« November 2009 | Main | January 2010 »

December 2009 Archives

December 2, 2009

EPIC, Coalition and Experts Champion Privacy Safeguards for Smart Grid Data

EPIC, members of the Privacy Coalition, and privacy and security experts urged a federal agency to establish safeguards for Smart Grid systems that protect consumer electricity usage information from unauthorized collection, use,  disclosure, or sale. Smart Grid networks, which uniquely identify individual devices and appliances, create new privacy risks and could reveal intimate details of home life. EPIC recommended that policies be established to safeguard consumer privacy, including limitations on data collection, enforceable privacy practices, new security standards, and independent oversight. See EPIC Smart Grid and Privacy.

December 4, 2009

Defense Department Pulls Parental Control Software Product Following EPIC Complaint

Documents obtained by EPIC, pursuant to a Freedom of Information Act (FOIA) request, revealed the Defense Department canceled a contract with Echometrix, following an EPIC complaint to the Federal Trade Commission earlier this year. According to the documents obtained by EPIC, the Army and Air Force Exchange Service pulled My Military Sentry, which collects data for marketing purposes, from its online store: “The collection of AAFES customer information (personal or otherwise) for any other purpose than to provide quality customer service is prohibited . . . . Giving our customers the ability to opt out does not address this issue.” For more information, see EPIC: In re Echometrix.

Facebook to Drop Regional Networks, Change Privacy Settings

Facebook announced that it intends to eliminate regional networks, which allow users to restrict information shared with others based geography. The social networking service will also modify the site's privacy settings and require users to update the rules governing who can access their data. In February, revisions to Facebook's terms of service prompted users to revolt and Facebook to rescind the changes hours before EPIC planned to file a complaint with the Federal Trade Commission. Prior changes to the service resulted in disclosure of Facebook users' video rental records without their permission, prompting federal lawsuits. For more, see EPIC Facebook Privacy and Social Networking Privacy

December 8, 2009

Google Expands Control of Internet Architecture

Google has announced Google Public DNS, which will route all requests for internet addresses, a core Internet function, through Google's servers. These requests would normally only pass through the servers of the users' internet service providers. Google's DNS service does not use the new authentication standard DNSSEC, but instead uses a proprietary security method. By tradition, DNS is a distributed function, subject to an open standard-setting process. For more information, see EPIC DNSSEC.

EPIC Supports Privacy Safeguards for Genetic Information, Recommends Robust Techniques for Deidentification

EPIC filed comments with the Department of Health and Human Services, advising the federal agency to strengthen the requirements for classifying data as “de-identified” under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. HHS proposed a rule that would clarify HIPAA and the Genetic Information Nondiscrimination Act (GINA), by providing that genetic information is “health information” and prohibiting the use of such information for underwriting purposes or other discriminatory purposes. EPIC supports this proposed regulation but warned that a safe harbor provision for de-identified data could undercut privacy safeguards unless the techniques were shown to be "robust, scalable, transparent, and provable." For more information, see EPIC: Reidentification.

December 9, 2009

FTC Considers Emerging Privacy Concerns at First Privacy Roundtable

The Federal Trade Commission held the first of three privacy roundtables this week in Washington, DC. The well-attended event featured privacy and security experts from around the country, with each panel consisting of at least one industry representative and one privacy advocate. The failure of the current notice and choice model, the need to regulate behavioral targeting, concerns about government access to data, and the high privacy expectations of consumers were among recurring topics throughout the day. EPIC's Marc Rotenberg said it was important for the Commission to focus on emerging business practices and the impact on consumer privacy. The second privacy roundtable will be held on Data Privacy Day - January 28, 2010 - at the University of California, Berkeley School of Law. The FTC welcomes comments from the public in advance of the roundtable.

White House Releases Open Government Directive

The White House announced a new Directive to promote transparency, collaboration, and accountability across the federal government. The Directive builds on President Obama's Open Government Memo, issued in January 2009. The Directive will establish benchmarks, and require agencies to create new websites and plans to promote transparency. Competitions are also planned. EPIC submitted comments on the Directive, calling for both stronger privacy safeguards and greater transparency. For more information, see EPIC Open Government.

Facebook Asks Users to Review Privacy Settings, Recommends Privacy Options, Questions Remain

Facebook is asking users to review and update their privacy settings. However, the privacy recommendations, suggested by Facebook, may result in greater disclosure than users intend. Facebook faces ongoing privacy scrutiny following Beacon, proposed changes to the Terms of Services, and a settlement now pending in California. EPIC has urged Facebook to respect user privacy settings. EPIC is also defending the privacy rights of Facebook users who participated in Beacon. For more information, see EPIC: Facebook Privacy.

December 11, 2009

Media Shield Law Moves Forward in Senate

The Free Flow of Information Act of 2009 was passed by the Senate Judiciary Committee with a vote of 14-5 and has been sent to the full Senate for a vote. The bill will make it more difficult to compel journalists to disclose information, including the identities of their sources, by requiring the government or other party requesting disclosure to demonstrate that the information sought is "essential" to a case and that all reasonable alternatives have been exhausted before a judge will consider ordering disclosure. A version of the bill was passed by the House earlier this year. For more information, see EPIC Privileges.

House Passes Data Breach Bill

Today, legislators passed the Data Accountability and Trust Act, which requires security policies for consumer information, regulates the information broker industry, and establishes a national breach notification law. The bill now moves to the Senate, which is also considering a similar measure sponsored by Senator Patrick Leahy. In May, EPIC Director Marc Rotenberg testified before Congress, urging lawmakers to strengthen the proposed law by adopting a broader definition of "personally identifiable information" and permitting stronger state laws to remain. TFor more, see EPIC Identity Theft.

