Search
Content type: Examples
Managed from a purpose-built coronavirus control centre, Moscow's network of 100,000 cameras equipped with facial recognition technology is being used to ensure that anyone placed under quarantine stays off the streets. Officials claim the centre can also be used to track international arrivals and monitor social media for misinformation.
Source: https://www.france24.com/en/20200324-100-000-cameras-moscow-uses-facial-recognition-to-enforce-quarantine
Writer: Sam Ball
Publication: France 24
Content type: Examples
The success of South Korea's efforts to combat the coronavirus without a national lockdown and without suspending civil rights depended in part on preparation put in place after the 2015 MERS epidemic and in part on the country's network of private testing labs, which enabled the country to quickly set up drive-in testing, with the results rapidly texted back to mobile phones. Positive results set in motion aggressive contact-tracing incorporating CCTV footage, mobile phone tracking data, and…
Content type: Examples
A newly-enacted Slovakian law, inspired by similar laws in Singapore, South Korea, and Taiwan, allows the country's Public Health Office to use location data from mobile phones to track people ordered to quarantine to ensure they are not breaking the rules. The angry public response on privacy grounds forced the government to clarify: it will only collect limited data and use it only in connection with the coronavirus outbreak, the data will only be accessible by the Public Health Office; and…
Content type: Examples
Estonia's Government Crisis Commission has instructed the state statistical office, Statistics Estonia, to use mobile geolocation data from companies such as Telia, Elisa, and Tele 2 in order to study people's movements to prevent the spread of COVID-19. Statistics Estonia hoped to launch the project during the week of March 24, 2020. Mart Mägi, the director general of Statistics Estonia, said the intention was to analyse people's movements before and after emergency measures were implemented,…
Content type: Examples
A day after John Tory, the mayor of the City of Toronto, told thousands of attendees at an online event hosted by TechTO that the city was gathering cellphone location data from telecoms in order to identify areas where residents were still congregating despite the city's social distancing rules, he withdrew the claim. City staff explained that an offer had been made to share anonymous cellphone location data with the City and it had been passed along to Toronto Public Health and the Emergency…
Content type: Examples
The Rio de Janeiro City Hall has signed an agreement with telecomunications company TIM to use geolocation data to develop "heat maps" by cross-referencing epidemological hubs with high population density locations. Under the agreement, TIM will pinpoint the movement of its users across Rio de Janeiro through antennae-facilitated geolocation triangulation and send it online to the local government to enable it to monitor whether individuals are complying with isolation measures and assess…
Content type: Report
On 12 December 2018 a member of Lancashire Police Department UK told viewers of a Cellebrite webinar that they were using Cellebrite's Cloud Analyser to obtain cloud based 'evidence'. In response to a Freedom of Information request Hampshire Constabulary told Privacy International they were using Cellebrite Cloud Analyser.
They are not alone. In Cellebrite's 2019 Annual Trend Survey, Cellebrite found that law enforcement is increasingly using 'cloud extraction.' But the…
Content type: Examples
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…
Content type: Examples
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.
“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.
“This means a Bluetooth connection can be established without pairing the devices at all.…
Content type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content type: Examples
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…
Content type: Examples
Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum…
Content type: Case Study
The right to privacy is crucial to protect a couple’s equal rights within marriage.
The recent rise of spyware as an “off-the-shelf” product that anyone can purchase has been extremely worrying, as installing spyware on someone else’s phone means getting access to their contacts, their messages, their google searches, their location and more - all without them knowing.
Spyware is, increasingly, becoming another way for abusive spouses to control and monitor their partners. Nearly a third of…
Content type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples in Singapore and emerging plans in the UK.
Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone…
Content type: Case Study
In Peru, you get asked for your fingerprint and your ID constantly - when you’re getting a new phone line installed or depositing money in your bank account – and every Peruvian person has an ID card, and is included in the National Registry of Identity – a huge database designed to prove that everyone is who they say they are. After all, you can change your name, but not your fingerprint.
