Search
Content type: Examples
Researchers at Germany's Robert Koch Institute and Fraunhofer Heinrich Hertz Institute are working on an app that uses Bluetooth connections between smartphones and is compliant with GDPR to anonymously save the distance and duration of contact between people on the smartphone to make it possible to digitally reconstruct infection chains. The idea is being copied from Singapore's TraceTogether app, which detects other users who have also installed the app. If someone tests positive, they can…
Content type: Examples
The Israeli Ministry of Health's mobile app, "The Shield", is intended to alert users if they have been at a location in Israel at the same time as a known COVID-19 patient.
The app, which is available for both Android and iOS, works by collecting the GPS and WiFi network (SSID) information of a user's mobile device throughout the day. This data is saved only on the mobile device and is not transmitted to the Ministry of Health, other government agencies, or any organisation. The locations…
Content type: Examples
In response to a case brought by the Legal Center for Arab Minority Rights in Israel (Adalah), the Arab Joint List, and the Association for Civil Rights in Israel, the Israeli Supreme Court issued a temporary injunction on March 19 limiting the the state's and the Shin Bet security service's use of cellphone surveillance, among others, to track and monitor COVID-19 patients and trace their contacts. The court indicated it will ban the programme unless a parliament oversight committee is…
Content type: Examples
The Israeli prime minister, Benjamin Netanyahu, has authorised the country's internal security agency to use a previously secret tranche of mobile phone geolocation data, gathered to combat terrorism, to retrace the movements of individuals with confirmed cases of the coronavirus and identify people they've interacted with who should be quarantined. After Parliament's Secret Services Subcommittee ended its discussions without approving the measure, Netanyahu said the government would approve…
Content type: Examples
The German mobile operator Deutsche Telekom announced in a press conference on RKI Live that it had passed on, anonymised, its users' movement data to the Robert-Koch Institute to study the extent to which the population would follow the government's restrictions. RKI president Lothar Wieler said this data is also available for purchase, but was given to RKI at no charge.
Source: https://frask.de/coronavirus-deutscher-mobilfunkbetreiber-gibt-bewegungsdaten-weiter/
Content type: Examples
A Hamburg geotracking startup called Ubilabs is working with the Hannover School of Medicine on a data analysis platform that could track people who have tested positive for the coronavirus and their contacts, Der Tagesspiegel reported on Tuesday; this type of tracking would require individuals' consent to have a legal basis for processing.
Source: https://www.nytimes.com/reuters/2020/03/11/technology/11reuters-health-coronavirus-privacy-explainer.html
Content type: Examples
A review of European privacy laws considers whether the tracking and monitoring methods China used to shut down the COVID-19 epidemic are in compliance with GDPR. The French data protection authority CNIL says employers are not allowed to take mandatory temperature readings from employees or visitors or require them to fill out compulsory medical questionnaires. Italy passed emergency legislation requiring anyone who has recently stayed in an at-risk area to notify health authorities. Germany…
Content type: Examples
The Israeli compnay NSO Group, best known for the spyware it sells governments and has been used to target journalists and advocates, says it has developed a product aimed at analysing data to map people’s movements to identify who they’ve come in contact with, which can then be used to stop the spread of infection. About a dozen countries are reportedly testing the NSO technology, which takes two weeks' worth of mobile phone tracking information from the infected person, which it then matches…
Content type: Examples
Ministers have permitted the Shin Bet security service to "use the cellular phone data of carriers of the disease to retrace their steps and identify anyone they may have infected", and will relay the information to the Health Ministry, which will send a message to those who were within two meters (6.6 feet) of the infected person for 10 minutes or more, telling them to go into quarantine. An update to the original order has extended the period during which it is in force from 30 days until the…
Content type: Examples
A 19-year-old medical student was raped and drowned in the River Dresiam in October 2016. The police identified the accused by a hair found at the scene of the crime. The data recorded by the health app on his phone helped identify his location and recorded his activities throughout the day. A portion of his activity was recorded as “climbing stairs”, which authorities were able to correlate with the time he would have dragged his victim down the river embankment, and then climbed…
Content type: Key Resources
In the lead up to the 2017 German federal elections, there was much debate about the benefits and dangers of data analytics for political purposes. There were some controversies concerning the use of data and the lack of information provided by political parties also raised concerns.
