Advanced Search
Content Type: Long Read
On 13 March 2025, we filed a complaint against the UK government challenging their use of dangerous, disproportionate and intrusive surveillance powers to undermine the privacy and security of people all over the world. Here, we answer some key questions about the case and the recent events that led to this development.Note: This post was last updated on 13 March 2025.What’s the fuss about?A month ago, it was reported that the UK government demanded Apple Inc – maker of the iPhone, iPads, Macs…
Content Type: Explainer
Imagine this: a power that secretly orders someone anywhere in the world to abide and the receiver can’t tell anyone, can’t even publicly say if they disagree, and can’t really question the power in open court because the secret order is, well, secret. Oh and that power affects billions of people’s security and their data. And despite being affected, we too can’t question the secret order.In this piece we will outline what’s ridiculous, the absurd, and the downright disturbing about what’s…
Content Type: News & Analysis
Edit: 13 March 2025 - You can find more about what happened next on our case pageOn February 21st, Apple disabled their ‘advanced data protection’ service for UK customers. That means no-one in Great Britain can now enable a powerful security safeguard that people who use Apple devices everywhere else on the planet can: user controlled end-to-end encryption of stored data.This is likely in response to a disturbing secret government power. Well, that’s what we think happened. We can’t know for…
Content Type: Advocacy
We responded to the Home Office consultation on codes of practices under the Investigatory Powers (Amendment) Act 2024 (IPAA). Our response focused on (1) the draft codes relating to bulk personal datasets with low or no reasonable expection of privacy, (2) third-party bulk personal datasets and (3) the notices regime. You can download our full response with its 23 recommendations for reform at the bottom of this page.'Low Privacy' Bulk Personal DatasetsThe IPAA introduces a new concept of…
Content Type: Video
Links - Read more about PI's work on encryption- Matt Blaze and crypto.com; you can now find Matt at mattblaze.org - More about ITAR and the export of cryptography- More about France's ban on encryption ending in this 1999 article from the Register- More about the Data Encryption Standard - Find out more about the Clipper Chip or take a look at this NY Times article from 1994 (paywalled)- Matt Blaze's flaw in the Clipper Chip- NSA Data Center and NSA holding data- An…
Content Type: Video
The case dealt with a Russian law obliging telecommunications service providers to indiscriminately retain content and communications data for certain time periods, as well as a 2017 disclosure order by the Russian Federal Security Service requiring Telegram Messenger company to disclose technical information which would facilitate “the decoding of communications”.Links:PI case pageECtHR judgment in the Podchasov casePI's work on encryptionPI's report on End-to-End Encryption (E2EE)More…
Content Type: Video
LinksFind out more about encryption:Computerphile on YouTube is a computer science professor with a range of useful and accessible videos on encryptionCloudflare have a helpful learning centre including this article on how encryption works and why cloudflare use Lava lamps to generate keysThis is a helpful article on Diffie-Hellman including a diagram of the colours demonstration, which Ed discusses during the podcastThis article is great for learning more about hashingAnd if you're interested…
Content Type: Advocacy
BackgroundThe Snowden revelations and subsequent litigation have repeatedly identified unlawful state surveillance by UK agencies. In response, the UK Parliament passed the highly controversial Investigatory Powers Act 2016 (IPA), which authorised massive, suspicionless surveillance on a scale never seen before, with insufficient safeguards or independent oversight.Privacy International led legal challenges to this mass surveillance regime both before and after the Act became law. The Act…
Content Type: Long Read
In June 2023, the UK government announced its proposal to expand its surveillance powers by, among others, forcing communications operators to undermine encryption or abstain from providing security software updates globally. Building on our response to the government’s plans, this piece explains why what they want to do puts every one of us at risk.
Why your trust (to technologies you use) matters
Surveillance and privacy are complex concepts to grasp – it’s part of the appeal to us at PI.…
Content Type: Advocacy
We are responding to the UK Government's consultation to expand its powers around Technical Capabilities Notices and National Security Notices.
Background
Following Edward Snowden's revelations about the illegal and expansive secret powers of the US and UK intelligence agencies, the UK Government took the opportunity to, rather than reflect on what powers are proportionate in the modern era, to expand its arsenal of surveillance powers.
One of the powers it added was the ability to issue…
Content Type: Long Read
On 18th January, it was announced that end-to-end encrypted iCloud services, Advanced Data Protection, would be offered to Apple users globally.The offer of such level of security globally, while overdue, is a key step to ensuring trust and confidence in today’s world. There are too many threats to our data and our rights. Twelve years ago, we called on Apple to encrypt iCloud storage for users all around the world.Why this is importantWhile privacy and security is often portrayed as opposite…
Content Type: Advocacy
PI Opening Statement at PEGA Hearing on "Spyware used in third countries and implications for EU foreign relations"
Thank you very much for offering me the opportunity to give evidence before this Committee for another time on behalf of Privacy International (or PI) – a London-based non-profit that researches and advocates globally against government and corporate abuses of data and technology.
My opening statement will first briefly touch on the EU foreign policy’s priorities. I will…
Content Type: Press release
The decision by the EU’s oversight body follows a year-long inquiry prompted by complaints outlining how EU bodies and agencies are cooperating with governments around the world to increase their surveillance powers filed by Privacy International, Access Now, the Border Violence Monitoring Network, Homo Digitalis, International Federation for Human Rights (FIDH), and Sea-Watch.
