Latest News - December 4, 2013
The Federal Trade Commission has announced a series of workshops on emerging consumer privacy issues. The series will "shine a light on new trends in Big Data and their impact on consumer privacy" and includes three topics: the use of mobile devices to track users in real space; predictive scoring algorithms that determine access to products and offers; and consumer-generated health data that falls outside HIPAA. The FTC has invited comments from the public on the proposed topics for the spring workshops. The FTC recently concluded a workshop on the Internet of Things, for which EPIC submitted comments. EPIC has also urged the Commission to enforce its prior consent orders, to incorporate the Consumer Privacy Bill of Rights in privacy settlements, and to respect public comments on proposed settlements. For more information, see EPIC: Federal Trade Commission.
Willis Ware, who helped usher in the computer age and provided the foundation for modern privacy law, passed recently at his home in Santa Monica. He was 93. An electronic engineer by training, Ware had worked with John von Neumann at Princeton on the early designs for digital processing. Fascinated by the social impact of computer technology, he turned quickly to the key challenge of privacy protection. In 1973, as the chair of an influential government committee that was wrestling with the increased automation of record keeping, Ware conceived of "Fair Information Practices", the allocation of rights and responsibilities in the collection and use of personal data. The report "Records, Computers and the Rights of Citizens" became the foundation of the Privacy Act of 1974, the most comprehensive privacy law ever enacted in the United States. Ware also served as chairman of the Security and Privacy Board, established by Congress in 1987, that helped loosen controls on the public use of cryptography in the 1990s and made possible the adoption of critical security technologies for the Internet. Ware joined the EPIC Advisory Board not long after the organization was established in 1994, and received the EPIC Lifetime Achievement Award in 2012. For more information, see EPIC: Willis Ware.
The European Commission released a report questioning the effectiveness of the U.S.-EU Safe Harbor framework. The Safe Harbor arrangement allows data to be transferred from EU Member States to companies in the U.S. that have promised to adhere to a set of privacy practices. The report cited "large scale access by intelligence agencies to data transferred to the US by Safe Harbour certified companies" as a key concern. The report of the European Commission recommends a variety of measures designed to strengthen Safe Harbor, such as increasing investigations into compliance, limiting the national security exception to cases that are "strictly necessary or proportionate," and facilitating access by EU citizens to alternative dispute resolution providers. EPIC has previously recommended that the US support the EU Data Protection Regulation and adopt an international framework for privacy protection. For more information, see EPIC: EU Data Protection Directive.
EPIC has filed a Freedom of Information Act lawsuit against the Department of Justice's Office of Legal Counsel for the secret legal analyses that justifies the use of the NSA PRISM program. PRISM is a program that allows the FBI and NSA to collect information - including the contents of internet users' communications - directly from internet service providers, and without a warrant. Through this lawsuit, EPIC seeks to clarify which, if any, legal authority would permit such extensive domestic surveillance of personal activities. The secrecy of these opinions is of increasing concern to Open Government advocates. EPIC, joined by a coalition of FOIA organizations, recently filed an amicus brief in support of a New York Times lawsuit for opinions of the Office of Legal Counsel. For more information, see EPIC v. DOJ - PRISM.
In response to growing concern about the scope of electronic surveillance, the U.N. General Assembly is considering a resolution affirming that privacy is a fundamental right. Civil society organizations have long urged international organizations to update and strengthen global frameworks for privacy protection. The UN resolution now under consideration is a response to reports that the United States conducted surveillance of many foreign leaders, including Brazil's President Dilma Rousseff and German Chancellor Angela Merkel. Brazil and Germany are leading the effort at the United Nations on the privacy resolution. The European Parliament is pursuing an investigation of the "Mass Surveillance of EU Citizens." And the United States Congress is considering legislation, such as the USA FREEDOM Act, to reign in surveillance activities. For more information, see Public Voice - The Madrid Declaration.
EPIC has prevailed in a fee dispute with the Department of Homeland Security in an open government case concerning the government’s monitoring of social media. EPIC filed a FOIA request after the agency announced plans to gather information from "online forums, blogs, public websites, and message boards." After the DHS refused to produce documents, EPIC filed suit and obtained more than 500 pages describing the agency program. When the agency subsequently moved to dismiss the case, a federal judge ruled that EPIC had "substantially prevailed." And when the DHS sought to give EPIC a token amount in settlement, the court had harsh words for the agency. The court described EPIC's work in the case as "the sort of public benefit that FOIA was designed to promote." The case is EPIC v. DHS, No. 11-2261 (D.D.C. Nov. 15, 2013). For more information, see EPIC v. DHS: Social Media Monitoring.
