Advanced Search
Content Type: Examples
For a period between the end of October and November 3 2016 the heating and hot water systems in two buildings in the city of Lappeenranta, Finland were knocked out by a distributed denial of service attack designed to make the systems fail. The systems responded by repeatedly rebooting the main control circuit, which meant that the heating was never working - at a time when temperatures had already dropped below freezing. Specialists in building maintenance noted that companies often skimp on…
Content Type: Examples
In 2015, the Swedish startup hub Epicenter began offering employees microchip implants that unlock doors, operate printers, and pay for food and drink. By 2017, about 150 of the 2,000 workers employed by the hub's more than 100 companies had accepted the implants. Epicenter is just one of a number of companies experimenting with this technology, which relies on Near Field Communication (NFC). The chips are biologically safe, but pose security and privacy issues by making it possible to track…
Content Type: Examples
The payday lender Wonga announced in April 2017 that a data breach at the company affected an estimated 270,000 customers, 245,000 of them in the UK and the rest in Poland. The company sent those it thought were affected messages warning that it believed there may have been illegal and unauthorised access to some of the data in their accounts. Wonga was already controversial because of the high rates of interest in charged, and findings by the UK's financial regulator that it had made loans to…
Content Type: Examples
In 2017, an anonymous whistleblower sent a letter to Green party peer Jenny Jones alleging that a secretive Scotland Yard unit was illegally monitoring the private emails of campaigners and journalists. The letter included a list of ten people and the passwords to their email accounts and claimed the police were using an India-based operation that did the work of hacking emails, shredding documents, and using sex as a method of infiltration. Jones's background includes a decade on the…
Content Type: Examples
In 2017, when user Robert Martin posted a frustrated, disparaging review of the remote garage door opening kit Garadget on Amazon, the peeved owner briefly locked him out of the company's server and told him to send the kit back. After complaints on social media and from the company's board members, CEO Denis Grisak reinstated Martin's service. The incident highlighted the capricious and fine-grained control Internet of Things manufacturers can apply and the power they retain over devices…
Content Type: Examples
A 2017 research report found that the most vulnerable smartphone users are the ones whose devices are most open to fraud and harassment. Cheaper, low-end devices are less secure to begin with, and they are also less often replaced than their more expensive counterparts made by. Apple and Google. At any given time there are millions of Android devices that are open to known exploits. Worse, the poorer population that owns these phones are more likely to use them as their sole means of accessing…
Content Type: Examples
Facebook has come under fire after leaked documents revealed the social media site has been targeting potentially vulnerable children.
The allegations suggest the company is gathering information on young people who “need a confidence boost” to facilitate predatory advertising practices.
Confidential documents obtained by The Australian reportedly show how Facebook can exploit the moods and insecurities of teenagers using the platform for the benefit of advertisers.…
Content Type: Examples
Connecticut police have used the data collected by a murder victim's Fitbit to question her husband's alibi. Richard Dabate, accused of killing his wife in 2015, claimed a masked assailant came into the couple's home and used pressure points to subdue him before shooting his wife, Connie. However, her Fitbit's data acts as a "digital footprint", showing she continued to move around for more than an hour after the shooting took place. A 2015 report from the National Institute of…
Content Type: Examples
Even after they move out, domestic abusers may retain control over their former residence via Internet of Things devices and the mobile phone apps that control them. Using those tools, abusers can confuse, intimidate, and spy upon their former spouses and partners. Lack of knowledge about how these technologies work means that those who complain are often not taken seriously. Even the victims themselves may believe it's all in their minds; lawyers are struggling to develop language to add to…
Content Type: Examples
A 2017 lawsuit filed by Chicagoan Kyle Zak against Bose Corp alleges that the company uses the Bose Connect app associated with its high-end Q35 wireless headphones to spy on its customers, tracking the music, podcasts, and other audio they listen to and then violates their privacy rights by selling the information without permission. The case reflects many of the concerns associated with Internet of Things devices, which frequently arrive with shoddy security or dubious data…
Content Type: Examples
In 2017, a website run by the Jharkhand Directorate of Social Security leaked the personal details of over.1 million Aadhaar subscribers, most of them old age pensioners who had enabled automatic benefits payment into their bank accounts. Aadhaar is a 12-digit unique identification number issued to all Indian residents based on their biometric and demographic data. Both cyber security agencies and the Supreme Court have expressed concerns over its security,…
Content Type: Case Study
Invisible and insecure infrastructure is facilitating data exploitation
Many technologies, including those that are critical to our day-to-day lives do not protect our privacy or security. One reason for this is that the standards which govern our modern internet infrastructure do not prioritise security which is imperative to protect privacy.
What happened?
An example of this is Wi-Fi, which is now on its sixth major revision (802.11ad). Wi-Fi was always designed to be a verbose in…
Content Type: Examples
In 2015, IBM began testing its i2 Enterprise Insight Analysis software to see if it could pick out terrorists, distinguish genuine refugees from imposters carrying fake passports, and perhaps predict bomb attacks. Using a scoring system based on several data sources and a hypothetical scenario, IBM tested the system on a fictional list of passport-carrying refugees. The score is meant to act as a single piece of data to flag individuals for further scrutiny using additional…
Content Type: Examples
In 2017, the New York Times discovered that Uber had a secret internal programme known as "Greyball", which used data collected from the Uber app and other techniques to identify and bar regulators and officials from using its service. As the company expanded into new areas, its standard practice was to open up and begin offering rides without seeking regulatory approval first. The company used Greyball to prevent regulators from building a case against the company in areas where…
Content Type: Examples
In 2015 Hong Kong's Face of Litter campaign used DNA samples taken from street litter and collected from volunteers to create facial images that were then posted on billboards across the city. The campaign, conceived by PR firm Ogilvy & Mather and organised by online magazine Ecozine and the Nature Conservancy, was intended to give a face to anonymous Hong Kong litterbugs and raise awareness of the extent of littering in the city and encourage people to…
Content Type: Examples
For some months in 2017, in one of a series of high-risk missteps, Uber violated Apple's privacy guidelines by tagging and identifying iPhones even after their users had deleted Uber's app. When Apple discovered the deception, CEO Tim Cook told Uber CEO Travis Kalanick to cease the practice or face having the Uber app barred from the App Store.
