Search
Content type: Examples
Russian prime minister Mikhail Mishustin has ordered the country's Communications Ministry to develop a system, to be built on analysing specific individuals' geolocation data from telecommunications companies that can track people who have come into contact with those who have tested positive for the novel coronavirus. The data will also be passed to regional-level task forces fighting the virus's spread; officials are also tasked with finding a way to notify those who may have come into…
Content type: Examples
Technology such as Hong Kong's electronic monitoring bracelets, used to ensure that people do not break their mandated quarantine, may appear reasonable during a pandemic, but could be problematic if deployed widely and used to identify those who have joined anti-government protests. The same applies to emergency legislation such as that passed by the UK government granting the government extraordinary new powers to shut down airports and ban gatherings. History provides examples:…
Content type: Examples
According to information collected by Le Temps, telco Swisscom will use SIM card geolocation data to communicate to federal authorities when more than 20 phones are detected in an 100 square meters area. Gathering of more than 5 people are forbidden in Switzerland since March 21.
Data collected by the telco should theoretically only come from public areas and not private building. This data will be anonymised and aggregate before being passed to the health authorities (Office fédéral de la…
Content type: Examples
Hong Kong is issuing electronic tracker wristbands to people under compulsory home quarantine to ensure they do not go out. The wristbands are accompanied by a mandatory smartphone app that shares their location with the government via messaging platforms such as WeChat and WhatsApp. Upon arriving at the place where they are quarantined, users walk around the corners so the technology can track the space in which they are confined.
Source: https://www.cnbc.com/2020/03/18/hong-kong-uses-…
Content type: Examples
Among the Chinese companies making efforts to help the country respond to the coronavirus are the technology giants Alibaba, Baidu, ByteDance, Tencent, Xiaomi, and Foxconn. In order to fight misinformation, Baidu created a map layer on top of its standard Map App that shows real-time locations of confirmed and suspected cases of the virus so that people can avoid hot spots. Qihoo 360 has launched a platform travellers can use to check if anyone on their recent train or plane trips has since…
Content type: Examples
Technology entrepreneurs within Belgium would like to introduce a health code app similar to China's Alipay Health Code that would control individuals' movements based on their health status. The government has engaged privacy experts from the Belgian data protection authority and Ghent University to consider the possibility, despite the country's strict privacy laws, which have no equivalent in China..
Source: https://www.apache.be/gastbijdragen/2020/03/18/hoe-het-…
Content type: Case Study
The increasing deployment of highly intrusive technologies in public and private spaces such as facial recognition technologies (FRT) threaten to impair our freedom of movement. These systems track and monitor millions of people without any regulation or oversight.
Tens of thousands of people pass through the Kings Cross Estate in London every day. Since 2015, Argent - the group that runs the Kings Cross Estate - were using FRT to track all of those people.
Police authorities rushed in secret…
Content type: Report
In December 2019 Privacy International made submissions to Police Scotland in relation to documents designed to explain to the public how cyber kiosks will work and what information will be given to victims when Police Scotland extract data from their phone.
Police Scotland rely on 'consent' to seize a phone from a victim. We believe the lack of information provided to the individual regarding extraction, examination, retention, deletion, sharing and search parameters undermines that any…
Content type: Video
You’re a witness or a victim or a suspect of a crime; or even just travelling going on holiday. Officials demand your phone, then disappear with it. What happened to your phone? What happened to your data? What will happen to you?
We all generate vast amounts of data using our mobile phones - more than most of us are aware of - and that data has become increasingly attractive to law enforcement agencies around the world, enabled by ‘extraction technologies’ supplied by companies like…
Content type: Long Read
The UK’s Metropolitan Police have began formally deploying Live Facial Recognition technology across London, claiming that it will only be used to identify serious criminals on “bespoke ‘watch lists’” and on “small, targeted” areas.
