Search
Content type: Examples
In 2013, Edward Snowden, working under contract to the US National Security Agency for the consultancy Booz Allen Hamilton, copied and leaked thousands of classified documents that revealed the inner workings of dozens of previously unknown surveillance programs. One of these was PRISM, launched in 2007, which let NSA use direct access to the systems of numerous giant US technology companies to carry out targeted surveillance of the companies' non-US users and Americans with foreign contacts by…
Content type: Examples
In May 2018, Google announced an AI system to carry out tasks such as scheduling appointments over the phone using natural language. A Duplex user wanting to make a restaurant booking, for example, could hand the task off to Duplex, which would make the phone call and negotiate times and numbers. In announcing the service, Google stressed its use of "speech dysfluencies" - that is, non-verbal syllables such as "um" and "er" to make the interaction sound more natural.
The system almost…
Content type: Examples
In 2017 the Electronic Privacy Information Center filed a complaint with the US Federal Trade Commission asking the agency to block Google's Store Sales Measurement service, which the company introduced in May at the 2017 Google Marketing Next event. Google's stated goal was to link offline sales to online ad spending. EPIC argued that the purchasing information Google collected was highly sensitive, revealing details about consumers purchases, health, and private lives, and that Google was…
Content type: Examples
DoubleClick was one of the first companies set up to sell display advertising on the web. Set up in 1996, it went public in 1998, and in 1999 merged with the data collection company Abacus Direct. In response to a 2001 US Federal Trade Commission investigation of the proposed merger, DoubleClick promised to keep those two databases separate; and in 2005 when the private equity firm Hellman & Friedman acquired it, that firm promised to operate the company as two separate divisions. In April…
Content type: Examples
In 2012 the US Consumer Watchdog advocacy group filed a complaint against Google alleging that the company had violated its 2011 consent decree with the US Federal Trade Commission in the case about Google Buzz. The complaint was based on February 2012 revelations that the site was failing to honour do-not-track settings in Apple's Safari web browser. The browser itself was set by default to refuse to accept third-party cookies, as these are often used to track users across the web. Google's…
Content type: Examples
In 2009, Spanish citizen Mario Costeja González objected to the fact that an auction notice from 1998, when his home was repossessed, was still accessible on the website of the Spanish newspaper La Vanguardia and the first thing people saw when they searched for him on Google. When the courts declined to order the newspaper to remove the announcement, Costeja asked Google Spain to stop linking to it in search results on his name. When Google did nothing more than forward the complaint to its…
Content type: Examples
In 2012, Google announced it would condense 70 different privacy policies into a single one that would allow the company to merge the data collected across all its services, including Maps, search, Android, Books, Chrome, Wallet, Gmail, and the advertising service provided by its DoubleClick subsidiary into a single database. The company claimed the purpose was to enable a better, more unified experience - for example, it said it would be able to deliver better search results by combining…
Content type: Examples
In 2010, increasing adoption of social media sites such as blogs, Facebook, Twitter, and Flickr led Google to develop Buzz, an attempt to incorporate status updates and media-sharing into its Gmail service. Users could link their various social media feeds, including Picasa (Google's photo-sharing service) and Reader (Google's RSS news reader), directly into Gmail. Via the integrated feed, Gmail users could see not only the content produced by those they followed, but those they didn't if their…
Content type: Examples
In July 2011, the established writer GrrlScientist tried to log into her Google account and found that it was suspended, barring her access to Gmail, Google Docs, YouTube, Google Reader, and the newly launched social network Google+. It turned out that the reason was then when Google launched its Google+ social network in June 2011, it included among its terms and conditions a requirement to use "the name your friends, family, or co-workers call you". In July 2011, Google began suspending the…
Content type: Examples
In 2010, Google revealed that a data audit required by Germany's data protection authority had revealed that since 2007 the cars deployed to capture images for its Street View project had accidentally captured 600GB of data from local wifi networks, including personal web browsing histories. Google said it used network names (SSIDs) and router identifiers (MAC addresses) to use for its location services, but did not use any of the payload data, which the company said consisted only of fragments…
Content type: Examples
Google launched its first version of Android in 2009. Based on a modified Linux kernel and other open source software, Android provides the operating system for mobile phones, tablets, televisions, cars, wrist watches, and many other devices including digital cameras, game consoles, PCs, and personal video recorders. By 2017, Android had become the best-selling operating system in the world, with over 2 billion monthly active users. Even in 2009, critics warned that the operating system, which…
Content type: Examples
In May 2007, Google launched Street View, an add-on to its Maps service that allows users to see and "drive" through images of streets and buildings. Almost immediately, the service provoked controversy when users realised that these images included pictures looking through the windows of their homes and images of license plates, or that caught them in embarrassing or even illegal situations on the street. Google argued that Street View only captured images taken on public property. In August,…
Content type: Examples
To personalise the services it offers, Google retains user data such as search histories and as well as the Internet Protocol (IP) addresses and other digital identifiers that enable the company to link search queries to the specific computer where they were generated. Until March 2007, the company kept this data indefinitely. At that point, it announced that in response to privacy advocates' concerns it would begin anonymising the data after 18 to 24 months. While some welcomed the change,…
Content type: Examples
When Google launched Gmail in 2004, the new service rapidly gained acceptance because it offered far more storage space than any other comparable service. From the beginning, however, Gmail scanned the contents of emails to help the company generate contextual ads. Scanning has never applied to the email service it offers paying corporate customers as part of G Suite. In 2017, Google announced it would end scanning email in the consumer service, largely to end confusion among the corporate…
Content type: Examples
The first example of internet users being blindsided by the retention of information they had thought was ephemeral was Usenet, a worldwide collection of discussion groups ("newsgroups") created in 1979. At the beginning, computers called each other directly to swap and distribute new postings; as the internet became available it became the primary medium for propagating Usenet's burgeoning collection of newsgroups. At its peak in the 1990s Usenet was a huge open system used by millions of…
Content type: Examples
In 2005, Google launched its web analytics service, which tracks and reports website traffic. The most widely-used analytics service on the web, Google Analytics comes in three versions: free, the subscription enterprise service 360, and a mobile service that collects analytics from both iOS and Android apps. The service works by storing cookies on computers that visit the websites on which Google Analytics is installed; the cookies contain a unique "cookie ID" identifier; this enables website…
Content type: Long Read
Privacy and data protection are currently being debated more intensively than ever before. In this interview, Frederike Kaltheuner from the civil rights organisation Privacy International explains why those terms have become so fundamentally important to us. The article was first published in the newly launched magazine ROM. The interview was conducted by ROM publisher Khesrau Behroz and writers Patrick Stegemann and Milosz Paul Rosinski.
