Advanced Search
Content Type: Examples
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…
Content Type: Examples
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers.
“Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with,” they added.
“This means a Bluetooth connection can be established without pairing the devices at all.…
Content Type: Case Study
In Peru, you get asked for your fingerprint and your ID constantly - when you’re getting a new phone line installed or depositing money in your bank account – and every Peruvian person has an ID card, and is included in the National Registry of Identity – a huge database designed to prove that everyone is who they say they are. After all, you can change your name, but not your fingerprint.
However, in 2019 the National Police of Peru uncovered a criminal operation that was doing just that:…
Content Type: News & Analysis
On New Year's Day, the Twitter account @HindsightFiles began publishing internal communications and documents from the now defunct SCL Group, dating from 2014-2018. They came from the hard drive of Brittany Kaiser, who held several senior positions at SCL Group including at one of its subsidiaries, Cambridge Analytica, and featured in the Netflix documentary "The Great Hack".
Privacy International first investigated Cambridge Analytica in 2017. We questioned the company's role in the Kenyan…
Content Type: Long Read
We are excited to spotlight our Reproductive Rights and Privacy Project!
The Project is focused on researching and exposing organisations that collect and exploit the information of those seeking to exercise their reproductive rights. Working together with PI partners, other international grassroots organisations and NGOs, PI is researching and advocating against this data exploitation.
So, what are reproductive rights?
Sexual and reproductive rights, which are contained within Economic,…
Content Type: Long Read
[Photo credit: Images Money]
The global counter-terrorism agenda is driven by a group of powerful governments and industry with a vested political and economic interest in pushing for security solutions that increasingly rely on surveillance technologies at the expenses of human rights.
To facilitate the adoption of these measures, a plethora of bodies, groups and networks of governments and other interested private stakeholders develop norms, standards and ‘good practices’ which often end up…
Content Type: News & Analysis
A new UK Times report claims that “WhatsApp, Facebook and other social media platforms will be forced to disclose encrypted messages from suspected terrorists, paedophiles and other serious criminals under a new treaty between the UK and the US.”
Several other media outlets have followed up on the report, with headlines such as “UK and US set to sign treaty allowing UK police ‘back door’ access to WhatsApp and other ‘end to end encrypted’ messaging platforms”.
While the…
Content Type: News & Analysis
Image: The Great Hack publicity still, courtesy of Netflix.
This is a review of the documentary 'The Great Hack' originally published on IMDb.
This documentary is a fascinating account of The Facebook/Cambridge Analytica data scandal.
In early 2018, Cambridge Analytica became a household name. The company had exploited the personal data of millions of Facebook users, without their knowledge or consent, and used it for political propaganda.
At a running time of almost two hours, The Great…
Content Type: Examples
The Lumi by Pampers nappies will track a child's urine (not bowel movements) and comes with an app that helps you "Track just about everything". The activity sensor that is placed on the nappy also tracks a baby's sleep.
Concerns over security and privacy have been raised, given baby monitors can be susceptible to hackers and any app that holds personal information could potentially expose that information.
Experts say the concept could be helpful to some parents but that there…
Content Type: Long Read
Details of case:
R (on the application of Privacy International) (Appellant) v Investigatory Powers Tribunal and others (Respondents)
[2019] UKSC 22
15 May 2019
The judgment
What two questions was the Supreme Court asked to answer?
Whether section 67(8) of RIPA 2000 “ousts” the supervisory jurisdiction of the High Court to quash a judgment of the Investigatory Powers Tribunal for error of law?
Whether, and, if so, in accordance with what principles, Parliament may by…
Content Type: News & Analysis
We found this image here.
Today, a panel of competition experts, headed by Professor Jason Furman, the former chief economic adviser of in the Obama administration, confirmed that tech giants, like Facebook, Amazon, Google, Apple and Microsoft, do not face enough competition.
Significantly, the report finds that control over personal data by tech giants is one of the main causes preventing competition and ultimately innovation.
