archive-org.com » ORG » P » PRIVACYINTERNATIONAL.ORG

Total: 465

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Analysis | Privacy International
    these disparate sources do not have to contain in depth information to be telling An online search of a medical condition paired with a location tag of a visit to your doctor and a call to your insurance company provides insight without the individual actions being content rich The surveillance industry has been eager to capitalise on the advent of Big Data and the opportunity to analyse these large data sets Analysis technologies have been used to predict behaviour such as the likelihood of committing a crime or having a low credit score by making inferences within the data set These inferences are both personal and associative simply being in proximity to individuals deemed suspicious in a public space or connected through a social network can create personal suspicion tags There is a significant potential for abuse profiling and unwarranted individualised suspicion in using a technology that predicts future behaviour and personality traits especially when there is no public knowledge of how the algorithm reaches conclusions Forensic technologies can be installed on or connected to mobile devices and computers These technologies extract store and analyse all existing and deleted data on the device including passwords emails contacts calendar events pictures location information and SMS messages Although forensic technologies have legitimate uses in certain situations such as acquiring evidence in just criminal trials where there is appropriate oversight and a warrant granted for a particular piece of information their use should always be scrutinised With a few clicks the password on a device can be bypassed and every action communication and location visited can be indiscriminately collected stored and analysed Content analysis technologies discern the meaning sentiment and language of texts and phrases collected from the internet or phone monitoring transcriptions Once in a machine readable form a variety of natural

    Original URL path: https://privacyinternational.org/node/68 (2016-04-27)
    Open archived version from archive


  • Intrusion | Privacy International
    confidence the user has in the legitimacy of these formats leads to the installation of a trojan on their device Alternatively code can be embedded in the attached file that exploits an unreported vulnerability and allows for the installation of the trojan Intrusion technologies can be deployed on the network level Products offered by UK based Gamma International have the capability of being deployed on countrywide Internet Service Provider ISP networks or public Wifi hotspots Devices connecting to this network are sent notifications that software such as Apple s iTunes or Adobe Acrobat requires updating These updates contain a trojan that is then installed on the device The infection infrastructure can also route traffic to official websites that appear legitimate and infect downloaded files with intrusion technology Intrusion technology can be delivered to mobile phones through trojans disguised as a variety of applications Trojans have been designed for the Android iOS Blackberry Windows Mobile and Symbian mobile platforms This intrusive tool may exist within an application that appears to function normally The malicious file begins to install itself once it is delivered to and opened on the device A detailed analysis by the Citizen Lab provides insight into how a common intrusion technology Gamma International s FinSpy installs itself The trojan first creates a directory a structured list of device folders and files and then copies itself to this directory From there it begins infecting system processes using a technique called process hollowing Common device processes like logging on and entering a password are temporarily suspended and replaced by malicious code Embedding malicious files across the device makes detection extremely difficult Worldwide activists are routinely targeted by intrusion technologies In the case of Dr Ala a Shehabi a British born Bahraini pro democracy activist device installation was narrowly avoided In

    Original URL path: https://privacyinternational.org/node/73 (2016-04-27)
    Open archived version from archive

  • Location Monitoring | Privacy International
    as is the case in urban areas Location data is logged whenever an action is taken by the device making a call receiving a message using data and periodically as the device moves throughout the network Anyone accessing location data can determine the location of individual mobile device users through unique identification numbers Two unique numbers identify mobile devices the International Mobile Subscriber Identity IMSI and the International Mobile Station Equipment Identity IMEI Each SIM card has an IMSI number and each mobile device has an IMEI number Both numbers are routinely communicated to network providers Certain location monitoring technologies identify activity corresponding to these two numbers that the monitoring body may see as suspicious such as SIM card swapping the IMSI number would remain the same but the IMEI number changes frequently IMSI Catchers monitoring devices that transmit a strong wireless signal that entices nearby phones to connect can be retrofitted with location monitoring technologies that determine the location of a target to within one metre Device based location monitoring technologies are either dedicated tracking devices that can be attached to the target or applications installed on the target s mobile device Tracking devices are GPS receivers that can calculate their own position to within one metre Over 24 satellites are constantly orbiting the earth at an altitude of approximately 20 000 kilometres These satellites transmit their location and precise time to the tracking device through radio waves The distance between the satellite and the tracking device can be computed and in the presence of three more satellites a precise and accurate location is found The location is then transmitted to the monitoring body through the mobile network Tracking devices can be as small as coins and are easily affixed to a target s car or effects for constant

    Original URL path: https://privacyinternational.org/node/74 (2016-04-27)
    Open archived version from archive