EPIC filed a Freedom of Information Act request with the Federal Trade Commission for documents concerning the FTC's recent "investigation" of Facebook's policy changes. The investigation concerned changes to Facebook’s Data Use Policy that permit the use of the names, images, and content of Facebook users for commercial endorsement without user consent. Following announcement of the proposed change, EPIC and several several privacy groups wrote to the FTC objecting to the changes as a violation of a 2011 consent order with Federal Trade Commission. Senator Markey also expressed concern about the policy changes. The Commission opened an investigation which was then quietly closed allowing Facebook to go forward with the changes. For more information, see EPIC: Federal Trade Commission and EPIC: FOIA.
In a letter to Federal Communications Commission Chairman Tom Wheeler, EPIC urged the FCC to determine whether AT&T violated the Communications Act when it sold private consumer call detail information to the Drug Enforcement Administration and Central Intelligence Agency. EPIC's letter follows an earlier letter where EPIC asked the FCC to resolve whether Verizon violated the Communications Act when it released consumer call detail information to the National Security Agency. EPIC's letter also informed the Commission that the National Association of Regulatory Utility Commissioners has issued a draft resolution underscoring the crucial role of the FCC in protecting consumer information. For more information, see EPIC: In re EPIC and EPIC: Foreign Intelligence Surveillance Act.
Today the Supreme Court denied review of In re EPIC, a direct challenge to the NSA telephone record collection program. EPIC argued that an order of the secretive Surveillance Court that required Verizon to turn over all customer records exceeded legal authority. "It is simply not possible that every phone record in the possession of Verizon is relevant to a national security investigation," EPIC stated. EPIC asked the Supreme Court to overturn the order of the Foreign Intelligence Surveillance Court. Prominent legal scholars and members of the Church Committee who wrote the law agreed. Four groups filed amicus briefs in support and urged the Supreme Court to grant EPIC’s petition. However, the Supreme Court, without comment, declined to hear the case. For more information, see In re EPIC, In re EPIC Press Release.
The Maryland Attorney General Douglas Gansler, joined by attorneys general in 36 states and the District of Columbia, has reached a $17 million settlement with Google over privacy violations. Google violated state consumer protection and privacy law by placing advertising tracking cookies on Safari browsers despite telling users that it would honor the default Safari privacy settings, which prevented the placement of such cookies. The Federal Trade Commission fined Google $22.5 million last year over similar practices which violated an earlier settlement that was the result of a complaint filed by EPIC. EPIC previously objected to the Google-DoubleClick merger on privacy grounds and specifically warned that Google’s use of Doubleclick techniques would lead to impermissible tracking of Internet users. Earlier EPIC had urged the Federal Trade Commission and other consumer protection agencies to support advertising models that are not linked to actual user identity. For more information, see EPIC: Google Buzz, EPIC: Google/DoubleClick Merger.
Senators Markey (D-MA) and Kirk (R-IL), along with Representatives Barton (R-TX) and Rush(D-IL), have introduced the Do Not Track Kids Act, comprehensive children's online privacy legislation. The bill would amend the Children's Online Privacy Protection Act by extending protection to teens ages 13-15, requiring consent for the collection of personal information, and creating an "eraser button" that allows children to delete personal information. California recently enacted a bill, which also provides for an "eraser button" that would require websites to allow minors to remove their own information. The bill would also require online companies to explain the types of personal information collected, how that information is used and disclosed, and the policies for collection of personal information. EPIC recommended similar update to COPPA in testimony before the Senate Commerce Committee in 2010. For more information, see EPIC: Children's Privacy.
The Government Accountability Office issued a report to Congress finding that the Transportation Security Administration's behavioral analysis program, known as "Screening of Passengers by Observation Techniques" (SPOT), is ineffective. The GAO determined that there is no scientifically valid evidence for behavior indicators, and that TSA screeners cannot reliably interpret passenger behavior. The GAO report also notes that the there have been significant concerns over racial and ethnic profiling. There are around 3,000 TSA officers currently assigned to the SPOT program, which has cost approximately $900 million since 2007. The GAO recommended the Congress reduce further funding of the program. In testimony before the 9/11 Commission in 2003, EPIC warned that "It is easy to construct a device that can determine whether a person is carrying a gun before he boards an airplane. It is much more difficult to construct a device that can probe his thoughts and determine his intent to commit a crime." Since that time, EPIC has objected to the DHS's practice of assigning threat profiles based on race, ethnicity, and gender. EPIC has also called upon the TSA to undertake a comprehensive audit of the civil rights impact of airport screening policies on racial and religious minorities. For more information, see EPIC: Passenger Profiling.
