Search
Content type: Press release
On 15 March 2017, the Italian Senate voted on a Bill, put forward by Justice Minister Andrea Orlando, that will reform the criminal justice system, including amending the Code of Criminal Procedure. Among the many provisions contained in DDL Orlando, currently pending approval by the Italian House of Representatives, the Government is mandated to regulate, via a legislative decree, the utilisation of malware (commonly referred to as ‘Trojans’ in Italian discourse) to engage hacking for criminal…
Content type: Key Resources
Introduction
Why We Are So Concerned about Government Hacking for Surveillance
Scope of Our Safeguards
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4. Judicial Authorisation
5. Integrity of information
6. Notification
7. Destruction and Return of Data
8. Oversight and Transparency
9. Extraterritoriality
10. Effective Remedy
Commentary on each
1. Legality
2. Security and Integrity of Systems
3. Necessity and Proportionality
4.…
Content type: Examples
In 2017, an anonymous whistleblower sent a letter to Green party peer Jenny Jones alleging that a secretive Scotland Yard unit was illegally monitoring the private emails of campaigners and journalists. The letter included a list of ten people and the passwords to their email accounts and claimed the police were using an India-based operation that did the work of hacking emails, shredding documents, and using sex as a method of infiltration. Jones's background includes a decade on the…
Content type: Advocacy
The powers set out in the Investigatory Powers Act are wide ranging, opaque and lacking in adequate safeguards. The Government have now published updated Draft Codes of Practice for certain parts of the Act. Unfortunately, the Codes do little to solve the Act’s problems. Instead, they add little transparency, occasionally expand powers, and undermine some of the limited safeguards in the Investigatory Powers Act. These Codes demand close scrutiny. The unusually short timeframe for…
Content type: Long Read
Government hacking is unlike any other form of existing surveillance technique. Hacking is an attempt to understand a system better than it understands itself, and then nudging it to do what the hacker wants. Fundamentally speaking, hacking is therefore about causing technologies to act in a manner the manufacturer, owner or user did not intend or did not foresee.
Governments can wield this power remotely, surreptitiously, across jurisdictions, and at scale. A single hack can affect many…
Content type: News & Analysis
The short answer is yes.
I'm sure many of you have seen people with stickers over their webcams and wondered why (probably writing that person off as paranoid). But it's well known in tech circles that a camera in a computer or smartphone can be turned on remotely by an attacker with the resources, time, and motivation.
Security is hard, and our defences are weak. The capability of an adversary to attack your devices doesn't necessarily hinge upon a consumer choice of…
Content type: Press release
On 5 October 2017, Privacy International will appear before the UK Court of Appeal to continue its challenge to the British government's large scale hacking powers. The case questions the decision by the Investigatory Powers Tribunal (IPT) to sanction the UK government's power to hack broad categories of people or property without any individualised suspicion.
TIMELINE AND KEY POINTS
- Privacy International began fighting bulk government hacking in 2014 at the…
Content type: Long Read
European Court of Human Rights Intervention
On 15 September 2017, Privacy International filed an intervention to the European Court of Human Rights in Association Confraternelle de la Presse Judiciare and 11 Other Applications v. France. This case challenges various surveillance powers authorised under the French Intelligence Act of 24 July 2015 as incompatible with Articles 8 and 10 of the European Convention on Human Rights, which respectively protect the right to privacy…
Content type: Advocacy
On 28 June 2017, Privacy International sent a letter and briefing to the Mexican government following reports indicating that Mexican authorities had used NSO Group’s Pegasus spyware to target journalists and human rights defenders working to expose government corruption and human rights abuses. NSO Group is a surveillance technology company that sells products and services, including malware, exclusively to government clients.
These attacks were designed to compromise the mobile phones of…
Content type: Press release
Please find attached a copy of the briefing along with promotional photographs with the briefing.
Privacy International has today sent top EU and UK Brexit negotiators* a briefing on their vulnerability to potential surveillance by each other, and others. Brexit negotiations are to begin today.
