EPIC has filed a complaint to the Federal Trade Commission concerning Facebook's proposed purchase of WhatsApp. WhatsApp is a messaging service that gained popularity based on its strong pro-privacy approach to user data. WhatsApp currently has 450 million active users, many of whom have objected to the proposed acquisition. Facebook regularly incorporates data from companies it has acquired.The Federal Trade Commission has previously responded favorably to EPIC complaints concerning Google Buzz, Microsoft Passport, Changes in Facebook Privacy Settings, and Choicepoint security practices. However, the FTC approved Google's acquisition of Doubleclick over EPIC's objection. Facebook is currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy and to comply with the US-EU Safe Harbor guidelines. For more information, see EPIC: In re Google Buzz, EPIC: Microsoft Passport, EPIC: In re Facebook, and Privacy? Proposed Google/DoubleClick Merger.
EPIC has presented the 2014 Domestic Privacy Champion Award to Evan Hendricks, the publisher of Privacy Times. Hendricks received the award in recognition of his work in consumer privacy protection and for his work in publishing Privacy Times, a significant resource in the privacy world. In 2013, EPIC presented the Domestic Privacy Champion Award to Susan Grant. On January 28, EPIC awarded Jan Philipp Albrecht with the International Privacy Champion Award as part of International Privacy Day.
EPIC has announced the 2014 members of the EPIC Advisory Board. They are Danielle Citron, Professor at University of Maryland School of Law, Edward Felten, Professor of Computer Science and Public Affairs at Princeton University, Harry R. Lewis, Professor of Computer Science at Harvard University, Anna Lysyanskaya, Professor of Computer Science at Brown University, Alice E. Marwick, Assistant Professor of Media Studies at Fordham University, Aleecia M. McDonald, Director of Privacy at the Stanford Center for Internet & Society, Eben Moglen, Professor of Law and Legal History at Columbia Law School, and David Vladeck, Professor of Law at Georgetown University Law Center. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Press Release For more information, see EPIC: EPIC Advisory Board.
The White House is requesting public comments on the Obama Administration's "Big Data and the Future of Privacy" review. EPIC, joined by 24 consumer privacy, public interest, scientific, and educational organizations petitioned the Office of Science and Technology Policy last month to accept public comments. The petition stated, "The public should be given the opportunity to contribute to the OSTP's review of 'Big Data and the Future of Privacy' since it is their information that is being collected and their privacy and their future that is at stake." The letter sets out several important questions, including whether current laws are adequate and whether it is possible to maximize the benefits of big data while minimizing the risks to privacy. Comments are due by March 31, 2014. For more information, see EPIC: Big Data and the Future of Privacy.
In a Freedom of Information Act lawsuit, EPIC has obtained reports that detail the number of times the Surveillance Court authorized the use of techniques that gather the telephone numbers and metadata of phone customers and Internet users. The previously secret reports obtained by EPIC cover the period between 2000 and 2013. The reports reveal a dramatic increase in the use of these techniques in 2004 and then a significant reduction in 2008, likely the consequence of a shift to other investigative techniques. The documents show that nearly all applications to the Surveillance Court were approved without modifications. In 2013, EPIC petitioned the Supreme Court to end the bulk telephone record collection program. Former members of the Church Committee and dozens of legal scholars supported the EPIC petition. For more information see: EPIC v. Department of Justice - Pen Register Reports, EPIC: Foreign Intelligence Surveillance Court Orders 1979-2012, and In re EPIC.
The House of Representatives has passed the FOIA Oversight and Implementation Act of 2014. The bill would strengthen the Office of Government Information Services, require agencies to update their FOIA regulations, and mandate the use of a single, free website for submitting FOIA requests and appeals and receiving information about the status of the FOIA request. The bill would also require that agencies seeking to withhold information under one of the FOIA's exemptions demonstrate that there would be a "specific identifiable harm," tied to the purpose of the exemption, if disclosure occurred. The bill does not address several key transparency community proposals, including recommendations to limit the use of exemptions and to make it easier to track legislative proposals for new FOIA exemptions. The Senate is currently considering a similar bill. For more information see: EPIC: Open Government.
EPIC has filed a Freedom of Information Act lawsuit for records about "Hemisphere," a massive telephone record collection program operated by the Drug Enforcement Agency in cooperation with AT&T. Under the program, law enforcement agencies access billions of detailed customer phone records, including location data, dating back to 1987 in routine criminal matters unrelated to national security. EPIC filed the complaint after the federal agency failed to respond to EPIC's FOIA request for information about the operation and legal authority for the program. EPIC has previously challenged the NSA's bulk collection of telephone records in a petition to the US Supreme Court. For more information, see EPIC: In re EPIC (NSA Telephone Record Surveillance), EPIC: Hemisphere and EPIC v. DEA (Hemisphere FOIA).
