Search
Content type: Advocacy
In August 2024 the UK College of Policing (CoP) announced they were consulting on new guidance for data ethics and data driven technologies in policing. As part of the consultation the College asked for feedback on two new authorised professional practices (APP) on data ethics and data-driven technologies. PI provided a response in writing to the CoP on their APP on data ethics and data-driven technologies only.In our response we highlighted that we are aware that UK police forces are using a…
Content type: Long Read
The fourth edition of PI’s Guide to International Law and Surveillance provides the most hard-hitting past and recent results on international human rights law that reinforce the core human rights principles and standards on surveillance. We hope that it will continue helping researchers, activists, journalists, policymakers, and anyone else working on these issues.The new edition includes, among others, entries on (extra)territorial jurisdiction in surveillance, surveillance of public…
Content type: Report
First published in 2017, PI’s Guide to International Law and Surveillance is an attempt to collate relevant excerpts from these judgments and reports into a single principled guide that will be regularly updated. This is the fourth edition of the Guide. It has been updated it to reflect the most relevant legal developments until March 2024.The Guide aspires to be a handy reference tool for anyone engaging in campaigning, advocacy, and scholarly research, on these issues. The fourth…
Content type: News & Analysis
We have been fighting for transparency and stronger regulation of the use of IMSI catchers by law enforcement in the UK since 2016. The UK police forces have been very secretive about the use of IMSI catchers – maintaining a strict “neither confirm nor deny” (NCND) policy. In our efforts to seek greater clarity we wrote to the UK body which monitors the use of covert investigatory powers, the Investigatory Powers Commissioner’s Office (IPCO), asking the Commissioner to revisit this…
Content type: Explainer
What protections might VPNs offer?
Adds an extra layer of encryption between your device and the VPN exit, hiding the content and metadata of your traffic, and true destination of your Internet browsing, from your internet service provider (ISP)
Hides your device’s IP address from websites & apps by routing your traffic via a third country, which can bypass country-based blocks
What don’t they offer?
Won’t hide your phone’s presence from IMSI catchers
Doesn’t protect against…
Content type: Advocacy
PI Opening Statement at PEGA Hearing on "Spyware used in third countries and implications for EU foreign relations"
Thank you very much for offering me the opportunity to give evidence before this Committee for another time on behalf of Privacy International (or PI) – a London-based non-profit that researches and advocates globally against government and corporate abuses of data and technology.
My opening statement will first briefly touch on the EU foreign policy’s priorities. I will…
Content type: Explainer
What is SMS
SMS - or Short Messaging Service - refers to the widespread messaging service that virtually any of us will be familiar with. This refers to the first form of texting available on mobile phones, which makes use of cellular phone service - not to be confused with more modern instant messaging services making use of the internet instead (iMessage, Whatsapp, Signal ...). This explainer aims to give an overview of the technology, and some of its limitations in today's context and after…
Content type: Key Resources
i. Added Literature review
There are several resources available that simplify and popularise complex technologies, starting with Wikipedia. Other resources can be tremendously useful even with little to no technical background, such as semi-specialised press. See for example:
MIT Technology review (e.g. quantum computing)
ArsTechnica, (e.g. on NFTS)
PC Mag (e.g. on 5G Mag)
Academic papers are also an avenue to find information although the language might be less accessible without…
Content type: Long Read
This is based on UK data protection legislation. The UK’s General Data Protection Regulation (UK GDPR) does not apply to processing of personal data for law enforcement purposes by relevant authorities.
What can happen to my personal data at a peaceful protest?
The most common personal data processed at a protest are notes and photographs taken by police officers, along with voice and video recordings taken from body-worn cameras or drones.
Data processing can also happen with…
Content type: News & Analysis
Imagine going to a peaceful protest and having to show your ID to the police before you can join it. Or having to fill out a form about why you are attending that particular protest.Sounds absurd, right? Surely we should all be free to protest, without the police knowing who we are?But high tech surveillance of protests is real, and it enables the police to identify, monitor and track protestors, indiscriminately and at scale.For example, your face is increasingly becoming your ID card with the…
Content type: Examples
A British freedom of information tribunal ruled that for national security reasons police in England and Wales may refuse to say whether they are using Stingrays, also known as IMSI-catchers, which are capable of tracking thousands of mobile phones and intercepting their calls, text messages, and other data. In 2016, the Bristol Cable found that police forces had bought hundreds of thousands of these devices disguised in public spending data by the acronym CCDC. Privacy International, which…
Content type: Examples
During the Black Lives Matter protests of summer 2020, US police took advantage of a lack of regulation and new technologies to expand the scope of people and platforms they monitor; details typically emerge through lawsuits, public records disclosures, and stories released by police department PR as crime prevention successes. A report from the Brennan Center for Justice highlights New York Police Department threats to privacy, freedom of expression, and due process and the use of a predator…
Content type: Explainer
What are my 'unique identifiers' and where are they stored?
Your phone and your SIM card contain unique identifiers about you, which can be accessed by the police to identify you.
The IMSI (International Mobile Subscriber Identity) is a unique number associated with your SIM card. It doesn't change, even if you put the SIM card into a different phone.
If you have a mobile phone subscription, the IMSI will be associated with personal information such as your name and address.
The IMEI (…
Content type: Explainer
Where are my communications stored?
Text messages/phone calls: Traditional cellphone communications happen over the cellular network. You usually access those with the text message and phone call apps that are provided as standard on your phone. While phone calls aren’t stored anywhere, text messages are stored locally on your and the recipient’s devices. They might also be temporarily stored by the network provider.
