« September 2013 | Main | November 2013 »

October 2013 Archives

October 12, 2013

Drone and Aerial Robotics Conference

Drone and Aerial Robotics Conference

Amie Stepanovich,
Director, EPIC Domestic Surveillance Project

Julia Horwitz,
Coordinator, EPIC Open Government Program

NYU Law Engelberg Center on Innovation Law and Policy
New York, NY
October 12, 2013

October 19, 2013

Surveillance Conference

Surveillance Conference

Amie Stepanovich,
Director, EPIC Domestic Surveillance Project

Chicago Committee to Defend the Bill of Rights
Northwestern University School of Law
Chicago, IL
October 19, 2013

October 1, 2013

Has the NSA Won the Crypto Wars?

Has the NSA Won the Crypto Wars?

Amie Stepanovich,
Director, Domestic Surveillance Project

Information Technology & Innovation Foundation
Washington, D.C.
October 1, 2013

Judge Rules that EPIC Lacks Standing to Challenge Education Department's Unlawful Regulations

A federal court dismissed EPIC's lawsuit against the Education Department. EPIC has challenged the agency's 2011 changes to the Family Educational Rights and Privacy Act (FERPA) which allow the release of student records for non-academic purposes and undercut parental and student consent provisions. The court held that neither EPIC nor any of its Board of Director co-plaintiffs "have standing to bring the claims asserted in the complaint." The judge did not reach EPIC's substantive claims asserted in the complaint. EPIC argued that the Education Department exceeded its authority with the changes and that the revised regulations violate the federal student privacy law. Before initiating the lawsuit, EPIC submitted extensive comments to the Education Department, opposing the unlawful regulations. EPIC intends to take further steps to safeguard student privacy. For more information, see EPIC: EPIC v. The U.S. Department of Education and EPIC: Student Privacy.

October 2, 2013

Consumer Privacy Groups Ask Congress to End Secret Hearings on Data Industry

EPIC, joined by a coalition of consumer privacy groups, has asked the House of Representatives Privacy Task Force to open to the public meetings that are now taking place in secret in the hearing rooms of Congress. "We recognize that there is value in private meetings among Members and staff and with constituents," the group wrote, but said that "with public matters of common concern" meetings should be held "in the open, a public record should be created, and various viewpoints should be heard." The groups thanked Representatives Blackburn and Welch for examining "the enormously important issue of consumer privacy" but said “there is simply no reason for your task force to hold closed-door sessions." Last year, both the White House and the Federal Trade Commission recommended enactment of consumer privacy legislation.

October 6, 2013

"The Tension Between Security and Liberty"

"The Tension Between Security and Liberty"

Marc Rotenberg,
EPIC President

The Forum
St. Johns Church
Washington, DC
October 6, 2013

October 3, 2013

"NSA Domestic Surveillance"

"NSA Domestic Surveillance"

Marc Rotenberg, EPIC
Bruce Schneier, Security Technologist

v.

Steven Bradbury, Former DOJ OLC
Andrew McCarthy, National Review

University of St. Thomas School of Law
Holloran Center for Ethical Leadership
Minneapolis, MN
October 3, 2013

"NSA Domestic Surveillance"

"NSA Domestic Surveillance"

Marc Rotenberg, EPIC
Bruce Schneier, Security Technologist

v.

Steven Bradbury, Former DOJ OLC
Andrew McCarthy, National Review

University of St. Thomas School of Law
Holloran Center for Ethical Leadership
Minneapolis, MN
October 3, 2013

October 2, 2013

EPIC FOIA - New Information on Drone Flight Applicants

The Federal Aviation Administration has responded to an EPIC FOIA Request seeking documents related to applications to fly drones domestically. The FAA provided a list of nearly 200 entities within the Department of Defense, the Department of Homeland Security, the Department of Justice, and state and federal law enforcement agencies. The FAA further responded to EPIC's request for information by making the drone licenses, or "certificates," available on a public portal. EPIC has called on the FAA to maintain a searchable database of all drone operators as the Agency seeks to expand domestic drone use. For more information see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.

