« June 2014 | Main | August 2014 »

July 2014 Archives

July 7, 2014

The Digital Self: Current Issues in Privacy

The Digital Self: Current Issues in Privacy

Alan Butler,
EPIC Appellate Advocacy Counsel

Chautauqua Institution
Chautauqua, NY
July 7-9

July 1, 2014

Attorney General Supports Privacy Act Protections for E.U. Citizens

Speaking in Athens at a meeting between US and EU officials, Attorney General Eric Holder announced that the Obama Administration will work with Congress to extend Privacy Act protections to E.U. citizens. Mr. Holder stated, "the Obama Administration is committed to seeking legislation that would ensure that...EU citizens would have the same right to seek judicial redress for intentional or willful disclosures of protected information, and for refusal to grant access or to rectify any errors in that information, as would a U.S. citizen under the Privacy Act." EPIC has previously recommended that Privacy Act safeguards be extended to non-US persons. iIn 2012, EPIC also urged Congress to update the Privacy Act. In 2011, EPIC filed a "friend of the court" brief in the Supreme Court, arguing that the Privacy Act provides damages for mental and emotional harm. EPIC routinely submits comments to federal agencies, urging enforcement of Privacy Act protections. For more information, see EPIC: The Privacy Act of 1974 and EPIC: FAA v. Cooper.

FTC Releases 2014 Data Security Update, But Enforcement Questions Remain

The Federal Trade Commission has released the 2014 Privacy and Data Security Update. The report is "an overview of the FTC's enforcement, policy initiatives, and consumer outreach and business guidance in the areas of privacy and data security." In the report, the FTC explains that "If a company violates an FTC order, the FTC can seek civil monetary penalties for the violations." However, the FTC has consistently failed to enforce consent orders with Google, Facebook, and other companies that have engaged in unfair or deceptive trade practices. The Commission has also failed to modify proposed settlement agreements after seeking public comment. For more information, see EPIC: FTC, EPIC: Facebook Privacy, and EPIC: In re: Google Buzz.

July 3, 2014

Privacy Panel Backs PRISM Program

In a surprising report, the US Privacy and Civil Liberties Oversight Board has endorsed the US government's routine collection of the Internet activities of non-US persons, broadly referred to as the "PRISM Program." The NSA obtains this information from Internet companies located in the United States. The Board cited the value of the program and compliance with the law, but said little about the impact on non-US persons. EPIC opposed a similar program concerning the collection of domestic telephone records in a petition to the US Supreme Court last year. EPIC has also said that the collection of communications by the US should be subject to international privacy law, such as the International Covenant on Civil and Political Rights. It is anticipated that foreign countries will continue to transfer cloud-based services away from US firms because of the lax privacy safeguards in the United States. For more information, see EPIC: In re EPIC and EPIC: International Privacy Standards.

July 7, 2014

23rd Annual Aspen Institute Roundtable on Information Technology

23rd Annual Aspen Institute Roundtable on Information Technology

Khaliah Barnes,
Director, EPIC Student Privacy Project
EPIC Administrative Law Counsel

Aspen Institute
Aspen, CO
July 7 - 10, 2014

July 3, 2014

Congress May Cut Funding For Surveillance Blimps Over DC

The Department of the Army is seeking $54 million to fund the Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System, or JLENS. The request is part of the Fiscal Year 2015 Defense Budget that Congress is currently considering. The system consists of long-range surveillance technologies and targeting capabilities including HELLFIRE missiles. JLENS was originally deployed in war zones in Iraq and Afghanistan. The Army wants to test the system in Washington, DC, but the program has come under scrutiny by Congress because of cost overruns. EPIC recently filed a Freedom of Information lawsuit against the Army, seeking more information about the JLENS program. For more information, see EPIC: EPIC v. Army - Surveillance Blimps.

EPIC Challenges Facebook's Manipulation of Users, Files FTC Complaint

EPIC has filed a formal complaint to the Federal Trade Commission concerning Facebook's manipulation of users' News Feeds for psychological research. "The company purposefully messed with people's minds," states the EPIC complaint. EPIC has charged that the study violates a privacy consent order and is a deceptive trade practice. In 2012, Facebook subjected 700,000 users to an "emotional" test with the manipulation of News Feeds. Facebook did not get users' permission to conduct this study or notify users that their data would be disclosed to researchers. In the complaint, EPIC explained that Facebook's misuse of data is a deceptive practice subject to FTC enforcement. Facebook is also currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy. The consent decree resulted from complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. EPIC has asked the FTC to require that Facebook make public the News Feed algorithm. For more information, see EPIC: In re Facebook, EPIC: In re Facebook (Psychological Study), and EPIC: FTC.

