Search
Content type: Long Read
Photo credit: Pixabay
This piece was originally published in iNews
It seems that you can’t go anywhere online at the moment without being reassured that ‘we respect your privacy’ and being directed to a 2,000-word privacy policy. You probably just click ‘got it, thanks’ because who has the luxury to stop and think about what their ‘privacy’ actually means?
But privacy is something that starts becoming far less abstract when you can see how it is being threatened and undermined, every day and…
Content type: Long Read
This piece was originally published in Just Security.
Earlier this month, the European Court of Human Rights issued a major judgment in three consolidated cases challenging the U.K. government’s mass interception program, which was first revealed by Edward Snowden in 2013. That judgment finds notable deficiencies in the legal framework governing mass interception, rendering the program unlawful under Articles 8 and 10 of the European Convention on Human Rights (ECHR), which protect the rights…
Content type: Long Read
Written jointly by Privacy International and the American Civil Liberties Union (ACLU).
In a landmark decision earlier this month, the European Court of Human Rights ruled that one of the mass surveillance programs revealed by Edward Snowden violates the rights to privacy and freedom of expression. While the case challenges the U.K. government’s mass interception of internet traffic transiting its borders, the court’s judgment has broader implications for mass spying programs in Europe and…
Content type: Long Read
Image attribution: By Legaleagle86 at en.wikipedia, CC BY-SA 3.0.
In a long-anticipated judgment, the Indian Supreme Court has ruled that India's controversial identification system Aadhaar is Constitutional. They based their conclusion on notes that there are sufficient measures in place to protect data, and that it is difficult to undertake surveillance of citizens on the basis of Aadhaar.
But there is some good in this ruling. The court has demanded that the Government introduce…
Content type: Explainer
In the digital economy there is a trend towards corporate concentration. This is true for social media platforms, search engines, smart phone operating systems, digital entertainment, or online retailers. Meanwhile, the way in which market dominance is measured traditionally does not always capture the extent of their control: firstly, their products and services are often “free” and secondly, it’s often not clear in which “markets” and “sectors” these companies operate, since there is so much…
Content type: Examples
There has been the spread of the linking of the patient identity cards of HIV positive patients, pushed for by the National Aids Control Organisation. While it is not compulsory, in November 2017 it was reported that some patients reported that they were denied treatment until they gave their Aadhaar number. This linking with Aadhaar has led to some HIV positive people dropping out of antiretroviral treatment programmes, for fear that their status would be leaked. Given that Aadhaar is…
Content type: Examples
In March 2018, a security researcher discovered that the state-owned utility company Indane had access to the Aadhaar database via an API, but they did not secure this way of entry. As a result, anybody was able to use this service to access details on the Aadhaar database about any Aadhaar number including an individual's name, and details of the bank accounts they had. This breach meant that it would be possible for someone to cycle through the trillions of possible Aadhaar numbers,…
Content type: Examples
In September 2018, a software patch was found by journalists to be widely available, that disabled or weakened the security features in the software used to enroll people on the Aadhaar databse, potentially from anywhere in the world. The patch was reportedly widely-available in WhatsApp groups, available for around $35USD. The demand for individuals to access the Aadhaar databse goes back to 2010, when private entities were allowed to enroll people in the Aadhaar database, to encourage…
Content type: Examples
In December 2017, it was revealed that the large telco Bharti Airtel made use of Aadhaar-linked eKYC (electronic Know Your Customer) to open bank accounts for their customers without their knowledge or consent. eKYC is a way of using data in the UIDAI database as part of the verification process, which Airtel made use of for the issuing of SIM cards, and also secretly opened bank accounts with their Airtel Payments Bank. More than 2 million accounts could have been opened, receiving more than…
Content type: Examples
In January 2018, journalists found that, for 500 rupees (around $7USD), they were able to buy on WhatsApp access to a gateway that allowed them to access the personal details connected to any of the entries on the Aadhaar database - by entering any Aadhaar number, they could see details like the name, address, phone number, and photograph of the individual associated with that Aadhaar number. They were also able to purcahse software to enable the printing of Aadhaar cards more than 100,000…
Content type: Long Read
The UK's domestic-facing intelligence agency, MI5, today admitted that it captured and read Privacy International's private data as part of its Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD) programmes, which hoover up massive amounts of the public's data. In further startling legal disclosures, all three of the UK's primary intelligence agencies - GCHQ, MI5, and MI6 - also admitted that they unlawfully gathered data about Privacy International or its staff. You can read the…
Content type: Press release
Thames House, Offices of MI5. Photo Credit: Wikimedia Commons
MI5 collected Privacy International’s private data and examined it
GCHQ, MI5, and MI6 unlawfully collected data relating to UK charity Privacy International
Privacy International has written to the UK's Home Secretary demanding action against spy agencies
Disclosures come less than a fortnight after UK laws on mass surveillance ruled unlawful at European Court of Human Rights
The UK's domestic-facing intelligence…
Content type: News & Analysis
“The gathering and holding of personal information on computers, data banks, and other devices, whether by public authorities or private individuals or bodies, must be regulated by law.”