The complainants welcome the decision by the European Ombudsman and call on the Commission to urgently review its…
Content Type: Report
End-to-end encryption (E2EE) contributes significantly to security and privacy. For that reason, PI has long been in favour of the deployment of robust E2EE.Encryption is a way of securing digital communications using mathematical algorithms that protect the content of a communication while in transmission or storage. It has become essential to our modern digital communications, from personal emails to bank transactions. End-to-end encryption is a form of encryption that is even more private.…
Content Type: Press release
Today, the European Court of Human Rights (ECtHR) has handed down a decision in a case brought by Privacy International and a coalition of internet and communications service providers and campaign groups including the Chaos Computer Club (Germany), GreenNet (UK), Jinbonet (Korea), May First/People Link (US), and Riseup (US) (the “coalition”).
The case challenges the conduct of hacking operations abroad by one of the UK’s intelligence agencies, the Government Communications…
Content Type: Press release
In a remarkable development in Privacy International's four year legal battle against the UK Government's powers to hack phones and computers on a massive scale, the UK Supreme Court has agreed to hear the London-based charity's case in December 2018.
Privacy International's case stems from a decision by the Investigatory Powers Tribunal (a specialised court set up to hear complaints against government surveillance, including surveillance carried out by the UK intelligence agencies) finding…
Content Type: Long Read
Introduction
A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. Yet hacking presents unique and grave threats to our privacy and security. It is far more intrusive than any other surveillance technique, capable of accessing information sufficient to build a detailed profile of a person, as well as altering or deleting that information. At the same time, hacking not only undermines the security of targeted systems, but also has…
Content Type: Press release
Today, Privacy International, together with five internet and communications providers from around the world, have lodged an application before the European Court of Human Rights to challenge the British Government's use of bulk hacking abroad. Until we brought our original case at the Investigatory Powers Tribunal (IPT) in 2014, the Government had never admitted that it engaged in hacking. Now we are learning for the first time how far-reaching the Government's global hacking capabilities are…
Content Type: Long Read
This piece originally appeared here.
On both sides of the Atlantic, we are witnessing the dramatic expansion of government hacking powers. In the United States, a proposed amendment to Rule 41 of the Federal Rules of Criminal Procedure would permit the government to obtain a warrant, in certain circumstances, to hack unspecified numbers of electronic devices anywhere in the world. Meanwhile, across the pond, the British Parliament is currently debating the Investigatory…
Content Type: Press release
In response to the Investigatory Powers Tribunal (IPT) ruling today that GCHQ's hacking is lawful, we have issued the following press statement:
"We are disappointed by the IPT’s judgment today, which has found Government hacking lawful based on a broad interpretation of a law dating back to 1994, when the internet and mobile phone technology were in their infancy.
Until we brought this case, GCHQ would neither confirm nor deny that it was they were engaging in mass hacking of…
Content Type: Long Read
The Investigatory Powers Tribunal (“IPT”) today held that GCHQ hacking of computers, mobile devices and networks is lawful, wherever it occurs around the world. We are disappointed that the IPT has not upheld our complaint and we will be challenging its findings.
Our complaint is the first UK legal challenge to state-sponsored hacking, an exceptionally intrusive form of surveillance. We contended that GCHQ hacking operations were incompatible with democratic principles and human rights…
Content Type: Press release
Documents released today confirm GCHQ, the UK intelligence agency, is hacking computers in the United Kingdom without individual warrants. The documents contain previously unknown details and defenses of GCHQ's use of "thematic warrants" to hack. The legal challenge in which these documents are being disclosed was brought by Privacy International and seven internet and communications service providers from around the world in response to disclosures made by Edward Snowden.…
Content Type: Press release
The Government has quietly ushered through legislation amending the anti-hacking laws to exempt GCHQ from prosecution. Privacy International and other parties were notified of this just hours prior to a hearing of their claim against GCHQ's illegal hacking operations in the Investigatory Powers Tribunal.
In its legal filings, sent to Privacy International only the day before the hearing began, the Government notified claimants that the Computer Misuse Act was rewritten on 3 March 2015 to…
Content Type: Press release
The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.
These startling admissions come from a government court document published today by Privacy International. The document was filed by the government in response to two …
Content Type: Press release
Privacy International today filed a legal complaint demanding an end to the unlawful hacking being carried out by GCHQ which, in partnership with the NSA, is infecting potentially millions of computer and mobile devices around the world with malicious software that gives them the ability to sweep up reams of content, switch on users' microphones or cameras, listen to their phone calls and track their locations.
The complaint, filed in the UK’s Investigatory Powers Tribunal, is the…
Content Type: Long Read
Today, Privacy International lodged a legal challenge to GCHQ's extensive and intrusive hacking of personal computers and devices. Below, we answer a few questions about the law underlying our complaint, and why it matters.
Is hacking legal?
As a result of the Snowden revelations, we have learned that GCHQ, often in partnership with the NSA, has been using malicious software to intrude upon our computers and mobile devices.
This type of activity, often called "hacking," is a…
Content Type: Long Read
Spy agencies have long sought to turn the technologies that improve all our lives against us. From some of the very first forms of remote communications such as telegraph cables, to modern-day means like Skype: if the spies can exploit it, they will.
And, as we’ve learnt over the last few months, the computer and mobile devices that millions of us own and carry around with us every day are no exception to this rule.
The smart phones, laptops, and devices that have changed how we communicate…