Focusing public attention on emerging privacy and civil liberties issues
  • EPIC v. Army JLENS Blimp
  • EPIC v NSA
  • “We
  • EPIC's Marc Rotenberg Attends A Briefing At The White House on NSA Telephone Surveillance
  • Special Message from dahah boyd: In an era where privacy issues are ever-present, we need EPIC's diligence. Please support their important work! Support EPIC.
  • 2014 Logo

Latest News - October 1, 2014

EPIC Urges FTC to Investigate Maricopa Data Breach

EPIC has filed a complaint with the Federal Trade Commission concerning the loss of personal information of almost 2.5 m current and former students, employees, and vendors in Maricopa County. According to EPIC, the District's failure to maintain a comprehensive information security program led to a "massive breach of names, addresses, phone numbers, e-mail addresses, Social Security numbers, dates of birth, certain demographical information, and enrollment, academic, and financial aid information." EPIC further alleges the District violated the Federal Trade Commission's Safeguards Rule by failing to protect students financial information. EPIC's complaint follows a similar complaint by DataBreaches.net. EPIC said that, "many education institutions in the United States are subject to the Safeguards Rule. The District's case is a particularly egregious example of the risk of failing to safeguard sensitive personal information." For more information, see EPIC: Student Privacy.

EPIC Files Comments on Financial Privacy

EPIC has filed extensive comments in response to a request from the Consumer Financial Protection Bureau. EPIC urged the Bureau to limit the information debt collectors gather on consumers. EPIC advised the Bureau to prohibit debt collectors from contacting employers and others about consumer debt. EPIC also advised the Bureau to require debt collectors to protect the information they acquire and to allow consumers to see the information about hem that js collected. EPIC routinely submits comments to federal agencies, urging them to uphold the Privacy Act and protect individuals from telephone and Internet misuse. In 2004, EPIC submitted comments regarding the "CAN-SPAM" Act and the proposed National "Do Not Email" Registry. In 2006, EPIC testified before Congress regarding the Truth in Caller ID Act of 2006. And in 2009, EPIC submitted comments on the Truth in Caller ID Act of 2009, recommending a prohibition against overriding calling parties' privacy choices. For more information, see EPIC: Comments on the Fair Debt Collection Practices Act, and EPIC: The Fair Credit Reporting Act.

Appeals Court Limits Military Surveillance of Civilian Internet Use

The U.S. Court of Appeals for the Ninth Circuit ruled in United States v. Dreyer that an agent for the Naval Criminal Investigative Service violated Defense Department regulations and the Posse Comitatus Act when he conducted a surveillance operation in Washington state to identify civilians who might be sharing illegal files. The 1878 Act prevents the U.S. military from enforcing laws against civilians. The appeals court ruled that the NCIS intrusion into civilian networks showed “a profound lack of regard for the important limitations on the role of the military in our civilian society.” The court also ruled that the evidence obtained by NCIS should be suppressed to “deter future violations.” In a petition to the Supreme Court, EPIC challenged the NSA’s surveillance of domestic communications. The NSA is a component of the Department of Defense. For more information, see In re EPIC and EPIC v. DOJ: Warrantless Wiretapping Program.

“Eyes Over Washington” - EPIC Obtains New Documents About Surveillance Blimps

EPIC has obtained new documents detailing the Department of Army’s use of surveillance blimps over the nation’s capital. The documents include thirty heavily redacted pages of equipment descriptions and data. In May EPIC filed suit against the Department of the Army to obtain details about a sophisticated tracking and targeting system that will be deployed over Washington, DC during the next three years. JLENS is comprised of two 250' blimps. One blimp conducts aerial and ground surveillance over a 340-mile range, while the other has targeting capability including HELLFIRE missiles. The JLENS was originally deployed in Iraq. In the FOIA Request, EPIC asked the Army for technical specifications as well as any policies limiting domestic surveillance. An Army spokesperson said recently that JLENS will “absolutely not” include video surveillance gear. Similar blimps have been deployed by the DHS for border security. They include video surveillance. For more information, see EPIC: EPIC v. Army - Surveillance Blimps and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.

FAA Okays Hollywood Drone Use, But Privacy Safeguards Remain Grounded

The Federal Aviation Administration granted six exemptions for the commercial use of drones to companies in the film and television industry this week. The agency found that the proposed operation do not “pose a threat to national airspace users or national security.” Safety requirements include: line of site tracking, restrict flights to the “sterile area” on the set, inspection after each flight, and prohibiting operation at night. The agency is currently considering another 40 requests from various commercial entities. Currently, no privacy protections are in place to address the commercial use of drones. EPIC has testified in Congress in support of a comprehensive drone privacy law—calling for use limitations, data retention limitations, transparency, and public accountability. The Federal Aviation Administration to develop drone privacy guidelines after an EPIC-lead coalition petition. EPIC also urged the agency to mandate minimum privacy standards for drone operators. For more information, see EPIC: Domestic Drones.

