« July 2012 | Main | September 2012 »

August 2012 Archives

August 1, 2012

Court Orders Homeland Security to Answer EPIC's Petition

The US Court of Appeals for the DC Circuit has ordered the DHS to respond to EPIC's mandamus petition to "enforce the court's mandate" by August 30. EPIC filed the "extraordinary writ" after a year had passed since the federal agency was ordered to begin a public rulemaking on the controversial airport body scanner program. A coalition of organizations, led by the Competitive Enterprise Institute, has filed an amicus brief in support of the EPIC petition and a separate petition to the White House has gathered more than 16,000 signatures. For more information, see EPIC v. DHS (suspension of airport body scanners).

FTC Proposes Additional Changes to Children’s Online Privacy Rule

The Federal Trade Commission proposed additional changes to the Children's Online Privacy Protection Act Rule. The revised rule would clarify that operators of websites who choose to use advertising services and plug-ins that collect data about children would have to comply with COPPA. The rule would also allow mixed-audience websites to age-screen visitors, and would clarify the circumstances in which persistent identifiers such as cookies or IP addresses are considered "personal information." The revisions modify an earlier rule that was proposed by the FTC in September 2011. EPIC commented on the September 2011 rule, noting that "the proposed revisions update the COPPA Rule by taking better account of the increased use of mobile devices by users and of new data collection practices by businesses." For more information, see EPIC: Children's Online Privacy Protection Act and EPIC: Federal Trade Commission.

Markey Bill Would Limit Drone Surveillance

Representative Ed Markey (D-MA) has announced a bill aimed at protecting individual privacy from drone surveillance. Rep. Markey said, "When it comes to privacy protections for the American people, drones are flying blind." The draft bill requires the FAA to establish privacy safeguards for drone operators and creates new limits on data collection by law enforcement agencies. Earlier this year, EPIC, joined by over 100 organizations, experts, and members of the public, petitioned FAA to begin a rulemaking on the privacy impact of drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

August 2, 2012

EPIC Files Lawsuit for Details of ODNI Plan to Amass Data on Americans

EPIC has filed a Freedom of Information Act lawsuit against the Office of the Director of National Intelligence for details of the agency’s plan to gather personal data from across the federal government. The ODNI is the top intelligence agency in the United States, coordinating the activities of the CIA, the FBI, the DHS, and others. Under revised guidelines, the ODNI plans to obtain and integrate databases containing detailed personal information from across the federal government. The data will be kept for up to five years without the legal safeguards typically in place for personal data held by government agencies. EPIC's lawsuit asks the agencies to disclose the procedures it has established to safeguard privacy rights. For more information see: EPIC: Open Government.

Illinois Becomes Third State to Prohibit Employers from Demanding Facebook Information

Illinois Governor Pat Quinn has signed a bill that will prohibit employers from seeking the social network usernames and passwords of others. The Right to Privacy in the Workplace Act takes effect on January 1, 2013, and will result in Illinois joining Maryland and Delaware as the third state that protects the social network privacy of employees and job applicants. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy.

August 3, 2012

Judge Skeptical of Facebook Settlement

At a preliminary hearing on a proposed settlement involving Facebook "sponsored stories," Judge Seeborg expressed skepticism about the deal, wondering if there was any actual benefit to Facebook users. The deal, which had been endorsed by some groups funded by Facebook, was opposed by EPIC and several consumer privacy organizations. In 2009, EPIC and a coalition of consumer privacy organizations brought a successful complaint to the FTC that resulted in a significant consent order. For more information, see In re Facebook.

Federal Court to Hear Arguments in Cell Phone Tracking Case

The Court of Appeals for the Fifth Circuit has tentatively scheduled oral argument in the first week of October for a current case, In re US Application for Historic Cell-Site Location Information, addressing whether the Fourth Amendment allows the Government to force disclosure of historical cell phone location records without a warrant. EPIC filed an amicus brief in this case, arguing that cell phone location records reveal private information and should be protected even if they are held by third party cell phone companies. For more information, see EPIC: In re Historic Cell-Site Location Information and EPIC: Location Privacy.

