Advanced Search
Content Type: Long Read
The pressing need to fix our cybersecurity (mis)understandings
Despite all the efforts made so far by different, cybersecurity remains a disputed concept. Some states are still approving cybersecurity laws as an excuse to increase their surveillance powers. Despite cybersecurity and cybercrime being different concepts, the confusion between them and the broad application of criminal statutes is still leading to the criminalise legitimate behaviour.
All of this represents a sizable challenge…
Content Type: Long Read
In this piece we examine mobile phone extraction, relying on publicly available information and Privacy International’s experience from conducting mobile phone extraction using a Cellebrite UFED Touch 2. We welcome input from experts in the field. This is a rapidly developing area. Just as new security features are announced for phones, so too new methods to extract data are found.
[All references can be found in the pdf version below.]
General explanation of mobile phone…
Content Type: News & Analysis
Photo by Daniel Jensen on Unsplash
Everyone is talking about Facebook's end-to-end encryption plans and the US, UK and Australian government's response. Feeling lost? Here is what you need to know.
What's Facebook trying to do?
First let's be clear: Facebook has many faults when it comes to privacy. It's also suffered a number of security failures recently. See here for instance.
In response to their successive failures to protect your privacy, Facebook announced in their 'pivot to privacy…
Content Type: News & Analysis
Today’s announcement regarding the UK and US agreement signed pursuant to the US CLOUD Act is being touted on both sides of the Atlantic as a major victory for law enforcement and security. But it is a step backward for privacy.
And it’s far more complicated than their press release and letter to industry.
The agreement replaces the prior system, under which law enforcement agencies from around the world, including the UK, had to meet US legal standards in order to get access to content held…
Content Type: Long Read
In December 2018, Privacy international exposed the dubious practices of some of the most popular apps in the world.
Out of the 36 apps we tested, we found that 61% automatically transfer data to Facebook the moment a user opens the app. This happens whether the user has a Facebook account or not, and whether they are logged into Facebook or not. We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if…
Content Type: Long Read
Image credit: Emil Sjöblom [ShareAlike 2.0 Generic (CC BY-SA 2.0)]
Prepaid SIM card use and mandatory SIM card registration laws are especially widespread in countries in Africa: these two factors can allow for a more pervasive system of mass surveillance of people who can access prepaid SIM cards, as well as exclusion from important civic spaces, social networks, and education and health care for people who cannot.
Mandatory SIM card registration laws require that people provide personal…
Content Type: Video
Watch our video primer (1m54s) on how political advertisers use highly detailed data about you to target political adverts at you.
Read about some simple steps you can take to minimise the amount of political ads you see online and questions you can be asking of those that profit from your data.
Content Type: Examples
Cookies and other tracking mechanisms are enabling advertisers to manipulate consumers in new ways. For $29, The Spinner will provide a seemingly innocent link containing an embedded cookie that will allow the buyer to deliver targeted content to their chosen recipient. The service advertises packages aimed at men seeking to influence their partners to initiate sex, people trying to encourage disliked colleagues to seek new jobs, and teens trying to get their parents to get a dog. However,…
Content Type: Examples
In July 2018, Dutch researcher Foeke Postma discovered that Polar, the manufacturer of the world's first wireless heart rate monitor manufacturer, was exposing the heart rates, routes, dates, times, duration, and pace of exercises performed by individuals at military sites and at their homes via its social platform, Polar Flow. Polar placed these individuals at particular risk by showing all the exercises a particular individual has completed since 2014 on a single global map. Postma was able…
Content Type: Examples
In April 2018, the Austrian cabinet agreed on legislation that required asylum seekers would be forced to hand over their mobile devices to allow authorities to check their identities and origins. If they have been found to have entered another EU country first, under the Dublin regulation, they can be sent back there. The number of asylum seekers has dropped substantially since 2016, when measures were taken to close the Balkan route. The bill, which must pass Parliament, also allows the…
Content Type: Examples
In October 2018 Amazon patented a new version of its Alexa virtual assistant that would analyse speech to identify signs of illness or emotion and offer to sell remedies. The patent also envisions using the technology to target ads. Although the company may never exploit the patent, the NHS had previously announced it intended to make information from its online NHS Choices service available via Alexa.
