Electronic Privacy Information Center

Focusing public attention on emerging privacy and civil liberties issues

EPIC Files Appeal for NSA Policy on Network Surveillance

Today, EPIC filed a Freedom of Information Act appeal, seeking disclosure of NPSD 54, the classified Directive that describes a National Security Agency program to monitor American computer networks. EPIC submitted the original request to shed light on the extent of the federal government's surveillance of civilian computer systems, but the agency refused to disclose the document. EPIC's appeal warns that the NSA’s improper withholding of the Directive "flatly contravenes" the President's policy on open government and "explicit FOIA guidance promulgated by the Attorney General." EPIC further stated, without public disclosure of the Directive, "the government cannot meaningfully make assurances about the adequacy of privacy and civil liberties safeguards." For more information, see EPIC Open Government.

DHS Announces "Global Entry" Biometric Identification System for U.S. Airports

Today, the Department of Homeland Security proposed to make permanent Global Entry, a program the agency says will “streamline the international arrivals and admission process at airports for trusted travelers through biometric identification.” Under the proposed system, pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. The DHS announcement follows the recent news that Clear, a Registered Traveler program, had entered bankruptcy, raising questions about the possible sale of the biometric database that was created. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for Registered Traveler programs would jeopardize air traveler privacy and security. The agency is taking comments on the proposal. For more information, see EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging.

EU and US Officials Examine Safe Harbor, Cross Border Data Flow and Privacy

Officials from the United States and the European Union are meeting in Washington this week to review "Safe Harbor," a framework that allows the processing of data on EU citizens by US firms without traditional legal protections. Safe Harbor has been challenged by the European Parliament and questioned by academic experts. The Federal Trade Commission recently took action against US firms that incorrectly claimed current Safe Harbor certification, but the only penalty imposed was that the companies may not in the future misrepresent membership in any privacy, security, or other compliance program.

President Obama Nominates Brill and Ramirez for Federal Trade Commission

President Obama nominated Julie Brill and Edith Ramirez to be commissioners of the Federal Trade Commission. Brill, North Carolina’s top consumer advocate, serves as the senior deputy attorney general and chief of consumer protection and antitrust for the North Carolina Department of Justice. Ramirez, who specializes in intellectual property and complex litigation matters, is a partner in a Los Angeles, California law firm and has experience representing companies such as Mattel, Inc. and Northrop Grumman Corp. In a press release, President Obama stated, “These individuals bring a depth of experience to their respective roles, and I am confident they will serve my administration and the American people well. I look forward to working with them in the months and years ahead.”

Revised Google Books Settlement Announced, Privacy Problems Remain

The parties in the Google Books Settlement have filed an amended settlement. The Department of Justice, authors, EPIC and other privacy advocates criticized the original settlement. The revised settlement attempts to address price fixing and concerns about orphan works. However, the revised settlement does little to address privacy. Professor Pamela Samuelson stated “There are dozens of provisions in the settlement agreement that call for monitoring of what users do with books and essentially no privacy protections built into the settlement agreement.” For more information, see EPIC Google Books Settlement and Privacy, EPIC Google Books Litigation, and EPIC Google Books: Policy Without Privacy.

Congressional Committee Investigating Privacy Office at Homeland Security, Acknowledges Privacy Coalition Letter

House Homeland Security Committee Chairman Bennie Thompson has responded to the Privacy Coalition letter regarding the Chief Privacy Officer of the Department of Homeland Security. Chairman Thompson said that "the Committee is in the process of reviewing the programs outlined" in the letter, and thanked the Coalition for bringing the issues to the attention of the committee. He further stated that the Committee "will continue to examine the Department's programs and policies and vigorously address privacy concerns and issues." For more information, see EPIC DHS Privacy Office and Privacy Coalition.

EPIC Urges Government to Protect Privacy in the Smart Grid

Today, EPIC filed comments with the National Institute of Standards and Technology (NIST), urging it to implement robust privacy protections in the Smart Grid. The Smart Grid refers to a host of technologies that will allow unprecedented communication between American energy providers and energy consumers. However, it will also dramatically transform the ability of providers of power services in the United States to track the activities of consumers. For that reason, EPIC urged NIST to establish comprehensive privacy regulations that limit the collection and use of consumer data. For more information, see EPIC Smart Grid and Privacy.

