Search
Content type: News & Analysis
As the international cyber security debate searches for new direction, little attention is paid to what is going on in Africa. Stepping over the remains of the UN Group of Governmental Experts, and passing by the boardrooms of Microsoft struggling to deliver their Digital Geneva Convention, African nations are following their own individual paths.
Unfortunately, these paths increasingly prioritise intrusive state surveillance and criminalisation of legitimate expression online as…
Content type: Examples
In April 2010, Facebook launched a set of tools to enable websites to add a social layer by adding a Facebook frame to their pages. The company's three launch partners, Microsoft's Docs.com, Yelp, and Pandora, had access to a more comprehensive tool, Instant Personalization, which allowed them to look directly at individuals' Facebook profiles and use the public information presented there to provide a personalised experience such as playing music (Pandora) or restaurants (Yelp) that the person…
Content type: Press release
Photo credit: Forbrukerrådet
The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.
Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the…
Content type: Examples
In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device manufacturers - Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung, the FTC recommends that manufacturers should deploy these updates more quickly and suggests that manufacturers should…
Content type: Examples
Two of the most notorious malware outbreaks of 2017 were the ransomware WannaCry and the wiper malware NotPetya. Both relied on the NSA's EternalBlue exploit of the Microsoft Server Message Block, which was leaked online by the hacker group The Shadow Brokers. Along with EternalBlue, The Shadow Brokers also leaked three other exploits: EternalSynergy, EternalRomance, and EternalChampion. In early 2018, RiskSense security researcher Sean Dillon ported these three to work on Windows versions…
Content type: Examples
The Dutch data protection authority has found that Microsoft's Windows 10 operating system breaches Dutch law by processing personal data of the system's users without informing them clearly about what type of data the company uses and for what purpose. In addition, users cannot give valid consent because the company does not clearly inform them that under the default settings it collects personal usage data through its Edge web browser. The result is to rob users of control over both their…
Content type: Explainer
“Smart city” is a marketing term used to define the use of technology – and in particular data collection – to improve the functioning of cities. The idea behind smart cities is that the more local governments know about city inhabitants the better the services they deliver will be. However, the reality is that the term means different things to different actors from companies to governments.
The World Bank suggests two possible definitions of smart cities. The first one is “a technology-…
Content type: Examples
In early 2016 Libreville, the capital of Gabon, signed up for Microsoft's CityNext programme, which is intended to supply innovative "smart city" solutions in eight key areas: health, social services, infrastructure, water, electricity, justice, culture, and education. Applications in each area will allow the city to manage traffic and urban transport, govern and collect taxes, and provide citizens with electronic access to health, citizen, police, and emergency services, as well as make it…
Content type: Examples
In September 2016, an algorithm assigned to pick the winners of a beauty contest examined selfies sent in by 600,000 entrants from India, China, the US, and all over Africa, and selected 44 finalists, almost all of whom were white. Of the six non-white finalists, all were Asian and only one had visibly dark skin. The contest was run by Beauty.ai, an initiative from the Russia and Hong Kong-based Youth Laboratories, and was supported by Microsoft and Nvidia. The reason was the lack of diversity…
Content type: Impact Case Study
What is the problem
Business models of lots of companies is based on data exploitation. Big Tech companies such Google, Amazon, Facebook; data brokers; online services; apps and many others collect, use and share huge amounts of data about us, frequently without our explicit consent of knowledge. Using implicit attributes of low-cost devices, their ‘free’ services or apps and other sources, they create unmatched tracking and targeting capabilities which are being used against us.
Why it is…
Content type: News & Analysis
Private surveillance companies selling some of the most intrusive surveillance systems available today are in the business of purchasing security vulnerabilities of widely-used software, and bundling it together with their own intrusion products to provide their customers unprecedented access to a target’s computer and phone.
It's been known for some time that governments, usually at a pricey sum, purchase such exploits, known as zero- and one-day exploits, from security researchers to…
Content type: News & Analysis
17 June 2013
Below is an excerpt of an article that recently appeared in Melbourne, Australia's The Age, written by Carly Nyst, Head of International Advocacy at Privacy International:
"Mass surveillance of a country's citizens by its government can no longer be said to be the preserve of authoritarian and dictatorial states.
The publication last week by The Guardian of classified National Security Agency documents has exposed the extent of surveillance by the US government, throwing…
Content type: Press release
17 November 2015
A new Privacy International investigation reveals Microsoft's complicity in a serious case of Government persecution in Thailand. It is a shocking example of how Western companies not only work with governments that fall considerably short of international human rights standards, but can actually facilitate abuses of human rights.
In early 2014, a Thai stockbroker, Katha Pachachirayapong, was accused by the Government of spreading rumours on the ill-health of King…
Content type: News & Analysis
There are three good reasons why security is so hard for NGOs. First, we are afraid to speak about meaningful security. Second, we focus on the wrong areas of security and in turn spend money and prioritise the wrong things. Third, we struggle to separate the world we want from the worlds we build within our own organisations. At PI we have failed and struggled with each of these for over 20 years. Out of exhaustion, we decided to do something about it: we are building an open framework, a…
Content type: News & Analysis
Ask people around you if they live in a smart city, and more likely than not they will answer that they don’t. I can tell you that because I have tried.
When giving talks about this very topic in cities like Berlin, The Hague and Stockholm, I always ask this question at the start. The rough ratio I tend to get is that: 15 per cent hesitantly raise their hand to say they do, 60 per cent don’t, 20 per cent just look confused and 5 per cent are not listening.
And yet most people who live in cities…
Content type: Explainer
What is integrated policing?
