Advanced Search
Content Type: Long Read
On 13 March 2025, we filed a complaint against the UK government challenging their use of dangerous, disproportionate and intrusive surveillance powers to undermine the privacy and security of people all over the world. Here, we answer some key questions about the case and the recent events that led to this development.Note: This post was last updated on 13 March 2025.What’s the fuss about?A month ago, it was reported that the UK government demanded Apple Inc – maker of the iPhone, iPads, Macs…
Content Type: Explainer
Imagine this: a power that secretly orders someone anywhere in the world to abide and the receiver can’t tell anyone, can’t even publicly say if they disagree, and can’t really question the power in open court because the secret order is, well, secret. Oh and that power affects billions of people’s security and their data. And despite being affected, we too can’t question the secret order.In this piece we will outline what’s ridiculous, the absurd, and the downright disturbing about what’s…
Content Type: News & Analysis
Edit: 13 March 2025 - You can find more about what happened next on our case pageOn February 21st, Apple disabled their ‘advanced data protection’ service for UK customers. That means no-one in Great Britain can now enable a powerful security safeguard that people who use Apple devices everywhere else on the planet can: user controlled end-to-end encryption of stored data.This is likely in response to a disturbing secret government power. Well, that’s what we think happened. We can’t know for…
Content Type: Advocacy
We responded to the Home Office consultation on codes of practices under the Investigatory Powers (Amendment) Act 2024 (IPAA). Our response focused on (1) the draft codes relating to bulk personal datasets with low or no reasonable expection of privacy, (2) third-party bulk personal datasets and (3) the notices regime. You can download our full response with its 23 recommendations for reform at the bottom of this page.'Low Privacy' Bulk Personal DatasetsThe IPAA introduces a new concept of…
Content Type: Video
Links - Read more about PI's work on encryption- Matt Blaze and crypto.com; you can now find Matt at mattblaze.org - More about ITAR and the export of cryptography- More about France's ban on encryption ending in this 1999 article from the Register- More about the Data Encryption Standard - Find out more about the Clipper Chip or take a look at this NY Times article from 1994 (paywalled)- Matt Blaze's flaw in the Clipper Chip- NSA Data Center and NSA holding data- An…
Content Type: Video
The case dealt with a Russian law obliging telecommunications service providers to indiscriminately retain content and communications data for certain time periods, as well as a 2017 disclosure order by the Russian Federal Security Service requiring Telegram Messenger company to disclose technical information which would facilitate “the decoding of communications”.Links:PI case pageECtHR judgment in the Podchasov casePI's work on encryptionPI's report on End-to-End Encryption (E2EE)More…
Content Type: Video
LinksFind out more about encryption:Computerphile on YouTube is a computer science professor with a range of useful and accessible videos on encryptionCloudflare have a helpful learning centre including this article on how encryption works and why cloudflare use Lava lamps to generate keysThis is a helpful article on Diffie-Hellman including a diagram of the colours demonstration, which Ed discusses during the podcastThis article is great for learning more about hashingAnd if you're interested…
Content Type: Advocacy
BackgroundThe Snowden revelations and subsequent litigation have repeatedly identified unlawful state surveillance by UK agencies. In response, the UK Parliament passed the highly controversial Investigatory Powers Act 2016 (IPA), which authorised massive, suspicionless surveillance on a scale never seen before, with insufficient safeguards or independent oversight.Privacy International led legal challenges to this mass surveillance regime both before and after the Act became law. The Act…
Content Type: Long Read
In June 2023, the UK government announced its proposal to expand its surveillance powers by, among others, forcing communications operators to undermine encryption or abstain from providing security software updates globally. Building on our response to the government’s plans, this piece explains why what they want to do puts every one of us at risk.
Why your trust (to technologies you use) matters
Surveillance and privacy are complex concepts to grasp – it’s part of the appeal to us at PI.…
Content Type: Advocacy
We are responding to the UK Government's consultation to expand its powers around Technical Capabilities Notices and National Security Notices.
Background
Following Edward Snowden's revelations about the illegal and expansive secret powers of the US and UK intelligence agencies, the UK Government took the opportunity to, rather than reflect on what powers are proportionate in the modern era, to expand its arsenal of surveillance powers.
One of the powers it added was the ability to issue…
Content Type: Long Read
On 18th January, it was announced that end-to-end encrypted iCloud services, Advanced Data Protection, would be offered to Apple users globally.The offer of such level of security globally, while overdue, is a key step to ensuring trust and confidence in today’s world. There are too many threats to our data and our rights. Twelve years ago, we called on Apple to encrypt iCloud storage for users all around the world.Why this is importantWhile privacy and security is often portrayed as opposite…
Content Type: Report
End-to-end encryption (E2EE) contributes significantly to security and privacy. For that reason, PI has long been in favour of the deployment of robust E2EE.Encryption is a way of securing digital communications using mathematical algorithms that protect the content of a communication while in transmission or storage. It has become essential to our modern digital communications, from personal emails to bank transactions. End-to-end encryption is a form of encryption that is even more private.…
Content Type: News & Analysis
Back in 2019, UK Health Secretary Matt Hancock announced a partnership between the NHS and Amazon Alexa. The goal of the partnership was for Alexa to be able to use the content of the NHS website when people asked health-related questions.
At the time, we expressed a number of concerns regarding this agreement: Amazon did not appear to be an actor that should be trusted with our health information, and seeing the Health Secretary publicly praising this new agreement appeared to give…
Content Type: Long Read
Privacy and security are both essential to protecting individuals, including their autonomy and dignity. Undermining privacy undermines the security of individuals, their devices and the broader infrastructure. People need privacy to freely secure themselves, their information, and fully enjoy other rights. However, a growing number of governments around the world are embracing hacking to facilitate their surveillance activities.
As a form of government surveillance, hacking presents…
Content Type: News & Analysis
Federal law enforcement is deploying powerful computer hacking tools to conduct domestic criminal and immigration investigations.
By Alex Betschen, Student Attorney, Civil Liberties & Transparency Clinic, University at Buffalo School of Law
Hacking by the government raises grave privacy concerns, creating surveillance possibilities that were previously the stuff of science fiction. It also poses a security risk, because hacking takes advantage of unpatched vulnerabilities in our…
Content Type: Press release
FOR IMMEDIATE RELEASE
December 21, 2018
CONTACTS:
Alex Betschen, Civil Liberties & Transparency Clinic, [email protected], 716–531–6649
Colton Kells, Civil Liberties & Transparency Clinic, [email protected], 585–766–5119
Abdullah Hasan, ACLU, [email protected], 646–905–8879
NEW YORK — Privacy International, the American Civil Liberties Union, and the Civil Liberties & Transparency Clinic of the University at Buffalo School of Law filed a lawsuit today…
Content Type: News & Analysis
This piece was originally published on Just Security.
Ten years ago, an FBI official impersonated an Associated Press reporter to lure and track a teenager suspected of sending in prank bomb threats to his school. To find him, the FBI agent, posing as a reporter, sent the teenager links to a supposed story he was working on, but the links were infested with malware that once clicked on quickly exposed the teen’s location. More recently, the FBI has seized and modified websites so…
Content Type: Long Read
This piece was orignally published in Slate in February 2017
In 2015, the FBI obtained a warrant to hack the devices of every visitor to a child pornography website. On the basis of this single warrant, the FBI ultimately hacked more than 8,700 computers, resulting in a wave of federal prosecutions. The vast majority of these devices—over 83 percent—were located outside the United States, in more than 100 different countries. Now, we are in the midst of the first cases…