December 14, 2009

Supreme Court to Hear Workplace Privacy Case, Rule on Safeguards for Text Messages

The Supreme Court agreed to hear a case that will determine what privacy safeguards apply to text messages transmitted through government employees' pagers. In City of Ontario v. Quon, a federal appeals courts held that California police officers "have a reasonable expectation of privacy" in some personal text messages sent while at work. The Supreme Court will review the ruling. For more, see EPIC Workplace Privacy.

December 15, 2009

OECD Committee for Information, Computer, and Communications Policy

OECD Committee for Information, Computer and Communications Policy

Katitza Rodriguez,
CSISAC Liaison

Paris, France
December 14-17

December 17, 2009

EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission

EPIC has filed a complaint with the Federal Trade Commission, urging the FTC to open an investigation into Facebook’s revised privacy settings. The EPIC complaint, signed by nine other privacy and consumer organizations, states that the  "changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations." EPIC cites widespread opposition from Facebook users, security experts, bloggers, and news organizations. A previous EPIC complaint to the FTC, concerning the data broker industry, produced the largest settlement in the FTC's history.  For more information, see EPIC: In re Facebook, Frequently Asked Questions Regarding EPIC's Facebook Complaint, and EPIC Facebook Privacy. EPIC PRESS RELEASE.

December 18, 2009

EPIC Files Lawsuit for Information about "Digital Strip Search" Devices

On December 17, 2009, EPIC filed a lawsuit against the Department of Justice concerning the use of devices that capture images of individuals stripped naked. The Transportation Security Administration has confirmed the Whole Body Imaging machines are being used in at least one Virginia federal court by the US Marshal Service. EPIC submitted a FOIA request for information about these devices including the contracts with the manufacturer of the machines, and information about technical specifications and training materials. The Marshal Service failed to respond adequately to the request. EPIC filed suit, said that the agency had not performed a sufficient search and should disclose the documents requested. For more information, see EPIC's Open Government Page and Whole Body Imaging Page.

December 29, 2009

EPIC Seeks Facebook Communications Detailing Privacy Changes

EPIC filed a Freedom of Information Act (FOIA) request with the Federal Trade Commission (FTC), seeking communications with Facebook discussing the site’s recent privacy changes. In November and December 2009, Facebook made several changes to the website’s privacy policy and settings. In response to these changes, which no longer allow users to control the visibility of certain types of information, EPIC submitted a complaint to the FTC, alleging Facebook is engaging in “unfair and deceptive practices.” Facebook spokespersons issued a statement shortly after the complaint was filed, asserting, “We discussed the privacy program with many regulators, including the F.T.C., prior to launch.” EPIC requested documents pertaining to the communications Facebook allegedly had with the federal agency. For more information, see EPIC: In re Facebook.

December 26, 2009

Attempted Bombing on U.S. Flight Prompts Renewed Debate Over Body Scanners

On December 25, 2009, Umar Farouk Abdul Mutallab, a Nigerian citizen, attempted to detonate explosives hidden in his underwear during a Christmas Day flight. Abdul Metallab was en route from Amsterdam, Netherlands to Detroit, Michigan when he attempted to detonate the device, which resulted in a fire on board the aircraft. In the days following the attack, some advocated for wider implementation of whole body imaging machines. Privacy organizations and others have continued to object to these devices, citing the invasive nature of the scans, the ineffectiveness of the machines and the lack of government transparency concerning privacy safeguards. For more information see EPIC: Whole Body Imaging Technology.

December 17, 2009

EPIC's Lillie Coney Appointed to Election Advisory Committee

House Speaker Nancy Pelosi appointed EPIC Associate Director and leading election reform advocate, Lillie Coney to the Election Assistance Commission (EAC) Board of Advisors. EAC is an independent, bipartisan commission charged with developing guidance to meet Help America Vote Act requirements, adopting voluntary voting system guidelines, and serving as a national clearinghouse of information about election administration. The EAC also accredits testing laboratories and certifies voting systems, as well as audits the use of HAVA funds. Ms. Coney leads EPIC’s voting project and has worked on developing voting technology standards, statewide-centralized voter registration systems with privacy safeguards, and voter identification policy. For more information, see EPIC: Lillie Coney and EPIC’s Voting Privacy Page.

December 29, 2009

President Obama Issues Order Regarding Classification Practices

President Obama has issued a new executive order regarding Classified National Security Information. President Obama's classified information order establishes a National Declassification Center to streamline the declassification process and sets timetables for declassification. The order states that "No information may remain classified indefinitely." The order also reverses an order by President George W. Bush that had allowed the intelligence community to block the release of a specific document, even if an interagency panel decided the information wouldn't harm national security. The new order prohibits agencies from classifying documents after the fact and also prohibits the withholding of documents that were created by one agency but are being held by another, which should assist EPIC's pending Freedom of Information Act request to the National Security Agency regarding NSPD 54, a classified Directive that describes a NSA program to monitor American computer networks. EPIC's request was previously denied by the NSA because NSPD 54 “did not originate with” the NSA. For more information see EPIC: Open Government.

About December 2009

This page contains all entries posted to epic.org in December 2009. They are listed from oldest to newest.

November 2009 is the previous archive.

January 2010 is the next archive.

Many more can be found on the main index page or by looking through the archives.