Senate Confirms Four Members of the Privacy Civil Liberties Oversight Board

The Senate voted late Thursday to confirm four nominees to the Privacy and Civil Liberties Oversight Board before its summer recess. The Board was created by Congress in 2004, at the recommendation of the 9/11 Commission, to advise the President and other senior executive branch officials and ensure that privacy and civil liberties are protected as laws, regulations, and executive branch policies are implemented. It was reconstituted as an independent agency in 2007, but since then Congress has failed to confirm all five members of the board. After yesterday's confirmations the Board can "do work," but it cannot hire staff until the Senate confirms its Chairman. For more information, see EPIC: Privacy Oversight and EPIC: The Sui Generis Privacy Agency.

August 7, 2012

White House TSA Petition Passes 20,000 Signatures

A petition, posted at the White House website "We The People," urging the Transportation Security Agency to "Follow the Law!" has received more than 20,000 signatures. If 25,000 people sign the petition before August 9, 2012, the White House will respond.The petition asks President Obama to force the Transportation Security Administration to begin the public comment process on the controversial airport body scanner program, as the agency was ordered to do by a federal court more than a year ago. For more information see EPIC v. DHS (Suspension of Body Scanners).

August 8, 2012

Government Accountability Office Recommends Updating Federal Privacy Laws

The Government Accountability Office issued a report finding that technological changes since the passage of the Privacy Act in 1974 require changing the law in order to adequately protect the privacy and security of personal information. Specifically, the report recommended applying Privacy Act protections to all federal collection of information, strengthening limitations on the use of information, and establishing more effective methods of notifying the public about data collection practices. Recently, EPIC recommended that the Privacy Act explicitly define “actual damages” to include provable mental and emotional distress. EPIC also pointed out that the proposed circumstances under which agencies can disclose personal information should be narrowly tailored, and that individuals should have sufficient warning of government security breaches affecting personal information. EPIC's letters follow a request from Senator Daniel Akaka (D-HI) for comment on S.1732, the Privacy Act Modernization for the Information Age Act of 2011. For more information, see EPIC: Privacy Act and EPIC: FAA v. Copper.

August 9, 2012

Department of Homeland Security Limits E-Verify Data and Disclosures

The Department of Homeland Security has issued a Privacy Act system of records notice for the E-Verify Program. E-Verify is a government records system that informs employers about the citizenship status of current and prospective employees. The database contains detailed personal information including names, dates of birth, Social Security numbers, and citizenship status for all individuals subject to review. This Privacy Act notice minimizes the information that the agency will collect, and also limits the agency's ability to disclose personal information to outside entities. Last year EPIC, along with a coalition of privacy, consumer rights, and civil rights organizations, encouraged DHS to strengthen privacy and security safeguards for E-Verify. For more information, see EPIC: E-Verify and Privacy.

FTC Fines Google $22.5 Million for Privacy Violations

The Federal Trade Commission fined Google $22.5 million for violating the terms of a settlement reached with the company last year. Google violated the settlement by placing advertising tracking cookies on Safari browsers despite telling users that it would honor the default Safari privacy settings, which prevented the placement of such cookies. The settlement prohibits Google from misrepresenting the extent to which it maintains the privacy and security of personal information, and requires the company to submit to independent privacy audits for the next 20 years. The settlement follows from a complaint filed by EPIC over Google Buzz, the social network service launched in early 2010. Google recently consolidated user data across its products and services, prompting objections from European data protection authorities, state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order.

Federal Appeals Court Holds that Driver's Privacy Law Applies to Parking Tickets

The Seventh Circuit Court of Appeals held that a federal driver’s privacy law prevented a Chicago suburb from issuing tickets that contained the driver's name, address, driver's license number, date of birth, height and weight. The Driver's Privacy Protection Act is a federal law passed after a California actress was murdered by a stalker who obtained personal information from the state department of motor vehicles. EPIC recently filed a "friend of the court" brief arguing that resellers of state driver records should be strictly liable under the Act. For more information, see EPIC: Driver’s Privacy.

White House Pulls Down TSA Petition

At approximately 11:30 am EDT, the White House removed a petition about the TSA airport screening procedures from the White House "We the People" website. About 22,500 of the 25,000 signatures necessary for a response from the Administration were obtained when the White House unexpectedly cut short the time period for the petition. The site also went down for "maintenance" following an article in Wired that sought support for the campaign.