Messaging apps: Messaging platforms enable fairly secure communication…
Content type: Explainer
Where is my phone's location data stored?
Your phone can be located in two main ways, using GPS or mobile network location:
1. GPS
GPS (that stands for Global Positioning System) uses satellite navigation to locate your phone fairly precisely (within a few metres), and relies on a GPS chip inside your handset.
Depending on the phone you use, your GPS location data might be stored locally and/or on a cloud service like Google Cloud or iCloud. It might also be collected by any app that you…
Content type: Explainer
What is predictive policing?
Predictive policing programs are used by the police to estimate where and when crimes are likely to be committed – or who is likely to commit them. These programs work by feeding historic policing data through computer algorithms.
For example, a program might evaluate data about past crimes to predict where future crimes will happen – identifying ‘hot spots’ or ‘boxes’ on a map. But the data these programs use can be incomplete or biased, leading to a ‘feedback…
Content type: Explainer
What are police drones?
Drones are remotely controlled Unmanned Aerial Vehicles (UAVs) of varying sizes.
They usually come equipped with cameras and might be enabled with Facial Recognition Technology.
Drones can be equipped with speakers, surveillance equipment, radar and communications interception tools, such as ‘IMSI catchers’.
How might drones be used during protests?
Camera-enabled drones may be used to remotely monitor and track people’s movements in public spaces, including at…
Content type: Explainer
What is hacking?
Hacking refers to finding vulnerabilities in electronic systems, either to report and repair them, or to exploit them.
Hacking can help to identify and fix security flaws in devices, networks and services that millions of people may use. But it can also be used to access our devices, collect information about us, and manipulate us and our devices in other ways.
Hacking comprises a range of ever-evolving techniques. It can be done remotely, but it can also include physical…
Content type: Explainer
What is an IMSI catcher?
‘IMSI’ stands for ‘international mobile subscriber identity’, a number unique to your SIM card. IMSI catchers are also known as ‘Stingrays’.
An ‘IMSI catcher’ is a device that locates and then tracks all mobile phones that are connected to a phone network in its vicinity, by ‘catching’ the unique IMSI number.
It does this by pretending to be a mobile phone tower, tricking mobile phones nearby to connect to it, enabling it to then intercept the data from that phone…
Content type: Long Read
Tucked away in a discrete side street in Hungary’s capital, the European Union Agency for Law Enforcement Training (CEPOL) has since 2006 operated as an official EU agency responsible for developing, implementing, and coordinating training for law enforcement officials from across EU and non-EU countries.
Providing training to some 29,000 officials in 2018 alone, it has seen its budget rocket from €5 million in 2006 to over €9.3 million in 2019, and offers courses in everything from…
Content type: Long Read
The European Union (EU) is the world’s largest donor of development aid, an instrumental supporter of democracies and peace around the world, and a powerful global force for reigning-in big tech and other exploitative industries.
But since the 2015 migration crisis and with populist anti-immigration parties in power across the Union, it has focused this immensely powerful influence abroad squarely on managing flows of migration: using its economic, diplomatic, and security might to…
Content type: News & Analysis
At a time where the mass surveillance of protests has been at the forefront, the UN High Commissioner for Human Rights released a timely report on the impact of new technologies on the promotion and protection of human rights in the context of assemblies, including peaceful protests.
The new report highlights the strong ties between protest and privacy and warns that “…the use of some such technologies to surveil or crack down on protesters can lead to human rights violations, including…
Content type: Case Study
Facial recognition technology (FRT) is fairly present in our daily lives, as an authentication method to unlock phones for example. Despite having useful applications, FRT can also be just another technology used by those in power to undermine our democracies and carry out mass surveillance. The biometric data collected by FRT can be as uniquely identifying as a fingerprint or DNA. The use of this technology by third parties, specially without your consent, violates your right to privacy.
The…
Content type: Explainer
The internet is filled with guides on how to file a Freedom of Information (FOI) request. Depending on the country you are in, it is likely that a local NGO – or your national freedom of information authority. – will have come up with one. The Global Investigative Journalism Network has an excellent list of FOI resources available in many countries across every continent. We really recommend you take a look at it; many of the FOI guides we love are in that repository.At PI we equally spend much…
Content type: Report
The majority of people today carry a mobile phone with them wherever they go, which they use to stay connected to the world. Yet an intrusive tool, known as an International Mobile Subscriber Identity catcher, or “IMSI catcher” is a form of surveillance equipment that enables governments and state authorities to conduct indiscriminate surveillance of mobile devices, and by extension, on users.
IMSI catchers can do much more than monitor and intercept mobile communications. Designed to imitate…
Content type: News & Analysis
IMSI catchers (or stingrays as they are known in the US) are one of the surveillance technologies that has come to the forefront again in the protests against police brutality and systemic racism that have been sparked by the murder of George Floyd on 25 May 2020.
An International Mobile Subscriber Identity catcher – in short an “IMSI catcher” – is an intrusive piece of technology that can be used to locate and track all mobile phones that are switched on in a certain area. It does so by…
Content type: Long Read
In December 2019, the Information Rights Tribunal issued two disappointing decisions refusing appeals brought by Privacy International (PI) against the UK Information Commissioner.
The appeals related to decisions by the Information Commissioner (IC), who is responsible for the UK’s Freedom of Information regime, concerning responses by the Police and Crime Commissioner for Warwickshire and the Commissioner of Police for the Metropolis (The Metropolitan Police) to PI’s freedom of information…