Search
Content type: Long Read
The battle for Kenyan voters’ allegiance in the 2017 Presidential election was fought on social media and the blogosphere. Paid advertisements for two mysterious, anonymous sites in particular started to dominate Google searches for dozens of election-related terms in the months leading up to the vote. All linked back to either “The Real Raila”, a virulent attack campaign against presidential hopeful Raila Odinga, or Uhuru for Us, a site showcasing President Uhuru Kenyatta’s accomplishments. As…
Content type: Long Read
Introduction
Why We Are So Concerned about Government Hacking for Surveillance
Scope of Our Safeguards
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4. Judicial Authorisation
5. Integrity of information
6. Notification
7. Destruction and Return of Data
8. Oversight and Transparency
9. Extraterritoriality
10. Effective Remedy
Commentary on each
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4.…
Content type: Report
When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.
Seems fairly innocuous? Wrong. Your name and…
Content type: Press release
Press Release: New report shows how car rental companies are failing to protect drivers' information
A new report by Privacy International shows how car rental companies and car-share schemes are failing to protect drivers' personal information, such as their location, smart phone contents, and place of residence.
The report is here: https://privacyinternational.org/node/987
Key points
Privacy International (PI) rented a series of internet-connected cars and examined the information which was collected and retained on the rental cars' infotainment system*. Every car PI rented…
Content type: News & Analysis
There are three good reasons why security is so hard for NGOs. First, we are afraid to speak about meaningful security. Second, we focus on the wrong areas of security and in turn spend money and prioritise the wrong things. Third, we struggle to separate the world we want from the worlds we build within our own organisations. At PI we have failed and struggled with each of these for over 20 years. Out of exhaustion, we decided to do something about it: we are building an open framework, a…
Content type: Report
Financial services are changing, with technology being a key driver. It is affecting the nature of financial services, from credit and lending through to insurance, and even the future of money itself.
The field of fintech is where the attention and investment is flowing. Within it, new sources of data are being used by existing institutions and new entrants. They are using new forms of data analysis.
These changes are significant to this sector and the lives of people it serves. This…
Content type: Long Read
This piece was originally published in Just Security in November 2017.
The upcoming expiration of Section 702 of the Foreign Intelligence Surveillance Act (FISA) has launched a fresh wave of debate on how the statute’s “backdoor search loophole” allows the U.S. government to access Americans’ communications by searching information gathered on foreign intelligence grounds without a warrant. But while discussion about domestic information sharing is important, a critical…
Content type: News & Analysis
This is the story of Privacy International's journey to building more secure services. Data collection and administering sensitive data on the open web is risky, and PI had to learn this the hard way.
Many companies say that the privacy of their audiences is their top priority. But do they mean it? Do they invest in it? Doing security on tight budgets is incredibly hard. But it is the natural state of the non-profit sector. We learned this through challenging experiences.…
Content type: Long Read
Photo Credit: AU UN IST / Tobin Jones
El 25 de septiembre 2017, el presidente de Paraguay objetó la totalidad de una propuesta de Ley denominada “que regula la activación del servicio de telefonía móvil”, disponiendo la creación de un registro de huellas dactilares de todos los usuarios de servicios móviles, y la desconexión dentro de un año a todos quienes no se hayan incorporado a este registro, todo ello bajo la excusa de disminuir los robos de identidad en la activación de…
Content type: Report
The smart city market is booming. National and local governments all over the world expect their cities to become more efficient, more sustainable, cleaner and safer by integrating technology, increasing data generation and centralising data to provide better services. From large multinationals to small start-ups, companies want their slice of the multi-billion dollars per year pie of municipal budgets and long-term government contracts.
But do smart cities even exist? And are our cities…
Content type: Long Read
Government hacking is unlike any other form of existing surveillance technique. Hacking is an attempt to understand a system better than it understands itself, and then nudging it to do what the hacker wants. Fundamentally speaking, hacking is therefore about causing technologies to act in a manner the manufacturer, owner or user did not intend or did not foresee.
Governments can wield this power remotely, surreptitiously, across jurisdictions, and at scale. A single hack can affect many…
Content type: Report
This report sheds light on the current state of affairs in data retention regulation across the EU post the Tele-2/Watson judgment. Privacy International has consulted with digital rights NGOs and industry from across the European Union to survey 21 national jurisdictions (Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, France, Germany, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom).…
Content type: News & Analysis
The short answer is yes.
I'm sure many of you have seen people with stickers over their webcams and wondered why (probably writing that person off as paranoid). But it's well known in tech circles that a camera in a computer or smartphone can be turned on remotely by an attacker with the resources, time, and motivation.
Security is hard, and our defences are weak. The capability of an adversary to attack your devices doesn't necessarily hinge upon a consumer choice of…
Content type: Long Read
On 8 September 2017, the Investigatory Powers Tribunal decided to refer questions to the Court of Justice of the European Union (‘CJEU’) concerning the collection of bulk communications data (‘BCD’) by the Security Intelligence Agencies from mobile network operators.
The BCD regime was initially secret. In an earlier judgment, the Investigatory Powers Tribunal ruled that the regime was not compliant with the European Convention on Human Rights prior to its public avowal, but (subject to…
Content type: Long Read
European Court of Human Rights Intervention
On 15 September 2017, Privacy International filed an intervention to the European Court of Human Rights in Association Confraternelle de la Presse Judiciare and 11 Other Applications v. France. This case challenges various surveillance powers authorised under the French Intelligence Act of 24 July 2015 as incompatible with Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy…
Content type: Report
In this paper, Privacy International explores* what it means to be secure, and how governments and companies enact policies and laws that undermine security globally. Good cyber security policies and practices put people and their rights at the centre. By prioritising the individual and protecting people, devices and networks, governments could take advantage of a real opportunity - to give something technically complex a human element. In short, giving the tin man a heart.
