Search
Content type: Long Read
In June 2023, the UK government announced its proposal to expand its surveillance powers by, among others, forcing communications operators to undermine encryption or abstain from providing security software updates globally. Building on our response to the government’s plans, this piece explains why what they want to do puts every one of us at risk.
Why your trust (to technologies you use) matters
Surveillance and privacy are complex concepts to grasp – it’s part of the appeal to us at PI.…
Content type: Report
First published in 2017, “PI’s Guide to International Law and Surveillance” is an attempt to collate relevant excerpts from these judgments and reports into a single principled guide that will be regularly updated. This is the third edition of the Guide. It has been updated it to reflect the most relevant legal developments until December 2021.Despite its name, the Guide isn’t just aimed at lawyers. It aspires to be a handy reference tool for anyone engaging in campaigning, advocacy, and…
Content type: Explainer
Following sustained reporting by researchers, journalists and activists around the world, including recent disclosures exposed by the PegasusProject, the surveillance industry is facing scrutiny like never before.
In the latest move, eighteen U.S. lawmakers have today demanded that the U.S. government imposes sanctions on four non-US surveillance companies for, as they mention in their letter, facilitating “disappearance, torture and murder of human rights activists and journalists”.
The move…
Content type: Press release
Amnesty International, Privacy International and The Centre for Research on Multinational Corporations (SOMO) have published a report uncovering NSO Group’s entire corporate structure, tracking the global money trail of both public and private investment into the lucrative spyware company.
Amnesty International and other rights groups have documented dozens of cases of NSO Group’s products being used by repressive governments across the world to put activists, journalists, and opposition…
Content type: Report
Privacy International has released a report summarising the result of its research into the databases and surveillance tools used by authorities across the UK’s borders, immigration, and citizenship system.
The report uses procurement, contractual, and other open-source data and aims to inform the work of civil society organisations and increase understanding of a vast yet highly opaque system upon which millions of people rely.
It also describes and maps…
Content type: Examples
The controversial Israeli spyware company NSO Group's US arm, Westbridge, has been trying to pitch its phone hacking software to US law enforcement agencies such as the San Diego Police Department, particularly a tool called "Phantom", which the complany claims can overcome encryption, track geolocation, withstand a factory reset, monitor apps and voice and VOIP calls, and collect passwords.
Writer: Joseph Cox
Publication: Vice
Content type: Long Read
Miguel Morachimo, Executive Director of Hiperderecho. Hiperderecho is a non-profit Peruvian organisation dedicated to facilitating public understanding and promoting respect for rights and freedoms in digital environments.
The original version of this article was published in Spanish on Hiperderecho's website.
Where does our feeling of insecurity come from? As we walk around our cities, we are being observed by security cameras most of the time. Our daily movement, call logs, and internet…
Content type: News & Analysis
It's a big question, have you purchased a card for your local surveillance camera on Surveillance Camera Day?
Yes, Surveillance Camera Day is a real thing and happens on 20 June.
Perhaps your local community could create a bingo card to see who knows where all the local cameras are. Are there any on your local bins, how about the lampposts or a billboard?
Have you had a facial recognition van in your local community? Did you see the police helicopter crew video camera…
Content type: News & Analysis
One of the UK’s largest telecommunications operators, BT, has said to Privacy International that a report claiming it “co-produces malware” with a surveillance company for the GCHQ is inaccurate – but hasn’t said why or given any more details.
The accusation was made by C5IS – a shadowy online publication claiming to be “the most widely read source of information on surveillance technologies”. In its Big Black Book of Electronic Surveillance, it claims that SS8, a…
Content type: News & Analysis
Privacy International has joined a global coalition of privacy campaigners, tech companies, and technology experts to respond to proposals by British intelligence chiefs aimed at allowing them access to encrypted messaging apps such as WhatsApp or Signal.
If implemented, the proposals would allow government authorities to force messaging platforms to silently add a law enforcement participant to a group chat or call.
