« April 2014 | Main | June 2014 »

May 2014 Archives

May 1, 2014

Court Denies Hulu's Motion to Dismiss Privacy Case

A federal court has ruled that a privacy class action lawsuit against Hulu, the video streaming service, may continue. Hulu users allege that the company violated the Video Privacy Protection Act by transferring personally identifiable information to both Facebook and the advertising company comScore. The Judge ruled that Hulu's transfer to Facebook of unique IDs, including the user's IP address and Facebook ID, as well as specific video titles would violate the video privacy law. However, the judge determined that Hulu only transmitted anonymized user IDs to comScore and that therefore there could be no legal violation. In 2009, EPIC filed an amicus brief in a similar case in which a company disclosed consumers' identities and video rental histories to Facebook. For more information, see Harris v. Blockbuster and EPIC: Video Privacy Protection Act.

Tags:

Posted by EPIC on May 1, 2014 10:57 AM | | TrackBacks (0)

Facebook Introduces New Privacy Features

Amidst growing concern about Facebook's disclosure of user information to third parties, the company has announced two new privacy options. Users may now decide how much of their information to disclose to Facebook apps before signing up. Users may also test apps anonymously - without transmitting the Facebook User ID to the developer. The changes appear to be a response to the 2011 Consent Order, pursued by EPIC and a coalition of privacy organization, that requires the company to obtain express affirmative consent from users before disclosing personal information to third parties. In the first report on Internet privacy, "Surfer Beware: Personal Privacy and the Internet" (1997), EPIC said web sites should "support anonymity while developing policies and practices to protect information privacy." For more information, see EPIC: Facebook Privacy, EPIC: Internet Anonymity, and EPIC: FTC.

Tags:

Posted by EPIC on May 1, 2014 11:06 AM | | TrackBacks (0)

White House Publishes Report on "Big Data and Future of Privacy"

The White House has released a report on big data and the future of privacy. The report "Big Data: Seizing Opportunities, Preserving Values" makes several recommendations to the President: "(1) advance the Consumer Privacy Bill of Rights; (2) pass national data breach legislation; (3) extend privacy protections to non-U.S. persons; (4) ensure data collected on students in schools is used for educational purposes; (5) expand technical expertise to stop discrimination; and (6) amend the Electronic Communications Privacy Act." The report identifies discrimination as a key concern, stating "A significant finding of this report is that big data analytics have the potential to eclipse longstanding civil rights protections in how personal information is used in housing, credit, employment, health, education, and the marketplace." The report also recommends the adoption of Privacy Enhancing Technologies. EPIC urged public participation in the review process. The White House report incorporates several recommendations from EPIC and other privacy organizations. For more information, see EPIC: Big Data and the Future of Privacy, EPIC: "Privacy in the Commercial World."

Tags:

Posted by EPIC on May 1, 2014 1:44 PM | | TrackBacks (0)

Annual FISA Report Shows Decrease in Surveillance Orders, Questions About Scope Remain

The Department of Justice has published the 2013 FISA Report. The brief report provides summary information about the government's use of the Foreign Intelligence Surveillance Act. In 2012 the Foreign Intelligence Surveillance Court granted 1,789 FISA orders and 212 "Section 215" orders. In 2013, there were 1,588 requests to conduct FISA surveillance, with 34 modifications. The FISC also granted 178 business record orders under Section 215, with 141 modified by the court. The significant number of modified orders indicates that the government's initial applications are too broad. For example, the controversial NSA Metadata program, was authorized by the surveillance court under a modified order. It is possible that in 2013 the court authorized other bulk collection programs. For more information, see EPIC: FISC Orders 1979-2014 and EPIC: FISA Graphs.

