« January 2011 | Main | March 2011 »

February 2011 Archives

February 2, 2011

TSA Drops Plan for Remote Viewing of Passengers, Will Get Up Front and Personal with New Scanning Devices

In response to widespread public opposition to airport body scanners, the TSA has announced that it will begin testing new body scanner software at select U.S. airports that it claims is less revealing. But the new scanners will also allow TSA officials to observe the passengers as they are being scanned. Previously, TSA operators were stationed in a remote viewing room. The TSA has also not resolved concerns about image retention, health risks, or the effectiveness of the procedures. In June 2010, EPIC submitted a FOIA request for information about the technology. The agency has yet to respond. For more information see EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program).

Tags:

Posted by EPIC on February 2, 2011 2:53 PM | | TrackBacks (0)

Chairman Issa Investigates "Political Review" Policy at Homeland Security

Rep. Darrell E. Issa (R-CA), chair of the House Committee on Oversight and Government Reform, has issued a letter to Secretary Janet Napolitano demanding that DHS release all documents regarding the agency's policy of vetting FOIA requests through political appointees. Rep. Issa also asked that DHS political appointees appear before the Committee for interviews regarding the policy. Previously, EPIC urged the FOIA Ombudsman to conduct an investigation of the DHS. EPIC said the "political review" policy is contrary to federal law and Supreme Court holdings; the FOIA does not permit agencies to select requests for political scrutiny. For related information see EPIC: Open Government and EPIC: Litigation under the Federal Open Government Laws 2010.

Tags:

Posted by EPIC on February 2, 2011 2:57 PM | | TrackBacks (0)

Congressman Barton and Markey Challenge Facebook on Disclosure of Home Addresses, Mobile Phone Numbers

A letter from Rep. Ed Markey (D-MA) and Rep. Joe Barton (R-TX) to Mark Zuckerberg asks about Facebook's plans to make users' addresses and mobile phone numbers available to websites and application developers. Facebook suspended the plan after EPIC and others objected. EPIC Executive Director Marc Rotenberg said that "Facebook is trying to blur the line between public and private information. And the request for permission does not make clear to the user why the information is needed or how it will be used." EPIC, and several consumer organizations, have complaints pending at the Federal Trade Commission concerning Facebook's earlier changes to users' privacy settings. For more information, see EPIC: In Re Facebook, EPIC: In Re Facebook II, and EPIC: Facebook Privacy.

Tags:

Posted by EPIC on February 2, 2011 4:37 PM | | TrackBacks (0)

EPIC Files Lawsuit for Details on New Passenger Screening Devices

EPIC has filed a Freedom of Information Act lawsuit against the TSA for unlawfully withholding documents about software modifications to the Full-Body Scanners. EPIC submitted requests for these documents in June 2010 and October 2010. In response to mounting public criticism about the passenger screening program, the TSA recently announced that it would use "Automatic Target Recognition" software to mask the nude images of airline travelers that TSA officials currently view. However, documents obtained by EPIC in an earlier Freedom of Information Act lawsuit established that these procedures have the capability to store and record unfiltered images of passengers. EPIC has since filed a lawsuit to suspend the controversial screening program. The new case is EPIC v. Dep't of Homeland Security, No. 1:11-cv-00290. For more information see EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program).

Tags:

Posted by EPIC on February 2, 2011 5:47 PM | | TrackBacks (0)

February 3, 2011

NIST Seeks Comments on Guidelines for Cloud Computing

The National Institute for Standards and Technology (NIST) has announced that it is accepting comments on two draft documents on cloud computing: the NIST Definition of Cloud Computing and the Guidelines on Security and Privacy in Public Cloud Computing. The documents were prepared after the Federal Chief Information Officer asked NIST to develop standards and guidelines to assist the federal government’s secure adoption of cloud computing. EPIC has warned of the ongoing privacy risks associated with cloud computing since its expansion into the public sphere in 2008. In 2009, EPIC filed a complaint with the Federal Trade Commission, urging an investigation into Google’s cloud computing services to determine the adequacy of privacy and security safeguards. Comments on both NIST documents are due no later than February 28, 2011. For more information, see EPIC: Cloud Computing and EPIC: In re Google and Cloud Computing.