Such a capability poses serious threats to…
Content type: Long Read
Details of case:
R (on the application of Privacy International) (Appellant) v Investigatory Powers Tribunal and others (Respondents)
[2019] UKSC 22
15 May 2019
The judgment
What two questions was the Supreme Court asked to answer?
Whether section 67(8) of RIPA 2000 “ousts” the supervisory jurisdiction of the High Court to quash a judgment of the Investigatory Powers Tribunal for error of law?
Whether, and, if so, in accordance with what principles, Parliament may by…
Content type: Press release
Today, after a five year battle with the UK government, Privacy International has won at the UK Supreme Court. The UK Supreme Court has ruled that the Investigatory Powers Tribunal’s (IPT) decisions are subject to judicial review in the High Court. The Supreme Court's judgment is a major endorsement and affirmation of the rule of law in the UK. The decision guarantees that when the IPT gets the law wrong, its mistakes can be corrected.
Key point:
UK Supreme Court rules that the UK spying…
Content type: News & Analysis
Privacy International welcomes WhatsApp's immediate reaction after the revelation that Israeli cyber intelligence company NSO group had exploited a vulnerability in their software. We encourage all WhatsApp users to update their app as soon as possible. However, we believe WhatsApp needs to be much more transparent with their users. We haven't seen a notification on the app itself that would inform users about both, the bug, and the fix. The current version merely states that you can now see…
Content type: News & Analysis
Federal law enforcement is deploying powerful computer hacking tools to conduct domestic criminal and immigration investigations.
By Alex Betschen, Student Attorney, Civil Liberties & Transparency Clinic, University at Buffalo School of Law
Hacking by the government raises grave privacy concerns, creating surveillance possibilities that were previously the stuff of science fiction. It also poses a security risk, because hacking takes advantage of unpatched vulnerabilities in our…
Content type: Press release
FOR IMMEDIATE RELEASE
December 21, 2018
CONTACTS:
Alex Betschen, Civil Liberties & Transparency Clinic, alexbets@buffalo.edu, 716–531–6649
Colton Kells, Civil Liberties & Transparency Clinic, coltonke@buffalo.edu, 585–766–5119
Abdullah Hasan, ACLU, ahasan@aclu.org, 646–905–8879
NEW YORK — Privacy International, the American Civil Liberties Union, and the Civil Liberties & Transparency Clinic of the University at Buffalo School of Law filed a lawsuit today…
Content type: Long Read
As our four year battle against the UK government’s extraordinarily broad and intrusive hacking powers goes to the Supreme Court, we are launching a new fundraising appeal in partnership with CrowdJustice.
We are seeking to raise £5k towards our costs and need your help. If we lose, the court may order us to pay for the government’s very expensive army of lawyers. Any donation you make, large or small, will help us both pursue this important case and protect the future ability of…
Content type: News & Analysis
Privacy International notes a recent ruling issued by Italy’s Supreme Court (Corte di Cassazione) that addresses the need to limit government hacking powers for surveillance purposes and articulates required safeguards when hacking is conducted as part of a criminal investigation.
The ruling addresses the appeals of several individuals involved in a case of corruption; the appeals challenge irregularities in the collection of data as part of the criminal investigation, which resulted in the…
Content type: News & Analysis
This piece was originally published on Just Security.
Ten years ago, an FBI official impersonated an Associated Press reporter to lure and track a teenager suspected of sending in prank bomb threats to his school. To find him, the FBI agent, posing as a reporter, sent the teenager links to a supposed story he was working on, but the links were infested with malware that once clicked on quickly exposed the teen’s location. More recently, the FBI has seized and modified websites so…
Content type: Press release
In a remarkable development in Privacy International's four year legal battle against the UK Government's powers to hack phones and computers on a massive scale, the UK Supreme Court has agreed to hear the London-based charity's case in December 2018.