Tags:

Posted by EPIC on May 1, 2014 4:39 PM | | TrackBacks (0)

May 5, 2014

House Judiciary Committee to Consider Bill to End Bulk Surveillance, Improve NSA Oversight

The House Judiciary Committee has scheduled a markup of the USA Freedom Act. The proposed "Manager's Amendment", sponsored by James Sensenbrenner (R-WI), would prevent bulk collection of phone records and other business records, and would limit the scope of phone record searches. The bill would also (1) limit the collection of US persons communications by the NSA's PRISM program, (2) require public reports on the use of FISA surveillance, (3) require declassification of significant FISA Court opinions, and (4) create a public advocate at the FISA Court. In 2012, EPIC testified before the House Judiciary Committee on the need for public reports and the declassification of significant FISC opinions. In 2013, EPIC filed a petition with the Supreme Court, alleging that the bulk collection of telephone record was unlawful. For more information, see EPIC: FISA Reform and In re EPIC.

Tags:

Posted by EPIC on May 5, 2014 5:59 PM | | TrackBacks (0)

May 7, 2014

EPIC Sues Army for Information About DC Surveillance Blimps

EPIC has filed a Freedom of Information Act lawsuit against the Department of the Army for documents about JLENS, a sophisticated surveillance system that will be deployed over Washington, DC during the next three years. JLENS is comprised of two 250' blimps. One blimp conducts aerial and ground surveillance over a 340-mile range, while the other has targeting capability including HELLFIRE missiles. The JLENS was originally deployed in Iraq. In the FOIA request, EPIC asked the Army for technical specifications as well as any policies limiting domestic surveillance. EPIC has urged Congress to establish privacy safeguards for aerial drones. For more information, see EPIC: EPIC v. Army - Surveillance Blimps, EPIC: Drones - Unmanned Aerial Vehicles, and EPIC Spotlight on Surveillance (2005) - "Unmanned Planes Offer New Opportunities for Clandestine Government Tracking."

Tags:

Posted by EPIC on May 7, 2014 10:00 AM | | TrackBacks (0)

May 8, 2014

EPIC's Snapchat Privacy Complaint Results in 20-Year FTC Consent Order

Following a 2013 EPIC complaint, the FTC has signed a consent order with Snapchat, the publisher of a mobile app that encourages user to share intimate photos and videos. Snapchat claimed that pictures and videos would "disappear forever." However, the images could be retrieved by others. As EPIC wrote in the complaint "Snapchat photos and videos remain available to others even after users are informed that the photos and videos have been deleted." In announcing the settlement, FTC Chairwoman Edith Ramirez said, "If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action." Under the settlement, Snapchat will be subject to 20 years of privacy audits, and will be prohibited from making false claims about its privacy policies. EPIC pursued similar claims involve false promises about data deletion with AskEraser. The FTC will be accepting Public Comments on the proposed Snapchat consent order. For more information, see EPIC: In re Google, EPIC: In re Facebook and EPIC: FTC.

Tags:

Posted by EPIC on May 8, 2014 2:26 PM | | TrackBacks (0)

May 9, 2014

Privacy Case Moves Forward Against Facebook and Zynga

The Ninth Circuit found that the companies may have violated Facebook's privacy policies when they disclosed user information for advertising purposes. Separately, the court ruled that there was no violation of the Electronic Communications Privacy Act because the data disclosed (including Facebook IDs and HTTP referers) is not "contents" of a communication. Congress is set to consider several ECPA reforms, and could fix the court's ruling by making clear that the law prevents the disclosure of personally identifiable information. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Facebook Privacy.

Tags:

Posted by EPIC on May 9, 2014 9:42 AM | | TrackBacks (0)

May 12, 2014

"Fees, Fee Waivers and Other Administrative Matters"

"Fees, Fee Waivers and Other Administrative Matters"

Ginger McCall,
Director, EPIC Open Government Project

American Society of Access Professionals
Arlington, VA
May 12, 2014

Posted by EPIC on May 12, 2014 10:17 AM | | TrackBacks (0)

"Demistifying Urban Legends about Requesters"

"Demistifying Urban Legends about Requesters"

Ginger McCall,
Director, EPIC Open Government Project

American Society of Access Professionals
Arlington, VA
May 12, 2014

Posted by EPIC on May 12, 2014 10:19 AM | | TrackBacks (0)

May 14, 2014

Joint Hearing Education Committee and Select Committee on Privacy: Ensuring Student Privacy in the Digital Age