External Link to Story
https://www.nytimes.com/2017/04/23/technology/travis-kalabnick-pushes-uber-and-himself-to-the-precipice.html
Content Type: Case Study
As society heads toward an ever more connected world, the ability for individuals to protect and manage the invisible data that companies and third parties hold about them, becomes increasingly difficult. This is further complicated by events like data breaches, hacks, and covert information gathering techniques, which are hard, if not impossible, to consent to. One area where this most pressing is in transportation, and by extension the so-called ‘connected car’.
When discussing connected…
Content Type: News & Analysis
This blog was written by Fundación Karisma, a member of the Privacy International Network. It does not necessarily reflect the views or position of Privacy International.
The Colombian General Prosecutor said recently that the blocking of IMEI is not working. He is talking about a registry created in 2011 that aims to reduce cellphone theft by blocking reportedly stolen phones of Colombian networks.
Fundación Karisma has been following this program and now, after six years…
Content Type: Case Study
Cities around the world are deploying collecting increasing amounts of data and the public is not part of deciding if and how such systems are deployed.
Smart cities represent a market expected to reach almost $760 billion dollars by 2020. All over the world, deals are signed between local governments and private companies, often behind closed doors. The public has been left out of this debate while the current reality of smart cities redefines people’s right to privacy and creates new…
Content Type: Case Study
For those concerned by reporting of Facebook’s exploitation of user data to generate sensitive insights into its users, it is worth taking note of WeChat, a Chinese super-app whose success has made it the envy of Western technology giants, including Facebook. WeChat has more than 900 million users. It serves as a portal for nearly every variety of connected activity in China. Approximately 30% of all time Chinese users spend on the mobile internet centers around…
Content Type: Case Study
Our connected devices carry and communicate vast amounts of personal information, both visible and invisible.
What three things would you grab if your house was on fire? It’s a sure bet your mobile is going to rank pretty high. It’s our identity, saying more about us than we perhaps realise. It contains our photos, calendar, internet browsing, locations of where we go, where we’ve been, our emails, social media. It holds our online banking, notes with half written poems, shopping lists, shows…
Content Type: Case Study
As society heads toward an ever more connected world, the ability for individuals to protect and manage the invisible data that companies and third parties hold about them, becomes increasingly difficult. This is further complicated by events like data breaches, hacks, and covert information gathering techniques, which are hard, if not impossible, to consent to. One area where this most pressing is in transportation, and by extension the so-called ‘connected car’.
When discussing connected…
Content Type: Case Study
Political campaigns around the world have turned into sophisticated data operations. In the US, Evangelical Christians candidates reach out to unregistered Christians and use a scoring system to predict how seriously millions these of voters take their faith. As early as 2008, the Obama campaign conducted a data operation which assigned every voter in the US a pair of scores that predicted how likely they would cast a ballot, and whether or not they supported him. The campaign was so confident…
Content Type: Case Study
Financial services are collecting and exploiting increasing amounts of data about our behaviour, interests, networks, and personalities to make financial judgements about us, like our creditworthiness.
Increasingly, financial services such as insurers, lenders, banks, and financial mobile app startups, are collecting and exploiting a broad breadth of data to make decisions about people. This is particularly affecting the poorest and most excluded in societies.
For example, the decisions…
Content Type: Case Study
Gig economy jobs that depend on mobile applications allow workers’ movements to be monitored, evaluated, and exploited by their employers.
The so-called “gig economy” has brought to light employers’ increasing ability and willingness to monitor employee performance, efficiency, and overall on-the-job conduct. Workplace surveillance of gig economy workers often happens without employees’ awareness or consent. This is especially evident in the app-based gig economy, where apps act both as an…
Content Type: Case Study
Police and security services are increasingly outsourcing intelligence collection to third-party companies which are assigning threat scores and making predictions about who we are.
The rapid expansion of social media, connected devices, street cameras, autonomous cars, and other new technologies has resulted in a parallel boom of tools and software which aim to make sense of the vast amount of data generated from our increased connection. Police and security services see this data as an…
Content Type: Case Study
Introduction
Online, and increasingly offline, companies gather data about us that determine what advertisements we see; this, in turn, affects the opportunities in our lives. The ads we see online, whether we are invited for a job interview, or whether we qualify for benefits is decided by opaque systems that rely on highly granular data. More often than not, such exploitation of data facilitates and exacerbates already existing inequalities in societies – without us knowing that it occurs.…
Content Type: Examples
French spy agency Direction Générale de la Sécurité Intérieure in December 2016 for 10 million euros signed a contract buying access to Palantir’s Gotham software. French politicians have voiced concerns over the software as France pushes to become more technologically independent.
Publication: EU Observer
Date: 9 June 2017