« February 2014 | Main | April 2014 »

March 2014 Archives

March 4, 2014

"Privacy and Public Good: Reporting on Student Data"

"Privacy and Public Good: Reporting on Student Data"

Khaliah Barnes,
Director, EPIC Student Privacy Project

SXSWedu
Austin, TX
March 4, 2014

March 3, 2014

In FOIA Lawsuit, EPIC Obtains Secret Reports on Data Collection

In a Freedom of Information Act lawsuit, EPIC has obtained reports that detail the number of times the Surveillance Court authorized the use of techniques that gather the telephone numbers and metadata of phone customers and Internet users. The previously secret reports obtained by EPIC cover the period between 2000 and 2013. The reports reveal a dramatic increase in the use of these techniques in 2004 and then a significant reduction in 2008, likely the consequence of a shift to other investigative techniques. The documents show that nearly all applications to the Surveillance Court were approved without modifications. In 2013, EPIC petitioned the Supreme Court to end the bulk telephone record collection program. Former members of the Church Committee and dozens of legal scholars supported the EPIC petition. For more information see: EPIC v. Department of Justice - Pen Register Reports, EPIC: Foreign Intelligence Surveillance Court Orders 1979-2012, and In re EPIC.

March 5, 2014

White House to Accept Public Comments on Big Data and Privacy Review

The White House is requesting public comments on the Obama Administration's "Big Data and the Future of Privacy" review. EPIC, joined by 24 consumer privacy, public interest, scientific, and educational organizations petitioned the Office of Science and Technology Policy last month to accept public comments. The petition stated, "The public should be given the opportunity to contribute to the OSTP's review of 'Big Data and the Future of Privacy' since it is their information that is being collected and their privacy and their future that is at stake." The letter sets out several important questions, including whether current laws are adequate and whether it is possible to maximize the benefits of big data while minimizing the risks to privacy. Comments are due by March 31, 2014. For more information, see EPIC: Big Data and the Future of Privacy.

Citron, Felten, Lewis, Lysyanskaya, Marwick, McDonald, Moglen, and Vladeck Join EPIC Advisory Board

EPIC has announced the 2014 members of the EPIC Advisory Board. They are Danielle Citron, Professor at University of Maryland School of Law, Edward Felten, Professor of Computer Science and Public Affairs at Princeton University, Harry R. Lewis, Professor of Computer Science at Harvard University, Anna Lysyanskaya, Professor of Computer Science at Brown University, Alice E. Marwick, Assistant Professor of Media Studies at Fordham University, Aleecia M. McDonald, Director of Privacy at the Stanford Center for Internet & Society, Eben Moglen, Professor of Law and Legal History at Columbia Law School, and David Vladeck, Professor of Law at Georgetown University Law Center. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Press Release For more information, see EPIC: EPIC Advisory Board.

EPIC Presents 2014 Domestic Privacy Champion Award to Evan Hendricks

EPIC has presented the 2014 Domestic Privacy Champion Award to Evan Hendricks, the publisher of Privacy Times. Hendricks received the award in recognition of his work in consumer privacy protection and for his work in publishing Privacy Times, a significant resource in the privacy world. In 2013, EPIC presented the Domestic Privacy Champion Award to Susan Grant. On January 28, EPIC awarded Jan Philipp Albrecht with the International Privacy Champion Award as part of International Privacy Day.

March 6, 2014

EPIC Urges FTC Investigation of WhatsApp Sale to Facebook

EPIC has filed a complaint to the Federal Trade Commission concerning Facebook's proposed purchase of WhatsApp. WhatsApp is a messaging service that gained popularity based on its strong pro-privacy approach to user data. WhatsApp currently has 450 million active users, many of whom have objected to the proposed acquisition. Facebook regularly incorporates data from companies it has acquired.The Federal Trade Commission has previously responded favorably to EPIC complaints concerning Google Buzz, Microsoft Passport, Changes in Facebook Privacy Settings, and Choicepoint security practices. However, the FTC approved Google's acquisition of Doubleclick over EPIC's objection. Facebook is currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy and to comply with the US-EU Safe Harbor guidelines. For more information, see EPIC: In re Google Buzz, EPIC: Microsoft Passport, EPIC: In re Facebook, and Privacy? Proposed Google/DoubleClick Merger.