Tags:

Posted by EPIC on February 3, 2011 4:40 PM | | TrackBacks (0)

February 7, 2011

Facebook Enables Full-Session Encryption

Facebook will now allow full-session HTTPS. The switch to encrypted cloud-based computing promotes privacy and security, particularly when users access Facebook from public Internet access points. Previously, Facebook only used HTTPS when users’ passwords were being sent to the site. Third party applications currently do not support HTTPS. Users can opt into HTTPS through their “Account Settings;” however, HTTPS is not yet the default. Facebook will use "social authentication, rather than traditional CAPTCHA," to deter hackers. EPIC has previously recommended the adoption of strong privacy techniques for cloud-based services. In 2009, EPIC filed a complaint with the Federal Trade Commission, urging an investigation into Google’s cloud computing services to determine the adequacy of privacy and security safeguards. Google subsequently established HTTPS by default for Gmail. For related information, see EPIC: Facebook, EPIC: Cloud Computing, and EPIC: Social Networking Privacy.

Tags:

Posted by EPIC on February 7, 2011 11:16 AM | | TrackBacks (0)

February 8, 2011

Senate Amendment Could End "Digital Strip Searches"

Senator Udall (D-NM) has introduced a Senate Amendment 51 that would require the Transportation Security Administration to install "Automatic Target Recognition" software in all body scanners by January 1, 2012. The technology creates a "generic image" of airline passengers instead of the "peep show" images now produced by TSA devices and viewed by TSA officials. The TSA recently announced that it will begin testing new software at select U.S. airports. However, the TSA has not resolved concerns about image retention, health risks, or the effectiveness of the procedures. EPIC has filed a Freedom of Information Act lawsuit against the TSA for unlawfully withholding information about the body scanner technology. EPIC has a case in Federal Appellate court to suspend the use of the devices for primary screening in airports. For more information see EPIC - Whole Body Imaging Technology, EPIC - EPIC v. DHS (Suspend the program), EPIC - EPIC v. DHS (FOIA).

Tags:

Posted by EPIC on February 8, 2011 2:15 PM | | TrackBacks (0)

February 9, 2011

"WikiLeaks, the Internet and Democracy"

"WikiLeaks, the Internet and Democracy"

Marc Rotenberg,
EPIC Executive Director

The Diane Rehm Show
Washington, DC
February 9, 2011

Listen Live

Posted by EPIC on February 9, 2011 9:17 AM | | TrackBacks (0)

Patriot Act Extension Fails in House Vote

A House vote on extending provisions of the Patriot Act that will lapse on February 28 failed. The three provisions concerned authorizing the FBI’s use of roving wiretaps, granting the government access to “any tangible items” of individuals under surveillance, and allowing the surveillance of individuals and groups not connected to identified terrorist groups. The House bill would have extended these provisions until December. The Senate Judiciary Committee is considering a bill that would extend the expiring provisions to 2013. Senator Patrick Leahy (D-VT) issued a statement explaining that he did not support efforts to extend the provisions that “undercut important oversight and government accountability of these intelligence gathering tools.” EPIC, through the Freedom of Information Act, recently obtained from the Intelligence Oversight Board, internal reports of intelligence law violations by the FBI that do not comply with Attorney General guidelines for oversight. EPIC has in the past urged the Senate Judiciary Committee to require the Attorney General to report to Congress on potentially unlawful investigations. For related information, see EPIC: USA Patriot Act and EPIC: PATRIOT FOIA Litigation.

Tags:

Posted by EPIC on February 9, 2011 3:56 PM | | TrackBacks (0)

February 10, 2011

EPIC Opposes TSA's Secret Evidence in Body Scanner Case

EPIC has opposed an effort by the Transportation Security Administration to provide secret evidence to the court in EPIC's challenge to the the airport body scanner program. The TSA claimed that it can withhold documents that it has designated "Sensitive Security Information" and scientific studies because they are "copyrighted materials." EPIC responded that the TSA failed to establish that the documents are Sensitive Security Information, and also that the TSA cannot withhold materials in a judicial proceeding because they are subject copyright. The argument before the DC Circuit in the case is scheduled for March 10. For more information, see EPIC: EPIC v. DHS: Body Scanners (Suspend the Program) and EPIC: EPIC v. DHS (FOIA).

Tags:

Posted by EPIC on February 10, 2011 5:26 PM | | TrackBacks (0)

February 11, 2011

California Supreme Court Rules Zip Code is Personal Information

In Pineda v. William Sonoma, the California Supreme Court has determined that merchants may not require credit card customers to provide ZIP codes. In a unanimous decision, the Court found that ZIP codes are "personal identification information" under the state Credit Card Act of 1971. In the Pineda case, the customer believed that providing an SSN was necessary to complete a credit card transaction. The merchant subsequently used the SSN to determine the customer's home address. The California court said that the Credit Card Act "intended to provide robust consumer protections by prohibiting retailers from soliciting and recording information about the cardholder that is unnecessary to the credit card transaction." For more information, see EPIC - Social Security Numbers and EPIC - Reidentification.

