Advanced Search
Content Type: Examples
When the Los Angeles Police Department opted to monitor the messages posted in forums on Neighbors, a companion app to Amazon's Ring doorbell cameras, the system forwarded over 13,000 messages in just over two years. Research shows, however, that this type of surveillance does a poor job of deterring property crime. A study of Neighbors posts in LA also shows that posters typically live in whiter, more affluent districts, and about 30% of posts did not describe criminal activity, just behaviour…
Content Type: Long Read
The rise of racist and xenophobic narratives around the world has led to a ramping up of brutal migration control policies. Indefinite detention, pushbacks of boats at sea, or deportation for offshore processing of asylum claims all now form part of the arsenal deployed by some governments to “appear tough” on and provide "solutions" to immigration. A stark example is the UK’s “hostile environment” policy, announced 10 years ago by then Home Secretary Theresa May and designed to deter migrants…
Content Type: Advocacy
We, the undersigned organisations, seek to draw your attention to aspects of the draft Corporate Sustainability Due Diligence Directive (the Directive), and its application to the use of technology and the technology sector, which require strengthening if the Directive is to realise its full potential in respect of this critical global sector that is today responsible for some of the most egregious human rights harms.
The technology and surveillance industries have ushered in an entirely new…
Content Type: Examples
The energy company Cuadrilla used Facebook to surveil anti-fracking protesters in Blackpool and forwarded the gathered intelligence to Lancashire Police, which arrested more than 450 protesters at Cuadrilla's Preston New Road site over a period of three years in a policing operation that cost more than £12 million. Legal experts have called the relationship between fracking companies and the police "increasingly unhealthy" and called on the ICO and the Independent Office for Police Conduct to…
Content Type: Examples
Emails obtained by EFF show that the Los Angeles Police Department contacted Amazon Ring owners specifically asking for footage of protests against racist police violence that took place across the US in the summer of 2020. LAPD signed a formal partnership with Ring and its associated "Neighbors" app in May 2019. Requests for Ring footage typically include the name of the detective, a description of the incident under investigation, and a time period. If enough people in a neighbourhood…
Content Type: Explainer
Introduction/Background
Electronic tags have been a key part of criminal justice offender management for over 20 years, being used in the United States since the mid 1980’s and in the UK and some other commonwealth countries since 2003. In 2021 the UK introduced GPS tagging for immigration bail.
The tag is predominantly used to curtail the liberties of individuals. For those on criminal bail its intended use includes managing return into communities while deterring reoffending.
As we explore…
Content Type: News & Analysis
Samsung has announced that the company will commit to providing major software updates for three generations of the Android operating system, but only for its flagship models: the S10, S20, Note 10 and Note 20.
From our reading of the available information, this means that these models will be getting support, including the latest operating system, features and security updates, for three years (as new Android operating systems are released every year).
While this is welcome news, it only…
Content Type: Examples
Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices.
The vulnerability, codenamed BIAS (Bluetooth Impersonation AttackS), impacts the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR/EDR, or just Bluetooth Classic.
The BIAS attack
The BIAS security flaw resides in how devices handle the link key,…
Content Type: News & Analysis
A few weeks ago, its name would probably have been unknown to you. Amidst the covid-19 crisis and the lockdown it caused, Zoom has suddenly become the go-to tool for video chat and conference calling, whether it’s a business meeting, a drink with friends, or a much needed moment with your family. This intense rise in use has been financially good to the company, but it also came with a hefty toll on its image and serious scrutiny on its privacy and security practices.
While Zoom already had a…
Content Type: Examples
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.
“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.
“This means a Bluetooth connection can be established without pairing the devices at all.…
Content Type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content Type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples in Singapore and emerging plans in the UK.
Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone…
Content Type: Long Read
The pressing need to fix our cybersecurity (mis)understandings
Despite all the efforts made so far by different, cybersecurity remains a disputed concept. Some states are still approving cybersecurity laws as an excuse to increase their surveillance powers. Despite cybersecurity and cybercrime being different concepts, the confusion between them and the broad application of criminal statutes is still leading to the criminalise legitimate behaviour.
All of this represents a sizable challenge…
Content Type: Long Read
In this piece we examine mobile phone extraction, relying on publicly available information and Privacy International’s experience from conducting mobile phone extraction using a Cellebrite UFED Touch 2. We welcome input from experts in the field. This is a rapidly developing area. Just as new security features are announced for phones, so too new methods to extract data are found.
[All references can be found in the pdf version below.]
General explanation of mobile phone…
Content Type: Examples
The French data protection regulator, the Commission Nationale de l'Informatique et des Libertés (CNIL), has issued a formal notice to Genesis Industries Limited, the maker of the connected toys My Friend Cayla and I-QUE. Genesis has two months to bring the toys into compliance with data protection law. CNIL says that based on the security flaws found by a consumer association (presumably the Norwegian Consumer Council, which did this work in 2016) its chair decided to perform online…
Content Type: Examples
The UK consumer watchdog Which? has called on retailers to stop selling popular connected toys it says have proven security issues. These include Hasbro's Furby Connect, Vivid Imagination's I-Que robot, and Spiral Toys' Cloudpets and Toy-fi Teddy. In its report, Which? found that these toys do not require authentication to link to other devices via Bluetooth, meaning that any device within range could connect to the toys and take control of them or send messages. Spiral Toys did not comment.…