March 7, 2014

After Weakening Privacy Law, Education Department Proposes "Best Practices" for Student Data

The Education Department has issued recommendations for schools that transfer student records to online educational service providers. Following the Department's changes to a federal student privacy law, private companies and government agencies have access to student records without obtaining student consent. In the recommendations, the agency explained that the current regulations do not require written agreements for schools to disclose student information to private companies. The Education Department recommended that schools establish policies for approving online educational services, create written contracts with private companies for the use of student data, and explain to parents and students how schools collect, use, and disclose student information. The agency warned that student data held by private companies may not be protected under federal privacy laws. EPIC had earlier sued the Education Department for weakening the privacy rule that prevented companies from getting access to student data. On March 13, 2014, the Education Department will hold a webinar on its student privacy best practices. For more information, see: EPIC: Student Privacy and EPIC: EPIC v. Dept. of Education.

March 10, 2014

"Enhancing Trust and Boosting Innovation in the Digital Ecosystem"

"Enhancing Trust and Boosting Innovation in the Digital Ecosystem"

Marc Rotenberg,
EPIC Executive Director

OECD
Microsoft Policy Center
Washington, D.C.
March 10, 2014

March 20, 2014

"Civil Liberties Dead Zone: Do First and Fourth Amendment Rights Not Apply at the Border?"

"Civil Liberties Dead Zone: Do First and Fourth Amendment Rights Not Apply at the Border?"

Marc Rotenberg,
EPIC Executive Director

Freedom of the Press Committee
National Press Club
Washington, D.C.
March 20, 2014

March 11, 2014

"An Analysis of the Review Group Recommendations for Intelligence Reform"

"An Analysis of the Review Group Recommendations for Intelligence Reform"

Marc Rotenberg,
EPIC Executive Director

NYU Security Research Seminar
New York, NY
March 11, 2014

March 7, 2014

EPIC Asks Supreme Court to Protect Cellphone Privacy

EPIC, joined by twenty-four technical experts and legal scholars, has filed a "friend of the court" brief in a Supreme Court case concerning the warrantless search of a cell phone. In Riley v. California, the Court will determine whether the search of a phone following an arrest violates the Fourth Amendment if no warrant is obtained. Lower courts are currently divided on this issue. EPIC's amicus brief explains that "modern cell phone technology provides access to an extraordinary amount of personal data . . . Allowing police officers to search a person's cell phone without a warrant following an arrest would be a substantial infringement on privacy, is unnecessary, and unreasonable under the Fourth Amendment." EPIC's brief describes the vast amount of personal information available on the phone and from the phone. "From a cellphone," EPIC explains "users can even see into their homes and control devices and appliances." EPIC points out that "there is no need to allow warrantless searches when currently available techniques allow law enforcement to secure the cell phone data pending a judicial determination of probable cause." EPIC routinely participates in privacy cases before the US Supreme Court. For more information, see EPIC: Riley v. California, EPIC: EPIC Amicus Curiae Briefs.

March 10, 2014

Federal Judge Rules Commercial Drones Legal

A federal judge has ruled that commercial drones are legal, stating that the Federal Aviation Administration has not issued an enforceable regulatory rule that governs commercial drone operation. The FAA plans to appeal the decision. In 2012, Congress told the Agency to implement a plan to integrate drones into the National Airspace by 2015. Shortly after, EPIC joined by over 100 other organizations, experts, and members of the public petitioned the FAA to address privacy as part of the integration. As a result, the Agency published a notice with proposed privacy requirements for drone operators. EPIC submitted comments in response to the notice, urging the Agency to mandate minimum privacy standards for drone operators. After considering numerous public comments on the privacy impact of aerial drones, the FAA proposed a regulation that requires test site operators to develop privacy policies but does not require any specific baseline privacy protections. Several states have passed drone privacy laws and bills are also pending in Congress. For more information, see EPIC: Domestic Drones.