Joint Hearing Education Committee and Select Committee on Privacy: Ensuring Student Privacy in the Digital Age

Khaliah Barnes,
Director, EPIC Student Privacy Project

California State Assembly

Sacramento, CA
May 14, 2014

Posted by EPIC on May 14, 2014 10:20 AM | | TrackBacks (0)

May 16, 2014

Legal, Regulatory and Legislative Challenges of the Broadband Revolution

Legal, Regulatory and Legislative Challenges of the Broadband Revolution

Alan Butler,
EPIC Appellate Advocacy Counsel

Minnesota Bar Association
Minneapolis, MN
May 16, 2014

Posted by EPIC on May 16, 2014 10:22 AM | | TrackBacks (0)

May 19, 2014

Student Data Privacy: Politics and Practicalities

Student Data Privacy: Politics and Practicalities

Khaliah Barnes,
Director, EPIC Student Privacy Project

Education Writers Association
Nashville, TN
May 19, 2014

Posted by EPIC on May 19, 2014 10:24 AM | | TrackBacks (0)

May 12, 2014

New Documents Reveal Close Ties Between NSA and Tech Companies, PBS Special to Air

New e-mails obtained under the Freedom of Information Act reveal former NSA Director Keith Alexander's close communication with technology companies regarding emerging cybersecurity threats. The CEOs of Google, Apple, Microsoft, and other technology companies were invited to classified briefings as part of the "Enduring Security Framework," a government initiative focused on sharing "cyber threat information with the private sector." EPIC previously sued the NSA to obtain records about the agency's collaboration with Google on cybersecurity, following the China hack in January 2010. In that case, the NSA refused to confirm or deny the existence of any records responsive to EPIC's request. EPIC had previously urged Google to routinely encrypt cloud-based services. PBS Frontline begins a two-part special this week that explores NSA surveillance and the role of tech companies. For more information, see EPIC v. NSA: Google/NSA Relationship and EPIC: Cybersecurity.

Tags:

Posted by EPIC on May 12, 2014 3:52 PM | | TrackBacks (0)

May 13, 2014

EU Court Rules Google Must Respect Right to Delete Links

The European Court of Justice has upheld the "right to be forgotten" and ruled that Google must delete links upon request concerning private life. The Court also determined that companies are subject to the EU Data Protection Directive and that jurisdiction extends to companies that set up a branch in an EU state. The Court said that since privacy is a fundamental right, it overrules the economic interests of the company and the public interest in access to the information. However this is not the case concerning one's activity in public life. EPIC has broadly supported the privacy rights of Internet users and the specific right to "expunge" information held by commercial firms. For more information, see EPIC - In re Facebook, EPIC - Expungement, and EPIC - G.D. v. Kenny.

Tags:

Posted by EPIC on May 13, 2014 9:35 AM | | TrackBacks (0)

EPIC Obtains Letter Concerning Justice Department Non-Investigation of Google Street View

Pursuant to the Freedom of Information Act, EPIC has obtained the closing letter from the Department of Justice to Google attorneys in the Street View matter. The letter briefly mentions Google's interception and collection of private Wi-Fi communications across the United States over several years. The disclosure of the activity occurred after a European data protection authority discovered that Google's "Street View" vehicles also captured private Wi-Fi data. More than 12 countries subsequently investigated Google's programs, and at least 9 countries found Google guilty of violating their laws. The letter from the DOJ states that US officials were aware that Google's "equipment collected 'payload' data, including contents of e-mail and Internet addresses typed by users," but the Department "decided not to seek charges" against Google for violating the Wiretap Act. The Ninth Circuit recently affirmed a federal court's decision to allow a class action lawsuit against Google to move forward for wiretap violations stemming from the Street View program. For more information, see EPIC: Investigations of Google Street View and EPIC: Joffe v. Google.