Privacy International's case stems from a decision by the Investigatory Powers Tribunal (a specialised court set up to hear complaints against government surveillance, including surveillance carried out by the UK intelligence agencies) finding…
Content type: Long Read
If you operate an internet company in Russia, you aren’t necessarily surprised to one day open the door to someone, grasping in one hand a bundle of wires and in the other a letter from a government agency demanding access to your servers, with a black box wedged under one arm.
Internet companies in Russia are required by law to store the content of users’ communications for six months and the metadata of users’ communications for three years, essentially meaning that what a person does…
Content type: Examples
In June 2016, National Security Agency deputy director Richard Ledgett told a conference on military technology conference that the agency was researching whether internet-connected biomedical devices such as pacemakers could be used to collect foreign intelligence. Ledgett identified the complexity of the Internet of Things as both a security nightmare and an opportunity for signals intelligence. However, the NSA prioritises its resources by focusing solely on technology used by its opponents…
Content type: Examples
In 2015, the Canadian Department of National Defence issued a procurement request for a contractor who could find "vulnerabilities and security measures" in a 2015 pick-up truck whose model and make were not specified and "develop and demonstrate exploits" for the military. The contractor was to find as many exploits as possible by analysing every part of the truck, demonstrate that the hacks could actually hurt someone or enable an attacker to gather information, and deliver explicit source…
Content type: Explainer
What is the Global Surveillance Industry?
Today, a global industry consisting of hundreds of companies develops and sells surveillance technology to government agencies around the world. Together, these companies sell a wide range of systems used to identify, track, and monitor individuals and their communications for spying and policing purposes. The advanced powers available to the best equipped spy agencies in the world are being traded around the world. It is a…
Content type: Press release
Privacy International and Open Rights Group have submitted a response to the Consultation on establishing a UK Privacy and Civil Liberties Board.
Content type: Press release
On 15 March 2017, the Italian Senate voted on a Bill, put forward by Justice Minister Andrea Orlando, that will reform the criminal justice system, including amending the Code of Criminal Procedure. Among the many provisions contained in DDL Orlando, currently pending approval by the Italian House of Representatives, the Government is mandated to regulate, via a legislative decree, the utilisation of malware (commonly referred to as ‘Trojans’ in Italian discourse) to engage hacking for criminal…
Content type: Examples
In 2017, an anonymous whistleblower sent a letter to Green party peer Jenny Jones alleging that a secretive Scotland Yard unit was illegally monitoring the private emails of campaigners and journalists. The letter included a list of ten people and the passwords to their email accounts and claimed the police were using an India-based operation that did the work of hacking emails, shredding documents, and using sex as a method of infiltration. Jones's background includes a decade on the…
Content type: Long Read
Government hacking is unlike any other form of existing surveillance technique. Hacking is an attempt to understand a system better than it understands itself, and then nudging it to do what the hacker wants. Fundamentally speaking, hacking is therefore about causing technologies to act in a manner the manufacturer, owner or user did not intend or did not foresee.
Governments can wield this power remotely, surreptitiously, across jurisdictions, and at scale. A single hack can affect many…
Content type: News & Analysis
The short answer is yes.
I'm sure many of you have seen people with stickers over their webcams and wondered why (probably writing that person off as paranoid). But it's well known in tech circles that a camera in a computer or smartphone can be turned on remotely by an attacker with the resources, time, and motivation.
Security is hard, and our defences are weak. The capability of an adversary to attack your devices doesn't necessarily hinge upon a consumer choice of…
Content type: Press release
On 5 October 2017, Privacy International will appear before the UK Court of Appeal to continue its challenge to the British government's large scale hacking powers. The case questions the decision by the Investigatory Powers Tribunal (IPT) to sanction the UK government's power to hack broad categories of people or property without any individualised suspicion.
TIMELINE AND KEY POINTS
- Privacy International began fighting bulk government hacking in 2014 at the…