Search
Content type: Examples
During 2018, when US president Donald Trump operated a policy under which immigration officers separated families arriving at the border without documentation, there were a number of suggestions for using genetic testing to verify family relationships in the interests of reuniting them. After congresswoman Jackie Speier (D-CA) suggested that companies like the genetic testing service 23andMe could help, the US Department of Health and Humna Services announced it would conduct its own tests. In…
Content type: Examples
In July 2018 Walmart filed a patent on a system of sensors that would gather conversations between cashiers and customers, the rattle of bags, and other audio data to monitor employee performance. Earlier in 2018, Amazon was awarded a patent on a wristaband that would monitor and guide workers in processing items. UPS uses sensors to monitor whether its drivers are wearing seatbelts and when they open and close truck doors. All these examples, along with others such as technology that allows…
Content type: Examples
The 2017 hack of the shipping company A.P. Møller-Maersk, which manages 800 seafaring vessels and 76 ports that handle nearly a fifth of the world's shipping capacity, required an emergency shutdown of the company's entire IT system, including its phones. Maersk was a victim of NotPetya, the most vicious cyberweapon released to date, created by a group of Russian military hackers and intended to hit the Ukraine, where it hit hospitals, power companies, airports, government agencies, banks, and…
Content type: Examples
In 2018, the Paris prosecutor's office opened a preliminary inquiry after the lawyer Pierre Farge accused a Bercy specialist intelligence branch of the tax authorities of hacking his firm's database to access information covered by professional confidentiality. The case serves to illustrate the difficulties of launching such a challenge in France, and also the functioning of the tax administration even after the passage of a 2017 law protecting whistleblowers.
https://www.lelanceur.fr/…
Content type: Examples
In late 2018, after apps like Strava and Polar Flow exposed the movements of staff around military bases, the US Department of Defense banned military troops and other workers at sensitive sites from using fitness trackers and other apps that could reveal their users' location. Military leaders will have discretion over whether local staff can use GPS, and the devices themselves - smartwatches, tablets, phones, and fitness trackers - are not banned.
https://www.forbes.com/sites/emmawoollacott/…
Content type: Examples
At the 2018 DefCon security conference, a researcher from the security firm Nuix presented the discovery that body cameras from five different manufacturers shoe cameras are in use by US law enforcement are vulnerable to remote digital attacks, some of which could manipulate footage so it could not be trusted as an accurate record of events. Vulnerabilities in devices from Vievu, Patrol Eyes, Fire Cam, and CeeSc allowed Josh Mitchell to delete footage from a camera or download it, edit or…
Content type: Examples
In 2018, documents filed in a court case showed that a few days before the 2017 inauguration of US president Donald Trump - timing that may have been a coincidence - two Romanian hackers took over 123 of the police department's 187 surveillance cameras in Washington, DC with the intention of using police computers to email ransomware to more than 179,000 accounts. The prosecution also said the alleged hackers had stolen banking credentials and passwords and could have used police computers to…
Content type: Examples
As the use of non-cash payment mechanisms continued to increase over the course of 2018, Europe's central banks began warning that phasing out cash poses a serious threat to the financial system, as too-heavy reliance on digital payments exposes countries to the potential for catastrophic failure due to IT failures, energy blackouts, and hacker attacks. In addition, regulators warned that a cashless world alienates vulnerable members of society such as elderly and disabled people. The level of…
Content type: Examples
A 2016 Privacy International report on Syrian state surveillance found that between 2007 and 2012 the Assad regime spent millions of dollars on building a nationwide communications monitoring system. By 2012, this surveillance capability helped the Syrian government target and murder journalists, including American Sunday Times reporter Marie Colvin and French photographer Rémi Ochlik in 2012, both covering the war. In 2018, the Colvin family filed a video of the journalists' final moments…
Content type: Examples
Police and blackmailers in Egypt are using gay dating apps like Grindr, Hornet, and Growlr to find targets tor arrest and imprisonment while the developers who can make changes are thousands of miles away and struggle to know what to change to protect their users. In a typical story, a target finds a friendly stranger on a gay dating site, and only find out when they eventually meet that the contact has been building a debauchery case. Homosexuality is not illegal in Egypt, but the el-Sisi…
Content type: Examples
In December 2014 researchers at Malwarebytes discovered that for two months an Adobe Flash player zero-day exploit with a ransomware payload was embedded in online ads placed by a leading advertising network. The attack ended when Adobe patched Flash to close the vulnerability on February 2, 2015. The attackers injected the malware-carrying ads onto the websites of Dailymotion, Huffington Post, Answers.com, New York Daily News, HowtoGeek.com, and others for an average of two days each. The…
Content type: Examples
In a talk at the 2018 Wall Street Journal CEO Council Conference, Darktrace CEO Nicole Eagan gave as an example of the new opportunities afforded by the Internet of Things a case in which attackers used a thermometer in a lobby aquarium to gain a foothold in a casino's network and exfiltrate the high-roller database. Regulation will be required to set minimum security standards.
https://www.businessinsider.de/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4…
Content type: Examples
For years, car manufacturers including Range Rover, BMW, and Volkswagen kept secret security risks in their vehicles' keyless entry systems that exposed hundreds of millions of car owners to the risk of theft from attackers using gadgets available online for £100. In March 2018, Range Rovers were fitted with preventive technology, but the manufacturers chose not to disclose that older models remained at risk. In the past Volkswagen sued to prevent a security researcher from publishing his…
Content type: Examples
The US company Securus provides a cellphone tracking service that can locate almost any cellphone in the US within seconds by obtaining data from major carriers via a system used by marketers and other companies. In 2018, former Mississippi County, Missouri, sheriff Cory Hutcheson was charged in state and federal courts for using the service to track people's phones, including those of other police officers, without court orders. Securus, which also provides and monitors calls to inmates in…
Content type: News & Analysis
European leaders met last week in Brussels to discuss what is supposed to be two separate issues, the next trillion euro-plus budget and migration. In truth, no such separation exists: driven by nationalists and a political mainstream unable to offer any alternative but to implement their ideas, the next budget is in fact all about migration.