The global privacy rights NGO has highlighted to the negotiators the risk of sophisticated surveillance capabilities being deployed against each other and by others, and provided…
Content type: News & Analysis
Dear Minister Dr. Wolfgang Brandstetter, Minister Mag. Wolfgang Sobotka, Minister Dr.in Pamela Rendi-Wagner, MSs, Minister Mag. Hans Peter Doskozil,
Privacy International is a United Kingdom-based non-governmental organization, which is dedicated to protecting the right to privacy around the world. Privacy International is committed to ensuring that government surveillance complies with the rule of law and the international human rights framework. As part of this commitment, Privacy…
Content type: Advocacy
Privacy International generally opposes hacking as a tool for surveillance. While the DDL Orlando is an opportunity to fill the current legislative gap in the use of hacking for investigative purposes, PI believes that it falls short of the requirements of existing international human rights law.
Content type: News & Analysis
Why would we ever let anyone hack anything, ever? Why are hacking tools that can patently be used for harm considered helpful? Let's try to address this in eight distinct points:
1) Ethical hacking is a counter proof to corporate claims of security.
Companies make products and claim they are secure, or privacy preserving. An ethical hack shows they are not. Ethical hackers produce counter-proofs to government or corporate claims of security, and thus defend us, piece by tiny…
Content type: Advocacy
Privacy International and the Italian Coalition for Civil Liberties' Joint Submission in Consideration of the Sixth Periodic Report of Italy Human Rights Committee 119th Session (6-29 March 2017).
The submission brings to the attention of the Committee the ongoing concern with Italian security agencies’ hacking capabilities and intelligence sharing arrangement, with Italian data retention procedures, and its export control regime as it relates to its robust…
Content type: Press release
Privacy International Executive Director Dr Gus Hosein said:
“If today’s leaks are authenticated, they demonstrate what we’ve long been warning about government hacking powers — that they can be extremely intrusive, have enormous security implications, and are not sufficiently regulated. Insufficient security protections in the growing amount of devices connected to the internet or so-called “smart” devices, such as Samsung Smart TVs, only compound the problem, giving governments easier…
Content type: Long Read
Introduction
A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. Yet hacking presents unique and grave threats to our privacy and security. It is far more intrusive than any other surveillance technique, capable of accessing information sufficient to build a detailed profile of a person, as well as altering or deleting that information. At the same time, hacking not only undermines the security of targeted systems, but also has…
Content type: Long Read
This piece was orignally published in Slate in February 2017
In 2015, the FBI obtained a warrant to hack the devices of every visitor to a child pornography website. On the basis of this single warrant, the FBI ultimately hacked more than 8,700 computers, resulting in a wave of federal prosecutions. The vast majority of these devices—over 83 percent—were located outside the United States, in more than 100 different countries. Now, we are in the midst of the first cases…
Content type: Press release
Caroline Wilson Palow, General Counsel at Privacy International
“The passage of the Investigatory Powers Act is a major blow to the privacy of people in the UK and all over the world. It sets a world-leading precedent, but not one of which the Government should be proud. Instead of reining in the unregulated mass surveillance practices that have for years been conducted in secret and with questionable legal authority, the IPA now enshrines them in law. Widespread surveillance is an antithesis…
Content type: News & Analysis
Privacy can be seen as a reflex of innovation. One of the seminal pieces on the right to privacy as the 'right to be let alone emerged in response to the camera and its use by the tabloid media. Seminal jurisprudence is in response to new surveillance innovations... though often with significant delays.
While one approach would be to say that privacy is a norm and that with modern technologies the norm must be reconsidered and if necessary, abandoned; I think there’s an interesting idea around…
Content type: Long Read
This piece originally appeared here.
On both sides of the Atlantic, we are witnessing the dramatic expansion of government hacking powers. In the United States, a proposed amendment to Rule 41 of the Federal Rules of Criminal Procedure would permit the government to obtain a warrant, in certain circumstances, to hack unspecified numbers of electronic devices anywhere in the world. Meanwhile, across the pond, the British Parliament is currently debating the Investigatory…
Content type: News & Analysis
Last month, the UK Information Commissioner's Office announced a “private investigator crackdown”, citing concerns that private investigators were using hacking techniques to gain access to personal information.