Content type: Examples
Facebook has taken down 65 accounts, 161 pages, dozens of groups and four Instagram accounts, which were ran by Archimedes Group, an Israeli political consulting and lobbying firm that aimed at disrupting elections in various countries.
Archimedes was mostly active in Sub-Saharan Africa but also some part of Southeast Asia and Latin America. According to Facebook, the accounts taken down were attempting to influence people in Nigeria, Senegal, Togo, Angola, Niger and Tunisia. But the most…
Content type: Examples
Following Ms. Vestager’s investigation into Amazon and its own sector enquiry into online price comparison services in October 2017, in June 2018 the German Federal Cartel Office (“Bundeskartellamt”) claimed that it “received a lot of complaints” and is said to be “looking at the role and market power of Amazon” with regards to Amazon’s hybrid function. (Nicholas Hirst, MLEX, 27 June 2018, Amazon’s ‘hybrid function’ catches eye of German antitrust enforcers.) Germany is Amazon’s…
Content type: News & Analysis
Privacy International welcomes WhatsApp's immediate reaction after the revelation that Israeli cyber intelligence company NSO group had exploited a vulnerability in their software. We encourage all WhatsApp users to update their app as soon as possible. However, we believe WhatsApp needs to be much more transparent with their users. We haven't seen a notification on the app itself that would inform users about both, the bug, and the fix. The current version merely states that you can now see…
Content type: Examples
In Israel, the National Insurance Institutes sends out anti-fraud officers to spy on benefits claimants. Among the cases reported, a woman had her benefits allowances halved after a man entered her house pretending to be interested in buying the flat next door. The man, who was in fact a NII employee, discretely took picture of the woman to argue she was not actually severely disabled. The woman was eventually able to regain her full allowance.
The growing number of controversial cases of…
Content type: Examples
In Israel, the National Insurance Institute – in charge of granting benefits – eventually dropped a tender that had caused outrage in the country after being uncovered by Haaretz and Channel 13. The tender revealed the NII was trying to collect online data about benefits claimants – including from social media – to detect cases of frauds. The tender used wheelchair users as an example, suggesting that finding pictures of alleged wheelchair users using bikes on social media could contribute to…
Content type: News & Analysis
The first half of 2018 saw two major privacy moments: in March, the Facebook/ Cambridge Analytica scandal broke, followed in May by the EU General Data Protection Regulation ("GDPR") taking effect. The Cambridge Analytica scandal, as it has become known, grabbed the attention and outrage of the media, the public, parliamentarians and regulators around the world - demonstrating that yes, people do care about violations of their privacy and abuse of power. This scandal has been one of…
Content type: Examples
In the lead up to the 2017 German federal election (Bundestagswahl), all political parties used social media like Facebook, Twitter, Instagram, YouTube, and e-mails as platforms to reach voters.
The far-right Alternative for Germany party (AfD) reportedly hired a Texas-based company for their campaign. Harris Media is known for their work with Republican, far-right and nationalist candidates in the US and worldwide. In 2017, Privacy International revealed that Harris Media was behind the…
Content type: Examples
In the lead up to the German elections, the conservative Christian Democratic Union (CDU) created a mobile app, Connect 17, which was designed to create a feedback loop between party headquarters and door-to-door volunteers (also known as canvassers).
The app drew on data from the federal statistics office and polling agencies. It let canvassers decide routes, record whether anyone was home, and whether a conversation had been successful. It also allowed canvassers to compare their…
Content type: Examples
The Sunday edition of the national newspaper Bild reported that Chancellor Angela Merkel's conservative Christian Democrats (CDU) party and the centre-right Free Democrats (FDP) party purchased "more than a billion" pieces of personal data about potential voters from a subsidiary of Deutsche Post, which offered target-mailing concepts to its clients. The Deutsche Post subsidiary, Deutsche Post Direkt, rejected these claims.