In a case that narrows the warrant requirement for searches of homes, the Supreme Court upheld the warrantless search of a suspect's home by the LAPD after the person objected. In Fernandez v. California, the officers returned to the apartment of the resident after he had been arrested, and obtained consent from a roommate to conduct a search. Justice Alito, writing for the 6-3 majority, found that the roommate's consent was sufficient once the defendant was no longer present. Justice Ginsburg, writing in a dissent joined by Justices Sotomayor and Kagan, argued that the decision "tells the police they may dodge" the warrant requirement and is contrary to a prior a decision of the Court. In Georgia v. Randolph, the Supreme Court previously ruled that when one occupant refuses to consent to a search, the other's consent is not sufficient to permit a search. EPIC has previously filed amicus briefs in a number of important Supreme Court Fourth Amendment cases. For more information, see EPIC: United States v. Jones, EPIC: Maryland v. King, EPIC: Amicus Curiae Briefs.
On March 3, 2014, the White House and MIT will cohost "Big Data Privacy: Advancing the State of the Art in Technology and Practice." The conference is part of the White House's Big Data and the Future of Privacy initiative and will feature keynotes from Counselor to the President John Podesta and Secretary of Commerce Penny Pritzker. Scholars, privacy advocates, government representatives and private sector leaders will explore the opportunities and challenges of big data and examine the use of Privacy Enhancing Techniques. President Obama has called for a "comprehensive review of big data and the future of privacy." In response, EPIC and a coalition of consumer and scientific organizations outlined key questions for the White House to explore, and also asked the Office of Science and Technology Policy to encourage public participation. For more information see EPIC: Big Data and the Future of Privacy, EPIC: Privacy and Consumer Profiling, and EPIC: Privacy Tools.
EPIC along with a coalition of over 40 public interest organizations has urged the President to implement the Consumer Privacy Bill of Rights, a comprehensive framework for privacy protection. The letter comes on the two-year anniversary of the Administration's introduction of the Privacy Bill of Rights, which includes baseline privacy principles, such as individual control and transparency, respect for context and focused collectionm and better access, accuracy, and accountability. The President called the Privacy Bill of Rights a "blueprint for privacy in the information age" and said his Administration "will work to advance these principles and work with Congress to put them into the law." The letter from the organizations states, "We urge you to work with those in Congress who favor the privacy rights of Americans, who support updates to privacy law, and who understand why this issue is so critical to so many Americans. And let those who stand in the way explain to their constituents why they believe that it is not necessary for Congress to do anything further to protect the fundamental rights of Americans." For more information, See EPIC: White House: Consumer Privacy Bill of Rights.
EPIC has filed a amicus brief urging a federal appeals court to overturn a controversial consumer privacy settlement. If the Fraley v. Facebook settlement is approved, Facebook will display the images of Facebook users, including young children, for commercial endorsement without consent. Facebook users opposed "Sponsored Stories" and several have formally objected to the settlement, including a children's advocacy organization which said that the "settlement is actually worse than no settlement." The MacArthur Foundation also withdrew stating it should not have been designated to receive funds. EPIC's amicus brief in support of the objectors explains that the settlement is unfair to Facebook users and should be rejected. EPIC also notes that Chief Justice Roberts expressed concerns about a similar privacy settlement involving Facebook. EPIC and a coalition of consumer privacy organizations filed an extensive complaint with the Federal Trade Commission that eventually required Facebook to improve its privacy practices. For more information, see EPIC: In re Facebook and EPIC: Fraley v. Facebook.
EPIC has submitted comments to the Federal Trade Commission, urging the agency to improve pending settlements in several Safe Harbor enforcement actions. According to the FTC, twelve companies misrepresented compliance with the EU-US privacy arrangement. EPIC recommended that the Commission revise the proposed orders to: (1) require the companies to comply with the Consumer Privacy Bill of Rights; (2) publish the companies' consent order compliance reports as they are submitted; and (3) strengthen the sanctions against a DNA testing firm, whose misrepresentations puts genetic information at risk. EPIC also noted that the Commission's ongoing failure to modify consent orders in response to public comments is "contrary to the interests of American consumers." For more information, see EPIC: EU Data Protection Directive and EPIC: Federal Trade Commission.