Search
Content type: Report
End-to-end encryption (E2EE) contributes significantly to security and privacy. For that reason, PI has long been in favour of the deployment of robust E2EE.Encryption is a way of securing digital communications using mathematical algorithms that protect the content of a communication while in transmission or storage. It has become essential to our modern digital communications, from personal emails to bank transactions. End-to-end encryption is a form of encryption that is even more private.…
Content type: Press release
Today, the European Court of Human Rights (ECtHR) has handed down a decision in a case brought by Privacy International and a coalition of internet and communications service providers and campaign groups including the Chaos Computer Club (Germany), GreenNet (UK), Jinbonet (Korea), May First/People Link (US), and Riseup (US) (the “coalition”).
The case challenges the conduct of hacking operations abroad by one of the UK’s intelligence agencies, the Government Communications…
Content type: Long Read
There are few places in the world where an individual is as vulnerable as at the border of a foreign country.
As migration continues to be high on the social and political agenda, Western countries are increasingly adopting an approach that criminalises people at the border. Asylum seekers are often targeted with intrusive surveillance technologies and afforded only limited rights (including in relation to data protection), often having the effect of being treated as “guilty until proven…
Content type: Explainer
In a scramble to track, and thereby stem the flow of new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to leverage the metadata held by mobile service providers (telecommunications companies - "Telcos" - such as Hutchison 3 (Also known as Three), Telefonica (Also known as O2), Vodafone, and Orange) in order to track the movements of a population, as seen in Italy, Germany and Austria, and with the European Commission…
Content type: Examples
Mexico is one of the biggest buyers of next-generation surveillance technology. And now data leaked to Forbes indicates it's taken an unprecedented step in becoming the first-known buyer of surveillance technology that silently spies on calls, text messages and locations of any mobile phone user, via a long-vulnerable portion of global telecoms networks known as Signalling System No. 7 (SS7).
The revelation was contained in what an anonymous source close claimed was…
Content type: Examples
The whistleblower said they were unable to find any legitimate reason for the high volume of the requests for location information. “There is no other explanation, no other technical reason to do this. Saudi Arabia is weaponising mobile technologies,” the whistleblower claimed.
The data leaked by the whistleblower was also seen by telecommunications and security experts, who confirmed they too believed it was indicative of a surveillance campaign by Saudi Arabia.
The data shows requests for…
Content type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples in Singapore and emerging plans in the UK.
Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone…
Content type: Examples
In December 2017, it was revealed that the large telco Bharti Airtel made use of Aadhaar-linked eKYC (electronic Know Your Customer) to open bank accounts for their customers without their knowledge or consent. eKYC is a way of using data in the UIDAI database as part of the verification process, which Airtel made use of for the issuing of SIM cards, and also secretly opened bank accounts with their Airtel Payments Bank. More than 2 million accounts could have been opened, receiving more than…
Content type: Long Read
If you operate an internet company in Russia, you aren’t necessarily surprised to one day open the door to someone, grasping in one hand a bundle of wires and in the other a letter from a government agency demanding access to your servers, with a black box wedged under one arm.
Internet companies in Russia are required by law to store the content of users’ communications for six months and the metadata of users’ communications for three years, essentially meaning that what a person does…
Content type: Report
This investigation focuses on the techniques, tools and culture of Kenyan police and intelligence agencies’ communications surveillance practices. It focuses primarily on the use of surveillance for counterterrorism operations. It contrasts the fiction and reality of how communications content and data is intercepted and how communications data is fed into the cycle of arrests, torture and disappearances.
Communications surveillance is being carried out by Kenyan state actors, essentially…
Content type: Long Read
Written by: Maria del Pilar Saenz
With a raft of recent scandals involving proven and possible abuses of surveillance systems by state institutions, there is a clear need to generate policy and practice in Colombia that promotes respect for human rights. It is necessary to keep this in mind as an emerging public policy discussion on cybersecurity led by CONPES (The National Council for Economic and Social Policy) begins in Colombia. This series of reforms will serve as the policy basis…
Content type: News & Analysis
Privacy International and ARTICLE 19 last week submitted to members of the Parliament of Ghana's Defence and Interior Committee calling for it to abandon rushing through a controversial new surveillance Bill. The Interception of Postal Packets and Telecommunication Messages Bill (2015) allows the interception of all communications for the undefined purposes of “protecting national security” and “fighting crime generally.” Announced on February 19th 2016, the committee in charge of pushing it…
Content type: News & Analysis
In a recent trip to Colombia, Privacy International learned that the Colombian mobile phone network does not use any form of encryption. In this sense, Colombian communications are stuck in the 1990s, where cryptography was not yet widespread, and was still tightly controlled by governments who feared its spread could threaten their capabilities to conduct surveillance.
The issue of encryption on mobile phones though is not unique to Colombia. The Director of the FBI has been on a media blitz…
Content type: Press release
Privacy International today has filed formal complaints with the Organisation for Economic Cooperation and Development (OECD) in the UK against some of the world’s leading telecommunication companies, for providing assistance to British spy agency GCHQ in the mass interception of internet and telephone traffic passing through undersea fibre optic cables.
According to recent reports, BT, Verizon Enterprise, Vodafone Cable, Viatel, Level 3, and Interoute granted access to their fibre optic…
Content type: Press release
Transparency reports have traditionally played a critical role in informing the public on the lawful access requests made by governments to companies like Facebook. These reports have provided a useful accountability mechanism for users to know what governments are asking for and how often. Transparency reports also inform users as to what intermediaries are doing to protect their privacy when it comes to sharing data with governments. Given Facebook's ever-growing presence in the lives of…
Content type: Press release
In the wake of revelations that the UK Government is accessing wide-ranging intelligence information from the US and is conducting mass surveillance on citizens across the UK, Privacy International today commenced legal action against the Government, charging that the expansive spying regime is seemingly operated outside of the rule of law, lacks any accountability, and is neither necessary nor proportionate.
The claim, filed in the Investigatory Powers Tribunal (IPT), challenges the UK…
Content type: Press release
The government today published a draft version of a bill that, if signed into law in its current form, would force Internet Service Providers (ISPs) and mobile phone network providers in Britain to install 'black boxes' in order to collect and store information on everyone's internet and phone activity, and give the police the ability to self-authorise access to this information. However, the Home Office failed to explain whether or not companies like Facebook, Google and Twitter will be…
Content type: Press release
An internal Liberal Democrat briefing on Home Office plans to massively expand government surveillance was today passed to Privacy International. The document contains significant evasions and distortions about the proposed 'Communications Capabilities Development Programme' (CCDP), and is clearly intended to persuade unconvinced Lib Dem MPs to vote in favour of the proposal.
The document contains a section entitled 'Remember, under Labour' consisting of a list of the previous government's…