Yet, at the same time, the UK’s largest police force is also listed as a collaborator in a UK government-funded research programme explicitly intended to "develop unconstrained face recognition technology", aimed “at making face…
Content type: Case Study
In 2015, James Bates was charged with first-degree murder in the death of Victor Collins. Collins was found floating face down in Bates’ hot tub in November 2015. Bentonville police served two search warrants ordering Amazon to turn over the “electronic data in the form of audio recordings, transcribed records, text records and other data contained on the Amazon Echo device” in Bates’ home.
The reason for the warrants? According to the police, just because the device was in the house that…
Content type: Case Study
In 2015, a man in Connecticut was charged with murdering his wife based on evidence from her Fitbit. Richard Dabate, the accused, told the police that a masked assailant came into the couple’s suburban home at around 9am on 23 December 2015, overpowering Dabate then shooting his wife as she returned through the garage.
However, the victim’s fitness tracker told a different story. According to data from the device, which uses a digital pedometer to track the wearer’s steps, Dabate’s wife was…
Content type: Case Study
Anyone who is arrested should be informed of the reasons for their arrest and any charges against them. Anyone who is detained is also entitled to a trial within a reasonable time, or to be released if no charges are held against them.
Privacy enhances these protections. It provides limitations on the manner in which information can be obtained about you, and the kind of information that can be accessed about you by law enforcement, who can access that information and how they can use it.…
Content type: Case Study
In early May 2019, it was revealed that a spyware, exploiting a vulnerability in Facebook’s WhatsApp messaging app, had been installed onto Android and iOS phones. The spyware could be used to turn on the camera and mic of the targeted phones and collect emails, messages, and location data. Citizen Lab, the organization that discovered the vulnerability, said that the spyware was being used to target journalists and human rights advocates in different countries around the world. The spyware…
Content type: Press release
Today the Advocate General (AG) of the Court of Justice of the European Union (CJEU), Campos Sánchez-Bordona, issued his opinion on how he believes the Court should rule on vital questions relating to the conditions under which security and intelligence agencies in the UK, France and Belgium could have access to communications data retained by telecommunications providers.
The AG advises the following:
The UK’s collection of bulk communications data violates EU law.
The French and Belgium…
Content type: Advocacy
In December 2019 Privacy International made submissions to Police Scotland in relation to documents designed to explain to the public how cyber kiosks will work and what information will be given to victims when Police Scotland extract data from their phone.
Police Scotland rely on 'consent' to seize a phone from a victim. We believe the lack of information provided to the individual regarding extraction, examination, retention, deletion, sharing and search parameters undermines that any…
Content type: Call to Action
You should know what new technologies police are deploying on your local community. We want to find out if UK police are using cloud extraction tech, what law exists to protect your rights and what safeguards are in place. We need your help.
See our new report for more info on cloud extraction
If you are not based in the UK but have a FOIA regime in your country you can still use our template text below and check if there is a FOIA platform to use here to send it in your own…
Content type: News & Analysis
Send a Freedom of Information Request to your local police for to see if they are using cloud extraction here.
On 12 December 2018 a member of Lancashire Police Department UK told viewers of a Cellebrite webinar that they were using Cellebrite's Cloud Analyser to obtain cloud based 'evidence'. In response to a Freedom of Information request Hampshire Constabulary told Privacy International they were using Cellebrite Cloud Analyser.
They are not alone. In Cellebrite's…
Content type: News & Analysis
Cloud extraction allows law enforcement agencies to take huge amounts of your data from the Cloud via a legal back door. If law enforcement seize your phone or take it from a victim of crime, they can extract tokens or passwords from the device which lets them get access to data from apps such as Uber, Instagram, Slack, Gmail, Alexa and WhatsApp.
In so doing, law enforcement agencies can avoid official channels through cloud companies such as Google, Apple…
Content type: Long Read
Mobile phones remain the most frequently used and most important digital source for law enforcement investigations. Yet it is not just what is physically stored on the phone that law enforcement are after, but what can be accessed from it, primarily data stored in the Cloud.
