21:02 GMT22 October 2020
Listen Live
    Get short URL
    0 41

    A UK civil liberties charity says surveillance technology firms offer the ability to access and copy vast amounts of personal data, including from social media accounts, emails, messenger programmes, health monitors, and many more applications, all without any clear legal guidelines

    Privacy International is sounding the alarm about highly intrusive surveillance technology currently on offer to the goverment agencies worldwide, with little to no legal oversight. The UK-based civil liberties charity published its latest report, Cloud extraction technology: the secret tech that lets government agencies collect masses of data from your apps, on 7 January 2020.

    It examines the tech being sold to policing agencies which gives them access  to “cloud data” or information which is stored on third party storage devices. Applications which store immense amounts of data on “clouds” include Twitter, Instagram, Facebook and My Space, any e-mail account like Gmail or YahooMail, location trackers, health monitors like the Fitbit wristwatch, and storage software like Drop Box, Google Cloud Storage, and iCloud. Even encrypted messenger apps like WhatsApp store conversations on a cloud whenever a user backs up their conversations, for example to transfer them to a new phone.

    In 2017 surveillance tech firm Cellebrite, an industry leader, celebrated the amount of data available saying:

    “Private cloud-based data represents a virtual goldmine of potential evidence for forensic investigators.”
    Cellebrite Data Available on Mobile Phones Vs Cloud Data
    Cellebrite Data Available on Mobile Phones Vs Cloud Data
    Cellebrite Data Available on Mobile Phones Vs Cloud Data Pg 2
    Cellebrite Data Available on Mobile Phones Vs Cloud Data Pg 2

    Continuous Access to Personal Data of Millions of People

    The report is based on publicly available information, freedom information requests, and Privacy International’s own technical analysis. It is important to note that once someone has accessed the cloud data of an individual they can continue to get live updates to the cloud, even after a device is returned to its owner.

    The type of information which surveillance tech firms say they can access is:

    • emails,
    • social media activity,
    • account and device details (including passwords),
    • contacts,
    • user activity,
    • incoming and outgoing messages,
    • calendars,
    • notifications,
    • user created lists,
    • created/installed skills, and
    • preferences.

    In pitching one of their surveillance programmes, Cellebrite suggests to its clients that access to people's an Amazon user's search history and wish list "can indicate suspicious behaviour leading up to a crime".

    Another surveillance tech firm, Oxygen Forensic, says that they can provide access to a user’s “actual voice”, when speaking to their digital devices such as Alexa, which they say offers “tremendous insights into the user’s everyday activity, their contacts, shared messages, and valuable voice commands.”

    Privacy International Legal Safeguards Are Needed

    Privacy International says that all of this technology is being used in a “vacuum of legal standards” and that many people don’t even know that this tech exists, let alone that it is being used against them. They say that legal protections and safeguards need to rapidly evolve to take into account the growing capability of surveillance technology and the potential threat they pose to civil liberties.

    The report ends by calling for an immediate independent review of the surveillance technology and the current legal regime as it stands, with consultation taken from the public, industry, and police.

    The report’s authors argue that there must be a clear legal basis before authorities can store or analyse anyone’s cloud data and that a warrant must be needed before such data can be accessed.


    Small, Fast, Versatile: Israeli Defence Firm Presents New Surveillance Drone for Military
    UK Paying Millions for Surveillance Tech Used by Private Security Firms
    Merry Christmas: EU Plans Domestic Surveillance Powers for 10,000 Strong Border Force
    technology, surveillance, civil liberties, Privacy International, global, UK
    Community standardsDiscussion