The use of dodgy private investigators and illegal hacking by private investigators in the UK has attracted significant media attention in the wake of the phone hacking scandals, which involved the use of such private investigators by major newspapers.
The sector isn't…
Content type: Press release
Privacy International, the leading global privacy rights NGO, has today filed a Judicial Review at the UK High Court, challenging the Investigatory Powers Tribunal's (IPT) decision that the Government can issue general hacking warrants. This decision means that British intelligence agency GCHQ can continue to hack into the computers and phones of broad classes of people - including those residing in the UK. The Investigatory Powers Bill, currently being debated in Parliament, seeks to…
Content type: Long Read
The recent back and forth between Apple and the FBI over security measures in place to prevent unauthorised access to data has highlighted the gulf in understanding of security between technologists and law enforcement. Modern debates around security do not just involve the state and the individual, the private sector plays a very real role too. There are worrying implications for the safety and security of our devices. Today, a new company stepped in to this discussion -- though it had been…
Content type: Report
Privacy International's new investigation (available in English and in Arabic), 'THE PRESIDENT'S MEN? Inside the Technical Research Department', sheds light on the Technical Research Department, a secret unit of the Egyptian intelligence infrastructure that has purchased surveillance equipment from German/Finnish manufacturer of monitoring centres for telecommunication surveillance, Nokia Siemens Networks, and Italian malware manufacturer, Hacking Team.
Content type: Long Read
It was summer 2014 when we first came across the acronym TRD while sifting through documents from the company Nokia Siemens Networks (Nokia) that had been leaked to Privacy International. The acronym was explained in the documents: it stood for Technical Research Department.
What we learned from the leak is the TRD had been purchasing an interception management system, a monitoring centre and an X25 network, a legacy technology allowing dial-up internet access. The first two technologies gave…
Content type: Press release
In response to the Investigatory Powers Tribunal (IPT) ruling today that GCHQ's hacking is lawful, we have issued the following press statement:
"We are disappointed by the IPT’s judgment today, which has found Government hacking lawful based on a broad interpretation of a law dating back to 1994, when the internet and mobile phone technology were in their infancy.
Until we brought this case, GCHQ would neither confirm nor deny that it was they were engaging in mass hacking of…
Content type: Long Read
The Investigatory Powers Tribunal (“IPT”) today held that GCHQ hacking of computers, mobile devices and networks is lawful, wherever it occurs around the world. We are disappointed that the IPT has not upheld our complaint and we will be challenging its findings.
Our complaint is the first UK legal challenge to state-sponsored hacking, an exceptionally intrusive form of surveillance. We contended that GCHQ hacking operations were incompatible with democratic principles and human rights…
Content type: Press release
Today’s report by the Joint Committee on the Investigatory Powers Bill is the third committee report that concludes that the Home Office has failed to provide a coherent surveillance framework.
The Joint Committee on the Investigatory Powers Bill today published a 198 page report following a short consultation period between November and January. Their key findings are that:
- the definitions in the bill need much work, including a meaningful and comprehensible…
Content type: Press release
Documents released today confirm GCHQ, the UK intelligence agency, is hacking computers in the United Kingdom without individual warrants. The documents contain previously unknown details and defenses of GCHQ's use of "thematic warrants" to hack. The legal challenge in which these documents are being disclosed was brought by Privacy International and seven internet and communications service providers from around the world in response to disclosures made by Edward Snowden.…
Content type: News & Analysis
Despite Wednesday's publication of the Investigatory Powers Bill being trailed as world leading legislation that would balance security and privacy, what the Government is actually seeking is a mandate for mass surveillance. This is a new Snoopers' Charter and we must oppose many of its most virulent elements.
The true debate on surveillance can now begin. After years of downplaying, obscuring, and denying the Snowden revelations, the Government has finally joined the conversation about the…