- UN Human Rights Committee, General Comment No. 16, 1988
Underpinning the obligations of those who process personal data, both public and private institutions, the grounds on which they may do so, and the rights of individuals, there are various data protection principles…
Content type: News & Analysis
This piece was originally published on Just Security.
Ten years ago, an FBI official impersonated an Associated Press reporter to lure and track a teenager suspected of sending in prank bomb threats to his school. To find him, the FBI agent, posing as a reporter, sent the teenager links to a supposed story he was working on, but the links were infested with malware that once clicked on quickly exposed the teen’s location. More recently, the FBI has seized and modified websites so…
Content type: Long Read
Who are you? The Challenges of Identity and Identification
“Identity” is a word that covers an incredible range of contested, deeply personal and highly politicised questions. These range from the political and the sociological, through to the psychological and philosophical. A question such as “who are you?” can elicit a multiplicity of responses, none of which are straightforward, are sometimes highly contextual, and are often deeply contested.
However, there is something of an attempt to…
Content type: Long Read
Yesterday, the European Court of Human Rights issued its judgement in Big Brother Watch & Others V. the UK. Below, we answer some of the main questions relating to the case.
What's the ruling all about?
In a nutshell, one of the world's most important courts, the European Court of Human Rights, yesterday found that certain UK laws about how intelligence agencies can spy on our internet communications breach our human rights. These surveillance laws have meant that the UK intelligence…
Content type: News & Analysis
Today was a big day for the privacy of millions of people. The European Court of Human Rights has today ruled that UK laws enabling mass interception of our communications violate the rights to privacy and freedom of expression. This finding is an important victory for human rights and the rule of law.
The judges found that:
The UK’s historical bulk interception regime violated the right to privacy protected by Article 8 of the European Convention on Human Rights (ECHR) and to free…
Content type: Long Read
The European Court of Human Rights ruled today that the UK government's mass interception program violates the rights to privacy and freedom of expression. The Court held that the program "is incapable of keeping the 'interference' to what is 'necessary in a democratic society'". This finding is an important victory for human rights and the rule of law. Below, we break down the key parts of the decision.
The Court's ruling comes after a five-year battle against two UK mass surveillance…
Content type: Press release
The European Court of Human Rights has today ruled that UK laws enabling mass surveillance violate the rights to privacy and freedom of expression.
Judges found that:
The UK’s historical bulk interception regime violated the right to privacy protected by Article 8 of the European Convention on Human Rights (ECHR) and to free expression, protected by Article 10.
The interception of communications data is as serious a breach of privacy as the interception of content, meaning the UK…
Content type: Report
Intelligence sharing between countries is one of the most pervasive and least regulated surveillance practices carried out by governments across the world. It is facilitated by rapidly evolving surveillance technologies that enable intelligence agencies to collect, store, analyse and share ever larger amounts of people’s personal information.
This briefing paper, written jointly by the International Network of Civil Liberties Organizations (INCLO) and PI, sets out urgent recommendations that…