March 18, 2014

Seventh Annual Freedom of Information Day Celebration

Seventh Annual Freedom of Information Day Celebration

Khaliah Barnes,
EPIC Administrative Law Counsel

Alan Butler,
EPIC Appellate Advocacy Counsel

Ginger McCall.
Director, EPIC Open Government Program

American University Washington College of Law
Washington, D.C.
March 18, 2014

March 12, 2014

Pew Internet Report Identifies Privacy Concerns, New Challenges

According to the Pew Research Report "Digital Life in 2025", experts predict the Internet will become 'like electricity' - less visible, yet more deeply embedded in people's lives for good and ill. Several respondents identified the loss of privacy, and the stratification of privacy rights, as a key concern. The Pew report, conducted with Elon University, asked experts to make predictions about the state of digital life in 2025. EPIC President Marc Rotenberg posed the question - "will the Internet of 2025 be a network of freedom and opportunity or the infrastructure of social control?" For more, see EPIC - Public Opinions on Privacy.

With Overwhelming Support, European Parliament Backs New Data Protection Law

In a near-unanimous vote, the European Parliament has voted in favor of a comprehensive data protection regulation. The new law will make several changes to European data privacy law, give citizens better access to their data, restrict the ways it can be used outside the European Union, and punish companies that breach the regulation with significant fines. The regulation will be the first update to European privacy legislation since the EU passed the 1995 Data Protection Directive. EU Justice Commissioner Viviane Reding stated, "The message the European Parliament is sending is unequivocal: This reform is a necessity, and now it is irreversible." In 2012 and 2013, EPIC and over twenty other US consumer, privacy, and civil liberties groups sent letters to the European Parliament in support of this reform. The European Consumer Organization (BEUC) supports the regulation. EPIC has also spoken before the European Parliament in support of the regulation. For more information, see EPIC: EU Data Protection Directive.

European Parliament: Suspend Safe Harbor, Data Transfers to United States

The European Parliament has voted to halt the Safe Harbor program, which allowed US companies to process data on EU citizens outside of European legal protections. The resolution also recommends that Europe exclude EU-US data transfers from trade negotiations and establish legal remedies for EU citizens who face privacy violations. The resolution would protect whistleblowers, and proposes an independent European data cloud. The resolution follows a six-month investigation, led by MEP Claude Moraes, on the Mass Surveillance of EU Citizens. The report condemned programs of the US and the EU member states. EPIC had urged the Federal Trade Commission to enforce the Safe Harbor, and has recommended the US and EU exclude data transfers in trade negotiations. For more information, see EPIC: EU Data Protection Directive.

March 17, 2014

EPIC Publishes 2014 FOIA Gallery, Highlights Documents Obtained Under Open Government Law

In celebration of Sunshine Week, EPIC has published the 2014 EPIC FOIA Gallery. The gallery highlights documents obtained by EPIC in the past year, such as previously secret records about government surveillance of telephone calls, FBI facial recognition technologies, DHS drones that identify human targets on the ground, the CIA's collaboration with the New York Police Department, and student debt-collectors' lax data security systems. In many of these cases, EPIC "substantially prevailed" and obtained attorneys fees. EPIC routinely pursues Freedom of Information Act matters to promote government accountability. EPIC published the first FOIA Gallery in 2001. EPIC also publishes an authoritative FOIA litigation manual. For more information, see EPIC: Open Government and EPIC Bookstore: FOIA.

March 18, 2014

Drones, Privacy & You

Drones, Privacy & You

Jeramie D. Scott
EPIC National Security Counsel

Russell Senate Office Building
Washington, DC 20002
March 18, 2014

March 19, 2014

The Future of FOIA Reform

"The Future of FOIA Reform"

Ginger McCall,
EPIC FOIA Project Director

US Congress
Washington, DC
March 19, 2014

March 18, 2014

WhatsApp Founder Responds to EPIC Privacy Complaint

Following Facebook's announced plan to purchase WhatsApp, a popular pro-privacy messaging services, EPIC urged the FTC to block the acquisition. EPIC explained to the Commission that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition. WhatsApp founder Jan Koum has now published a blog post in response to the EPIC Complaint. Koum wrote, "Above all else, I want to make sure you understand how deeply I value the principle of private communication. For me, this is very personal." He added, "Make no mistake: our future partnership with Facebook will not compromise the vision that brought us to this point." For more information, see EPIC: In re WhatsApp, EPIC: Federal Trade Commission, and EPIC: In re Facebook.

