The Calyx Institute

Palantir’s Federated Data Platform (FDP) aims to sit across NHS Trusts, ICBs and NHS England in order to connect and analyse pre-existing data on a national and local scale. A report prepared by Medact highlights multiple concerns, with a focus on human rights, public trust, data privacy, and institutional risk.

Briefing: Concerns Regarding Palantir Technologies and NHS Data Systems - Medact This briefing document outlines the key concerns regarding the involvement of Palantir Technologies in NHS data infrastructure and operations, including via their delivery of the FDP.

has fixed a and bug that allowed law enforcement to extract the content of messages that had been deleted or disappeared automatically from messaging apps. This was because notifications that displayed the messages’ content were also cached on the device for up to a month.

Previously, the had extracted deleted Signal messages from an iPhone using forensic tools, due to the fact that the content of the messages had been displayed in a notification and then stored inside a phone’s database — even after the messages were deleted inside Signal.

“Notifications for deleted messages shouldn’t remain in any OS notification database,” said Signal President Meredith Whittaker.

Apple fixes bug that cops used to extract deleted chat messages from iPhones | TechCrunch The iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app.

In this masterclass, John Scott-Railton, Senior Researcher at the Citizen Lab, shares practical steps investigative journalists can take to reduce digital risks while working on sensitive stories.

Global Investigative Journalism Network 60 likes. "John Scott Railton Shares Tips and Tools to Protect Yourself Digitally"

WireGuard, the major software project and VPN that underpins popular security software including Mullvad and others, has found itself locked out of a key part of its Microsoft developer’s account and unable to ship software updates to Windows users.

WireGuard VPN developer can't ship software updates after Microsoft locks account | TechCrunch The popular open source VPN maker is the second high-profile developer to say Microsoft locked his account without notifying him and is blocking their ability to send software updates to users.

The Trump administration wants to require health insurance companies to hand over troves of sensitive, detailed, and identifiable medical records from millions of federal workers and retirees, along with their families. The move is raising immediate concern from legal and health policy experts.

Trump admin makes sweeping request for medical records of federal workers The unprecedented proposal would give the Trump admin access to doctors' notes.

A new report from Citizenlab uncovers how a geolocation surveillance system called Webloc uses ad-based data to monitor hundreds of millions of people across the globe.

Uncovering Webloc: An Analysis of Penlink’s Ad-Based Geolocation Surveillance Tech Location data collected from mobile apps and digital advertising can reveal habits, interests and almost any other aspect of someone's life. In this report, we uncover how a geolocation surveillance system called Webloc uses ad-based data to monitor hundreds of millions of people across the globe.

TeleGuard, an app downloaded more a million times, markets itself as a secure way to chat. However, the app uploads users’ private keys to the company’s server, and makes decryption of messages trivial.

A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’ TeleGuard is an app downloaded more a million times that markets itself as a secure way to chat. The app uploads users’ private keys to the company’s server, and makes decryption of messages trivial.

We're always happy to hear from Calyx Institute members who are enjoying their memberships with us 🥰 If you're a Calyx Institute member, leave a comment below! If you're not a member yet, check out https://calyx.org/ to learn more!

Our staff were looking forward to participating in RightsCon in Zambia this year, and we are disappointed to hear that all of the organizers' hard work has been dashed by the sudden cancellation of the conference. The Calyx Institute stands in solidarity with the teams at RightsCon and Access Now, and we look forward to reconvening with our digital rights community at RightsCon in the future.

A statement to our community about why RightsCon 2026 will not take place in Zambia Our official statement to the digital rights community about why RightsCon 2026 will not take place in Zambia

Despite a “lack of proper detailed security documentation” for Microsoft’s Government Community Cloud High, a suite of cloud-based services intended to safeguard some of the nation’s most sensitive information, and reviewers' “lack of confidence in assessing the system’s overall security posture,” the Federal Risk and Authorization Management Program, or FedRAMP, authorized the product anyway, bestowing what amounts to the federal government’s cybersecurity seal of approval.

Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Sh*t.” They Approved It Anyway. A federal program created to protect the government against cyber threats authorized a sprawling Microsoft cloud product, despite the company’s inability to fully explain how it protects sensitive data.