August 10, 2012

FTC Finalizes Settlement with Facebook

The Federal Trade Commission has finalized the terms of a settlement with Facebook first announced in November of 2011. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 over Facebook’s decision to change its users' privacy settings in a way that made users' personal information more widely available to the public and to Facebook's business partners. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. In comments filed with the FTC, EPIC recommended strengthening the settlement by requiring Facebook to restore the privacy settings users had in 2009; giving users access to all of the data that Facebook keeps about them; preventing Facebook from creating facial recognition profiles without users’ consent; and publicizing the results of the government privacy audits. Although the FTC decided to adopt the settlement without any modifications, in a response to EPIC, the Commission said that facial recognition data is included within the settlement's definition of "covered information," that the audits would be publicly available to the extent permitted by law, and that the terms of the settlement "are broad enough to address misconduct beyond that expressly challenged in the complaint." Commissioner Rosch dissented from the final settlement, citing concerns that the provisions might not adequately cover deceptive statements made by Facebook apps. For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission.

August 13, 2012

EPIC: Voters Should Be Wary of 2012 Election Apps

EPIC has released a report, "Smartphones and the 2012 Election," which focuses on the potential risks to voters who download election-related apps to their smartphones and tablets. The report contends that these apps promote greater citizen participation in e-democracy, but also may contain malware, disseminate false information A recent study by the University of Pennsylvania's Annenberg School for Communication revealed that voters are ambivalent about "personalized" political advertising, a practice likely to increase with the number of election and political apps available for download. EPIC's report also examines the role of federal and state regulation in protecting voters and providing guidance to campaigns, and recommends actions that voters, election administrators, and campaigns can take to better protect voter privacy. For more information, see EPIC: Voting Privacy and EPIC: Location Privacy: Apple iPhone / iPad.

August 16, 2012

EPIC FOIA - Documents Shed Further Light on Homeland Security Pursuit of Crowd Surveillance

New documents obtained by EPIC under the Freedom of Information Act provide further details on a DHS plan to use an multiples surveillance technologies to search people in public spaces. Previous EPIC FOIA work produced records about a similar DHS program, which the government agency subsequently claimed it had cancelled. However, the new documents obtained by EPIC show that the DHS was still pursuing mobile crowd surveillance as recently as 2011. The technologies include "intelligent video," backscatter x-ray, Millimeter Wave Radar, and Terahertz Wave, and could be deployed at subway platforms, sidewalks, sports arenas, and shopping malls. For more information, see EPIC: EPIC v. DHS (Mobile Body Scanners FOIA Lawsuit) and EPIC: Electronic Frisking.

August 17, 2012

Government Standard for Vehicle "Event Data Recorders" Will Go Forward

The National Highway Traffic Safety Administration has denied a petition for rulemaking that would delay the effective date of national requirements for event data recorders. The government requirements for the devices that are installed in vehicles will be effective on September 1, 2012. Commonly referred to as "black boxes," event data recorders collect and store vehicle operation information before, during, and after a vehicle crash, including vehicle location, driver speed, seat belt use, and number of vehicle occupants. In 2003 and 2004, EPIC urged the agency and the automotive industry to protect privacy interests when deploying event data recorders. For more information on driver privacy, see EPIC: The Drivers Privacy Protection Act.

August 20, 2012

Federal Court Applies Video Privacy Law to Streaming Services

A federal court recently held that the Video Privacy Protection Act applied to companies that provide video streaming services over the Internet. The opinion, which is the first to address the issue, relies on the forward-looking nature of the law, reasoning that "Congress was concerned with protecting the confidentiality of private information about viewing preferences regardless of the business model or media format involved." EPIC previously testified before the Senate Judiciary Committee and recommended several ways that Congress could strengthen the Act, such as by confirming that it applies to streaming services and allowing users to inspect the information that video providers collect about them. The Senate is considering an amendment that would weaken the consent provision of the law by allowing companies such as Netflix to obtain blanket consent to routinely disclose a consumer’s video viewing records. For more information, see EPIC: Video Privacy Protection.

