Search
Content type: Long Read
Privacy International (PI) has today released a new report, 'Teach 'em to Phish: State Sponsors of Surveillance', showing how countries with powerful security agencies are training, equipping, and directly financing foreign surveillance agencies.
Spurred by advances in technology, increased surveillance is both powered by and empowering rising authoritarianism globally, as well as attacks on democracy, rights, and the rule of law.
As well as providing a background to the issue, the report…
Content type: Press release
Privacy International has today released a report that looks at how powerful governments are financing, training and equipping countries — including authoritarian regimes — with surveillance capabilities. The report warns that rather than increasing security, this is entrenching authoritarianism.
Countries with powerful security agencies are spending literally billions to equip, finance, and train security and surveillance agencies around the world — including authoritarian regimes. This is…
Content type: Examples
In 2013, Edward Snowden, working under contract to the US National Security Agency for the consultancy Booz Allen Hamilton, copied and leaked thousands of classified documents that revealed the inner workings of dozens of previously unknown surveillance programs. One of these was PRISM, launched in 2007, which let NSA use direct access to the systems of numerous giant US technology companies to carry out targeted surveillance of the companies' non-US users and Americans with foreign contacts by…
Content type: Examples
In May 2018, Google announced an AI system to carry out tasks such as scheduling appointments over the phone using natural language. A Duplex user wanting to make a restaurant booking, for example, could hand the task off to Duplex, which would make the phone call and negotiate times and numbers. In announcing the service, Google stressed its use of "speech dysfluencies" - that is, non-verbal syllables such as "um" and "er" to make the interaction sound more natural.
The system almost…
Content type: Examples
In 2017 the Electronic Privacy Information Center filed a complaint with the US Federal Trade Commission asking the agency to block Google's Store Sales Measurement service, which the company introduced in May at the 2017 Google Marketing Next event. Google's stated goal was to link offline sales to online ad spending. EPIC argued that the purchasing information Google collected was highly sensitive, revealing details about consumers purchases, health, and private lives, and that Google was…
Content type: Examples
DoubleClick was one of the first companies set up to sell display advertising on the web. Set up in 1996, it went public in 1998, and in 1999 merged with the data collection company Abacus Direct. In response to a 2001 US Federal Trade Commission investigation of the proposed merger, DoubleClick promised to keep those two databases separate; and in 2005 when the private equity firm Hellman & Friedman acquired it, that firm promised to operate the company as two separate divisions. In April…
Content type: Examples
In 2012 the US Consumer Watchdog advocacy group filed a complaint against Google alleging that the company had violated its 2011 consent decree with the US Federal Trade Commission in the case about Google Buzz. The complaint was based on February 2012 revelations that the site was failing to honour do-not-track settings in Apple's Safari web browser. The browser itself was set by default to refuse to accept third-party cookies, as these are often used to track users across the web. Google's…
Content type: Examples
In 2009, Spanish citizen Mario Costeja González objected to the fact that an auction notice from 1998, when his home was repossessed, was still accessible on the website of the Spanish newspaper La Vanguardia and the first thing people saw when they searched for him on Google. When the courts declined to order the newspaper to remove the announcement, Costeja asked Google Spain to stop linking to it in search results on his name. When Google did nothing more than forward the complaint to its…
Content type: Examples
In 2012, Google announced it would condense 70 different privacy policies into a single one that would allow the company to merge the data collected across all its services, including Maps, search, Android, Books, Chrome, Wallet, Gmail, and the advertising service provided by its DoubleClick subsidiary into a single database. The company claimed the purpose was to enable a better, more unified experience - for example, it said it would be able to deliver better search results by combining…
Content type: Examples
In 2010, increasing adoption of social media sites such as blogs, Facebook, Twitter, and Flickr led Google to develop Buzz, an attempt to incorporate status updates and media-sharing into its Gmail service. Users could link their various social media feeds, including Picasa (Google's photo-sharing service) and Reader (Google's RSS news reader), directly into Gmail. Via the integrated feed, Gmail users could see not only the content produced by those they followed, but those they didn't if their…
Content type: Examples
In July 2011, the established writer GrrlScientist tried to log into her Google account and found that it was suspended, barring her access to Gmail, Google Docs, YouTube, Google Reader, and the newly launched social network Google+. It turned out that the reason was then when Google launched its Google+ social network in June 2011, it included among its terms and conditions a requirement to use "the name your friends, family, or co-workers call you". In July 2011, Google began suspending the…
Content type: Examples
In 2010, Google revealed that a data audit required by Germany's data protection authority had revealed that since 2007 the cars deployed to capture images for its Street View project had accidentally captured 600GB of data from local wifi networks, including personal web browsing histories. Google said it used network names (SSIDs) and router identifiers (MAC addresses) to use for its location services, but did not use any of the payload data, which the company said consisted only of fragments…
Content type: Examples
Google launched its first version of Android in 2009. Based on a modified Linux kernel and other open source software, Android provides the operating system for mobile phones, tablets, televisions, cars, wrist watches, and many other devices including digital cameras, game consoles, PCs, and personal video recorders. By 2017, Android had become the best-selling operating system in the world, with over 2 billion monthly active users. Even in 2009, critics warned that the operating system, which…
Content type: Examples
In May 2007, Google launched Street View, an add-on to its Maps service that allows users to see and "drive" through images of streets and buildings. Almost immediately, the service provoked controversy when users realised that these images included pictures looking through the windows of their homes and images of license plates, or that caught them in embarrassing or even illegal situations on the street. Google argued that Street View only captured images taken on public property. In August,…
