Search
Content type: Long Read
Mobile phones remain the most frequently used and most important digital source for law enforcement investigations. Yet it is not just what is physically stored on the phone that law enforcement are after, but what can be accessed from it, primarily data stored in the Cloud.
Cellebrite, a prominent vendor of surveillance technology used to extract data from mobile phones, notes in its Annual Trend Survey that in approximately half of all investigations, cloud data ‘appears’ and that…
Content type: News & Analysis
CC: BY (Kirill Sharkovski)-SA
Este artículo fue escrito por Jamila Venturini, Coordinadora regional de Derechos Digitales. El artículo fue publicado por primera vez aquí. This article is available in English.
La implementación de programas que condicionan el acceso a servicios básicos por medio de vigilancia estatal y privada agudizan la inequidad imperante en el continente.
Mientras la brecha entre ricos y pobres se incrementa en el mundo, América Latina sigue siendo la región donde la…
Content type: News & Analysis
Picture: CC: BY (Kirill Sharkovski)-SA
This article was written by Jamila Venturini from Derechos Digitales. The original version (in Spanish) is available here.
How implementing social protection programmes that condition access to basic services to state and private surveillance exacerbate the prevailing inequality on the continent.
While the gap between rich and poor is increasing in the world, Latin America remains the most unequal region of the world. According to the Economic…
Content type: News & Analysis
A new UK Times report claims that “WhatsApp, Facebook and other social media platforms will be forced to disclose encrypted messages from suspected terrorists, paedophiles and other serious criminals under a new treaty between the UK and the US.”
Several other media outlets have followed up on the report, with headlines such as “UK and US set to sign treaty allowing UK police ‘back door’ access to WhatsApp and other ‘end to end encrypted’ messaging platforms”.
While the…
Content type: News & Analysis
Citing inaccuracy, major manufacturer declines to combine facial recognition and body worn cameras - but accurate or not, real-time facial recognition should never be coupled with police body-worn cameras
Axon Enterprise Inc.—a major manufacturer of police body-worn cameras and digital evidence management systems that also partners with Microsoft to provide services to law enforcement—announced that the company would refrain from equipping police body-worn cameras with facial…
Content type: News & Analysis
Privacy International has joined a global coalition of privacy campaigners, tech companies, and technology experts to respond to proposals by British intelligence chiefs aimed at allowing them access to encrypted messaging apps such as WhatsApp or Signal.
If implemented, the proposals would allow government authorities to force messaging platforms to silently add a law enforcement participant to a group chat or call.
Such a capability poses serious threats to…
Content type: Examples
In November 2018, Germany's Federal Cyberintelligence Agency (Bundesamt für Sicherheit in der Informationstechnik, or BSI) released a highly detailed analysis of the myriad ways that Windows 10 tracks users and showing that only enterprise versions of Windows have the ability to turn them off. BSI found that under the Full Tracking setting Windows runs 534 tracking processes and 503 on the Basic setting. Enterprise versions have an extra "security" setting available that reduces the number to…
Content type: Examples
In November 2018, a report by the consultancy Privacy Company, on behalf of the Dutch Ministry of Justice, found that Microsoft could be breaking European data collection rules because its Office software was collecting large amounts of personal data including email subject lines and snippets of content typed into emails or Word. The data was originally transmitted to the US, but in an effort to comply with GDPR Microsoft had switched to storing the data in Europe. The Dutch government was…
Content type: News & Analysis
Photo by Mike MacKenzie (via www.vpnsrus.com)
Ever, a cloud storage app, is an example of how facial recognition technology can be developed in ways people do not expect and can risk amplifying discrimination.
Ever is a cloud storage app that brands itself as “helping you capture and rediscover your life’s memories,” including by uploading and storing personal photos; Ever does not advertise that it uses the millions of photos people upload to train its facial recognition software,…
Content type: Long Read
Imagine that every time you want to attend a march, religious event, political meeting, protest, or public rally, you must share deeply personal information with police and intelligence agencies, even when they have no reason to suspect you of wrongdoing.
First, you need to go to the police to register; have your photo taken for a biometric database; share the contacts of your family, friends, and colleagues; disclose your finances, health records, lifestyle choices, relationship status, and…
Content type: News & Analysis
We found this image here.
Today, a panel of competition experts, headed by Professor Jason Furman, the former chief economic adviser of in the Obama administration, confirmed that tech giants, like Facebook, Amazon, Google, Apple and Microsoft, do not face enough competition.
Significantly, the report finds that control over personal data by tech giants is one of the main causes preventing competition and ultimately innovation.
Privacy International's research has shown clear examples of…
Content type: Examples
Even after 2015, when Facebook said it had walled off user records from third parties, inside sources and court documents showed that the company went on maintaining a whitelist of companies that were allowed customised access to information about users' Friends, phone numbers, and a "friend link" metric that measured the degrees of separation. Whitelisted companies included Nissan and Royal Bank of Canada, and others that either advertised on the network or were valuable to Facebook for other…
Content type: Long Read
During the last World Economic Forum in Davos, the CEO of Microsoft joined the chorus of voices calling for new global privacy rules, saying the following in regard to the new European General Data Protection Regulation (GDPR):
“My own point of view is that it's a fantastic start in treating privacy as a human right. I hope that in the United States we do something similar, and that the world converges on a common standard."
We have come a long way. From tech companies fighting and…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in the Philippines is the result of an ongoing collaboration by Privacy International and Foundation for Media Alternatives.
