Search
Content type: Advocacy
Privacy International welcomes the aim of the Cyber Resilience Act to bolster cybersecurity rules to ensure more secure hardware and software products. Nevertheless, we note that the proposal put forward by the European Commission contains certain shortcomings which could both hamper innovation and harm consumers who are increasingly relying on digital products and services.
It is essential these shortcomings, detailed below, are effectively addressed by the EU co-legislators through the…
Content type: Report
Introduction
Several policy initiatives are in progress at the EU level. They seek to address the sustainability of connected devices such as smartphones, tablets and smart speakers. While initiatives to extend the useful life of hardware are important, software must not be ignored. Almost any digital device with which we interact today relies on software to function, which acts as a set of instructions that tells the hardware what to do. From smart thermostats to smart speakers, to our…
Content type: Explainer
With more and more connected devices around us, the chance that you've been hit by an update notification is high. But what do these software updates do? How do they actually work, and why are they important?
Hardware and Software
Modern electronic devices require two main parts to function: the hardware and the software. The hardware usually refers to physical electronic pieces inside a device (usually a collection of microchips, logic gates and specialised processing chips, such as those to…
Content type: Advocacy
Our environment is increasingly populated by devices connected to the Internet, from computers and mobile phones to sound systems and TVs to fridges, kettles, toys, or domestic alarms. There has been research into the negative safety and privacy impacts of inadequate security provided by the software in such devices (such as the creation of large scale botnets). This is also the case with outdated security, a risk enabled by software support periods that are shorter than a product’s usable life…
Content type: News & Analysis
On May 18th 2021 Google held its annual developer conference, Google I/O, where the company announces a number of innovations, products and software updates that will hit the market in the months to come. Among these announcements, the company introduced Android 12, its latest mobile Operating System (OS), that came with headline grabbing privacy features.
Possibly trying to catch up with Apple, which is positioning itself as a privacy-friendly tech company and gave the adtech industry a kick…
Content type: News & Analysis
A new report by the UN Working Group on mercenaries analyses the impact of the use of private military and security services in immigration and border management on the rights of migrants, and highlights the responsibilities of private actors in human rights abuses as well as lack of oversight and, ultimately, of accountability of the system.
Governments worldwide have prioritised an approach to immigration that criminalises the act of migration and focuses on security.
Today, borders are not…
Content type: News & Analysis
Back in January, Privacy International and over 50 other organisations wrote to Google asking the company to take action over pre-installed apps that cannot be deleted (often known as “bloatware”), which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent. Thousands of people from over 50 countries signed our petition supporting this ask. We welcome the constructive conversations we had with Google following this campaign and for the…
Content type: News & Analysis
Banning TikTok? It's time to fix the out-of-control data exploitation industry - not a symptom of it
Chinese apps and tech companies have been at the forefront of the news recently. Following India's ban of 59 chinese apps in July, President Trump announced his desire to ban TikTok, shortly followed by his backing of Microsoft's intention to buy the US branch of its parent company ByteDance. Other than others lip syncing his public declaration, what does President Trump fear from this app, run by a firm, based in China?
It's all about that data
One clear answer emerges: the exploitation of…
Content type: Advocacy
Privacy International (PI), Fundaciòn Datos Protegidos, Red en Defensa de los Derechos Digitales (R3D) and Statewatch responded to the call for submission of the UN Special Rapporteur on contemporary forms of racism, xenophobia and related intolerance on how digital technologies deployed in the context of border enforcement and administration reproduce, reinforce, and compound racial discrimination.
This submission provides information on specific digital technologies in service of border…
Content type: Examples
Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices.
The vulnerability, codenamed BIAS (Bluetooth Impersonation AttackS), impacts the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR/EDR, or just Bluetooth Classic.
The BIAS attack
The BIAS security flaw resides in how devices handle the link key,…
Content type: Examples
In February, before the pandemic was declared, the Myanmar Post and Telecommunications Department set a deadline of April 30 for citizens to register their mobile phone SIMs, a move the PTD said was necessary to enhance the security of electronic transactions and cut down crime.
