Privacy International is sounding the alarm about highly intrusive surveillance technology currently on offer to the goverment agencies worldwide, with little to no legal oversight. The UK-based civil liberties charity published its latest report, Cloud extraction technology: the secret tech that lets government agencies collect masses of data from your apps, on 7 January 2020.
It examines the tech being sold to policing agencies which gives them access to “cloud data” or information which is stored on third party storage devices. Applications which store immense amounts of data on “clouds” include Twitter, Instagram, Facebook and My Space, any e-mail account like Gmail or YahooMail, location trackers, health monitors like the Fitbit wristwatch, and storage software like Drop Box, Google Cloud Storage, and iCloud. Even encrypted messenger apps like WhatsApp store conversations on a cloud whenever a user backs up their conversations, for example to transfer them to a new phone.
In 2017 surveillance tech firm Cellebrite, an industry leader, celebrated the amount of data available saying:
“Private cloud-based data represents a virtual goldmine of potential evidence for forensic investigators.”
Continuous Access to Personal Data of Millions of People
The report is based on publicly available information, freedom information requests, and Privacy International’s own technical analysis. It is important to note that once someone has accessed the cloud data of an individual they can continue to get live updates to the cloud, even after a device is returned to its owner.
The type of information which surveillance tech firms say they can access is:
- social media activity,
- account and device details (including passwords),
- user activity,
- incoming and outgoing messages,
- user created lists,
- created/installed skills, and
In pitching one of their surveillance programmes, Cellebrite suggests to its clients that access to people's an Amazon user's search history and wish list "can indicate suspicious behaviour leading up to a crime".
Another surveillance tech firm, Oxygen Forensic, says that they can provide access to a user’s “actual voice”, when speaking to their digital devices such as Alexa, which they say offers “tremendous insights into the user’s everyday activity, their contacts, shared messages, and valuable voice commands.”
Privacy International Legal Safeguards Are Needed
Privacy International says that all of this technology is being used in a “vacuum of legal standards” and that many people don’t even know that this tech exists, let alone that it is being used against them. They say that legal protections and safeguards need to rapidly evolve to take into account the growing capability of surveillance technology and the potential threat they pose to civil liberties.
The report ends by calling for an immediate independent review of the surveillance technology and the current legal regime as it stands, with consultation taken from the public, industry, and police.
The report’s authors argue that there must be a clear legal basis before authorities can store or analyse anyone’s cloud data and that a warrant must be needed before such data can be accessed.