October 3, 2013

EPIC Appeals Secrecy of Body Scanner Radiation Documents

EPIC has challenged a District Court decision which allowed two federal agencies to withhold documents about airport body scanners, including test results, fact sheets, and estimates regarding radiation risks. In the opening brief to the DC Circuit Court of Appeals, EPIC argues that federal agencies may not withhold factual information under the "deliberative process privilege" in the Freedom of Information Act. EPIC said that under "under the standard adopted by the lower court, not only would the judgement of agency officials be exempt, but so too would reports or studies of any significance." For more information, see EPIC: DHS Body Scanner FOIA Appeal, EPIC v. DHS and EPIC v. TSA.

EPIC Updates and Relaunches "Practical Privacy Tools"

EPIC has updated and expanded one of its most popular web pages of all time - "Practical Privacy Tools." The EPIC page includes a detailed listing of Internet Anonymizers, Proxy Servers, email encryption, secure Internet messaging, password vaults, antivirus programs, cookie cleaners, and more. Although EPIC does not endorse any particular product or service, EPIC strongly supports the widespread availability of privacy enhancing techniques. As EPIC explained in testimony to Congress on Communications Privacy in 1998, "techniques to protect privacy and anonymity should be encouraged and restrictions on encryption should be lifted." For more information, see EPIC - Practical Privacy Tools.

EPIC's Rotenberg Addresses European Parliament

EPIC President Marc Rotenberg addressed the European Parliament on the issue of The Electronic Mass Surveillance of EU Citizens. The Committee on Civil Liberties, Justice, and Home Affairs has convened a series of hearings to examine reports of the monitoring and surveillance of Europeans. Mr. Rotenberg explained that there is now a vigorous debate in the United States and that there would be some changes to the Foreign Intelligence Surveillance Act concerning surveillance within the United States. But he also warned that US lawmakers were unlikely to make changes that respond to the concerns of European citizens. He urged EU lawmakers to suspend trade negotiations with the US pending an adequate resolution of the surveillance inquiry. He also suggested a review of the PNR and SWIFT data transfer arrangements, which lack Privacy Act safeguards. Finally, Mr. Rotenberg recommended the adoption of an international framework for privacy protection.

October 4, 2013

EPIC FOIA Documents Shed Light on Secret Cell Phone Tracking Team at FBI

In response to EPIC's Freedom of Information Act Lawsuit, the Federal Bureau of Investigation has released more than 400 pages of documents related to cell site simulator technology (commonly referred to as "Stingray"). This most recent release to EPIC includes training and promotional materials from a specialized unit within the FBI, the "Wireless Intercept & Tracking Team" that had previously been hidden from public view. According to the documents, the FBI's Tracking Team provides technical and financial support to a quickly expanding group of federal and local law enforcement agents trained to use the controversial surveillance tools. The documents reveal that the FBI believes it can use cell site simulators without a warrant, but so far only one federal court has considered the Fourth Amendment implications of these devices, including their interception of innocent users' data. For more information, see EPIC v. FBI (Stingray).

NSA Attacked Tor, a Privacy Enhancing Network

The NSA and GCHQ have attempted to break the privacy protections of the Tor anonymity network, according to a series of documents published in The Guardian today. The documents describe the efforts of the NSA to de-anonymize Tor users by compromising their computers and Tor software with viruses. The NSA also relies on Doubleclick advertising cookies to identify Tor users. Despite their efforts, the documents reveal that the intelligence community has had limited success compromising the Tor network. One presentation, titled "Tor Stinks," concludes that they will "never be able to de-anonymize all Tor users all the time." In May 2013, EPIC filed a FOIA request seeking evidence of government interference with the Tor network. In 2000, EPIC had also filed a complaint with the FTC about Doubleclick's efforts to merge users' browsing activity with personally identifying information. And in 2007, EPIC objected to Google's acquisition of Doubleclick, warning that it would place at risk the privacy of Internet users. For more information, see EPIC v. BBG; EPIC: Privacy? Google/Doubleclick Merger.