The PTD issued an official reminder on April 16, and confirmed on April 29 that other than websites and applications for registration operators would be required to block calls and data for unregistered users on the…
Content type: Examples
Police will be barred from accessing metadata collected by Australia's proposed coronavirus contact tracing app, which will be able to identify when users have been 1.5 metres of each other for more than 15 minutes, Australia's government services minister, Stuart Robert, and prime minister, Scott Morrison, have promised. Only state health investigators will access the data, even though experts say that the 2018 telecommunications laws potentially allow law enforcement access. Critics are…
Content type: Examples
The Turkish Health Ministry's Pandemic Isolation Tracking Project is using mobile device location data to track patients diagnosed with COVID-19 and ensure they obey the government's quarantine requirements. Violators will be sent warning messages and their information will be shared with the police if they do not return to isolation. Law enforcement officers can access individuals' information during road stops. Before launching the system, the Communications Directorate obtained permissions…
Content type: Examples
When the phone belonging to an American University student in Taiwan, who was subject to 14 days' quarantine after returning from Europe, ran out of battery power, in less than hour he had received phone calls from four different local administrative units, a text message notifying him he would be arrested if he had broken quarantine, and a visit from two police officers. The phone tracking system uses phone signals to triangulate locations of the more than 6,000 people subject to home…
Content type: Examples
By May 11, the Swiss Federal Office of Public Health, working with EFPL and ETH Zurich, will launch a secure, decentralised system for contact tracing developed by the Decentralised Privacy-Preserving-Proximity Tracing (DP-3T) international consortium, whose Swiss partners are Ubique and PocketCampus. Other international partners include UCl, KU Leuven, TU Delft, the University of Oxford, and the Universirty of Torino. The system has been posted to Github as an open source protocol and will…
Content type: Examples
A data breach that posted 100 to 200 names, email addresses, and encrypted passwords online was found in the Belgian Covid-19 Alert! app, one of seven candidates for adoption by the Dutch government. The app identifies phones that have been close to each other via Bluetooth signals and can send them a message when one owner tests positive. The developers said the data leaked from a database relating to another project when the source code was hurriedly placed online for government scrutiny.…
Content type: Examples
Thousands of Israelis have been ordered into quarantine without any right of appeal based on cellphone tracking that may be wrong because phone geolocation is insufficiently fine-grained to tell the difference between two people being in the same room and being separated by a door when dropping off and receiving a food delivery. Numerous agencies are performing the kind of tracking formerly carried out only by the domestic security agency, Shin Bet. Among them are Shin Bet itself, which is…
Content type: Examples
In a sharp drop from the beginning of Canada's lockdown, after two months only one in six Canadians left their home on weekends compared to one in three at the beginning. The marketing company Environics Analytics compiled the report by analysing a database of anonymised location data from 2.3 million mobile phones and looking for people who went at least 100 metres beyond their home postal code for a minimum of 30 minutes on at least one weekend day, and used demographic information tied to…
Content type: Examples
Three days after announcing Germany would adopt the centralised Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) standard for contact tracing, the country's chancellery minister Helge Braun and health minister Jens Spahn announced they would instead use the decentralised approach backed by Apple, Google, and other European countries. While both standards rely on Bluetooth connections between nearby phones, PEPP-PT would have required Apple's cooperation to implement, and the company…
Content type: Examples
The regulations brought in to curb the spread of COVID-19 in South Africa included directions published by the minister of communications and digital technologies that critics claimed violated the country's constitution. On the plus side, the regulations ordered service providers to ensure continued provision of internet and telecommunications services, and enabled temporary licensing of spectrum bands, which could increase internet capacity. However, the regulations also make publishing a…
Content type: Examples
While the agency that manages residence permits, the Coordination of Government Activities in the Territories, is closed, Israel has instructed Palestinians seeking to verify whether their permits to remain in Israel are still valid to download the app Al Munasiq, which grants the military access to their cellphone data. The app would allow the army to track the Palestinians' cellphone location, as well as access their notifications, downloaded and saved files, and the device's camera. …
Content type: Examples
As part of Mexico City's March 31 lockdown, which shut all shops except those relating to health, food, and essential services, telephone companies will provide access to cell phone antennas to enable the Digital Agency of Public Innovation to monitor movement and personal contact. The information will be aggregated by antenna and anonymised for analysis.