August 21, 2012

Judge Rejects Settlement in Facebook "Sponsored Stories" Case

A federal judge has rejected a proposed settlement in a class-action lawsuit about Facebook's unapproved use of user images for advertising purposes. The judge, who had previously expressed skepticism about the terms of the settlement, wrote that the plaintiffs had not justified the lack of direct monetary payments to Facebook users, nor had they explained how users will receive an economic benefit from being able to opt out of future endorsements. EPIC and several consumer privacy organizations opposed the settlement, saying that there was little benefit to Facebook users and that the cy pres allocation was not aligned with the interests of the class. In 2009 and 2010 EPIC and a coalition of consumer privacy organizations brought a successful complaint to the Federal Trade Commission that resulted in a significant consent order. In a letter to the court following the recent court order, EPIC explained that the FTC settlement had produced far greater benefits for Facebook users. For more information, see EPIC: In re Facebook.

EPIC Supports Moratorium on RFID Student Tracking

EPIC, along with Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) and other leading privacy and civil liberties organizations, issued a Position Paper on the Use of RFID in Schools. Radio Frequency Identification is an identification tracking technology "designed to monitor physical objects," such as commercial products, vehicles, and animals. Some school districts are proposing to use RFID ID tags to monitor students, teachers, and staff. The report warns of significant privacy and security risks. If RFID techniques are adopted, the groups urge that schools adopt robust privacy safeguards. In 2006 and 2007, EPIC submitted comments to federal agencies recommending against the use of RFID technology to track air travelers. The State Department subsequently made changes to the "e-Passport," to address privacy and security concerns. For more information, see EPIC: Radio Frequency Identification (RFID) Systems and EPIC: Student Privacy.

August 22, 2012

European Consumer Organizations Back New EU Privacy Effort

BEUC, the association of European consumer organizations, has published a Position Paper on Data Protection supporting a new European Union privacy initiative. BEUC states that the proposed Privacy Regulation "addresses the main challenges and the shortcomings of the current framework with the aim of enhancing the rights of data subjects and restoring control over the processing of their own personal data," but BEUC cautions that "several provisions still need to be clarified to ensure the EU framework is effective and becomes the global standard for data protection." The Trans Atlantic Consumer Dialogue, a coalition of US and European consumer groups, has also expressed support for the EU initiative. For more information, see EPIC: EU Data Protection Directive.

Supreme Court Upholds, for the Moment, Controversial State DNA Law

Chief Justice Roberts has granted a preliminary stay of a decision by the Maryland Supreme Court, which would have invalidated that state's new DNA collection law. The Maryland Court ruled in April that the warrantless collection of DNA from an arrestee constituted an unreasonable search. Justice Roberts wrote that there was a "reasonable probability" that the Court would agree to review the case and that the state would suffer irreparable harm if the law is invalidated in the interim. EPIC filed amicus briefs in several DNA privacy cases, including United States v. Pool (2011), Kohler v. Englade (2006), and Maryland v. Raines (2003). For more information, see EPIC: DNA Act and EPIC: Genetic Privacy.

August 28, 2012

German Consumer Group Says Facebook App Center Violates Privacy

The Federation of German Consumer Organizations has alleged that Facebook’s App Center violates German law. The App Center does not provide a complete disclosure of the purposes for which apps collect data, and therefore does not provide for the informed consent required by law. The group says it will consider legal action if Facebook does not correct the problem by September 4. The allegations follow repeated requests by German data protection officials that Facebook disable its facial recognition software. Recently, the Federal Trade Commission finalized a settlement with Facebook that follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users’ personal information. In response to a dissent by Commissioner Rosch, the FTC clarified that “Facebook will be liable for conduct by apps that contradicts Facebook’s promises about the privacy or security practices of these apps.” For more information, see EPIC: In re Facebook.

Republican Party Seeks To Limit Drone Surveillance

The 2012 Republican Party Platform advocates Fourth Amendment limits on government drones. “We support pending legislation to prevent unwarranted or unreasonable governmental intrusion through the use of aerial surveillance or flyovers on U.S. soil, with the exception of patrolling our national borders.” Senator Rand Paul (R-KY) and Representative Austin Scott (R-GA), introduced legislation earlier this year to limit aerial drone surveillance. In March, the House approved an amendment to the National Defense Authorization Act of 2013, introduced by Representative Landry (R-LA), that prohibits information collected without a warrant by drones operated by the Department of Defense from being used in court. Congressman Ed Markey (D-MA) has also proposed comprehensive legislation for drones. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