Key privacy facts
1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy (Art. III, section 3).
2.…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Jordan is the result of an ongoing collaboration by Privacy International and 7iber.
Key privacy facts
1. Constitutional privacy protections: Article 18 of the Jordanian constitution contains an explicit mention of privacy.
2. Data protection laws: There is currently no data…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Brazil is the result of an ongoing collaboration by Privacy International and Coding Rights.
Between 2014-2017, Privacy LatAm contributed to previous versions of this briefing.
Key privacy facts
1. Constitutional privacy protection: The constitution contains an explicit…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Argentina is the result of an ongoing collaboration by Privacy International and Asociación por los Derechos Civiles (ADC).
Key Privacy Facts
1. Constitutional privacy protections: While Argentina's constitution does not mention the word 'privacy', Section 19 has been taken by the…
Content type: Examples
In May 2018, the ACLU of Northern California obtained documents under a FOIA request showing that Amazon was essentially giving away its two-year-old Rekognition facial recognition tools to law enforcement agencies in Oregon and Orlando, Florida. Amazon defended the move by saying the technology has many useful purposes, including finding abducted children and identify attendees at the 2018 wedding of Britain's Prince Harry and Meghan Markle. The company markets Rekognition as useful for…
Content type: Examples
In September 2018, AI Now co-founder Meredith Whittaker sounded the alarm about the potential for abuse of the convergence of neuroscience, human enhancement, and AI in the form of brain-computer interfaces. Part of Whittaker's concern was that the only companies with the computational power necessary to develop these technologies are those already leading in AI: Google, Facebook, Microsoft, and equivalent. The result would be that the neural data collected from individuals' thoughts would be…
Content type: Examples
In 2018, a Duke University medical doctor who worked with Microsoft researchers to analyse millions of Bing user searches found links between some computer users' physical behaviours - tremors while using a mouse, repeated queries, and average scrolling speed - and Parkinson's disease. The hope was to be able to diagnose conditions like Parkinson's and Alzheimer's earlier and more accurately. Other such studies tracked participants via a weekly online health survey, mouse usage, and, via…
Content type: Examples
Following the 9/11 attacks in 2001, the New York City Police Department installed thousands of CCTV cameras and by 2008 in partnership with Microsoft had built the Lower Manhattan Security Coordination Center to consolidate its video surveillance operations into a single command centre that also incorporated other sensors such as licence plate readers and radiation detectors. In 2010 as part of its Domain Awareness System, the NYPD began integrating cutting-edge video analytics software into…
Content type: Explainer
In the digital economy there is a trend towards corporate concentration. This is true for social media platforms, search engines, smart phone operating systems, digital entertainment, or online retailers. Meanwhile, the way in which market dominance is measured traditionally does not always capture the extent of their control: firstly, their products and services are often “free” and secondly, it’s often not clear in which “markets” and “sectors” these companies operate, since there is so much…
Content type: Examples
In 2013, Edward Snowden, working under contract to the US National Security Agency for the consultancy Booz Allen Hamilton, copied and leaked thousands of classified documents that revealed the inner workings of dozens of previously unknown surveillance programs. One of these was PRISM, launched in 2007, which let NSA use direct access to the systems of numerous giant US technology companies to carry out targeted surveillance of the companies' non-US users and Americans with foreign contacts by…
Content type: News & Analysis
As the international cyber security debate searches for new direction, little attention is paid to what is going on in Africa. Stepping over the remains of the UN Group of Governmental Experts, and passing by the boardrooms of Microsoft struggling to deliver their Digital Geneva Convention, African nations are following their own individual paths.
Unfortunately, these paths increasingly prioritise intrusive state surveillance and criminalisation of legitimate expression online as…
Content type: Examples
In April 2010, Facebook launched a set of tools to enable websites to add a social layer by adding a Facebook frame to their pages. The company's three launch partners, Microsoft's Docs.com, Yelp, and Pandora, had access to a more comprehensive tool, Instant Personalization, which allowed them to look directly at individuals' Facebook profiles and use the public information presented there to provide a personalised experience such as playing music (Pandora) or restaurants (Yelp) that the person…
Content type: Press release
Photo credit: Forbrukerrådet
The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.
Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the…
Content type: Examples
In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device manufacturers - Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung, the FTC recommends that manufacturers should deploy these updates more quickly and suggests that manufacturers should…
Content type: Examples
Two of the most notorious malware outbreaks of 2017 were the ransomware WannaCry and the wiper malware NotPetya. Both relied on the NSA's EternalBlue exploit of the Microsoft Server Message Block, which was leaked online by the hacker group The Shadow Brokers. Along with EternalBlue, The Shadow Brokers also leaked three other exploits: EternalSynergy, EternalRomance, and EternalChampion. In early 2018, RiskSense security researcher Sean Dillon ported these three to work on Windows versions…
Content type: Examples
The Dutch data protection authority has found that Microsoft's Windows 10 operating system breaches Dutch law by processing personal data of the system's users without informing them clearly about what type of data the company uses and for what purpose. In addition, users cannot give valid consent because the company does not clearly inform them that under the default settings it collects personal usage data through its Edge web browser. The result is to rob users of control over both their…
Content type: Explainer
“Smart city” is a marketing term used to define the use of technology – and in particular data collection – to improve the functioning of cities. The idea behind smart cities is that the more local governments know about city inhabitants the better the services they deliver will be. However, the reality is that the term means different things to different actors from companies to governments.
The World Bank suggests two possible definitions of smart cities. The first one is “a technology-…