Tags:

Posted by EPIC on May 13, 2014 12:03 PM | | TrackBacks (0)

"Regulating Domestic Drones to Protect Privacy and Public Safety"

"Regulating Domestic Drones to Protect Privacy and Public Safety"

Marc Rotenberg,
EPIC President

Diane Rehm Show
WAMU / NPR
Washington, DC
May 13, 2014

Posted by EPIC on May 13, 2014 9:52 AM | | TrackBacks (0)

Press Groups Challenge Ban on Commercial Drones

Over a dozen news media organizations filed an amicus brief opposing the Federal Aviation Administration's ban on commercial drones. The ban was suspended earlier this year by an administrative judge. The news organizations argue that the ban violates the media’s First Amendment right of the press, however the rule concerns public safety not the content of speech or the identity of the speaker. EPIC, joined by over 100 organizations, previously petitioned the Federal Administration Agency to address the privacy issues raised by drones and the Agency agreed to do so. In response to a request for public comments last year, EPIC urged the Federal Aviation Administration to mandate minimum privacy standards for drone operators. For more information, see EPIC: Domestic Drones.

Tags:

Posted by EPIC on May 13, 2014 6:16 PM | | TrackBacks (0)

May 15, 2014

Senators Markey and Hatch Propose Student Privacy Legislation

Senator Edward Markey (D-Mass) and Senator Orrin Hatch (R-Utah) have proposed a "Protecting Student Privacy Act." The draft bill would "(1) requires that data security safeguards be put in place to protect sensitive student data that is held by private companies; (2) prohibits the use of students' personally identifiable information to advertise or market a product or service; (3) provides parents with the right to access the personal information about their children - and amend that information if it"s incorrect — that is held by private companies just as they would if the data were held by the school itself; (4) makes transparent the name of companies that have access to student information by directing school districts to maintain a record of all outside companies with which the school contracts; (5) minimizes the amount of personally identifiable information that is transferred from schools to private companies; [and] (6) ensures private companies cannot maintain dossiers on students in perpetuity by requiring the companies to later delete personally identifiable information." The legislation highlights many of the protections EPIC endorsed in its Student Privacy Bill of Rights. Senator Markey announced plans to introduce student privacy legislation earlier this year at EPIC's public panel on student privacy. For more information, see EPIC: Student Privacy.

Tags:

Posted by EPIC on May 15, 2014 3:22 PM | | TrackBacks (0)

May 16, 2014

EPIC Testifies on Student Privacy before California State Assembly

EPIC's Student Privacy Project Director Khaliah Barnes testified before the California State Assembly Education Committee and Select Committee on Privacy, on "Ensuring Student Privacy in the Digital Age." EPIC's testimony: (1) explained how the U.S. Education Department’s regulations encourage mass collection of student data; (2) described the privacy risks that students today face; (3) underscored the need for data security safeguards for states, schools, and private companies accessing student information; and (4) recommended that California adopt EPIC's Student Privacy Bill of Rights. Earlier this week, Senators Markey and Hatch proposed bipartisan student privacy legislation. For more information, see EPIC: Student Privacy.

Tags:

Posted by EPIC on May 16, 2014 4:05 PM | | TrackBacks (0)

May 20, 2014

Sprint Pays FCC A Record $7.5M For Violating Do Not Call

Sprint has reached a $7.5 million settlement with the Federal Communications Commission for violations of the Do Not Call national registry. It is the FCC's largest Do Not Call settlement ever. The settlement follows a 2011 consent decree between Sprint and the FCC which also arose out of complaints from Do Not Call registrants. Under the terms of the current settlement, Sprint must develop a compliance plan, and file two years of compliance reports with the Commission. Additionally, Sprint must designate a Do Not Call Compliance Officer and retrain all employees. EPIC has spent 20 years helping to establish and enforce the Telephone Consumer Protection Act. In 2002, EPIC and ten leading advocacy groups filed comments to both the FCC and the Federal Trade Commission, advocating the creation of the Do-Not-Call Registry. EPIC has also recommended that Congress establish a National Do Not Track registry for online consumers. For more information, see EPIC: Do Not Call Registry Timeline, EPIC: Illegal Sale of Phone Records, and EPIC: Federal Trade Commission.