August 29, 2012

2012 Republican Platform Addresses Privacy and Government Surveillance

The 2012 Republican Party Platform calls for strong Constitutional protections for privacy and new safeguards for personal data held by businesses. "We will ensure that personal data receives full constitutional protection from government overreach and that individuals retain the right to control the use of their data by third parties," the platform states. The platform also criticizes TSA screening procedures and calls for warrant requirements for most law enforcement-operated drones. However, other provisions endorse voter identification laws and increased disclosure of personal information to the government for cyber security. For more information, see EPIC: Privacy and Consumer Profiling, EPIC: Whole Body Imaging Technology and Body Scanners, EPIC: Unmanned Aerial Vehicles (UAVs) and Drones, EPIC: Voter Photo ID and Privacy, and EPIC: Cybersecurity Privacy Practical Implications.

August 30, 2012

EPIC and Others Ask Supreme Court to Review Controversial State FOI Law

EPIC, and several other leading open government organizations, have filed an amicus brief in support of a petition for Supreme Court review challenging the Virginia Freedom of Information law, which allows only Virginia residents and news media representatives to access state public records. The amicus brief argues that Virginia's "citizens-only" provision is constitutionally impermissible as it unecessarily burdens the rights of individuals and organizations outside of Virginia. This case is of particular interest to EPIC because state FOI laws are often necessary for oversight of new surveiilance programs. In 2008, EPIC brought a successful FOIA lawsuit in Virginia and obtained documents revealing an agreement to limit oversight of a State Fusion Center. For more information, see EPIC: v Virginia Department of State Police: Fusion Center Secrecy Bill.

EPIC Supreme Court Brief: Investigative Techniques are Not Infallible

EPIC has filed an amicus brief with the US Supreme Court, arguing that new "investigative techniques should be subject to close scrutiny by the courts." EPIC submitted the brief in Florida v. Harris, a case involving a car search in response to an "alert" by a drug detection dog. The Florida Supreme Court held that a law enforcement agent relying on such an "alert" must produce evidence to support the reliability of the detection technique. Filing in support of the Florida decision, EPIC argued that new investigative techniques, such as terahertz scanners, airport body scanners, and digital intercept devices, raise similar concerns about reliability. EPIC described a growing consensus among legal scholars and technical experts about the need to improve the reliability of many forensic techniques.  "The 'perfect search,'" EPIC wrote, "like the 'infallible dog,' is a null set." For more information, see EPIC: Florida v. Harris and EPIC: Florida v. Jardines.

Federal Appellate Court Strikes Down Texas Voter ID Law

The D.C. Circuit Court of Appeals has invalidated a Texas law that would require voters to present a photo identification in order to vote. Calling the law “the most stringent in the country,” the court held that “record evidence suggests that [the law], if implemented, would in fact have a retrogressive effect on Hispanic and African American voters.” Therefore, the court held, the law violates section 5 of the Voting Rights Act of 1965. Section 5 requires “covered jurisdictions” to show that new voting procedures, such as Voter ID requirements, are nondiscriminatory before those changes can be put into effect. The ruling came after the Department of Justice previously blocked the law through the Section 5 preclearance process. EPIC has argued that unreasonable voter ID requirements are an impermissible burden on the right to vote. For more information, see EPIC: Voter Photo ID and Privacy and EPIC: Crawford v. Marion County.

August 31, 2012

EPIC Airport Body Scanner Case: TSA Defies Court, Seeks More Delay

The TSA has responded to EPIC's recent motion about the airport body scanner program. Citing the agency's extraordinary delay in seeking public comment on the controversial program, EPIC urged the court in Washington, DC to require the TSA begin the comment process in 60 days or suspend the program. In its response to EPIC, the TSA claims that the earliest possible date it could "finalize documents" before even starting the public comment process would be "the end of February 2013." EPIC filed the motion a year after the federal agency was ordered by the D.C. Circuit Court to "promptly" begin a public rulemaking and more than three years after a coalition of organizations petitioned Secretary Napolitano to begin the rulemaking. A group of organizations, led by the Competitive Enterprise Institute, has filed an amicus brief in support of EPIC. EPIC will file a reply to the TSA on September 10. For more information, see EPIC v. DHS (Suspension of Body Scanner Program).

About August 2012

This page contains all entries posted to epic.org in August 2012. They are listed from oldest to newest.

July 2012 is the previous archive.

September 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.