  • Monitoring Centre | Privacy International
    communication use establish a dedicated connection between successive nodes for the duration of the communication transmission Mobile phones transmit and receive all communications through radio waves To ensure that the communication is transmitted to the recipient with sufficient quality the radio waves are passed through the base station subsystem which transmits the communication to the appropriate switched network The base station subsystem is in part comprised of transceivers devices that receive radio waves and convert them into an alternating current and antennas devices that convert the alternating current into radio waves Probes can be deployed at multiple points throughout this network Monitoring centres can receive all data collected from these probes both actively and passively Active interception targets specific individuals using identifiers such as IP addresses or unique signatures It can also entice the signal towards the point of interception Passive interception collects all information transmitted through the network indiscriminately When a passive interception probe is deployed at a service provider all traffic that is sent through the network even calls or emails sent to another service provider is collected Passive interception probes are designed to be invisible meaning that the probe can avoid detection and the service provider would not know it is in operation After the information is intercepted it is transmitted to the monitoring centre for processing The multiplicity of surveillance technology inputs results in monitoring centres having access to many information sources As seemingly disparate sources of information are connected the utility of information increases monitoring centres can exploit this to generate a full profile of an individual incorporating and linking every intimate detail of their personal life These profiles are neatly categorised and connected to each other building a model of all interactions and possible intentions of and between groups and individuals These actions are

    Original URL path: https://privacyinternational.org/node/75 (2016-04-27)
    Open archived version from archive

  • Phone Monitoring | Privacy International
    phone monitoring technology can gain access to the information being transmitted over the network between the phone and the base station The additional protections provided by GSM networks come in the form of ciphers A 5 1 A 5 2 which are designed to protect the privacy of the communication Both of these ciphers had been reverse engineered by 1999 which means they were completely decipherable and that in practice all communications sent across the GSM network are prone to interception deciphering and storage within a matter of seconds A 5 2 is in fact prohibited from being used by mobile phones and has been since 2006 because of the concerns around its weakness Many of the surveillance technologies sold in the market offer real time A 5 1 and A 5 2 deciphering features An IMSI Catcher is a phone monitoring kit that provides active intercept capabilities Traditionally IMSI Catchers or Stingrays as they are known in the United States of America can capture a number of different pieces of identifiable information including the IMEI and the IMSI identifiers for your phone and SIM Card respectively Nowadays IMSI Catchers can record voice and message data as they travel through mobile networks An IMSI Catcher performs interception by presenting itself as a base station amongst the mobile network the station that your phone connects to when it wants to place a call or send a message The IMSI Catcher acting as a base station then enters the network as the most powerful base station available meaning that all mobile phones operating within the same area connect to the IMSI Catcher s base station Once connected to the IMSI Catcher s base station the Catcher has the mobile phone provide to it its IMSI and IMEI data Once these details have been gathered it becomes possible to monitor the operation of the phone the voice calls taking place the messages being sent and the location of the phone The system is described as active because of its focus in enticing the signal towards it rather than passive monitoring which does not entice the signal but sits silently between the phone and the base station and does not replace the base station operation like an IMSI Catcher The benefit of passive interception is that it is almost impossible to detect its operation whereas an IMSI Catcher could be detected by a network operator because of the active enticing that it performs There are many networks now in operation across mobile networks all with different capabilities features and operating standards which means that phone monitoring technology needs to adapt to interception on these new networks also 3G networks referred to as UMTS are different from 2G networks which are better known as GSM CDMA Phone monitoring on 3G networks can identify handsets grabbing the IMSI and the IMEI and depending on decryption capabilities intercept messages or content 3G jammers are now being introduced into phone monitoring systems identifying the phones operating on 3G

    Original URL path: https://privacyinternational.org/node/76 (2016-04-27)
    Open archived version from archive

  • The Five Eyes | Privacy International
    been noted in history books and references are often made to it as part of reporting on the intelligence agencies there is little knowledge or understanding outside the services themselves of exactly what the arrangement comprises Even within the governments of the respective countries which the intelligence agencies are meant to serve there has historically been little appreciation for the extent of the arrangement In fact it is so secretive that the Australian prime minister reportedly wasn t informed of its existence until 1973 and no government officially acknowledged the arrangement by name until 1999 Few documents have been released detailing the Five Eyes surveillance arrangement To read the documents available click here for the National Archives and here for the NSA s release of the UKUSA Agreement Here s what we do know under the agreement interception collection acquisition analysis and decryption is conducted by each of the State parties in their respective parts of the globe and all intelligence information is shared by default The agreement is wide in scope and establishes jointly run operations centres where operatives from multiple intelligence agencies of the Five Eyes States work alongside each other Further tasks are divided between SIGINT agencies ensuring that the Five Eyes alliance is far more than a set of principles of collaboration The level of cooperation under the agreement is so complete that the national product is often indistinguishable What s the extent of Five Eyes collaboration Together the Five Eyes collaborated and developed specific technical programmes of collection and analysis One senior member of Britain s intelligence community said When you get a GCHQ pass it gives you access to the NSA too You can walk into the NSA and find GCHQ staff holding senior management positions and vice versa When the NSA has a piece of intelligence it will very often ask GCHQ for a second opinion There have been ups and downs over the years of course But in general the NSA and GCHQ are extremely close allies They rely on each other The close relationship between the five States is also evidenced by documents recently released by Edward Snowden Almost all of the documents include the classification TOP SECRET COMINT REL TO USA AUS CAN GBR NZL or TOP SECRET COMINT REL TO USA FVEY These classification markings indicate the material is top secret communications intelligence aka SIGINT material that can be released to the US Australia Canada United Kingdom and New Zealand The purpose of the REL TO is to identify classified information that a party has predetermined to be releasable or has already been released through established foreign disclosure procedures and channels to a foreign country or international organisation The level of co operation under the UKUSA agreement is so complete that the national product is often indistinguishable Another former British spy has said that c ooperation between the two countries particularly in SIGINT is so close that it becomes very difficult to know who is doing what it s