EPIC FOIA - FBI Says 20% Error Rate Okay for Facial Recognition

EPIC's Freedom of Information Act lawsuit has produced new documents about "Next Generation Identification" and the FBI's plans for facial recognition. According to the document obtained by EPIC, "NGI shall return an incorrect candidate a maximum of 20% of the time." That number is much greater than expected. Earlier this year, EPIC received documents from the FBI regarding the use of facial recognition and state DMV photos. The FBI has still not updated a 2008 Privacy Impact Assessment on facial recognition technology despite telling Congress last year that a new assessment was planned. For more information, see EPIC: EPIC v. FBI - Next Generation Identification and EPIC: Face Recognition.

October 10, 2013

Cyber Security: The Emerging Debate Over How Virtual Information Should Be Controlled and Protected

Cyber Security: The Emerging Debate Over How Virtual Information Should Be Controlled and Protected

Alan Butler,
EPIC Appellate Advocacy Counsel

National Association of Mutual Insurance Companies
Washington, DC
October 10, 2013

October 9, 2013

Gov. Brown Signs New California Privacy Laws

California Governor Jerry Brown has signed several new Internet privacy bills into law. Assembly Bill 370 amends the California Online Privacy Protection Act by requiring that businesses disclose how they respond to Do Not Track signals or other mechanisms used by consumers to prevent the surreptitious collection of their browsing history. The Governor has also signed Senate Bill 568, which provides for an "eraser button" that would require websites to allow minors to remove their own information. Finally, California has enacted Senate Bill 255, which prohibits "revenge porn": the posting of explicit images or videos without the victim's consent. The passage of these laws has led many to observe that California is "driving Internet privacy policy." For more information, see EPIC: Online Tracking and Behavioral Advertising and EPIC: Children’s Online Privacy.

Court Issues Opinion In EPIC v. ODNI After "In Camera" Review

A federal court has issued an opinion in EPIC v. ODNI, EPIC's Freedom of Information Act lawsuit against the Office of the Director of National Intelligence concerning possible violations of the Privacy Act. As a result of filing the lawsuit, EPIC obtained seven documents that ODNI had previously withheld from the public. The documents concerned ODNI's consolidation of databases containing detailed personal information on US persons. EPIC also challenged ODNI's withholding of 21 additional documents describing how the agency "retrieves and safeguards information from other federal agencies." The Court considered EPIC's further challenge, ordering ODNI to submit the documents to the court for review. The Court ultimately agreed with the agency that those additional documents were properly withheld. For more information, see: EPIC: EPIC v. ODNI.

October 10, 2013

EPIC Objects to Secret Profiling of Air Travelers

EPIC has submitted comments to the Department of Homeland Security, objecting to the agency's plan to secretly profile U.S. air travelers and remove Privacy Act safeguards. The DHS proposed to exempt TSA PreCheck from the federal privacy law. The PreCheck database contains detailed personal information, including name, birthdate, biometric information, Social Security Number, and financial information. The TSA plans to release applicant data to federal, state, tribal, local, territorial agencies and foreign governments. However, the TSA proposes to remove the rights of PreCheck applications concerning notification, access, and correction. The agency also intends to keep secret the basis for approving PreCheck applicants. EPIC described the substantial privacy and security risks of Precheck, urged the DHS to narrow the Privacy Act exemptions, and recommended that the DHS withdraw routine use disclosures. For more information, see EPIC: Secure Flight, EPIC: Passenger Profiling, and EPIC: Air Travel Privacy.