Integrated policing is the collection and centralisation of data used for policing purposes. In the era of ‘big data’, companies – often the same companies offering infrastructures for smart cities – are offering interfaces that allow police easier access to datasets. Smart cities are cities where projects are deployed to use the collection and analysis of data to attempt to provide better targeted services to inhabitants.
With the proliferation of surveillance…
Content type: Case Study
Police and security services are increasingly outsourcing intelligence collection to third-party companies which are assigning threat scores and making predictions about who we are.
The rapid expansion of social media, connected devices, street cameras, autonomous cars, and other new technologies has resulted in a parallel boom of tools and software which aim to make sense of the vast amount of data generated from our increased connection. Police and security services see this data as an…
Content type: News & Analysis
Technologists hoped the “Crypto Wars” of the 1990s – which ended with cryptographers gaining the right to legally develop strong encryption that governments could not break – was behind them once and for all. Encryption is a fundamental part of our modern life, heavily relied on by everything from online banking and online shopping services to the security our energy infrastructure.
However, from comments by the French and German governments about creating a European initiative to circumvent…
Content type: News & Analysis
In our latest report “Who’s that knocking at my door? Understanding surveillance in Thailand”, we highlighted various methods of surveillance that the Thai Government employs. Included in these methods was the finding that Microsoft was the only technology company which by default trusts the Thai Government’s root certificate. Root certificates ensure the validity of a website, and protect users from being tricked into visiting a fake, insecure website. Most technology companies including Apple…
Content type: Long Read
This piece originally appeared here.
On both sides of the Atlantic, we are witnessing the dramatic expansion of government hacking powers. In the United States, a proposed amendment to Rule 41 of the Federal Rules of Criminal Procedure would permit the government to obtain a warrant, in certain circumstances, to hack unspecified numbers of electronic devices anywhere in the world. Meanwhile, across the pond, the British Parliament is currently debating the Investigatory…
Content type: News & Analysis
“It’s like 10,000 spoons when all you need is a knife”. Alanis Morissette thought that was ironic. I never thought so. I suggest a far more ironic lyric to you Alanis - "It’s like the Home Office not listening during a consultation about how it wants to listen to everything you do’. OK, it might not be the catchiest lyric, but you can’t say it’s not ironic.
Today the latest version of the Investigatory Powers Bill was published. The Government might want some credit…
Content type: News & Analysis
Section 217 and the Draft Code of Practice on Interception of Communications
Tech giants including Apple Inc, Facebook Inc, Google Inc, Microsoft Corp, Twitter Inc and Yahoo Inc have been openly critical of the UK Government’s Investigatory Power Bill (IPBill). However, what has not been highlighted is a deeply concerning Draft Code of Practice on Interception on Communications, which will not only affect telecommunications companies small and large, but result in costs to the…
Content type: News & Analysis
We already know that in some countries, like the UK, governments are drafting laws to legalise and legitimise their incredible surveillance powers. In the U.S. we are seeing legislation that is using remarkably similar language on encryption and surveillance. The next phase of the cryptowars has openly begun.
Yesterday what is being called the Feinstein-Burr decryption Bill was introduced into the US Senate and leaked online. Whilst the short title ‘Compliance with Court Orders…
Content type: Press release
Today’s report by the Joint Committee on the Investigatory Powers Bill is the third committee report that concludes that the Home Office has failed to provide a coherent surveillance framework.
The Joint Committee on the Investigatory Powers Bill today published a 198 page report following a short consultation period between November and January. Their key findings are that:
- the definitions in the bill need much work, including a meaningful and comprehensible…
Content type: News & Analysis
The relationship between users and companies is based primarily on trust. However, many recent developments have the potential to undermine this trust and to question companies loyalties to their users. From excessive data collection and transmission to the failure to guard against basic security risks, one could be forgiven for thinking that the privacy and security interests of users and devices have taken a back seat. Governments of the world are unilaterally endeavouring to…
Content type: Long Read
Written by Eva Blum-Dumontet
A recent case of lèse-majesté in Thailand (speaking ill of the monarchy) is a worrying example of how Western companies do not just work with governments that fall short of international human rights standards, but can actually facilitate abuses of human rights.
Our investigation on the trial of Katha Pachachirayapong — accused of spreading rumours on the ill-health of the King Bhumibol Adulyadej, thereby causing sharp falls in the Thai stock market — reveal the…
Content type: News & Analysis
According to Snowden documents analysed by Privacy International, the Australian Signals Directorate had access to and used PRISM, a secret US National Security Agency program which provides access to user data held by Google, Facebook and Microsoft.
This is the third spy agency of the 'Five Eyes' alliance confirmed to have had secret access to Silicon Valley company data - an alliance whose rules and policies remain classified. Earlier this year, a British court ruled that GCHQ access to…
Content type: Press release
Privacy International and several other human rights organisations are taking the UK Government to the European Court of Human Rights over its mass surveillance practices, after a judgement last year found that collecting all internet traffic flowing in and out of the UK and bulk intelligence sharing with the United States was legal.
The appeal, filed last week by Privacy International, Bytes for All, Amnesty International, Liberty, and other partners, comes in response to a…
Content type: News & Analysis
Privacy International, Bytes for All and other human rights groups are celebrating a major victory against the Five Eyes today as the UK surveillance tribunal rules that GCHQ acted unlawfully in accessing millions of private communications collected by the NSA up until December 2014.
Today’s judgement represents a monumental leap forward in efforts to make intelligence agencies such as GCHQ and NSA accountable to the millions of individuals whose privacy they have violated.
The…