Search
Content type: Press release
In collaboration with the Wall Street Journal and the Guardian, Privacy International today published a database of all attendees at six ISS World surveillance trade shows, held in Washington DC, Dubai and Prague between 2006 and 2009. ISS World is the biggest of the surveillance industry conferences, and attendance costs up to $1,295 per guest. Hundreds of attendees are listed, ranging from the Tucson Police Department, to the government of Pakistan, to the International…
Content type: News & Analysis
Independent security researcher Trevor Eckhart revealed yesterday that a recent software update to some HTC smartphones has accidentally given third party applications access to huge amounts of private data, including call logs, geolocation history, SMS data and a whole lot more.
The update surreptitiously installs a suite of applications logging users' interactions with their devices. When a device is first switched on, the user ostensibly has the option not to allow HTC to…
Content type: News & Analysis
The second 2011 meeting of the APEC Privacy Subgroup took place in San Francisco in mid September, and finalised the package of documents that comprise the Cross Border Privacy Rules (CBPR) system. Endorsed by the parent Electronic Commerce Steering Group (ECSG), these will now go forward for ratification by Ministers in Hawaii in November, and subsequent implementation. The Subgroup’s 2012 Work Plan envisages establishment of the Joint Oversight Panel (JoP), commencement of…
Content type: News & Analysis
Other human rights organisations often ask us what they should to when it comes to their infosec needs. Should they run their own mail server, or trust Gmail? Should they merge their calendars by email (!), a local server, or use some cloud solution?
We honestly don't know what to tell them. In fact, we are unsure of what we ourselves should be doing. We know that there are risks of keeping things local (e.g. lack of redundancy), and there are risks of data being stored…
Content type: News & Analysis
2011 is supposed to be the year that the APEC pathfinder projects on Cross Border Privacy Rules (CBPR) deliver a functional system for businesses to be certified for transfer of personal information between participating APEC economies.
After the last round of APEC privacy meetings in Washington DC on 1-3 March, this prospect is looking increasingly remote. Even the basic set of documentation and processes required for the process of self-certification and assessment of businesses has yet to…
Content type: News & Analysis
Skype has consistently assured that it protects its users and their communications. Having reviewed the company's technology and policies we have grounds for concern about Skype's overall level of security, and we believe there are a number of questions to which the company must respond. Skype's misleading security assurances continue to expose users around the world to unnecessary and dangerous risk. It's time for Skype to own up to the reality of its security and to take a leadership…
Content type: News & Analysis
Not since the 1990s has the internet been so exciting. With its use by political activists and journalists around the world, we can now again entertain the discussions that the internet brings freedom. Digital data traverses routers with little regard to national boundaries and so traditional constraints not longer apply. So it is no surprise that protestors on the streets of Tehran or Cairo are using the internet to organise. We like to believe in the freedom of the internet again, after…
Content type: News & Analysis
For the past couple of months we have been discussing with Google their transparency plans regarding governments accessing data held by Google. Last week Google released initial data on how many requests for data were coming from which governments.
We congratulate Google on this first step, and we believe that by seeking answers to some additional questions, greater clarity may yet emerge. Of course we have many more questions. We hope that this is the first step in an ongoing dialogue with…
Content type: News & Analysis
Privacy International and EPIC praised a vote today in the European Parliament today that rejected the transfer of finacial records to the United States under an interim agreement. A resolution to reject the deal passed 378-16, with 31 abstentions. Members of the parliament stated the proposed agreement lacked adequate privacy safeguards, and was a disproportionat response to US concerns about terrorism that also lacked reciprocity.
Simon Davies, Director General of Privacy International…
Content type: News & Analysis
The Active Millimeter Wave body scanners that airport security officials plan to use in greater numbers after a failed attempt to explode a bomb in a plane over Detroit raise troubling questions about passenger privacy, and ultimately the technology’s utility as a security measure.
