Search
Content type: Long Read
15th December 2017
The battle for Kenyan voters’ allegiance in the 2017 Presidential election was fought on social media and the blogosphere. Paid advertisements for two mysterious, anonymous sites in particular started to dominate Google searches for dozens of election-related terms in the months leading up to the vote. All linked back to either “The Real Raila”, a virulent attack campaign against presidential hopeful Raila Odinga, or Uhuru for Us, a site showcasing President Uhuru Kenyatta’s accomplishments. As…
Content type: Long Read
15th December 2017
Introduction
Why We Are So Concerned about Government Hacking for Surveillance
Scope of Our Safeguards
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4. Judicial Authorisation
5. Integrity of information
6. Notification
7. Destruction and Return of Data
8. Oversight and Transparency
9. Extraterritoriality
10. Effective Remedy
Commentary on each
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4. Judicial…
Content type: Report
6th December 2017
When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.
Seems fairly innocuous? Wrong. Your name and…
Content type: Report
1st December 2017
Financial services are changing, with technology being a key driver. It is affecting the nature of financial services, from credit and lending through to insurance, and even the future of money itself.
The field of fintech is where the attention and investment is flowing. Within it, new sources of data are being used by existing institutions and new entrants. They are using new forms of data analysis.
These changes are significant to this sector and the lives of people it serves. This report…
Content type: Long Read
28th November 2017
This piece was originally published in Just Security in November 2017.
The upcoming expiration of Section 702 of the Foreign Intelligence Surveillance Act (FISA) has launched a fresh wave of debate on how the statute’s “backdoor search loophole” allows the U.S. government to access Americans’ communications by searching information gathered on foreign intelligence grounds without a warrant. But while discussion about domestic information sharing is important, a critical element of the debate…
Content type: Long Read
1st November 2017
Photo Credit: AU UN IST / Tobin Jones
El 25 de septiembre 2017, el presidente de Paraguay objetó la totalidad de una propuesta de Ley denominada “que regula la activación del servicio de telefonía móvil”, disponiendo la creación de un registro de huellas dactilares de todos los usuarios de servicios móviles, y la desconexión dentro de un año a todos quienes no se hayan incorporado a este registro, todo ello bajo la excusa de disminuir los robos de identidad en la activación de líneas móviles…
Content type: Report
31st October 2017
The smart city market is booming. National and local governments all over the world expect their cities to become more efficient, more sustainable, cleaner and safer by integrating technology, increasing data generation and centralising data to provide better services. From large multinationals to small start-ups, companies want their slice of the multi-billion dollars per year pie of municipal budgets and long-term government contracts.
But do smart cities even exist? And are our cities…
Content type: Long Read
30th October 2017
Government hacking is unlike any other form of existing surveillance technique. Hacking is an attempt to understand a system better than it understands itself, and then nudging it to do what the hacker wants. Fundamentally speaking, hacking is therefore about causing technologies to act in a manner the manufacturer, owner or user did not intend or did not foresee.
Governments can wield this power remotely, surreptitiously, across jurisdictions, and at scale. A single hack can affect many…
Content type: Report
23rd October 2017
This report sheds light on the current state of affairs in data retention regulation across the EU post the Tele-2/Watson judgment. Privacy International has consulted with digital rights NGOs and industry from across the European Union to survey 21 national jurisdictions (Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, France, Germany, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom).…
Content type: Long Read
18th October 2017
On 8 September 2017, the Investigatory Powers Tribunal decided to refer questions to the Court of Justice of the European Union (‘CJEU’) concerning the collection of bulk communications data (‘BCD’) by the Security Intelligence Agencies from mobile network operators.
The BCD regime was initially secret. In an earlier judgment, the Investigatory Powers Tribunal ruled that the regime was not compliant with the European Convention on Human Rights prior to its public avowal, but (subject to the…
Content type: Long Read
15th September 2017
European Court of Human Rights Intervention
On 15 September 2017, Privacy International filed an intervention to the European Court of Human Rights in Association Confraternelle de la Presse Judiciare and 11 Other Applications v. France. This case challenges various surveillance powers authorised under the French Intelligence Act of 24 July 2015 as incompatible with Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy and the right to…
Content type: Report
12th September 2017
In this paper, Privacy International explores* what it means to be secure, and how governments and companies enact policies and laws that undermine security globally. Good cyber security policies and practices put people and their rights at the centre. By prioritising the individual and protecting people, devices and networks, governments could take advantage of a real opportunity - to give something technically complex a human element. In short, giving the tin man a heart.
*This version was…
Content type: Long Read
9th August 2017
This piece was originally published in Just Security in August 2017
We recently published an analysis in Lawfare of the United Kingdom’s surveillance framework as it relates to the proposed U.S.-U.K. agreement for cross-border law enforcement data requests. Implementing the U.S.-U.K. agreement is subject to passage of draft legislation proposed by the Justice Department to Congress in July 2016 (“U.S. DOJ legislation”), which will set standards that approved partners like the U.K. must meet…
Content type: Long Read
11th July 2017
This piece was originally published in Lawfare in July 2017.