Privacy International's research has shown clear examples of…
Content Type: Examples
In August 2018, banks and merchants had begun tracking the physical movements users make with input devices - keyboard, mouse, finger swipes - to aid in blocking automated attacks and suspicious transactions. In some cases, however, sites are amassing tens of millions of identifying "behavioural biometrics" profiles. Users can't tell when the data is being collected. With passwords and other personal information used to secure financial accounts under constant threat from data breaches, this…
Content Type: Examples
In October 2018, researcher Johannes Eichstaedt led a project to study how the words people use on social media reflect their underlying psychological state. Working with 1,200 patients at a Philadelphia emergency department, 114 of whom had a depression diagnosis, Eichstaedt's group studied their EMRs and up to seven years of their Facebook posts. Matching every person with a depressive diagnosis with five who did not, to mimic the distribution of depression in the population at large, from…
Content Type: Examples
In 2018, economists Marianne Bertrand and Emir Kamenica at the University of Chicago Booth School of Business showed that national divisions are so entrenched that details of what Americans buy, do, and watch can be used to predict, sometimes with more than 90% accuracy, their politics, race, income, education, and gender. In a paper published by the National Bureau of Economic Research, the economists taught machine algorithms to detect patterns in decades of responses to three long-running…
Content Type: Examples
In 2017, Britain's' two biggest supermarkets, Tesco and Sainsbury's, which jointly cover 45% of the UK's grocery market, announced they would offer discounts on car and home insurance based on customers' shopping habits. For example, based on data from its Nectar card loyalty scheme, Sainsbury's associates reliable, predictable patterns of visits to stores with safer and more cautious driving, and therefore offers those individuals cheaper insurance. For some products, Sainsbury's also mines…
Content Type: Examples
In 2018, based on an analysis of 270,000 purchases between October 2015 and December 2016 on a German ecommerce site that sells furniture on credit, researchers at the National Bureau of Economic Research found that variables such as the type of device could be used to estimate the likelihood that a purchaser would default. The difference in rates of default between users of iOS and Android was about the same as the difference between a median FICO credit score and the 80th percentile of FICO…
Content Type: News & Analysis
Campaigners are today calling for urgent action to allow Palestinians to develop an independent telecommunications infrastructure following the release of a report detailing how the Israeli government exerts its existing control to rule and monitor the online lives of Palestinian people.
‘Connection Interrupted’, produced by Privacy International partner organisation 7amleh, describes how the Israeli government restricts key telecommunications infrastructure in Palestine,…
Content Type: Examples
In July 2018, Dutch researcher Foeke Postma discovered that Polar, the manufacturer of the world's first wireless heart rate monitor manufacturer, was exposing the heart rates, routes, dates, times, duration, and pace of exercises performed by individuals at military sites and at their homes via its social platform, Polar Flow. Polar placed these individuals at particular risk by showing all the exercises a particular individual has completed since 2014 on a single global map. Postma was able…
Content Type: Examples
In June 2018, Uber filed a US patent application for technology intended to help the company identify drunk riders by comparing data from new ride requests to past requests made by the same user. Conclusions drawn from data such as the number of typos or the angle at which the rider is holding the phone would determine which, if any, driver they were matched with. What plans the company may have for the technology is unknown; however, critics expressed concerns that it could deter prospective…
Content Type: Examples
In April 2018, the Austrian cabinet agreed on legislation that required asylum seekers would be forced to hand over their mobile devices to allow authorities to check their identities and origins. If they have been found to have entered another EU country first, under the Dublin regulation, they can be sent back there. The number of asylum seekers has dropped substantially since 2016, when measures were taken to close the Balkan route. The bill, which must pass Parliament, also allows the…
Content Type: Examples
