connected world, the ability for individuals to protect and manage the invisible data that companies and third parties hold about them, becomes increasingly difficult. This is further complicated by events like data breaches, hacks, and covert information gathering techniques, which are hard, if not impossible, to consent to. One area where this most pressing is in transportation, and by extension the so-called ‘connected car’.
When discussing connected…
Content type: Case Study
As society heads toward an ever more connected world, the ability for individuals to protect and manage the invisible data that companies and third parties hold about them, becomes increasingly difficult. This is further complicated by events like data breaches, hacks, and covert information gathering techniques, which are hard, if not impossible, to consent to. One area where this most pressing is in transportation, and by extension the so-called ‘connected car’.
When discussing connected…
Content type: News & Analysis
For as long as automobiles have been around, manufacturers have been trying to find ways of putting more technology inside of cars, oftentimes sold as value-added services for their customers, whether that be 8-tracks of the 1960s and 1970s, the enhancement to security of central locking of the 1980s and 1990s, or the introduction of satellite navigation in the 2000s.
Today, as our technologies become ‘smarter’, so do the risks to our personal privacy. This especially true as society is on the…
Content type: Report
This is a memo prepared by Barry Steinhardt of Friends of Privacy USA for Members of the European Parliament regarding the proposed EU-US Agreement PNR.
The proposed agreement regarding Passenger Name Records (PNR) between the United States and the European Union is riddled with faulty assertions and assumptions about US law and the actual operations of the US government.
These faulty assertions and assumptions go to the heart of the agreement and undercut the claims of protections for…
Content type: News & Analysis
Privacy International and the American Civil Liberties Union have appealed to the Council of the European Union, the European Commission, the European Parliament, and privacy commissioners in 31 countries across Europe to repeal the agreement between the EU and the US on passenger data transfers. We argue that, with the recent disclosure of the 'Automated Targeting System' being used by the US Department of Homeland Security, the US has violated both American law and the agreement with the EU…