However, in 2019 the National Police of Peru uncovered a criminal operation that was doing just that:…
Content type: Examples
Together with Norwegian company Simula the Norwegian Institute of Public Health is developping a voluntary app to track users geolocation and slow the spread of Covid-19. Running in the background, the app will collect GPS and Bluetooth location data and store them on a server for 30 days. If a user is diagnosed with the virus, its location data can be user to trace all the phones that have been in close contact with the person. Authorities will use this data to send an SMS only to those phones…
Content type: Video
We can’t believe we’re having to say this, but the hours after giving birth are private. If you’re a parent, you may have heard of Bounty, a sales and marketing company allowed access to hospital maternity wards and approach women who have just given birth. This doesn’t happen on any other hospital ward. Can you imagine coming round from major surgery to find a stranger trying to sell you stuff? The physical invasion of privacy is bad enough, but delving into the company’s relationship with…
Content type: Examples
In response to a case brought by the Legal Center for Arab Minority Rights in Israel (Adalah), the Arab Joint List, and the Association for Civil Rights in Israel, the Israeli Supreme Court issued a temporary injunction on March 19 limiting the the state's and the Shin Bet security service's use of cellphone surveillance, among others, to track and monitor COVID-19 patients and trace their contacts. The court indicated it will ban the programme unless a parliament oversight committee is…
Content type: Examples
On March 20, the Peruvian government introduced a website where citizens can retrieve the results of tests for COVID-19. The site asks only for the patient to fill in their National ID number and a simple captcha, making it easy for unauthorised parties to access others' results and put people at risk of exploitation and discrimination.
Source: https://saludconlupa.com/noticias/peru-debilidades-de-plataforma-del-ministerio-de-salud-pueden-exponer-informacion-clinica-de-pacientes-covid-19…
Content type: Examples
The Romanian government has formally notified the Council of Europe under Article 15, paragraph 3 of the ECHR of the country's state of emergency decree, noting that some of the measures being taken involve derogations from the obligations under the Convention.
Source: https://rm.coe.int/09000016809cee30
Writer: Permanent Representation of Romania
Publication: Official letter
Content type: Examples
The Local Government Association has argued that councils should not have to comply with freedom of information requests during the coronavirus crisis. Greater Manchester police followed suit, saying that police in non-critical roles were being reallocated to operational policing and would not answer FOI requests "until further notice".
Source:
https://www.theguardian.com/politics/live/2020/mar/23/uk-coronavirus-live-news-latest-boris-johnson-minister-condemns-people-ignoring-two-metre-…
Content type: Examples
On March 19, the Peruvian government instituted a daily curfew from 8pm to 5am, which applies to all but those working to provide essential services. Members of the print and broadcast press must carry their special permits, badges, and ID cards, and those requiring urgent medical care are allowed to travel. Private citizens are no longer allowed to drive their own cars at any time except where necessary for the above groups. The law is being enforced by the police and armed forces.
Sources:…
Content type: Examples
On March 14, Romanian president Klaus Iohannis announced a state of emergency to make it possible to allocate new resources for crisis management, and urged the public to follow isolation guidelines and hygiene rules. The Parliament must approve within five days, and the state of emergency lasts 30 days. The decree allows the government to carry out checks on persons and places, order temporary closures of shops and other public places, halt the distribution of publications or broadcasts, and…
Content type: Examples
Aided by its small size, Singapore's contact tracing efforts were a key element of controlling the virus's spread; detectives used CCTV footage to locate the contacts of more than 6,000 people. Singapore also contacts individuals required to self-isolate several times a day and requires them to send photographic proof of their location. Breaking quarantine attracts substantial penalties, including jail terms, and in one case stripped an offender of his residency rights. Singapore also quickly…
Content type: Examples
On March 14 a group of immigrant advocacy groups wrote to the government asking for the Home Office to release all 1,500 to 2,000 detainees in order to protect them from a coronavirus outbreak in the UK's seven removal centres and two short-term holding centres.. On March 21, the Home Office said it had released 300 of the detainees. The charity Detention Action launched a legal action to compel the Home Office to release the most vulnerable detainees and test all detainees. The Home Office…