Apple Announces New Privacy Enhancing Techniques

The most recent product announcement from Apple, includes several privacy enhancing techniques that EPIC has favored, including randomized MAC addresses, end-to-end encryption, robust screen lock, and implementation of secure electronic payment systems. Still, EPIC has raised questions about Health Kit, which enables the collection and transfer of sensitive medical information, and the enforcement of developer guidelines. For more information, see, EPIC: Practical Privacy Tools and EPIC: Location Privacy.

EPIC FOIA - FBI Extends "Rap Back" Biometric Collection

EPIC has just received documents about the FBI's Rap Back program. The FBI now routinely collects biometric data for ongoing background checks on nongovernment employees. In response to EPIC's FOIA request, the FBI is currently reviewing thousands of pages about the "Rap Back" program. Rap Back is part of the FBI's Next Generation Identification initiative, one of the largest biometric databases in the world, tied to data centers managed by the Department of Homeland Security, Department of Defense, and other government agencies. EPIC previously sued the FBI for documents about the NGI database and uncovered agency acceptance of high error rates. For more information, see Spotlight on Surveillance: Next Generation Identification.

EPIC, Coalition Call for Transparency in Public Consumer Database

In comments to the Consumer Financial Protection Bureau, EPIC and other public interest organizations urged the Bureau to publish consumer complaint narratives. The Bureau currently publishes limited complaint information on financial products and services, including debt collection and credit reports. The Bureau is now considering a plan to provide consumer perspectives on experiences with the financial industry. The consumer groups support this effort and also recommend obtaining consumer consent and removing personally identifiable information before posting the complaints. Last year, EPIC uncovered documents revealing that many student debt collection companies fail to meet legal privacy obligations. For more information, see EPIC: Comments on the Fair Debt Collection Practices Act, and EPIC: The Fair Credit Reporting Act.

EPIC, Coalition Urge UN Human Rights Council to Review U.S. Spy Programs

In a joint submission to the United Nations, the Brennan Center, EPIC, and other public interest organizations urged the Human Rights Council to review U.S. surveillance programs. The Council regularly performs a Universal Periodic Review of the human rights record of UN Member States. As a result of the Council's last review, the U.S. Government committed to protect individual privacy and stop spying on citizens without judicial authorization. The coalition letter argues that U.S. has not honored this commitment and that U.S. "surveillance activities also violate the rights to privacy, freedom of expression, and the freedom of peaceful assembly and association..." guaranteed by the Universal Declaration of Human Rights. In January 2010, twenty-nine experts in privacy and technology affiliated with EPIC wrote to then U.S. Secretary of State Hillary Clinton to urge that the United States ratify the Council of Europe Convention on Privacy. For more information, see EPIC: Council of Europe Privacy Convention.

FBI Says Biometric Database has Reached "Full Operational Capability"

The FBI announced that the Next Generation Identification system, one of the largest biometric databases in the world, has reached "full operational capability." In 2013, EPIC filed a Freedom of Information Act lawsuit about the NGI program. EPIC obtained documents that revealed an acceptance of a 20% error rate in facial recognition searches. Earlier this year, EPIC joined a coalition of civil liberties groups to urge the Attorney General Eric Holder to release an updated Privacy Impact Assessment for the NGI. The NGI is tied to "Rap Back," the FBI's ongoing investigation of civilians in trusted positions. EPIC also obtained FOIA documents revealing FBI agreements with state DMVs to run facial recognition searches, linked to NGI, on DMV databases. EPIC's recent Spotlight on Surveillance concluded that NGI has "far-reaching implications for personal privacy and the risks of mass surveillance." For more information, see EPIC: EPIC v. FBI - Next Generation identification.

EPIC Files FOIA Lawsuit For Reports on Electronic Voting Reliability

EPIC has filed a Freedom of Information Act lawsuit to obtain test reports about an online voting program promoted by the Department of Defense. The records sought relate to the functionality and security of electronic voting systems. The California Secretary of State, Members of Congress, and voting rights advocates have tried to obtain these documents, but DOD has kept them secret even after promising public disclosure in 2012. Computer scientists have long warned about the risks of electronic voting systems. In the complaint, EPIC states that "it is absolutely critical for the documents sought in this matter be disclosed prior to further deployment of e-voting systems in the United States." The case is EPIC v. Department of Defense, No 14-1555 (D.D.C. filed 9/11/2014). For more information, see EPIC: EPIC v. DOD - E-voting Security Tests.

EPIC, Legal Scholars, Technical Experts Urge Federal Appeals Court to Safeguard Telephone "Metadata"

EPIC has filed an amicus curiae brief, joined by 33 technical experts and legal scholars, in support of a challenge to the NSA telephone record collection program. The case Smith v. Obama will be heard by the Court of Appeals for the Ninth Circuit this fall. Earlier this year, a lower court ruled that the Fourth Amendment does not protect telephone call record information because of a 1979 case Smith v. Maryland. In the brief for the federal appeals court, EPIC wrote that "changes in technology and the Supreme Court's recent decision in Riley v. California favor a new legal rule that recognizes the privacy interest inherent in modern communications records." EPIC routinely participates as a friend of the court in cases raising novel privacy and civil liberties issues. For more information, see EPIC: Smith v. Obama, EPIC: Riley v. California, and EPIC Amicus Briefs.

Top News Archive