While Privacy International supports the adoption of measures that will genuinely protect the security of passengers, we are deeply concerned that airport and security authorities increasingly deploy fashionable and…
Content type: News & Analysis
Privacy International has briefed the UK House of Commons Treasury subcommittee on the risks to UK census data if a company with a US data centre is called on to run the census. Under weak US laws on safeguarding personal information, the UK census data could be abused without any knowledge of the UK government.
We filed a letter with the subcommittee to respond to the government minister's claims to the Commons that the government had no concerns about the US government gaining access to the…
Content type: News & Analysis
Privacy International and the American Civil Liberties Union have appealed to the Council of the European Union, the European Commission, the European Parliament, and privacy commissioners in 31 countries across Europe to repeal the agreement between the EU and the US on passenger data transfers. We argue that, with the recent disclosure of the 'Automated Targeting System' being used by the US Department of Homeland Security, the US has violated both American law and the agreement with the EU…
Content type: News & Analysis
At its last session on November 21st and 22nd 2006, the Article 29 Working Party has again been dealing with the SWIFT case and has unanimously adopted Opinion 128 on its findings in this case.
In this Opinion, the Article 29 Working Party emphasizes that even in the fight against terrorism and crime fundamental rights must remain guaranteed. The Article 29 Working Party insists therefore on the respect of global data protection principles.
SWIFT is a worldwide financial messaging service…
Content type: Press release
Privacy International (PI) today filed additional complaints with authorities in Japan, Israel, Korea, Taiwan, Province of China, Thailand and Argentina. On June 27th PI filed simultaneous complaints with Data Protection and Privacy regulators in 32 countries concerning recent revelations of secret disclosures of records from SWIFT to US intelligence agencies.(1)
The disclosures involve the mass transfer of data from SWIFT in Europe to the United States, and possibly direct access by US…
Content type: News & Analysis
Booz Allen Hamilton, Inc., a prominent defence and intelligence consulting and engineering firm, has been hired as an outside "independent" auditor of the CIA and Treasury Department's Terrorist Finance Tracking Program ("TFTP"), which monitors banking transactions made through the Society for Worldwide Interbank Financial Telecommunication (SWIFT). Though Booz Allen's role is to verify that the access to the SWIFT data is not abused, its relationship with the U.S. Government calls its…
Content type: News & Analysis
Dear Mr Schrank,
I am writing with regard to the current controversy over the private arrangement between SWIFT and the U.S. Government that facilitates the extradition of confidential financial transaction data from SWIFT to U.S. authorities. You will be aware that Privacy International contends that this arrangement breaches privacy and data protection law, and we have lodged complaints with regulatory authorities in 38 countries.
In my many discussions with SWIFT officials over the past…
Content type: News & Analysis
The Government Accounting Office of the US government reports that creating a new system to keep track of the locations of aliens or visitors to the US is of 'questionable' value. This report, required by the Enhanced Border Security and Visa Reform Act of 2002, reflects the challenges faced by INS when they were asked to identify the location of over 4000 individuals in the days after 11th September 2001.
Most of the Immigrations and Customs Enforcement agents who were consulted in the…
Content type: News & Analysis
The Privacy Commissioner for British Columbia made a call for submissions on whether the USA PATRIOT Act could allow the U.S. authorities to gain access to Canadians' personal information, enabled through the outsourcing of Canadian public services to the United States. The Commission also called for comments on the implications for compliance with Canadian provincial privacy laws, and to see if anything could be done to eliminate or mitigate the risks.
In this submission to the BC…
Content type: News & Analysis
The Electronic Privacy Information Center has obtained documents showing that the U.S. Census Bureau provided the Department of Homeland Security statistical data on people who identified themselves on the 2000 census as being of Arab ancestry. All relevant information is on the EPIC website. The New York Times covered the story, and quoted the Census Bureau as saying that such 'cooperation' was standard practice. The deputy director of the Census Bureau is quoted as saying: "We do worry…