Tags:

Posted by EPIC on February 11, 2011 4:49 PM | | TrackBacks (0)

EPIC Pursues Investigation of FTC's Spy-Fi Noninvestigation

EPIC has filed an administrative appeal with the Federal Trade Commission, challenging the agency's failure to disclose to information about the FTC's decision to end the Google Spy-Fi investigation. EPIC is specifically seeking a slide presentation that the FTC provided to Congress about the matter. The agency has claimed that the presentation to Congress is exempt from disclosure under the Freedom of Information Act. Privacy agencies around the world found that Google intercepted private communications traffic. Yet documents obtained earlier by EPIC under the FOIA suggest that the FTC did not even examine the data Google gathered from private residential wifi routers in the US. For more information, see Google: Street View.

Tags:

Posted by EPIC on February 11, 2011 5:53 PM | | TrackBacks (0)

February 16, 2011

Chairman Leahy Announces New Subcommittee on Privacy and Technology

Sen. Patrick Leahy (D-VT), Chairman of the Senate Judiciary Committee, has established a new Subcommittee on Privacy, Technology and the Law as part of his commitment to protecting “Americans’ privacy in the digital age.” Sen. Al Franken (D-MN) will chair the subcommittee, which will will cover privacy laws and policies, new business practices, social networking sites, privacy standards, and the privacy implications of emerging technologies. For related information, see EPIC: Social Networking Privacy, EPIC: Cloud Computing.

Tags:

Posted by EPIC on February 16, 2011 10:23 AM | | TrackBacks (0)

EPIC, Coalition Urge Congress to Pursue FOIA Oversight

EPIC and a coalition of over 30 organizations and open government experts sent a letter to Rep. Darrell E. Issa (R-CA), Chairman of the House Committee on Oversight and Government Reform, urging public hearings on the DHS policy of vetting FOIA requests by political appointees. Rep. Issa has undertaken an investigation of this "political review" policy. The coalition also recommended that the Committee support the Office of Government Information Services, the "FOIA Ombudsman," and encourage the Government Accountability Office to conduct investigations of agency FOIA practices. EPIC previously requested an investigation into DHS's FOIA practices. EPIC said that the FOIA does not permit agencies to sect requests for political scrutiny. For related information see EPIC: Open Government and EPIC: Litigation under the Federal Open Government Laws 2010.

Tags:

Posted by EPIC on February 16, 2011 10:42 AM | | TrackBacks (0)

Senate, House Pass Limited Patriot Act Extensions

The Senate and the House each passed short-term extensions of the Patriot Act. The Senate passed a three-month extension while the House extended the provisions until Dec. 8. The extensions included the “lone wolf” provision permitting surveillance of individuals and groups not connected to identified terrorist groups, the “library law” provision granting access to “any tangible items” of individuals under surveillance, and the provision authorizing the FBI’s use of roving wiretaps. A Judiciary Committee hearing on Senator Leahy’s proposal to extend the provisions until 2013 with increased oversight is expected soon. Senator Patrick Leahy (D-VT) opposed efforts to extend the provisions that “undercut important oversight and government accountability of these intelligence gathering tools.” EPIC has in the past urged the Senate Judiciary Committee to require the Attorney General to report to Congress on potentially unlawful investigations. For related information, see EPIC: USA Patriot Act and EPIC: PATRIOT FOIA Litigation.

Tags:

Posted by EPIC on February 16, 2011 11:01 AM | | TrackBacks (0)

February 18, 2011

White House Budget Funds Surveillance, Ignores Public Concerns

The White House Office of Management and Budget has released the federal budget for fiscal year 2012. The stated goal of the budget is to reduce the national deficit by eliminating wasteful programs. However, the budget proposal includes funding for 275 airport body scanners, which EPIC has called "invasive, unlawful, and ineffective." There is funding for federal "fusion centers," widely viewed as unregulated government databases that are used to track people suspected of new crime. The White House budget proposes expansion of the “Secure Communities” program, which has been the target of harsh criticism by civil liberties groups. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program) and EPIC: Information Fusion Centers and Privacy.

Tags:

Posted by EPIC on February 18, 2011 12:22 PM | | TrackBacks (0)

EPIC Says FTC Has Failed to Safeguard Consumer Privacy

In response to a request for comments on an FTC report on future action, EPIC criticized the Commission for failing to act on numerous privacy complaints currently pending before the Commission, including those involving Facebook privacy settings, Google Buzz, and Cloud Computing Services. EPIC recommended a comprehensive federal privacy law based on Fair Information Practices, support for Privacy Enhancing Technologies, and the establishment of an independent privacy agency.  The FTC report recommended the creation of a Do Not Track mechanism, the adoption of "privacy by design" techniques, and the use of simplified consumer privacy notices. For more information, see EPIC - Federal Trade Commission.