*This…
Content type: Long Read
This piece was originally published in Just Security in August 2017
We recently published an analysis in Lawfare of the United Kingdom’s surveillance framework as it relates to the proposed U.S.-U.K. agreement for cross-border law enforcement data requests. Implementing the U.S.-U.K. agreement is subject to passage of draft legislation proposed by the Justice Department to Congress in July 2016 (“U.S. DOJ legislation”), which will set standards that approved partners like the U.K.…
Content type: Long Read
This piece was originally published in Lawfare in July 2017.
The United Kingdom has been a key partner in the United States’ efforts to reform the process that law enforcement officials use to make cross-border requests for data. These efforts address both foreign governments’ requests for data stored in the U.S. and reciprocal requests by the U.S. government for data stored abroad. As part of these efforts, the U.S. and the U.K. have negotiated a draft bilateral agreement (“U…
Content type: Long Read
6 July 2017
Full briefing: UK-US Intelligence Sharing Arrangements
Urgent transparency is needed regarding the UK’s intelligence sharing arrangements with the United States, which allows UK and US agencies to share, by default, any raw intelligence and methods and techniques related to the acquisition of such intelligence. In a recent YouGov poll, three quarters of Britons said that they want the UK Government to tell the public what safeguards govern these arrangements. Privacy…
Content type: Long Read
In January 2017, Kenya’s information and communication technology regulator, the Communications Authority of Kenya, announced that it was spending over 2 billion shillings (around 14 million USD) on new initiatives to monitor Kenyans’ communications and regulate their communications devices. The press lit up with claims of spying, and members of Kenya’s ICT community vowed to reject the initiatives as violating Kenyans’ constitutional rights, including the right to privacy (Article 31…
Content type: News & Analysis
This guest piece was written by Leandro Ucciferri of the Association for Civil Rights (Asociación por los Derechos Civiles). It does not necessarily reflect the views or position of Privacy International.
We look at our smartphone first thing in the morning to check the weather, and our to-do list for the day. During breakfast, we read the news and learn about what is going on in the rest of the world. In our commute to work or college, we scroll through our social media feeds…
Content type: Long Read
This piece was originally published in Lawfare in May 2017.
This post is part of a series written by participants of a conference at Georgia Tech in Surveillance, Privacy, and Data Across Borders: Trans-Atlantic Perspectives.
Cross-border law enforcement demands have become increasingly important to law enforcement in the digital age. Digital evidence in one jurisdiction—such as the United States—is often necessary to investigate a crime that has effects in another jurisdiction…
Content type: News & Analysis
Why would we ever let anyone hack anything, ever? Why are hacking tools that can patently be used for harm considered helpful? Let's try to address this in eight distinct points:
1) Ethical hacking is a counter proof to corporate claims of security.
Companies make products and claim they are secure, or privacy preserving. An ethical hack shows they are not. Ethical hackers produce counter-proofs to government or corporate claims of security, and thus defend us, piece by tiny…
Content type: Long Read
Disclaimer: This piece was written in April 2017. Since publishing, further information has come out about Cambridge Analytica and the company's involvement in elections.
Recently, the data mining firm Cambridge Analytica has been the centre of tons of debate around the use of profiling and micro-targeting in political elections. We’ve written this analysis to explain what it all means, and the consequences of becoming predictable to companies and political campaigns.
What does…
Content type: News & Analysis
For as long as automobiles have been around, manufacturers have been trying to find ways of putting more technology inside of cars, oftentimes sold as value-added services for their customers, whether that be 8-tracks of the 1960s and 1970s, the enhancement to security of central locking of the 1980s and 1990s, or the introduction of satellite navigation in the 2000s.
Today, as our technologies become ‘smarter’, so do the risks to our personal privacy. This especially true as society is on the…
Content type: Report
This investigation focuses on the techniques, tools and culture of Kenyan police and intelligence agencies’ communications surveillance practices. It focuses primarily on the use of surveillance for counterterrorism operations. It contrasts the fiction and reality of how communications content and data is intercepted and how communications data is fed into the cycle of arrests, torture and disappearances.
Communications surveillance is being carried out by Kenyan state actors, essentially…
Content type: Report
This stakeholder report is a submission by Privacy International (PI). PI is a human rights organisation that works to advance and promote the right to privacy and ght surveillance around the world. Privacy International wishes to bring concerns about the protection and promotion of the right to privacy for consideration in Pakistan’s upcoming review at the 28th session of the Working Group on the Universal Periodic Review.
Content type: State of Privacy
Introduction
Acknowledgment
The State of Surveillance in Thailand is the result of a collaboration by Privacy International and Thai Netizen Network.
Right to Privacy
The constitution
Thailand experienced a coup d'etat in May 2014. According to Mishari Muqbil and Arthit Suriyawongkul, “their [the junta's] modus operandi seems to be the direct command of ministries and semi-governmental organisations to carry out tasks irrespective of existing legislation.”
Following…
Content type: Long Read
This briefing highlights opportunities for NGOs to raise issues related to the right to privacy before some selected UN human rights bodies that have the mandate and the capacity to monitor and provide recommendations and redress.
The briefing provides some examples based on Privacy International’s experience and points at additional resources and guides. While this guide focuses on the work of NGOs, information to UN human rights mechanisms can be sent by other civil society actors…