The United Kingdom has been a key partner in the United States’ efforts to reform the process that law enforcement officials use to make cross-border requests for data. These efforts address both foreign governments’ requests for data stored in the U.S. and reciprocal requests by the U.S. government for data stored abroad. As part of these efforts, the U.S. and the U.K. have negotiated a draft bilateral agreement (“U.S.-U.K.…
Content type: Long Read
6th July 2017
6 July 2017
Full briefing: UK-US Intelligence Sharing Arrangements
Urgent transparency is needed regarding the UK’s intelligence sharing arrangements with the United States, which allows UK and US agencies to share, by default, any raw intelligence and methods and techniques related to the acquisition of such intelligence. In a recent YouGov poll, three quarters of Britons said that they want the UK Government to tell the public what safeguards govern these arrangements. Privacy International…
Content type: Long Read
5th July 2017
In January 2017, Kenya’s information and communication technology regulator, the Communications Authority of Kenya, announced that it was spending over 2 billion shillings (around 14 million USD) on new initiatives to monitor Kenyans’ communications and regulate their communications devices. The press lit up with claims of spying, and members of Kenya’s ICT community vowed to reject the initiatives as violating Kenyans’ constitutional rights, including the right to privacy (Article 31).…
Content type: Long Read
8th May 2017
This piece was originally published in Lawfare in May 2017.
This post is part of a series written by participants of a conference at Georgia Tech in Surveillance, Privacy, and Data Across Borders: Trans-Atlantic Perspectives.
Cross-border law enforcement demands have become increasingly important to law enforcement in the digital age. Digital evidence in one jurisdiction—such as the United States—is often necessary to investigate a crime that has effects in another jurisdiction. Because the U…
Content type: Long Read
13th April 2017
Disclaimer: This piece was written in April 2017. Since publishing, further information has come out about Cambridge Analytica and the company's involvement in elections.
Recently, the data mining firm Cambridge Analytica has been the centre of tons of debate around the use of profiling and micro-targeting in political elections. We’ve written this analysis to explain what it all means, and the consequences of becoming predictable to companies and political campaigns.
What does Cambridge…
Content type: Report
15th March 2017
This investigation focuses on the techniques, tools and culture of Kenyan police and intelligence agencies’ communications surveillance practices. It focuses primarily on the use of surveillance for counterterrorism operations. It contrasts the fiction and reality of how communications content and data is intercepted and how communications data is fed into the cycle of arrests, torture and disappearances.
Communications surveillance is being carried out by Kenyan state actors, essentially…
Content type: Report
15th March 2017
This stakeholder report is a submission by Privacy International (PI). PI is a human rights organisation that works to advance and promote the right to privacy and ght surveillance around the world. Privacy International wishes to bring concerns about the protection and promotion of the right to privacy for consideration in Pakistan’s upcoming review at the 28th session of the Working Group on the Universal Periodic Review.
Content type: State of Privacy
14th March 2017
Introduction
Acknowledgment
The State of Surveillance in Thailand is the result of a collaboration by Privacy International and Thai Netizen Network.
Right to Privacy
The constitution
Thailand experienced a coup d'etat in May 2014. According to Mishari Muqbil and Arthit Suriyawongkul, “their [the junta's] modus operandi seems to be the direct command of ministries and semi-governmental organisations to carry out tasks irrespective of existing legislation.”
Following the coup, in July…
Content type: Long Read
14th March 2017
This briefing highlights opportunities for NGOs to raise issues related to the right to privacy before some selected UN human rights bodies that have the mandate and the capacity to monitor and provide recommendations and redress.
The briefing provides some examples based on Privacy International’s experience and points at additional resources and guides. While this guide focuses on the work of NGOs, information to UN human rights mechanisms can be sent by other civil society actors, as well…
Content type: Long Read
8th March 2017
In this special briefing for International Women’s Day 2017, we explore through the work of the Privacy International Network some areas of concern being addressed in relation to privacy, surveillance, women’s rights, and gender. Coding Rights demonstrates the important of generating and disseminating gendered content on issues of surveillance in Latin America as a means of inciting informed action. In Chile, Derechos Digitales explored the booming market of mobile applications related to…
Content type: Long Read
10th February 2017
Introduction
A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. Yet hacking presents unique and grave threats to our privacy and security. It is far more intrusive than any other surveillance technique, capable of accessing information sufficient to build a detailed profile of a person, as well as altering or deleting that information. At the same time, hacking not only undermines the security of targeted systems, but also has…
Content type: Long Read
9th February 2017
This piece was orignally published in Slate in February 2017
In 2015, the FBI obtained a warrant to hack the devices of every visitor to a child pornography website. On the basis of this single warrant, the FBI ultimately hacked more than 8,700 computers, resulting in a wave of federal prosecutions. The vast majority of these devices—over 83 percent—were located outside the United States, in more than 100 different countries. Now, we are in the midst of the first cases to work their way…
Content type: Report
25th January 2017
This investigation looks at how surveillance is being conducted in Thailand. The first part of the investigation focuses on the ties between telecommunication companies and the state, and the second part of the investigation focuses on attacks conducted in order to attempt to circumvent encryption.
Content type: Long Read
3rd January 2017
The use of IMSI catchers[1] to arrest individuals is rarely documented — as IMSI catchers are used secretively in most countries. The arrest of Colombian drug lord Henry López Londoño in Argentina is therefore a rare opportunity to understand both how IMSI catchers are used, and also the complexity of their extraterritorial use.
In October 2012, Londoño — also known as Mi Sangre (“My Blood”) — was arrested in Argentina. His arrest was the result of cooperation between the Dirección de…