Cellebrite, a prominent vendor of surveillance technology used to extract data from mobile phones, notes in its Annual Trend Survey that in approximately half of all investigations, cloud data ‘appears’ and that…
Content type: Press release
A large number of apps on smart phones store data in the cloud. Law enforcement can access these vast troves of data from devices and from popular apps with the push of a button using cloud extraction technology.
Mobile phones remain the most frequently used and most important digital source for law enforcement investigations. Yet it is not just what is physically stored on the phone that law enforcement are after, but what can be accessed from it, primarily data stored in the Cloud.…
Content type: Press release
Following Police Scotland’s announcement that they will be rolling out cyber kiosks to police stations across Scotland. Open Rights Group and Privacy International have released a statement:
Open Rights Group and Privacy International called on Police Scotland to prevent rolling out until the Scottish Government reformed the law to provide an overarching framework for the seizure of electronic devices in Scotland in line with human rights standards. That recommendation has not been heeded by…
Content type: News & Analysis
In the last few months strong concerns have been raised in the UK about how police use of mobile phone extraction dissuades rape survivors from handing over their devices: according to a Cabinet Office report leaked to the Guardian, almost half of rape victims are dropping out of investigations even when a suspect has been identified. The length of time it takes to conduct extractions (with victims paying bills whilst the phone is with the police) and the volume of data obtained by the…
Content type: Examples
A woman was killed by a spear to the chest at her home in Hallandale Beache, Florida, north of Miami, in July. Witness "Alexa" has been called yet another time to give evidence and solve the mystery. The police is hoping that the smart assistance Amazon Echo, known as Alexa, was accidentally activated and recorded key moments of the murder. “It is believed that evidence of crimes, audio recordings capturing the attack on victim Silvia Crespo that occurred in the main bedroom … may be found on…
Content type: Advocacy
On November 1, 2019, we submitted evidence to an inquiry carried out by the Scottish Parliament into the use of Facial Recognition Technology (FRT) for policing purposes.
In our submissions, we noted that the rapid advances in the field of artificial intelligence and machine learning, and the deployment of new technologies that seek to analyse, identify, profile and predict, by police, have and will continue to have a seismic impact on the way society is policed.
The implications come not…
Content type: Long Read
In this piece we examine mobile phone extraction, relying on publicly available information and Privacy International’s experience from conducting mobile phone extraction using a Cellebrite UFED Touch 2. We welcome input from experts in the field. This is a rapidly developing area. Just as new security features are announced for phones, so too new methods to extract data are found.
[All references can be found in the pdf version below.]
General explanation of mobile phone…
Content type: Report
“...a mobile device is now a huge repository of sensitive data, which could provide a wealth of information about its owner. This has in turn led to the evolution of mobile device forensics, a branch of digital forensics, which deals with retrieving data from a mobile device.”
The situation in Scotland regarding the use of mobile phone extraction has come a long way since the secret trials were exposed. The inquiry by the Justice Sub-Committee, commenced on 10 May 2018, has brought much…
Content type: Examples
In 2018, Brian Hofer, the chair of Oakland's Privacy Advisory Commission, filed suit after police wrongfully stopped him at gunpoint because their automated license plate recognition system, supplied by Vigilant Solutions, indicated that the rental car he was driving had been stolen. The car had in fact been stolen some months earlier, but been recovered. Despite such errors, police claim that the technology has helped reduce crime, identify stolen vehicles, and identify and arrest suspects.…
Content type: Examples
In February 2019 Gemalto announced it would supply the Uganda Police Force with its Cogent Automated Biometric Identification System and LiveScan technology in order to improve crime-solving. LiveScan enables police to capture biometric data alongside mugshots and biographical data. CABIS speeds up the biometric matching process by mapping distinctive characteristics in fingerprints, palm prints, and facial images. The Ugandan police will also pilot Gemalto's Mobile Biometric Identification…