Content type: Examples
To personalise the services it offers, Google retains user data such as search histories and as well as the Internet Protocol (IP) addresses and other digital identifiers that enable the company to link search queries to the specific computer where they were generated. Until March 2007, the company kept this data indefinitely. At that point, it announced that in response to privacy advocates' concerns it would begin anonymising the data after 18 to 24 months. While some welcomed the change,…
Content type: Examples
When Google launched Gmail in 2004, the new service rapidly gained acceptance because it offered far more storage space than any other comparable service. From the beginning, however, Gmail scanned the contents of emails to help the company generate contextual ads. Scanning has never applied to the email service it offers paying corporate customers as part of G Suite. In 2017, Google announced it would end scanning email in the consumer service, largely to end confusion among the corporate…
Content type: Examples
The first example of internet users being blindsided by the retention of information they had thought was ephemeral was Usenet, a worldwide collection of discussion groups ("newsgroups") created in 1979. At the beginning, computers called each other directly to swap and distribute new postings; as the internet became available it became the primary medium for propagating Usenet's burgeoning collection of newsgroups. At its peak in the 1990s Usenet was a huge open system used by millions of…
Content type: Examples
In 2005, Google launched its web analytics service, which tracks and reports website traffic. The most widely-used analytics service on the web, Google Analytics comes in three versions: free, the subscription enterprise service 360, and a mobile service that collects analytics from both iOS and Android apps. The service works by storing cookies on computers that visit the websites on which Google Analytics is installed; the cookies contain a unique "cookie ID" identifier; this enables website…
Content type: News & Analysis
Privacy International and other European civil society organisations write to European member states to urge them not to water down the e-Privacy proposal. We need more than ever strong regulation to protect the security and privacy of our digital communications, to protect us from being tracked online and to ensure that all our digital devices are set up with privacy by design and by default.
Content type: Long Read
How would you feel if you were fingerprinted by the police before you were allowed to take part in a peaceful public demonstration?
As tens of thousands of people attend massive public demonstrations across the UK today against US President Donald Trump in a ‘Carnival of Resistance’, it’s a question worth asking. Why? Because the police now deploy a range of highly sophisticated surveillance tools at public events which are just as if not more intrusive. And these technologies should be even…
Content type: Long Read
This piece was written by PI voluteer Natalie Chyi.
Transparency is necessary to ensure that those in power – including governments and companies – are not able to operate in the dark, away from publicscrutiny. That’s why calls for more transparency are routine by everyone from civil society and journalists to politicians.
The bigger picture is often lost when transparency is posed as the only solution to shadowy state and corporate powers. For one, the term is so broadly understood that it…
Content type: Long Read
Privacy and data protection are currently being debated more intensively than ever before. In this interview, Frederike Kaltheuner from the civil rights organisation Privacy International explains why those terms have become so fundamentally important to us. The article was first published in the newly launched magazine ROM. The interview was conducted by ROM publisher Khesrau Behroz and writers Patrick Stegemann and Milosz Paul Rosinski.
Frederike Kaltheuner, you work for Privacy…
Content type: Long Read
Yesterday the UK's Information Commissioner's Office (ICO) - which is responsible for ensuring people's personal data is protected - announced it intends to fine Facebook the maximum amount possible for its role in the Cambridge Analytica scandal.
This decision highlights of how serious and rampant misuse and exploitation of data is. Facebook is responsible and failed to comply with data protection 101: be upfront and honest about what you are doing with people's data.
Importantly, the ICO's…
Content type: News & Analysis
As the international cyber security debate searches for new direction, little attention is paid to what is going on in Africa. Stepping over the remains of the UN Group of Governmental Experts, and passing by the boardrooms of Microsoft struggling to deliver their Digital Geneva Convention, African nations are following their own individual paths.
Unfortunately, these paths increasingly prioritise intrusive state surveillance and criminalisation of legitimate expression online as…
Content type: Examples
In September 2017, the Spanish national data protection regulator fined Facebook €1.2 million, alleging that the company collected personal information from Spanish users that could then be used for advertising. The investigation, which took place alongside others in Belgium, France, Germany, and the Netherlands, found three cases in which Facebook had collected information such as gender, religious beliefs, personal tastes, and browsing histories of millions of Spanish users without disclosing…
Content type: Examples
In December 2017, the German cartel office presented preliminary findings in an investigation of Facebook, ruling that the company had abused its dominant position by requiring access to third-party data (including data from subsidiaries WhatsApp and Instagram) when an account is opened and tracking users across the web. Facebook responded that the service is popular in Germany, but not dominant. About 41% of Germans have active Facebook accounts. The investigation's final resolution…
Content type: Examples
In May 2017, the European Commission fined Facebook $122 million for providing incorrect or misleading information during its 2014 acquisition of WhatsApp. At the time of the acquisition, Facebook assured the EC that it would not be able to link its accounts database to that of WhatsApp. After the merger, Facebook went on to implement that linkage, and the EC found that Facebook staff knew even in 2014 that it was technically possible to do so. The EC could have imposed a larger fine, but said…
Content type: Examples
In May 2017, the French data protection regular, CNIL, fined Facebook €150,000 saying the company had failed to inform users properly about how their personal data is tracked and shared with advertisers. The regulator did not, however, order the company to change its practices. The decision was one of a series of European regulatory examinations of changes made to Facebook's privacy policy in 2014. CNIL's action followed rulings in 2016, when CNIL gave Facebook three months to stop tracking non…