Top News Archive
"Latest FERPA Updates & Amendments: What Educators Need to Know"
EPIC Administrative Law Counsel
Progressive Business Executive Education Webinar
December 5, 2013
"Fordham Center on Law and Information Policy: Workshop on Privacy and Cloud Computing in Public Schools"
EPIC Administrative Law Counsel
Microsoft Policy & Innovation Center
December 6, 2013
"Privacy in the Networked World"
EPIC Appellate Advocacy Counsel
Alaska Telephone Association
January 26, 2014
More EPIC Events...
EPIC in the News
Guest Post: Square Peg, Round Hole – How the FISC has misapplied FISA to Allow for Bulk Metadata Collection
(Amie Stepanovich and Alan Butler)
December 2, 2013
A Night Watchman With Wheels?
New York Times
November 29, 2013
More EPIC in the News...
Recent EPIC Events
The EPIC Challenge to the NSA Domestic Surveillance Program
National Press Club
September 19, 2013
The Public Voice: "Our Data, Our Lives"
The Public Voice
September 24, 2013
EPIC 2013 Champion of Freedom Awards Dinner
June 03, 2013
"EPIC - Drones and Domestic Surveillance"
National Press Club
Jan. 15, 2013
EPIC Champion of Freedom Awards
Stop Body Scanners
EPIC has filed a lawsuit to suspend the deployment of body scanners at US airports, pending an independent review.
Details on EPIC v. DHS
EPIC Body Scanner Incident Report
EPIC's Body Scanner Facebook Page
CBS Morning: Are You Being Tracked While Shopping?
View EPIC Video
View EPIC Video in HD
Top Secret America
Economist: Privacy VIdeo
Previous Video Archive...
EPIC Docket Highlights
- EPIC FOIA Cases
- EPIC v. CIA (Domestic Surveillance)
- EPIC v. ODNI(Revised Guidelines)
- EPIC v. FBI(Cell Site Simulation)
- EPIC v. DOJ (Wikileaks Supporters)
- EPIC v. DHS (Defense Contractor Monitoring)
- EPIC v. DHS (FOIA, Body Scanners)
- EPIC v. DHS (Body Scanner Radiation Risks)
- EPIC v. DHS (Mobile Body Scanners)
- EPIC v. DHS (Social Media Monitoring)
- EPIC v. DOD (TIA/Fee Waiver)
- EPIC v. DOJ (FOIA, Body Scanners)
- EPIC v. DOJ (IOB reports)
- EPIC v. DOJ (Warrantless Wiretapping)
- EPIC v. DOJ & FBI (Wikileaks)
- EPIC v. FTC (Conflict of Interest)
- EPIC v. NSA (Cybersecurity Authority)
- EPIC v. NSA (Google Relationship)
- EPIC v. TSA (Body Scanner Modifications)
- EPIC v. VSP (Fusion Centers)
- Other EPIC Cases
- EPIC v. DHS (Emergency Stay, Body Scanners)
- EPIC FTC Complaint (Google)
- EPIC FTC Complaint (Phone Records)
- EPIC v. ED (Student Privacy)
- EPIC v. FTC (Google Consent Order)
- Gonzales v. ACLU (NSLs)
- In re Facebook (Settings)
- In re Facebook II (Settings)
- In re Google (Buzz)
- In re Google (Cloud Computing)
- EPIC Amicus Briefs
- Pending Cases with EPIC briefs
- New York Times v. DOJ (2nd Cir. ____) (Whether FOIA Deliberative Process Privilege Exemption Applies to Final DOJ-OLC Opinions)
- Decided cases with EPIC briefs
- Gordon v. Softech Int'l Inc. (2nd Cir. 2013) (Driver Privacy Protection Act)
- Ben Joffe v. Google (9th Cir. 2013) (Wiretap Act)
- In re US Application for CSLI (5th Cir. 2013) (Cellphone Tracking)
- State v. Earls (N.J. 2013) (Cell Phone Location Privacy)
- Maracich v. Spears (U.S. 2013) (Scope of Litigation Exception to Driver's Privacy Protection Act)
- Maryland v. King (U.S. 2013) (Warrantless Collection of DNA From Arrestees)
- Jennings v. Broome (U.S. 2013) (Whether ECPA Prohibits Unauthorized Access to Cloud E-mail)
- McBurney v. Young (U.S. 2013) (State FOI Restrictions)