https://www.telegraph.co.uk/technology/2018/10/09/amazon-patents-new-alexa-feature-knows-…
Content Type: Examples
In a 2018 interview, the Stanford professor of organisational behaviour Michal Kosinski discussed his research, which included a controversial and widely debunked 2017 study claiming that his algorithms could distinguish gay and straight faces; a 2013 study of 58,000 people that explored the relationship between Facebook Likes and psychological and demographic characteristics; and the myPersonality project, which collected data on 6 million people via a personality quiz that went viral on…
Content Type: Examples
In 2017, the Massachusetts attorney general's office reached an agreement under which Boston-based Copley Advertising agreed to eschew sending mobile ads to patients visiting Planned Parenthood and other health clinics. In 2015, Copley's geofencing technique used location information from smartphones and other internet-enabled devices to target "abortion-minded" women and send them ads for alternatives to abortion in a campaign it conducted on behalf of a Christian pregnancy counselling and…
Content Type: Examples
The CEO of MoviePass, an app that charges users $10 a month in return for allowing them to watch a movie every day in any of the 90% of US theatres included in its programme, said in March 2018 that the company was exploring the idea of monetising the location data it collects. MoviePass was always open about its plans to profit from the data it collects, but it seems likely that its 1.5 million users assumed that meant ticket sales, movie choice, promotions, and so on - not detailed tracking…
Content Type: Examples
The Danish company Blip Systems deploys sensors in cities, airports, and railway stations to help understand and analyse traffic flows and improve planning. In the UK's city of Portsmouth, a network of BlipTrack sensors was installed in 2013 by VAR Smart CCTV, and the data it has collected is used to identify problem areas and detect changing traffic patterns. The city hope that adding more sensors to identify individual journeys will help reduce commuting times, fuel consumption, and vehicular…
Content Type: Examples
In February 2018 the Canadian government announced a three-month pilot partnership with the artificial intelligence company Advanced Symbolics to monitor social media posts with a view to predicting rises in regional suicide risk. Advanced Symbolics will look for trends by analysing posts from 160,000 social media accounts; the results are intended to aid the Canadian government in allocating mental health resources. The company claims to be able to predict suicidal ideation, behaviours, and…
Content Type: Examples
A pregnancy-tracking app collected basic information such as name, address, age, and date of last period from its users. A woman who miscarried found that although she had entered the miscarriage into the app to terminate its tracking, the information was not passed along to the marketers to which the app's developer had sold it. A few weeks before her original due date, a package was delivered to her home including a note of congratulations and a box of baby formula. Although the baby had died…
Content Type: Examples
In the wake of Tesla’s first recorded autopilot crash, automakers are reassessing the risk involved with rushing semi-autonomous driving technology into the hands of distractible drivers. But another aspect of autopilot—its ability to hoover up huge amounts of mapping and “fleet learning” data—is also accelerating the auto industry’s rush to add new sensors to showroom-bound vehicles. This may surprise some users: Tesla’s Terms of Use (TOU) does not explicitly state that the company will…
Content Type: Examples
Caucuses, which are used in some US states as a method of voting in presidential primaries, rely on voters indicating their support for a particulate candidate by travelling to the caucus location. In a 2016 Marketplace radio interview, Tom Phillips, the CEO of Dstillery, a big data intelligence company, said that his company had collected mobile device IDs at the location for each of the political party causes during the Iowa primaries. Dstillery paired caucus-goers with their online…
Content Type: Examples
In 2015, the Royal Parks conducted a covert study of visitors to London's Hyde Park using anonymised mobile phone signals provided by the network operator EE to analyse footfall. During the study, which was conducted via government-funded Future Cities Catapult, the Royal Parks also had access to aggregated age and gender data, creating a detailed picture of how different people used the park over the period of about a year. The study also showed the percentage of EE subscribers who visited…
Content Type: Examples
In 2015, ABI Research discovered that the power light on the front of Alphabet's Nest Cam was deceptive: even when users had used the associated app to power down the camera and the power light went off, the device continued to monitor its surroundings, noting sound, movement, and other activities. The proof lay in the fact that the device's power drain diminished by an amount consistent with only turning off the LED light. Alphabet explained the reason was that the camera had to be ready to be…
Content Type: Examples
Because banks often decline to give loans to those whose "thin" credit histories make it hard to assess the associated risk, in 2015 some financial technology startups began looking at the possibility of instead performing such assessments by using metadata collected by mobile phones or logged from internet activity. The algorithm under development by Brown University economist Daniel Björkegren for the credit-scoring company Enterpreneurial Finance Lab was built by examining the phone records…
Content Type: Examples
In 2016, the American Civil Liberties Union of Northern California published a report revealing that the social media monitoring service Geofeedia had suggested it could help police track protesters. The report's publication led Twitter and Facebook to restrict Geofeedia's access to their bulk data. ACLUNC argued that even though the data is public, using it for police surveillance is an invasion of privacy. Police are not legally required to get a warrant before searching public data; however…
Content Type: Examples
At the Sixth Annual Conference on Social Media Within the Defence and Military Sector, held in London in 2016, senior military and intelligence officials made it clear that governments increasingly view social media as a tool for the Armed Forces and a "new front in warfare". Social media are also viewed as a source of intelligence on civilian populations and enemies and as a vector for propaganda. The conference was sponsored by Thales, which was working with the National Research Council of…
Content Type: Examples
In 2016, researchers at MIT's Computer Science and Artificial Intelligence Laboratory developed a new device that uses wireless signals that measure heartbeats by bouncing off a person's body. The researchers claim that this system is 87% accurate in recognising joy, pleasure, sadness, or anger based on the heart rate after first measuring how the individual's body reacts in various emotional states. Unlike a medical electrocardiogram, it does not require a sensor to be attached to the person's…
Content Type: Examples
For some months in 2017, in one of a series of high-risk missteps, Uber violated Apple's privacy guidelines by tagging and identifying iPhones even after their users had deleted Uber's app. When Apple discovered the deception, CEO Tim Cook told Uber CEO Travis Kalanick to cease the practice or face having the Uber app barred from the App Store.
External Link to Story
https://www.nytimes.com/2017/04/23/technology/travis-kalabnick-pushes-uber-and-himself-to-the-precipice.html