    Original URL path: https://privacyinternational.org/node/51 (2016-04-27)
    Open archived version from archive

  • Big Data | Privacy International
    sample of the population or lacks contextual analysis Big data has the potential to discriminate in two ways First it can be used to identify aberrant data amongst larger sets leading to the use of big data to discriminate against specific groups and activities One example quoted in the White House report on Big Data reported on research showing that web searches involving black identifying names e g Jermaine were more likely to display ads with the word arrest in them than searches with white identifying names e g Geoffrey The Wall Street Journal also found a number of cases of price discrimination Second big data will be used to draw conclusions about large groups of people and yet some will be excluded because their data is not included in the sets or the quality of their data is poorer For instance there is a great level of interest in big data amongst developing countries and humanitarian organisations the very fields where the subjects of these analyses are least empowered less likely to be included in systems and when included their data is likely to be inaccurate It is important to remember that data does not equal truth It only offers correlations for example links between two different types of activities but does not provide a causal link After much hype Google Flu Trends which relied on analysis of searches social media and other sources failed spectacularly and massively overestimated the expected incidence of flu Nonetheless governments and companies are seeking to accumulate and analyse vast amounts of data in the hope of deriving accurate insights into human behaviour Since the 1970s US industry in particular has been keen to accumulate large amounts of information on consumers and run algorithms against that data but over the past twenty years this form of data mining and automated decision making has been rapidly increasing What began as an activity by credit record agencies has expanded to air travel passenger profiling anti terrorist systems and border management automated targeting system and money laundering suspicious transaction reporting and analysis What is new is that there is now an industry around big data selling solutions to governments and companies while there are new opportunities for data collection whether it is through mass communications surveillance the merging of data sets and the deployment of new sensor technologies and the emerging internet of things What about big data used for humanitarian or development purposes While big data may carry benefits for development initiatives it also carries serious risks which are often ignored In pursuit of the promised social benefits that big data may bring it is critical that fundamental human rights and ethical values are not cast aside One key advocate and user of big data is the UN Global Pulse launched in 2009 in recognition of the need for more timely information to track and monitor the impacts of global and local socio economic crises This initiative explores how digital data sources and real time analytics

    Original URL path: https://privacyinternational.org/node/8 (2016-04-27)
    Open archived version from archive

  • Data Protection | Privacy International
    disclosed used or retained for only the original purposes except with the consent of the individual or under law and accordingly it must be deleted when no longer necessary for that purpose the information must be secure reasonable security safeguards are used to protect personal information from loss unauthorised access destruction use modification or disclosure no secret organisations sources or processing we must be made aware of the collection and use of our information we should know the purpose for its use and we must know about the organisation that is the data controller individuals have rights to be involved we should be able to have access to our information and we must have the right to challenge the information held and to seek its deletion rectification completion or modification organisations must be held to account the organisation that collects and manages your information must be accountable for providing the above principles and rights Data protection rules need to be enforced by a regulator or authority often called a Privacy Commissioner The strength of the powers invested in these authorities varies from country to country and so does its independence from Government These powers for example can include the ability to conduct investigations act on complaints and impose fines when they discover an organisation has broken the law Apart from enforcement through regulatory means we also believe that technologies can play a strong role in ensuring data protection rules are followed Through technological means and careful design it is possible to limit data collection to mathematically restrict further data processing to assuredly limit unnecessary access amongst other privacy measures Laws can influence and when necessary compel such developments Though their adoption has been slow as companies and governments are resistant to limit their future capabilities or aspirations to mine our information even as they are legally supposed to limit purpose creep How many countries in the world have data protection laws As of now August 2014 over 100 countries around the world have enacted comprehensive data protection legislation and several other countries are in the process of passing such laws Other countries may have privacy laws applying to certain areas for example for children or financial records but do not have a comprehensive law For instance while an early leader in the field of data protection the US Privacy Act 1974 applies only to the Federal Government and subsequent laws applies to specific sectors but there is no comprehensive law to date The strongest and most comprehensive laws are in the countries of the European Union and European Economic Area that have implemented the 1995 Data Protection Directive This is currently undergoing adifficult process of revision in Brussels Canada is another leading example with two separate pieces of legislation applying at the national level to government and industry with additional laws at the provincial level as well For more information on data protection laws broken down by country check out the comprehensive reports published over the years by Privacy International

    Original URL path: https://privacyinternational.org/node/44 (2016-04-27)
    Open archived version from archive



  •