- CREW v. FEC (D.C. Cir. 2013) (Adequate Response to FOIA Request)
- Florida v. Harris (U.S. 2013) (Reliability of Investigative Techniques)
- Clapper v. Amnesty Int'l USA (U.S. 2013) (Standing to Challenge Broad Surveillance Programs)
- United States v. Hamilton (4th Cir. 2012) (Workplace Privacy)
- First American v. Edwards (U.S. 2012) (Standing)
- United States v. Jones (U.S. 2012) (GPS Tracking)
- FAA v. Cooper (U.S. 2011) (Privacy Act Damages)
- FCC v. AT&T (U.S. 2011) (FOIA)
- IMS Health v. Sorrell (U.S. 2011) (Medical Privacy)
- NASA v. Nelson (U.S. 2011) (Employee Privacy)
- Tolentino v. New York (U.S. 2011) (Police Searches)
- Chicago Tribune v. Univ. of Illinois (7th Cir. 2011) (FERPA)
- Doe v. Luzerne County (3rd Cir., 2011) (Informational Privacy)
- United States v. Pool (9th Cir., 2011) (DNA)
- G.D. v. Kenny (N.J. S.Ct., 2011) (Expungement)
- In re Google Street View (N.D. Cal. 2011) (Wiretap Act)
- Doe v. Reed (U.S. 2010) (Petition Signatures)
- City of Ontario v. Quon (U.S. 2010) (Workplace Privacy)
- Bunnell v. MPAA (9th Cir., 2010) (Wiretap)
- Harris v. Blockbuster (5th Cir., 2010) (Facebook Privacy)
- IMS Health v. Ayotte (1st Cir., 2010) (Medical privacy)
- Ostergren v. McDonnell (4th Cir., 2010) (Identity Theft)
- SEC v. Galleon (2nd Cir., 2010) (Wiretapping)
- Flores-Figueroa v. United States (U.S. 2009) (ID Theft)
- Herring v. United States (U.S. 2009) (Errors in databases)
- NCTA v. FCC (D.C. Cir., 2009) (Phone records privacy)
- Commonwealth v. Connolly (Mass. Sup. J. Ct., 2009) (GPS Tracking)
- ABA v. Brown (9th Cir., 2009) (Financial Privacy)
- Crawford v. Marion County (U.S. 2008) (Voter ID)
- Hepting v. AT&T (9th Cir., 2007) (Wiretap)
- Peterson v. NTIA (4th Cir., 2007) (WHOIS data)
- New Jersey v. Reid (N.J. S.Ct., 2007) (ISP subscriber privacy)
- In re Marriage of [Redacted] (D. Co., 2009) (Telephone Record Privacy)
- Gilmore v. Gonzales (9th Cir., 2006) (Secrecy)
- Kohler v. Englade (5th Cir., 2006) (DNA)
- Johnson v. Quander (U.S. Cert., 2006) (DNA)
- ACLU v. DOD (2nd Cir., 2005) (Secrecy)
- Gonzales v. Doe (2nd Cir., 2005) (Wiretap)
- United States v. Councilman (5th Cir., 2005) (Wiretap)
- Google Books Settlement (S.D.N.Y., 2005) (Copyright and Google Privacy)
- Forensic Advisors, Inc. v. Matrixx Initiatives, Inc. (Maryland Ct. App., 2005) (Subscriber List Privacy)
- Doe v. Chao (U.S. 2004) (Privacy Act)
- Hiibel v. Sixth Judicial Dist. Ct. of Nev., Humbolt County (U.S. 2004) (Anonymity)
- Kehoe v. Fidelity Bank (11th Cir., 2004) (Driver Privacy Protection Act)
- United States v. Kincade (9th Cir., 2004) (DNA)
- BATF v. Chicago (U.S. 2003) (FOIA)
- Smith v. Doe (U.S. 2003) (Megan's Law)
- RIAA v. Verizon (D.C. Cir., 2003) (Copyright Subpoena Privacy)
- Watchtower Bible v. Stratton (U.S. 2002) (Anonymity, First Amendment)
- Remsburg v. Docusearch (N.H. S.Ct., 2002) (Drivers’ Privacy Protection Act)
- In re Sealed Case (FISCR 2002) (Foreign Intelligence Surveillance – Criminal Investigations)
- United States v. Bach (8th Cir., 2002) (Warrant-by-Fax)
- Paramount Pictures v. ReplayTV (C.D. Cal., 2002) (TV-DVR User Privacy)
- US West v. FCC (U.S. Cert. 2000) (Telephone Subscriber Privacy)
- Junger v. Daley (N.D. Ohio, 1998) (Crypto – Export Controls)
- Reno v. Condon (U.S. 2000) (Driver Privacy Protection Act)
- Bernstein v. U.S. Dep’t of Commerce (9th Cir., 1999) (Crypto – Export Controls)
EPIC's 2010 E-Deceptive Campaign Practices Report
Internet Privacy Infographic