EPIC Urges Congress to Protect Student Privacy

In a letter to the Senate and House Committees on Education, EPIC has asked Congress to restore privacy protections for student data. EPIC's letter follows a court opinion concerning recent changes to the Family Educational Rights and Privacy Act. EPIC has warned that the changes in the student privacy law allow the release of student records for non-academic purposes and undercut parental and student consent provisions. EPIC has urged Congress to investigate the impact of the revised regulations. "Students and families are losing control over sensitive information," EPIC wrote, "and private companies are becoming the repositories of student data and even the data maintained by the schools is far more extensive than ever before." For more information, see EPIC: Student Privacy.

October 11, 2013

Facebook Removes Crucial Privacy Setting for Users’ Names

Facebook has begun removing a privacy setting that allowed users to opt-out from their name being included in its “Graph Search” feature. All users, even those who had previously decided to remove their name from searches, will now be included in Graph Search results. Facebook is currently under a 20 year consent decree from the FTC that requires express affirmative consent from users before disclosing personal information which exceeds the restrictions imposed by users' privacy settings. Facebook announced the change last year, at which point EPIC warned about the consequences of Facebook removing privacy settings for its users. In 2012, EPIC sent a letter to Facebook requesting a reversal of policy changes that automatically shared users’ private information. For more information, see EPIC: Facebook and EPIC: In re Facebook.

Google Announces Plan to Post Names and Photos of Users for Advertising Without Consent, May Violate 2011 FTC Consent Order

Google announced changes to its Terms of Service that will allow “your Profile name, Profile photo, and actions you take on Google or on third-party applications” to be used in advertisements. The changes will not require Google to seek the affirmative consent of users before putting their personal information to commercial use. Minors, however, will not be subject to the changes. A 2011 Consent Order with the Federal Trade Commission prohibits Google from making misrepresentations and requires the company to obtain user consent before disclosing information to third parties. EPIC recently objected to similar practices by Facebook that would allow the company to routinely use the names, images, and content of Facebook users for commercial advertising without consent. For more information, see EPIC: Federal Trade Commission and EPIC: In re Google.

October 14, 2013

Government Responds to EPIC's Supreme Court Challenge of NSA Telephone Record Program

The Solicitor General has filed a response to EPIC's challenge to the NSA's telephone record collection program. In July, EPIC petitioned the Supreme Court to vacate the order of the Foreign Intelligence Surveillance Court that requires Verizon to turn over all telephone records to the NSA. EPIC argued that the Intelligence Court exceeded its legal authority and could not compel a telephone company to disclose so much personal information unrelated to a foreign intelligence investigation. Legal scholars and former Members of Congress filed briefs in support of EPIC's petition, including privacy and national security scholars, constitutional scholars, federal courts scholars, and members of the Church Committee. Congressman James Sensenbrenner, the primary author of the Patriot Act, has said that the telephone records collection program was never authorized by Section 215. For more information, see In re EPIC.

October 15, 2013

Open Government Organizations Support EPIC's FOIA Appeal

Citizens for Responsibility and Ethics in Washington (CREW) has filed a "friend of the court" brief in EPIC v. DHS, a challenge to the secrecy of government documents now pending before the D.C. Circuit Court of Appeals. EPIC's is appealing a District Court decision which allowed two federal agencies to withhold factual documents, including test results, about airport body scanners. In the brief, CREW explains that "accepting the District Court's analysis would threaten the integrity of the decision making process and undermine the goals of the FOIA." Several other open government groups joined the CREW amicus brief, including the ACLU, EFF, and the OpenTheGovernment coalition. EPIC filed the opening brief in early October. The government is expected to file an opposition brief at the beginning of November. For more information, see EPIC v. DHS - Body Scanner FOIA Appeal.

October 21, 2013

Electronic Privacy: What Can We Expect in the Age of Wikileaks and PRISM?

Electronic Privacy: What Can We Expect in the Age of Wikileaks and PRISM?