March 19, 2014

EPIC Obtains Secret Attorney General Reports on Electronic Surveillance

As a result of an FOIA lawsuit, EPIC has obtained copies of the Attorney General Reports on the government's electronic surveillance activities. These reports have been submitted to Congress every six months since 2001 but have never before been disclosed to the public. These reports include new details about government collection of telephone and Internet records. The reports include the number of US persons targeted for "Pen Register" surveillance under the Foreign Intelligence Surveillance Act. The reports also contain noncompliance incidents and significant foreign intelligence court opinions, but those details have been withheld by the Justice Department. The documents obtained by EPIC also show that the Justice Department told Congress that the collection of telephone subscriber information would decrease, even after the section 215 bulk collection program began. The case is EPIC v. Dept. of Justice, No. 13-961. For more information, see EPIC v. DOJ - FISA Pen Registers and EPIC: FISA Stats.

Google Admits to Data-Mining Student Emails

In a sworn statement filed with a federal court, Google has admitted to scanning student emails to serve students targeted advertisements. Although Google does not display ads in Apps for Education, Google "does scan [student] email" to "compile keywords for advertising" on Google sites. Google has gained access to student emails pursuant to the Education Department's recently revised regulations, which significantly weakened the Family Educational Rights and Privacy Act, a federal student privacy law. Still, Google's practices appear to contravene the Education Department's "best practices" for online educational service providers. EPIC had earlier sued the Education Department for weakening the privacy law that protects student data. For more information, see: EPIC Student Privacy and EPIC: EPIC v. Dep't of Education.

March 21, 2014

EPIC Updates Facebook Complaint, Urges Careful Review of WhatsApp Acquisition

EPIC has filed a supplemental complaint regarding Facebook's $19 b purchase of WhatsApp. WhatsApp users had relied on the messing app's pro-privacy practices to protect their personal information, while Facebook regularly incorporates user data from the companies it acquires. In the initial complaint, EPIC urged the Federal Trade Commission to block the sale unless adequate privacy safeguard for WhatsApp user data were established. In the supplemental complaint, EPIC provided more evidence that WhatsApp users object to the acquisition. EPIC also highlighted the importance of the FTC's pre-merger review process. Recently, the Commission approved Google's purchase of Nest Labs without considering the privacy implications for consumers. For more information, see EPIC: In re WhatsApp and EPIC: Federal Trade Commission.

FTC Adopts EPIC's Recommendations on Improved FOIA Processing

The Federal Trade Commission has issued a final rule updating its Freedom of Information Act fee provisions. EPIC submitted extensive comments to the agency, supporting proposed fee reductions but also recommending changes to strengthen open government. The FTC adopted nearly all of EPIC's proposals. The FTC announced that all "Commission decisions, orders, and other public materials" will be electronically available to all requesters without charge. The FTC also said it would grant requesters additional time to assess fees associated with FOIA requests rather than simply terminate processing. The FTC agreed to be more lenient in resolving unpaid FOIA fees. The Commission also adopted EPIC's recommendation to disclose private sector contract rates for FOIA processing. EPIC routinely comments on agency proposals that impact FOIA requesters' rights. For more information, see EPIC: Open Government and EPIC: Federal Trade Commission.

Federal Trade Commission Backs Users in Facebook Privacy Case

The FTC has filed an amicus brief in a case before a federal appeals court concerning Facebook users. If a controversial settlement is approved, Facebook will display the images of users, including young children, in Facebook advertising without consent. Several Facebook users formally objected to the plan, arguing that it would violate state laws. A children's advocacy organization also objected, stating that the "settlement is actually worse than no settlement." The FTC brief explains that state privacy laws do prevent the display of children's images without consent. EPIC also filed an amicus brief in support of the users, explaining that the settlement is unfair and should be rejected. EPIC and a coalition of consumer privacy organizations filed an extensive complaint with the Federal Trade Commission that eventually required Facebook to improve its privacy practices. For more information, see EPIC: In re Facebook and EPIC: Fraley v. Facebook.