Tags:

Posted by EPIC on May 20, 2014 2:33 PM | | TrackBacks (0)

Senate Judiciary Committee Hearing on FBI to Consider Drones, Facial Recognition

The Senate Judiciary Committee's oversight hearing of the FBI will take place of Wednesday, May 21. This is the first FBI oversight hearing since James Comey took over as Director. At the last oversight hearing, Director Mueller admitted that the FBI uses drones for domestic surveillance. The FBI promised to establish privacy guidelines but has failed to do so. The FBI has also failed to address the privacy implications of license plate readers and facial recognition technology. The FBI's Next Generation Identification program, a massive biometric system, is set to go fully operational this year; yet the agency has not established civil liberties safeguards. The database will employ facial recognition, iris recognition, and voice recognition. Documents obtained by EPIC under the FOIA indicate the agency is prepared to accept a 20% error rate for recognition techniques. For more information, see EPIC v. FBI - Next Generation Identification.

Tags:

Posted by EPIC on May 20, 2014 3:00 PM | | TrackBacks (0)

Consumer Reports: 85% of Shoppers Oppose Internet Ad Tracking

According to a recent study by Consumer Reports, consumers overwhelmingly object to having their online activities tracked for advertising purposes. The report found that 85% of consumers would not trade even anonymized personal data for targeted ads. Additionally, 76% of consumers said that targeted advertising adds "little or no value" to their shopping activities. For more information, see EPIC: Public Opinion on Privacy, EPIC: Privacy and Consumer Profiling, EPIC: Online Tracking and Behavioral Profiling, EPIC: Practical Privacy Tools.

Tags:

Posted by EPIC on May 20, 2014 6:09 PM | | TrackBacks (0)

May 22, 2014

Google Plans Advertising on Appliances, Including Nest Thermostat

In a letter to the Securities and Exchange Commission, Google announced plans to place targeted ads on Google-controlled appliances. Google wrote that "a few years from now, we and other companies could be serving ads and other content on refrigerators, car dashboards, thermostats, glasses, and watches, to name just a few possibilities." The proposal raises significant privacy concerns for the "Internet of Things." Earlier this year, EPIC warned the FTC about Google's acquisition of Nest Labs, makes of a smart thermostat, that "Google regularly collapses the privacy policies of the companies it acquires." Nonetheless, the Commission approved Google's acquisition without further review. For more information, see EPIC: In re: WhatsApp, EPIC: Google/Doubleclick and EPIC: FTC.

Tags:

Posted by EPIC on May 22, 2014 10:08 AM | | TrackBacks (0)

May 23, 2014

House Adopts Weakened NSA Reform Bill, Senators Now Look to Improve Privacy and Transparency Protections

The U.S. House of Representatives has voted to adopt a modified USA "FREEDOM" Act. The bill no longer prohibits bulk collection of communications records. Other key provisions were also removed. Senator Leahy said that the bill is "an important step towards reforming" surveillance authorities, but expressed disappointment that the current version "does not include some of the meaningful reforms contained in the original" bill. In 2013 EPIC filed a Petition to the Supreme Court seeking to end bulk collection of telephone call records. EPIC also testified before the House in 2012 that the FISA should not be renewed without adoption of new reporting requirements. For more information, see EPIC: FISA and EPIC: FISA Reform.

Tags:

Posted by EPIC on May 23, 2014 12:00 PM | | TrackBacks (0)

May 27, 2014

EPIC Defends Commercial Driver Privacy

EPIC has submitted comments on a proposed Commercial Driver's License Drug and Alcohol Clearinghouse. Under a new law, employers of commercial drivers will be required to report drug and alcohol test results to the Clearinghouse. Employers will also be required to check the database for test results on drivers. EPIC's comments urged the Transportation Department to: (1) require anyone reporting test results to immediately correct errors and notify employers and potential employers of the inaccurate data; (2) revoke Clearinghouse registration and access for those who fail to comply with Clearinghouse rules; (3) clarify that in addition to the administration petition process, individuals may still amend their records pursuant to the Privacy Act; and (4) implement privacy enhancing techniques like data deletion and anonymization. For more information, see EPIC: Workplace Privacy.