Alan Butler,
EPIC Appellate Advocacy Counsel

American University Washington College of Law
Washington, DC
October 21, 2013

October 18, 2013

23 US NGOs Support EU Data Protection Regulation

In a letter to members of the European Parliament, a coalition of 23 leading U.S. consumer, privacy, and civil liberties groups expressed support for the new EU Data Protection Regulation. The coalition said although it "remain[s] optimistic that we will eventually update privacy laws in the United States," until then, "the European Union offers the best prospect for the protection of Internet users around the globe." The groups stated, "the US Congress has so far failed to take necessary steps to update US privacy law or to rein in the activities of the National Security Agency. As a consequence, consumers on both sides of the Atlantic remain at risk - our most sensitive data is too readily available for scrutiny and misuse."The Data Protection Regulation is a comprehensive update of the 1995 Data Protection Directive that harmonizes current law and sets out new enforcement powers for privacy agencies. Last year, a similar coalition of organizations wrote in support of the Regulation. For more information, see EPIC: EU Data Protection Directive.

October 21, 2013

European Parliament Committee Approves Comprehensive Privacy Law

The civil liberties committee of the European Parliament has voted to approve the EU Data Protection Regulation. Before voting, members of the committee inserted stronger safeguards for data transfers to non-EU countries, an explicit consent requirement, a right to erasure, and larger fines for noncomplying businesses. The regulation is a comprehensive update of the 1995 EU Data Protection Directive that sets out new enforcement powers for privacy agencies. In 2012 and 2013, over twenty US consumer, privacy, and civil liberties groups sent letters to the European Parliament in support of the new data protection law. Until the U.S. passes comprehensive privacy legislation, the groups wrote, "the European Union offers the best prospect for the protection of Internet users around the globe." EPIC spoke recently before the European Parliament in support of the initiative. For more information, see EPIC: EU Data Protection Directive.

October 22, 2013

EPIC, Coalition Urge NSA to Comply with Privacy Act

EPIC, joined by a coalition of privacy, consumer rights, and civil rights organizations, has urged the Department of Defense to require the National Security Agency to comply with the federal Privacy Act, the primary law protecting personal information held by the federal government. The comments came in response to a proposed agency rule that would amend the Defense Department's privacy program. The organizations noted that the National Security Agency is a component of the Defense Department and subject to agency regulations. EPIC and the coalition stated, "The DOD must ensure that the NSA complies with the Privacy Act by publishing additional system of records notices and otherwise adhering to the Privacy Act before it can adopt its current proposal." Although the NSA has identified twenty-six Privacy Act databases, recent revelations by the Guardian suggest that there are many other databases subject to the Privacy Act that should be identified. EPIC has also petitioned the Supreme Court, challenging to the NSA's telephone record collection program. For more information, see In re EPIC.

October 23, 2013

In EPIC v. NSA, Court Rules Presidential Directives are Not Subject to FOIA but Orders Release of Additional Documents to EPIC

A federal court has issued an opinion in EPIC v. NSA, EPIC's Freedom of Information Act lawsuit concerning the government's policy for the security of American computer networks. As a result of the lawsuit, EPIC obtained documents that the National Security Agency had withheld from the public. The documents concern NSPD 54, a presidential policy directive outlining the scope of the NSA's authority over computer networks in the US. EPIC also challenged the NSA's decision to withheld several other records including the National Security Presidential Directive 54. A federal district court has now ruled that NSPD 54 is not subject to the FOIA because it was not under "the control" of the National Security Agency and the other federal agencies and officials who received the presidential directive. The Court also ordered to the NSA to identify and release other documents to EPIC.For more information, see: EPIC v. NSA - Cybersecurity Authority.

October 21, 2013

Electronic Privacy: What Can We Expect in the Age of Wikileaks and PRISM?

Electronic Privacy: What Can We Expect in the Age of Wikileaks and PRISM?