Instead, Deutsche Post is reported as insisting that it never…
Content type: Examples
Police in the German state of Hesse are using a bespoke version of Palantir's Gotham software system, specially adapted for the police force. Palantir CEO Alex Karp sits on the board of the German mega publisher Axel Springer.
Publication: WorldCrunch, Jannis Brühl
Date: 20 November 2018
Content type: Press release
On the five year anniversary of NSA whistleblower Edward Snowden leaking a massive trove of classified information that has since transformed our understanding of government mass surveillance, Dr Gus Hosein, Executive Director of Privacy International said:
“Is it enough for your government to tell you ‘we’re keeping you safe, but we’re not going to tell you how’? Edward Snowden asked himself this profoundly important question five years ago. We’re thankful he did.
His decision to expose the…
Content type: News & Analysis
Private surveillance companies selling some of the most intrusive surveillance systems available today are in the business of purchasing security vulnerabilities of widely-used software, and bundling it together with their own intrusion products to provide their customers unprecedented access to a target’s computer and phone.
It's been known for some time that governments, usually at a pricey sum, purchase such exploits, known as zero- and one-day exploits, from security researchers to…
Content type: News & Analysis
Privacy International is today proud to release the Surveillance Industry Index (SII), the world's largest publicly available educational resource of data and documents of its kind on the surveillance industry, and an accompanying report charting the growth of the industry and its current reach.
The SII, which is based on data collected by journalists, activists, and researchers across the world is the product of months of collaboration between Transparency Toolkit and Privacy…
Content type: Press release
A 400 gigabyte trove of internal documents belonging to surveillance company Hacking Team has been released online. Hacking team sells intrusive hacking tools that have allegedly been used by some of the most repressive regimes in the world.
The documents reportedly confirm Hacking Team has customers in 35 countries, including some that routinely abuse human rights. These documents seemingly validate research conducted by Citizen Lab…
Content type: Long Read
Privacy International in October 2014 made a criminal complaint to the National Cyber Crime Unit of the National Crime Agency, urging the immediate investigation of the unlawful surveillance of three Bahraini activists living in the UK by Bahraini authorities using the intrusive malware FinFisher supplied by British company Gamma.
Moosa Abd-Ali Ali, Jaafar Al Hasabi and Saeed Al-Shehabi, three pro-democracy Bahraini activists who were granted asylum in the UK, suffered variously…
Content type: News & Analysis
Last year, UK-based surveillance company Gamma TSE sold the Indonesian military US$ 6.7 million worth of equipment as part of the military's weapons modernisation effort. As early as 2005, Indonesian officials were soliciting the advice of a close partner of Gamma, Germany-based Elaman, to create technical surveillance unit (TSU), according to a white paper published as part of the WikiLeak SpyFiles and found in the Surveillance Industry Index.
Gamma and Elaman are…
Content type: News & Analysis
After two years of pressing the Government to come clean on what, if anything, they are doing to investigate the potentially illegal export of the spyware FinFisher, a ruling today by the Administrative Court in Privacy International’s favour marks a significant turning point in our long-running campaign to bring more transparency and accountability to the surveillance industry.
The High Court slammed Her Majesty’s Revenue and Customs for not disclosing whether it was investigating…
Content type: Press release
After challenging HMRC's blanket refusal to release information about the potentially unlawful export of Gamma International's FinFisher surveillance technology, the court has said that the case should proceed to trial and the grounds of Privacy International's challenge are of public importance.
Privacy International in February filed for judicial review of a decision of HMRC, the body responsible for enforcing export regulations, claiming the department is acting unlawfully in its refusal to…
Content type: Press release
The United Nations General Assembly should approve a new resolution and make clear that indiscriminate surveillance is never consistent with the right to privacy, five human rights organizations said in a November 21, 2013 letter to members of the United Nations General Assembly.
After heated negotiations, the draft resolution on digital privacy initiated by Brazil and Germany emerged on November 21 relatively undamaged, despite efforts by the …