Source: https://cdmx.gob.mx/portal/articulo/cierre-de-centros-comerciales-por-emergencia-sanitaria
Writer: Mexico City government…
Content type: Examples
North Macedonia is the first country in the Western Balkans to launch a contact-tracing app. The government has stressed that the Bluetooth-based app, StopKorona!, complies with all legal privacy requirements. The app follows a decentralised design, so that users maintain full control over their data, which is deleted after 14 days; if they test positive for the virus they can choose to send their location history to the Ministry of Health so that their contacts can be alerted. The app was…
Content type: Examples
India's COVID-19 tracker app, Aarogya Setu, was downloaded 50 million times in the first 13 days it was available. Developed by the National Informatics Centre a subsidiary of the Ministry of Electronics and IT, the app is available on both Android and iOS smartphones, and uses GPS and Bluetooth to provide information on whether the phone has been near an infected person. Users provide a mobile number, health status, and other credentials, and must keep both location services and Bluetooth…
Content type: Examples
The Australian government's planned contact tracing app will reportedly be based on Singapore's TraceTogether, which relies on Bluetooth connections to detect other phones in range and log the results, so that if a phone user tests positive for COVID-19 and consents their close contacts can be alerted by uploading the logs to a centralised server. A second app, ConTrace, is in development for the Public Transport Information and Priority System; the prototype requires no personal information…
Content type: Long Read
‘Let’s build an app for that’ has become the response to so many things. It’s no surprise it’s happening now.
Apps are notorious for their lack of security and privacy safeguards, exploiting people’s data and devices. Now we’re being asked to trust governments with their proposed apps -- of which there are many. These are the very same governments who have been keen to exploit data in the past. For instance, PI currently has four outstanding legal cases arising from the last times governments…
Content type: Examples
The Department of Health in the US state of Kansas is tracking residents' locations via a platform called Unacast, which compares aggregated GPS mobile phone data from before and after the implementation of social distancing and grades each county on its compliance. As of April 1, 45 of 105 Kansas counties had received an F rating, and the state as a whole had managed a C. Unacast says the data it has access to is updated every other day and publishes updated ratings on all 50 US states.…
Content type: Examples
The city of Moscow is planning to use smartphone geolocation functions to track foreign tourists' movements through the city to prevent outbreaks of COVID-19 after Russia reopens its borders. Moscow accounts for two-thirds of all cases in the country. Moscow City Hall is considering a system that would provide daily updates on tourists' movements using their SIM card data and show when residents come into contact with them; it is already buying location data from Russia's three biggest telecom…
Content type: Examples
The Norwegian contact tracing app, Infection Stop, relies on a centralised database to store users' GPS locations for 30 days, like its Chinese counterpart. Sumula, the company that developed the app, claims is necessary because of technical limitations in Apple's smartphone operating system iOS. Simula has rejected using Bluetooth, like Singapore's TraceTogether, because to work on Apple's iPhones the tracker app would have to be in the forefront in order to be able to use Bluetooth to send,…
Content type: Examples
In order to enforce mandatory 14-day quarantine orders, Kenyan authorities have been tracking mobile phones of people suspected to have COVID-19. Also in Kenya, police enforcement efforts have led to several deaths: three died of injuries from being beaten, one, a 13-year-old boy, was hit by a bullet.
Source: https://www.bbc.co.uk/news/world-africa-52214740
Writer: Dickens Olewe
Publication: BBC News