Frederike Kaltheuner, you work for Privacy…
Content type: Examples
In September 2007, Facebook, which from its 2004 founding had stressed the privacy of its user profiles and interactions, opened up its profiles to public search engines such as Google and Bing. Facebook's new "public listing search" allowed anyone to search for a particular person; such searches returned the name and profile picture of all members who had set their search privacy to "Everyone". The benefit to Facebook was to encourage non-users to sign up when they saw their friends and family…
Content type: Examples
In May 2009, University of Cambridge computer science researcher Joseph Bonneau discovered as part of his research that many social network respond to user requests to delete photographs by hiding them while remaining them on their servers. Among the worst offenders were Facebook, MySpace, Bebo, and LiveJournal. A Facebook spokesman explained that while photographs were immediately deleted from the company's own servers, the data would take longer to be removed from Akamai, the Content Delivery…
Content type: Press release
Photo credit: Forbrukerrådet
The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.
Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the…
Content type: Course Section
Communications surveillance is where a third party intercepts a communication in the course of its transmission between intended recipients. Interception includes all acts of monitoring, copying, diverting, duplicating and storing communications in the course of their transmission by or for law enforcement or intelligence agencies.[1]
When discussing communications surveillance, there are many debates, distinctions, and terms used. Because of this it is important to know what a term represents…
Content type: Press release
WASHINGTON, D.C. – U.S. companies should adopt the same data protection rules that are poised to go into effect in the European Union on May 25, Public Citizen, the Center for Digital Democracy and Privacy International said today.
In a sign-on letter, 28 groups are calling on some of the world’s largest companies – including Facebook, Google and Amazon, as well as digital advertisers like Nestle, Walmart and JPMorgan Chase – to use Europe’s impending General Data Protection Regulation (GDPR…
Content type: Long Read
If you operate an internet company in Russia, you aren’t necessarily surprised to one day open the door to someone, grasping in one hand a bundle of wires and in the other a letter from a government agency demanding access to your servers, with a black box wedged under one arm.
Internet companies in Russia are required by law to store the content of users’ communications for six months and the metadata of users’ communications for three years, essentially meaning that what a person does…
Content type: Long Read
Hasn't Facebook said it would give European data protection to all of their users?
Yes, but only in very vague language. In an initial reaction to the Cambridge Analytica scandal, Mark Zuckerberg declared that Facebook would apply the EU General Data Protection Regulation (GDPR) “in spirit” to their 2 billion users worldwide. When questioned by members of the US Congress, Zuckerberg declared that "[a]ll the same controls will be available around the world". Representative Green sought…
Content type: Examples
Behind the colourful bicycles and games rooms, Silicon Valley tech giants operate a strict code of secrecy, relying on a combination of cultural pressure, digital and physical surveillance, legal threats, and restricted stock to prevent and detect not only criminal activity and intellectual property theft but also employees and contracts who speak publicly about their working conditions. Apple has long been known for requiring employees to sign project-specific non-disclosure agreements (NDAs…
Content type: Examples
Car companies have long collected data about the consumers who buy their cars. Now, they hope to aggregate and sell customer preferences to outside vendors for marketing purposes much as online tech giants like Google and Facebook already do. The companies say that exploiting this data will help them improve the driving experience, enabling predictive maintenance and enhancing driving intelligence. A study published in July 2017 by the US Government Accountability Office found that none of the…
Content type: Examples
A former Facebook insider explains to Wired Magazine why it's almost certain that the Trump campaign's skill using the site's internal advertising infrastructure was more important in the 2016 US presidential election than Russia's troll farm was. The first was the ads auction; the second a little-known product called Custom Audience and its accompanying Lookalike Audiences. Like Google's equivalent, Facebook's auction has advertisers bid with an ad, an ideal user specification, and a bid for…
Content type: Examples
In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device manufacturers - Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung, the FTC recommends that manufacturers should deploy these updates more quickly and suggests that manufacturers should…
Content type: Examples
Princeton University's WebTap - Web Transparency and Accountability - project conducts a monthly automated census of 1 million websites to measure tracking and privacy. The census detects and measures many or most of the known privacy violations researchers have found in the past: circumvention of cookie blocking, leakage of personally identifiable information to third parties, Canvas fingerprinting, and many more. The research also examines the effect of browser privacy tools and cookie…
Content type: Examples
The first signs of the combination of AI and surveillance are beginning to emerge. In December 2017, the digital surveillance manufacturer IC Realtime, launched a web and app platform named Ella that uses AI to analyse video feeds and make them instantly searchable - like a Google for CCTV. Company CEO Matt Sailor demonstrated a version of Ella hooked up to 40 cameras trained on an industrial park that was able to respond with relevant footage to searches such as "a man wearing red" or "UPS…