This strategy contained within the budget will get the approval of Hilary Clinton, who recently told the Guardian that ‘Europe needs to get a handle on…
Content type: Examples
In 2018, a South Carolina woman realised her FREDI video baby monitor had been hacked when the camera began panning across the room to the spot where she breastfed her son. A 2015 study conducted by Rapid7 found that baby monitors have a number of vulnerabilities that are both easily exploited and long-ago solved for modern computers. Consumers eager to avoid these problems should either avoid buying monitors with internet connections or look for manufacturers that are known to fix security…
Content type: Examples
In June 2018, after privacy activists found security flaws in toys such as My Friend Cayla and others and the US Consumer Product Safety Commission opened an investigation into the problems of connected gadgets, Amazon, Walmart, and Target announced they would stop selling CloudPets. Made by Spiral Toys, CloudPets uses voice recordings, an internet connection, and a Bluetooth-connected app. In 2017, a hackers were able to access and hold for ransom CloudPets' database, including email addresses…
Content type: Examples
In 2018, military security officers from the Israeli Defence Force accused Hamas of loading fake World Cup and dating apps with malware and making them available via the Israeli version of the Google Play store in order to hack the mobile phones of Israeli soldiers. The apps were capable of accessing locations, copying contacts, file, and photographs, and taking control of camera and microphone. The World Cup app offered HD live-streamed matches and updates. The IDF added that about 100…
Content type: News & Analysis
Over one month ago, Privacy International filed complaints concerning seven data brokers, ad-tech companies, and credit referencing agencies with data protection authorities across Europe. The companies named in the complaints are Acxiom, Criteo, Equifax, Experian, Oracle, Quantcast, and Tapad.
The submissions set out the myriad of ways in which these companies fall short of what is required by data protection laws in the European Union and called on the data protection authorities to…
Content type: Case Study
The exclusion caused by ID can have a devastating effect on people, limiting their opportunities and ability to survive.
Names have been changed.
Carolina is in a more privileged position than many other migrants, she admits that. She has a formal job, for one. She is – and has always been – in Chile legally: her previous visa has expired, and her new one is being processed. Under the law, she is permitted to stay and work in the country while this is happening. But she is finding the…
Content type: Case Study
Photo credit: Douglas Fernandes
The exclusion caused by ID can have a devastating effect on people, limiting their opportunities and ability to survive. In September 2018, Privacy International interviewed people in Santiago, Chile who had faced problems from the Chilean ID system, known as the RUT. Names have been changed.
It was never going to be easy for Liliana, entering Chile without a visa. But, in Chile, the ID system – known as the RUT – is ubiquitous; without one, as she would…
Content type: Long Read
Photo credit: Francisco Javier Argel
Questions of identification and ID, with their associated privacy risks, are only increasing. There are multiple dimensions to understanding the impact of ID and identification; a key one is to understand how it can exclude. This is why Privacy International is conducting research to explore this important and underreported aspect.
Read our case studies: Carolina and Iliana.
In the identity discourse, identity is often closely linked to themes of “…
Content type: Advocacy
Image source
The EU extensively bolsters the surveillance and border control capabilities of governments around the world – and is set to dramatically increase such support. Below, we look at how some of these existing funds are being used, how their proposed expansion will undermine people’s privacy around the world for decades to come, and what needs to be done about it.
Migration has dominated the recent EU agenda and will once again be central during this week’s European Council meeting…
Content type: News & Analysis
Taylor Swift may be tracking you, particularly if you were at her Rose Bowl show in May.
According to an article published by Vanity Fair, at Swift’s concert at the California stadium, fans were drawn to a kiosk where they could watch rehearsal clips. At the same time – and without their knowledge - facial-recognition cameras were scanning them, and the scans were then reportedly sent to a “command post” in Nashville, where they were compared to photos of people who are known…
Content type: News & Analysis
Photo credit: Screenshot from video produced by ICRC, ‘What are metadata’, accessible here.
“The platform [Facebook] does not intentionally cause harm to users. Too often, however, Facebook’s business model allows harm to occur.”
The Editorial Board, The Financial Times, 2 December 2018
Imagine if a recipient of humanitarian aid was prevented from accessing a loan because they were deemed ‘uncreditworthy’ for receiving assistance? Or if a refugee was denied asylum…
Content type: News & Analysis
Why is a privacy organisation working with the humanitarian sector, and why does it matter? We may seem like strange bedfellows, but today's ever-growing digital world means that, more and more, people who receive humanitarian assistance are being exposed to unexpected threats.
According to the 2018 Global Humanitarian Overview, there are more than 134 million people across the world in need humanitarian assistance. Of these, about 90.1 million will receive aid of some form. It is…
Content type: Press release
Key Points
A new report by Privacy International and the International Committee of the Red Cross finds that the humanitarian sector’s use of digital and mobile technologies could have detrimental effects for people receiving humanitarian aid.
This is because these digital systems generate a ‘data trail’ that is accessible and exploitable by third parties for non-humanitarian purposes. This metadata can be used to infer extremely intimate details, such as someone’s travel patterns or…
Content type: Report
New technologies continue to present great risks and opportunities for humanitarian action. To ensure that their use does not result in any harm, humanitarian organisations must develop and implement appropriate data protection standards, including robust risk assessments.
However, this requires a good understanding of what these technologies are, what risks are associated with their use, and how we can try to avoid or mitigate them. This joint report by Privacy International and the…