Tags:

Posted by EPIC on February 18, 2011 5:54 PM | | TrackBacks (0)

EPIC v. NSA FOIA Lawsuit: NSA Will Neither Confirm Nor Deny Communications with Google

In a Freedom of Information Act lawsuit filed by EPIC against the National Security Agency for information about the NSA's relationship with Google, the NSA has replied that "confirming or denying the existence of any such records would reveal information relating to its core functions and activities . . ." EPIC sought the information, including a widely discussed cooperative research agreement between NSA and Google, because the agency's practices would impact the privacy interests of millions of Internet users both in the United States and around the world. The case is EPIC v. NSA, Civ. Action No. 10-1533 (RJL). EPIC has a related release against the NSA concerning the agency's cybersecurity authority. For more information, see EPIC - EPIC v. NSA.

Tags:

Posted by EPIC on February 18, 2011 6:14 PM | | TrackBacks (0)

In Response to EPIC, Justice Department Offers No Public Justification for Data Retention

In response to an EPIC Freedom of Information Act request, the Department of Justice sent back only heavily redacted documents with no justification for data retention legislation. EPIC filed the request in 2010, seeking the Department's views on he Internet SAFETY Act, which would require internet service providers to retain user records for at least two years. The DOJ publicly supported the Act but has refused to provide a single substantive reason for that support. The Internet SAFETY Act has not yet been reintroduced in the 112th Congress. For more information, see EPIC: Data Retention.

Tags:

Posted by EPIC on February 18, 2011 6:19 PM | | TrackBacks (0)

February 17, 2011

Webinar: Whose Data Is It Anyway? Metering and New Privacy Issues

Webinar: Whose Data Is It Anyway? Metering and New Privacy Issues

Lillie Coney
EPIC Associate Director

Peak Load Management Alliance
February 17, 2011

Posted by EPIC on February 17, 2011 3:05 PM | | TrackBacks (0)

February 23, 2011

Cignet Fined 4.3 Million for Privacy Violations

The Department of Health and Human Services has determined that Cignet Health violated the privacy rule of the Health Insurance Portability and Accountability Act of 1996. The agency fined Cignet 4.3 million for denying patients access to their medical records and for failing to cooperate with the investigation. This is the first time that the agency has used its legal authority to penalize a company for privacy violations. For more information, see EPIC: Medical Privacy.

Tags:

Posted by EPIC on February 23, 2011 2:23 PM | | TrackBacks (0)

February 25, 2011

Chairman Issa Subpoenas Homeland Security Officials about FOIA Practices

Rep. Darrell E. Issa (R-CA), Chairman of the House Committee on Oversight and Government Reform, issued subpoenas to two Department of Homeland Security employees for depositions to take place on March 7 and March 8. Rep. Issa has undertaken an investigation of DHS’s policy of submitting FOIA requests to political review. EPIC and a coalition of open government organizations sent Rep. Issa and Ranking Member Elijah Cummings (D-MD) a letter supporting the investigation. The political review policy came to light after the release of over 1,000 agency documents revealed a long-standing process of submitting FOIA requests from watchdog organizations to review by political appointees. EPIC has also recommended that the FOIA Ombudsman undertake an investigation of this practice. For related information see EPIC: Open Government and EPIC: Litigation under the Federal Open Government Laws 2010.

Tags:

Posted by EPIC on February 25, 2011 9:45 AM | | TrackBacks (0)

February 28, 2011

EPIC Files Amicus Brief on Risk of "Reidentification," Urges US Supreme Court to Uphold Vermont Privacy Law

EPIC has filed an amicus brief in Sorrell v. IMS Health, a case now before the US Supreme Court concerning a state privacy law that seeks to regulate datamining of prescription records for commercial purposes. Datamining companies have challenged the Vermont law, arguing that it violates the First Amendment and also that there is no privacy interest in the transfer of "deidentified" prescriber records. The EPIC brief, filed on behalf of 27 technical experts and legal scholars, as well as 9 consumer and privacy groups, argues that the privacy interest in safeguarding medical records is substantial and that the "deidentification" techniques adopted by data-mining firms do not protect patient privacy. EPIC's amicus brief for the lower appellate court was cited in the opinion of Judge Deborah Ann Livingston. As Judge Livingston explained, "neither appellants nor the majority advances any serious argument that the state does not have a legitimate and substantial interest in medical privacy . . . " For more information, see EPIC: IMS Health, Inc. v. Sorrell.

Tags:

Posted by EPIC on February 28, 2011 3:43 PM | | TrackBacks (0)

Search


About February 2011

This page contains all entries posted to epic.org in February 2011. They are listed from oldest to newest.

January 2011 is the previous archive.

March 2011 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3