Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Stream: Blog

Blog
Eric King's picture

Independent security researcher Trevor Eckhart revealed yesterday that a recent software update to some HTC smartphones has accidentally given third party applications access to huge amounts of private data, including call logs, geolocation history, SMS data and a whole lot more.

The update surreptitiously installs a suite of applications logging users' interactions with their devices. When a device is first switched on, the user ostensibly has the option not to allow HTC to collect and use information. However, even if this option is selected, HTC quietly goes ahead and logs the information anyway. And to make matters a thousand times worse, this information is then made freely available to any third party application with permission to access the internet (which will be the majority of apps).

Blog
Eric King's picture

Anonymous proxy service HideMyAss.com - "a leading online privacy website" according to its own homepage - today admitted handing over user logs to law enforcement agencies.

We commend companies running privacy-protecting services. We need more like them. But we also need them to keep their word. Their website claims "Our free web proxy is a secure service that allows you to surf anonymously online in complete privacy" and their pro paid-for version promises that users can "Enjoy internet freedom and anonymity knowing that your sensitive web traffic is securely hidden behind 18,000+ IP addresses located in 32 countries."

Blog
Nigel Waters's picture

The second 2011 meeting of the APEC Privacy Subgroup took place in San Francisco in mid September, and finalised the package of documents that comprise the Cross Border Privacy Rules (CBPR) system.  Endorsed by the parent Electronic Commerce Steering Group (ECSG), these will now go forward for ratification by Ministers in Hawaii in November, and subsequent implementation.  The Subgroup’s 2012 Work Plan envisages establishment of the Joint Oversight Panel (JoP), commencement of recognition of Accountability Agents (AAs), and facilitating participation by economies in the CBPR system.  Implicitly, it is also expected that recognised AAs will start to certify applicant businesses as meeting the CBPR programme requirements.  The work plan also includes development of the website that will list participating businesses, recognised AAs and Privacy Enforcement Authorities (PEAs), and further promotion and explanation of the system.

Blog
Nighat Dad's picture

The Internet is becoming essential to modern life in Pakistan. These days, the loss of network access, whether for telephones or internet connectivity, soon starts to affect people's ability to do business or interact socially - and in the longer term is directly affects citizens' self-expression and self-determination. This is why we all saw such serious attempts by the governments of Tunisia, Egypt and Libya to cut off their people's access to the Internet.

In recent years the Government of Pakistan has repeatedly placed restrictions on the use of the Internet. Technically mediated services have been often subjected to restrictions ranging from government regulation, intervention, censorship and outright blocking.

Blog
Mathias Vermeulen's picture

On the 2nd of August 2011 the Hamburg Commissioner for Data Protection and Freedom of Information has called on Facebook  to delete the feature on the social networking site that automatically recognizes facial features and "tags" users when others upload photos of them. According to the local German data protection authority the feature is a violation of local and European data protection laws, and Facebook should adapt the feature to European data protection law or suspend the use of the facial recognition technology. The Commissioner calls the facial recognition technology a "serious interference with the informational self-determination of a person. Even a company that operates globally must respect that." Facebook faces severe fines if they do not comply with the order to shutdown their auto-tagging system in Germany. Facebook has rejected the claim.

Blog
Dr Gus Hosein's picture

Few understand why we focus on refugee privacy.  Funders don’t understand it so don’t fund it; the public see the plight of refugees as seen on TV, not as a privacy issue; and often times the international community does everything it can to increase scrutiny of refugees. In this blog, I highlight the privacy issues facing refugees and how these issues can jeopardize refugees’ safety as much as any of the environmental, social, or political risks refugees encounter.

Refugees are amongst the world's most vulnerable people. They are vulnerable to the people they are fleeing, and the countries from which they are fleeing. They are vulnerable in the countries within which they are hosted as they seek refugee status. They are vulnerable as refugees. Their families and loved ones remain vulnerable in their country of origin. As refugees seek resettlement in a safer country, they are also vulnerable, this time to the whims and demands of that country’s government.

Blog
Dr Gus Hosein's picture

Other human rights organisations often ask us what they should to when it comes to their infosec needs.  Should they run their own mail server, or trust Gmail?  Should they merge their calendars by email (!), a local server, or use some cloud solution?

We honestly don't know what to tell them.  In fact, we are unsure of what we ourselves should be doing.  We know that there are risks of keeping things local (e.g. lack of redundancy), and there are risks of data being stored beyond your control.  At least with an outsourcing contract you can review the security and privacy issues, but with cloud services, you're stuck with boilerplate.

For years we've hoped for two developments to solve these problems:

Blog
Dr Gus Hosein's picture

PI just received a response from Secretary General Thorbjørn Jagland of the Council of Europe (CoE) stating that the CoE is refusing to start an investigation on the collection and storage of citizens biometric data by member states. On 31 March an international alliance of organisations and individuals lodged a petition calling on him to start such an indepth survey under Article 52 of the European Convention on Human Rights (ECHR).

In his answer, received this week, Secretary General Jagland mainly points at the CoE Resolution 1797, adopted in March 2011. He does stress the need to take steps to ensure that relevant existing legal frameworks, including European dataprotection Convention 108, be enhanced and modernised. However, the Secretary General doesn’t explain his refusal to investigate the legality of the current national biometric schemes himself. Instead Mr. Jagland refers to various other Council of Europe bodies, such as the Parliamentary Assembly, the commissioner for Human Rights and the Consultative Committee of Convention 108.

Blog
Dr Gus Hosein's picture

An international alliance of organisations and individuals from 27 countries has lodged a petition calling on the Council of Europe to start an indepth survey on the collection and storage of biometric data by member states.

European governments are increasingly demanding storage of biometric data (fingerprints and facial scans) from individuals. These include storage on contactless 'RFID' chips in passports and/or ID cards. Some are going even further by implementing database storage e.g. France, Lithuania and the Netherlands.

The alliance of more than 80 signatories has asked Secretary General Thorbjørn Jagland of the Council of Europe to urgently request the countries involved to explain under Article 52 ECHR whether their national law on this subject is in line with the European Convention on Human Rights (ECHR) and rulings of the European Court of Human Rights.

Blog
Nigel Waters's picture

2011 is supposed to be the year that the APEC pathfinder projects on Cross Border Privacy Rules (CBPR) deliver a functional system for businesses to be certified for transfer of personal information between participating APEC economies.
After the last round of APEC privacy meetings in Washington DC on 1-3 March, this prospect is looking increasingly remote. Even the basic set of documentation and processes required for the process of self-certification and assessment of businesses has yet to be fully agreed and endorsed, while discussion of the all-important governance and funding arrangements has not progressed far beyond where it had reached in mid 2010,which is not very far at all. All the hard questions about how the CBPR system will work in practice, and deliver the necessary level of confidence, have been shunted into this critical component (Project 8), with only one further round of face to face meetings left in 2011, in September in San Francisco.

Pages

Subscribe to Privacy International - blog