Privacy Legislation Moves Forward in Senate

The Senate Judiciary Committee approved bipartisan legislation aimed at improving cybersecurity. The Personal Data Privacy and Security Act would establish a national standard for data breach notification and would require companies with databases containing sensitive personal information to establish data privacy and security programs. The bill was drafted in response to the growing number of Internet crimes in recent years. According to Senator Leahy (D-VT), who authored the bill, this legislation “strikes the right balance to protect privacy, promote commerce, and successfully combat identity theft.” The bill has been sent to the Senate for consideration.

EPIC Sues Homeland Security for Information About Digital Strip Search Devices

EPIC filed a Freedom of Information Act lawsuit challenging the Department of Homeland Security's failure to make public details about the agency's Whole Body Imaging program. The devices capture detailed naked images of air travelers in the United States. After the agency announced that the body scanners would become the primary screening device in US airports, EPIC demanded that the agency disclose records that describe the scanners' capacity to save and transmit images. In June, EPIC sent a letter to the Secretary of Homeland Security Janet Napolitano urging her to suspend the digital strip searches. For more, see EPIC Backscatter X-ray, Whole Body Imaging and EPIC Air Travel Privacy.

EPIC Urges Court to Enforce Video Privacy Law

Today, EPIC filed a friend of the court brief with the Fifth Circuit Court of Appeals, urging the Court to enforce federal privacy protections for Facebook users who rented videos from Blockbuster, a Facebook business partner. The Video Privacy Protection Act prohibits companies from revealing consumers' video rental histories. EPIC wrote, "Congress established a private right of action to ensure that there would be a meaningful remedy when companies failed to safeguard the data they collected" and warned, "absent a private right of action, there would be no effective enforcement, no remedy for violations, and no way to ensure that companies complied with the intent of the Act." The lawsuit was filed by Cathryn Harris and other Facebook users after Blockbuster made public their private video rental information. Blockbuster, a participant in Facebook's Beacon program, claimed that consumers cannot sue the company and must submit to mandatory arbitration. EPIC's brief, which includes a detailed history of the video privacy law, urges the appeals court to uphold a lower court ruling, which held that the plaintiffs are allowed to pursue their claim that a federal law was violated. For more information, see EPIC Harris v. Blockbuster, EPIC The Video Privacy Protection Act, and EPIC Facebook Privacy.

Civil Society Groups and Privacy Experts Release Madrid Declaration, Reaffirm International Privacy Laws, Identify New Challenges and Call for Concrete Action to Safeguard Privacy

In a crisply worded declaration, over 100 civil society organizations and privacy experts from more than 40 countries have set out an expansive statement on the future of privacy. The Madrid Declaration affirms that privacy is a fundamental human right and reminds "all countries of their obligations to safeguard the civil rights of their citizens and residents." The Madrid Declaration warns that "privacy law and privacy institutions have failed to take full account of new surveillance practices." The Declaration urges countries "that have not yet established a comprehensive framework for privacy protection and an independent data protection authority to do so as expeditiously as possible." The civil society groups and experts recommend a "moratorium on the development or implementation of new systems of mass surveillance." Finally, the Declaration calls for the "establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions." The Madrid Declaration was released at the Public Voice conference in Madrid on Global Privacy Standards. Multiple translations of the Declaration are available.

Public Voice Hosts Global Privacy Conference in Madrid

Almost two hundred privacy experts, advocates, and governments officials from around the world gathered in Madrid for the "Global Privacy Standards" conference, organized by the Public Voice. The event features panel discussions on “Privacy and Human Rights: The Year in Review,” "Privacy Activism: Major Campaigns," “Your Data in the Cloud: What if it Rains?,” "Transborder Data Flow: Bridges, Channels or Walls?," and "“Toward International Privacy Standards." Leading privacy officials from Spain, the European Union, the European Parliament, the OECD, and Canada are participating. The event is being held in conjunction with the annual meeting of the Privacy and Data Protection Commissioners, which is expected to draw more than 1,000 participants from over fifty countries. The Public Voice event will also be cybercast and tweeted. @thepublicvoice #globalprivacy.