Alan Butler,
EPIC Appellate Advocacy Counsel

American University Washington College of Law
Washington, DC
October 21, 2013

October 25, 2013

In re EPIC: A Supreme Court Challenge to NSA Telephone Surveillance

Alan Butler,
EPIC Appellate Advocacy Counsel

Georgetown University Law Center
Washington, D.C.
October 25, 2013

Crypto Party

EPIC and Public Citizen Crypto Party
Crypto Party

Hosted by EPIC and Public Citizen

Washington, D.C.
October 25, 2013

October 24, 2013

Senator Markey Investigates Student Data Disclosures

Senator Edward Markey has sent a letter to the Education Department, requesting information on the "impact of increased collection and distribution of student data" on student privacy rights. Among other questions, Senator Markey asks why the Department made changes to the Family Educational Rights and Privacy Act, a federal student privacy law; whether the Department "performed an assessment of the types of information" that schools disclose to third party vendors; and whether students and their families can obtain their information held by private companies. The letter states, "By collecting detailed personal information about students' test results and learning abilities, educators may find better ways to educate their students. However, putting the sensitive information of students in private hands raises a number of important questions about the privacy rights of parents and their children." EPIC has sent a letter to the Senate and House Committees on Education, urging Congress to restore privacy protections for student data. For more information, see EPIC: Student Privacy and EPIC: EPIC v. The Deptartment of Education.

October 28, 2013

EPIC Files in Supreme Court, Responds to Government in NSA Challenge

EPIC has filed a reply brief in In re EPIC with the U.S. Supreme Court, responding to the Government's brief, which was filed after two extensions. The government argues the Supreme Court cannot hear the case. EPIC responded that it "simply cannot be correct" that the order of the Foreign Intelligence Surveillance Court, an inferior court, is not reviewable by the Supreme Court. EPIC also explained that the order is clearly unlawful. "No court has ever determined that 'relevance' permits the compelled production of such vast quantities of irrelevant personal information," EPIC said, noting that Congressman Sensenbrenner, co-author of the USA PATRIOT Act, has written that "This expansive characterization of relevance makes a mockery of the legal standard." EPIC also outlined the extraordinary impact of the NSA telephone record collection on all Americans: "These telephone records are unique and identifiable, and reveal a great deal of private information about millions of telephone users. In no instance has the Government established any individualized suspicion to support the collection of this information." For more information, see In re EPIC.

October 29, 2013

How Data Determines Your Fate at the Airport

How Data Determines Your Fate at the Airport

Khaliah Barnes,
EPIC Administrative Law Counsel

Kojo Nnamdi Show

WAMU.ORG
October 29, 2013

EPIC Supports Campaign to End Mass Surveillance

EPIC joined more than one hundred organizations at the Stop Watching Us rally October 28 in Washington DC. EPIC Counsel Khaliah Barnes told the crowd, "First they ignore us, then they laugh at us, then they fight us, and then we win." The night before the rally, EPIC organized a crypto party with Public Citizen. Featured speakers included Bruce Schneier and Libertarian Presidential candidate Gary Johnson. EPIC has filed a Supreme Court challenge to the NSA telephone record collection program. For more information, see In re EPIC - NSA Telephone Records Surveillance.

Leahy and Sensenbrenner Introduce USA FREEDOM Act

The Democratic Chair of the Senate Judiciary Committee and the Republican author of the Patriot Act have introduced the USA FREEDOM Act, which would reform the Foreign Intelligence Surveillance Act and limit NSA surveillance activities. A bi-partisan coalition, including 17 Senators and 70 Members of Congress, have joined as original co-sponsors. Key provisions of the FREEDOM Act increase transparency of intelligence activities, prevent end-runs around the FISA Court, and improve public reporting. In 2012 EPIC testified before the House Judiciary Committee about the need to reform FISA and to improve oversight of the FISA court. The FREEDOM Act also ends the controversial bulk phone records collection program. EPIC has brought a challenge in the Supreme Court to the phone records program, explaining that it is unlawful under current law. For more information, see EPIC: In re EPIC and EPIC - Foreign Intelligence Surveillance Act.

About October 2013

This page contains all entries posted to epic.org in October 2013. They are listed from oldest to newest.

September 2013 is the previous archive.

November 2013 is the next archive.

Many more can be found on the main index page or by looking through the archives.