March 24, 2014

White House Updates Privacy Policy, Maintains Anonymous Access But Also Data Retention

A revised privacy policy for the White House will go into effect on April 18, 2014. Users will continue to be able to access information posted on the White House web site anonymously, though personal information will be required for some services. The data retention practice has not changed nor has the policy for the disclosure of personal data to other entities. According to the White House privacy policy, "Information you choose to share with the White House (directly and via third party sites) may be treated as public information." The White House had previously proposed a "Plan to Protect Privacy in the Internet Age by Adopting a Consumer Privacy Bill of Rights", though the policy does not reflect this approach. In the first report ever published on online privacy, "Surfer Beware: Personal Privacy and the Internet," EPIC said web sites should "support anonymity while developing policies and practices to protect information privacy." EPIC had also urged the White House to establish Privacy Act safeguard for the use of social media services. EPIC For more information, see EPIC: Privacy and Government Contracts with Social Media Companies.

Deadline Approaches for End of NSA's Telephone Record Collection Program

March 28 marks the deadline set by President Obama to end the NSA's bulk collection of American's telephone records. Last week, Attorney General Eric Holder confirmed that the Justice Department is ready to meet the deadline that the President has set. After extensive meetings with leaders of the Intelligence Community, both the President's Review Group and the Privacy and Civil Liberties Oversight Board found the program was ineffective and likely exceeded current legal authority. Senator Leahy, who held extensive public hearings, has stated "This program is not effective. It has to end." EPIC, supported by dozens of legal scholars and former members of the Church Committee, petitioned the US Supreme Court in July 2013 to end the "215" program. For more information, see In re EPIC and EPIC: NSA Verizon Phone Record Monitoring.

March 26, 2014

"Who Watches the Watchers?"

"Who Watches the Watchers?"

Marc Rotenberg,
EPIC Executive Director

Antitrust Law Spring Meeting
National Press Club
Washington, DC
March 26, 2014

March 27, 2014

Federal Courts Law Review Symposium

Federal Courts Law Review Symposium

David Husband,
EPIC National Security Appellate Advocacy Fellow

Charleston School of Law
Charleston, SC
March 27, 2014

Senator Leahy Urges President to End NSA Record Collection Program on Friday

In remarks published this week, Senator Patrick Leahy, Chairman of the Senate Judiciary Committee and co-sponsor of the USA FREEDOM Act, said "I welcome the President's statement that he plans to end the bulk collection of American’s phone records. That is a key element of what I and others have outlined in the USA FREEDOM Act, and that is what the American people have been demanding." Senator Leahy added, "the President could end bulk collection once and for all on Friday by not seeking reauthorization of this program. Rather than postponing action any longer, I hope he chooses this path." EPIC and others have urged the President not to renew the NSA telephone record collection authority when it expires this week. For more information, see In re EPIC.

March 28, 2014

Fandago and Credit Karma Settle FTC Charges for Weak App Security

Two companies have settled Federal Trade Commission charges that they misrepresented the security of their mobile apps. Fandango and Credit Karma failed to enable SSL encryption, leaving user data vulnerable on mobile apps. "Our cases against Fandango and Credit Karma should remind app developers of the need to make data security central to how they design their apps," FTC Chairwoman Edith Ramirez said in a statement. The settlements require the companies to establish data security programs, and to undergo security assessments by the Commission for the next 20 years. EPIC recently brought a complaint to the FTC concerning Scholarship.com, a company that failed to establish adequate security safeguards. Not long after the complaint from EPIC, the company implemented SSL. EPIC had earlier recommended that the Commission require encryption for all cloud-based services. For more information, see EPIC: Federal Trade Commission, and EPIC: EPIC Online Guide to Practical Privacy Tools.

March 29, 2014

President Obama Renews Unlawful, Ineffective Surveillance Authority

According to the Attorney General and the Director of National Intelligence, President Obama has renewed the NSA's authority to collect all of the telephone records of all American telephone customers. The "Section 215" program exceeded Congressional authority and was found to be ineffective by two expert panels. At a speech on January 17, 2014, President Obama ordered a transition that will end the Section 215 bulk telephony metadata program as it currently exists. However, according to DNI Clapper, the United States filed an application with the FISC to reauthorize the existing program as previously modified for 90 days, and the FISC issued an order approving the government's application. The order issued expires on June 20, 2014. EPIC and others have strongly objected to the renewal of the 215 program. For more information, see EPIC In re EPIC.

About March 2014

This page contains all entries posted to epic.org in March 2014. They are listed from oldest to newest.

February 2014 is the previous archive.

April 2014 is the next archive.

Many more can be found on the main index page or by looking through the archives.