Tags:

Posted by EPIC on May 27, 2014 1:00 PM | | TrackBacks (0)

FTC Report on Data Brokers Fails to Address Consumer Privacy Concerns

The Federal Trade Commission has published "Data Brokers: A Call for Transparency and Accountability." The report follows from a FTC Investigation of the data broker industry. The report describes the unbounded collection of personal information about American consumers that is then widely sold in the private sector. The Commission recommended modest legislative changes and failed to address many of consumers' privacy concerns, including profiling and "scoring" of consumers. Commissioner Julie Brill issued a statement, calling for more substantial consumers safeguards. Senators Rockefeller and Markey have also introduced The Data Broker Accountability and Transparency Act of 2014 (DATA Act), which would regulate data brokers and other companies that profit from the sale of consumer information. In 2005, EPIC testified before the the House Commerce Committee on "Identity Theft and Data Broker Services" and Urged Congress to establish comprehensive regulation of the data broker industry following the disclosure that Choicepoint was selling personal information to criminals engaged in identity theft. For more information, see EPIC: Choicepoint, EPIC: Privacy and Consumer Profiling, and EPIC: FTC.

Tags:

Posted by EPIC on May 27, 2014 5:06 PM | | TrackBacks (0)

"Unstoppable Right/Left Convergence: Civil Liberties"

"Unstoppable Right/Left Convergence: Civil Liberties"

Marc Rotenberg,
EPIC President

Carnegie Institute
Washington, DC
May 27, 2014

Posted by EPIC on May 27, 2014 5:20 PM | | TrackBacks (0)

DHS Privacy Complaints Increase in 2013, Many Databases Kept Secret

The Department of Homeland Security Quarterly Report to Congress details programs and databases affecting privacy. According to the agency, DHS received 964 privacy complaints between September 1, 2013 and November 30, 2013. By contrast, DHS received 295 privacy complaints during the same period in 2011. According to the report, most DHS systems complies with Privacy Act notice requirements. However, the report also indicates that the DHS maintains many databases with personally identifiable information that lack required Privacy Act notices. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.

Tags:

Posted by EPIC on May 27, 2014 5:40 PM | | TrackBacks (0)

May 29, 2014

Federal Trade Commission Urges Court to Protect Student Privacy

The Federal Trade Commission is opposing the sale of student data in a bankruptcy proceeding for ConnectEDU. The company privacy policy promises it will give students "reasonable notice and an opportunity to remove personally identifiable information" from its website. The FTC said that the sale of student information "without reasonable notice to users and an opportunity to remove personal information would contradict the privacy statements originally made to users." The FTC letter also cites consent agreements with Snapchat, Google, and Facebook. Each of these consent orders was a result of an EPIC FTC complaint. Last year, EPIC filed an extensive complaint concerning Scholarships.com's business practices. The company encourages students to divulge sensitive medical, sexual, and religious information to obtain financial aid information. For more information, see EPIC: Student Privacy, EPIC: In re Google Buzz, EPIC: In re Facebook, and EPIC: Federal Trade Commission.

Tags:

Posted by EPIC on May 29, 2014 6:23 PM | | TrackBacks (0)

Report - Half of American Adults Data Hacked So far This Year

A new report finds that 432 million online accounts in the US have been hacked this year, concerning about 110 million Americans. In the last year, 70 million Target customers, 33 million Adobe users, 4.6 million Snapchat users, and potentially all 148 million eBay users had their personal information exposed by database breaches. Earlier this month, the President's science advisors found little risk in the continued collection of personal data. However, the FTC's recent report on data brokers warned that, "collecting and storing large amounts of data not only increases the risk of a data breach or other unauthorized access but also increases the potential harm that could be caused." Earlier, EPIC urged the White House to promote Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. For more information, see EPIC: Big Data and the Future of Privacy, EPIC: Identity Theft and EPIC: Choicepoint.

Tags:

Posted by EPIC on May 29, 2014 6:31 PM | | TrackBacks (0)

Search


About May 2014

This page contains all entries posted to epic.org in May 2014. They are listed from oldest to newest.

April 2014 is the previous archive.

June 2014 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3