In March 2018 the Palo Alto startup Mindstrong Health, founded by three doctors, began clinical tests of an app that uses patients' interactions with their smartphones to monitor their mental state. The app, which is being tested on people with serious illness, measures the way patients swipe, tap, and type into their phones; the encrypted baseline and ongoing data is then analysed using machine learning to find patterns that indicate brain disorders such as a relapse into depression, substance…
Content Type: Examples
In a 2018 interview, the Stanford professor of organisational behaviour Michal Kosinski discussed his research, which included a controversial and widely debunked 2017 study claiming that his algorithms could distinguish gay and straight faces; a 2013 study of 58,000 people that explored the relationship between Facebook Likes and psychological and demographic characteristics; and the myPersonality project, which collected data on 6 million people via a personality quiz that went viral on…
Content Type: Examples
In 2018, a Duke University medical doctor who worked with Microsoft researchers to analyse millions of Bing user searches found links between some computer users' physical behaviours - tremors while using a mouse, repeated queries, and average scrolling speed - and Parkinson's disease. The hope was to be able to diagnose conditions like Parkinson's and Alzheimer's earlier and more accurately. Other such studies tracked participants via a weekly online health survey, mouse usage, and, via…
Content Type: Examples
In 2017, the Massachusetts attorney general's office reached an agreement under which Boston-based Copley Advertising agreed to eschew sending mobile ads to patients visiting Planned Parenthood and other health clinics. In 2015, Copley's geofencing technique used location information from smartphones and other internet-enabled devices to target "abortion-minded" women and send them ads for alternatives to abortion in a campaign it conducted on behalf of a Christian pregnancy counselling and…
Content Type: Examples
In 2011, the US Department of Homeland Security funded research into a virtual border agent kiosk called AVATAR, for Automated Virtual Agent for Truth Assessments in Real-Time, and tested it at the US-Mexico border on low-risk travellers who volunteered to participate. In the following years, the system was also tested by Canada's Border Services Agency in 2016 and the EU border agency Frontex in 2014. The research team behind the system, which included the University of Arizona, claimed the…
Content Type: Examples
In 2018, the EU announced iBorderCtrl, a six-month pilot led by the Hungarian National Police to install an automated lie detection test at four border crossing points in Hungary, Latvia, and Greece. The system uses an animated AI border agent that records travellers' faces while asking questions such as "What's in your suitcase?". The AI then analyses the video, scoring each response for 38 microexpressions. Travellers who pass will be issued QR codes to let them through; those who don't will…
Content Type: Examples
In July 2014, a study conducted by Adam D. I. Kramer (Facebook), Jamie E. Guillory, and Jeffrey T. Hancock (both Cornell University) and published by the Proceedings of the National Academy of Sciences alerted Facebook users to the fact that for one week in 2012 689,003 of them had been the subjects of research into "emotional contagion". In the study, the researchers changed randomly selected users' newsfeeds to be more positive or negative to study whether those users then displayed a more…
Content Type: Examples
The CEO of MoviePass, an app that charges users $10 a month in return for allowing them to watch a movie every day in any of the 90% of US theatres included in its programme, said in March 2018 that the company was exploring the idea of monetising the location data it collects. MoviePass was always open about its plans to profit from the data it collects, but it seems likely that its 1.5 million users assumed that meant ticket sales, movie choice, promotions, and so on - not detailed tracking…
Content Type: Examples
The Danish company Blip Systems deploys sensors in cities, airports, and railway stations to help understand and analyse traffic flows and improve planning. In the UK's city of Portsmouth, a network of BlipTrack sensors was installed in 2013 by VAR Smart CCTV, and the data it has collected is used to identify problem areas and detect changing traffic patterns. The city hope that adding more sensors to identify individual journeys will help reduce commuting times, fuel consumption, and vehicular…
Content Type: Examples
Designed for use by border guards, Unisys' LineSight software uses advanced data analytics and machine learning to help border guards decide whether to inspect travellers more closely before admitting them into their country. Unisys says the software assesses each traveller's risk beginning with the initial intent to travel and refines its assessment as more information becomes available at each stage of the journey - visa application, reservation, ticket purchase, seat selection, check-in, and…