July 8, 2014

EPIC Defends FOIA Victory in Federal Appeals Court

EPIC has filed a brief in response to an appeal by the Department of Justice in EPIC v. DHS, concerning the government policy to disrupt cellular networks. EPIC won a major FOIA victory when a federal district court ruled that the DHS could not withhold "SOP 303," a government procedure to shut down cellular phone service. EPIC sought the policy after authorities shut down cell phone service at a peaceful protest in San Francisco. The government argued it did not need to release the document to EPIC because it was a "law enforcement technique" and because it would endanger the physical safety of an individual. The federal court rejected those arguments and ordered that the document be disclosed to EPIC, pending a decision on the appeal. For more details, see EPIC v. DHS—SOP 303.

July 11, 2014

FTC Sues Amazon Over Billing for Childrens' In-App Purchases

The FTC has filed a lawsuit alleging that "Amazon.com, Inc. has billed parents and other account holders for millions of dollars in unauthorized in-app charges incurred by children." FTC Chairwoman Edith Ramirez said, "Amazon's in-app system allowed children to incur unlimited charges on their parents' accounts without permission. Even Amazon's own employees recognized the serious problem its process created." The FTC recently settled similar charges with Apple. In that case, the FTC charged Apple with "billing consumers for millions of dollars of charges incurred by children in kids' mobile apps without their parents' consent." Under the terms of the settlement, Apple must provide a refund for affected consumers and must change its billing practices to ensure that it has obtained express, informed consent from consumers before charging them for items sold in mobile apps. Previously, EPIC filed a complaint with the FTC over Amazon's collection of children's data. EPIC explained that Amazon was violating the Children's Online Privacy Protection Act by allowing children to post content, including personally identifiable information, without their parents' permission. EPIC currently has several complaints pending with the FTC. For more information, see EPIC: FTC.

July 16, 2014

Pew Research Publishes "Net Threats" Report

The Pew Research Internet Project has released a "Canvassing of Experts" that finds growing concerns about the future of the Internet. According to the report, current trends could "sharply disrupt the way the Internet works for many users." Among the threats identified: state censorship, surveillance, diminished user trust, commercialization and centralization. EPIC President Marc Rotenberg pointed to the growing concentration of the Internet industry and said "There should be many information sources, more distributed, and with less concentration of control....We need many more small and mid-size firms that are stable and enduring." For more information, see EPIC: Public Opinion on Privacy.

Global Survey: Widespread Opposition to US Communications Surveillance, Drones

A new survey from Pew Research finds overwhelming opposition to the US monitoring of emails and phone calls. There appears to be little variation by region or culture, with high levels of opposition found in countries in Europe, South America, Asia, and the Middle East. According to the survey "Global Opinions of U.S. Surveillance," the four countries that believe US surveillance is acceptable are the United States, the Philippines, India, and Nigeria. A related Pew Survey found widespread opposition to drone strikes. For more information, see EPIC: Public Opinion on Privacy.

Privacy Rights In the Age of Drones: The Role of States

"Privacy Rights In the Age of Drones: The Role of States"

Jeramie Scott,
EPIC National Security Counsel

Midwestern Legislative Conference
Omaha, NE
July 16, 2014

July 17, 2014

Following EPIC Complaint, Senator Seeks Investigation of Facebook User Manipulation Study

Senator Mark Warner has asked the Federal Trade Commission to investigate the legality of Facebook's emotional manipulation study. In a letter to the Commission, Senator Warner stated that "it is not clear whether Facebook users were adequately informed and given an opportunity to opt-in or opt-out." He asked the FTC to conduct an investigation to see "if this 2012 experiment violated Section 5 of the FTC Act or the 2011 consent agreement with Facebook," two issues raised in EPIC's earlier complaint. "The company purposefully messed with people's minds," wrote EPIC in a complaint to the Commission. EPIC charged that Facebook violated a consent decree that required the company to respect user privacy and also engaged in a deceptive trade practice. EPIC has asked the FTC to require that Facebook make public the News Feed algorithm. For more information, see EPIC: In re Facebook, EPIC: In re Facebook (Psychological Study), and EPIC: FTC.

July 18, 2014

EPIC Seeks Government Report about Security of Internet Voting

EPIC has filed a Freedom of Information Act request with the Department of Defense for records detailing the security of online voting. The agency administers the Federal Voting Assistance Program, which has promoted online voting and provided funding to states for internet voting technology. Computer scientists have expressed concern about the reliability of these systems and privacy risks for voters. At a Congressional hearing in 2012, the agency promised to release the results of security tests it had conducted on voting software by December 2012. Because the agency has failed to make the test results public, EPIC has demanded these results, as well as related documents, be disclosed. For more information see: EPIC: Open Government and EPIC: Voting Privacy.

EPIC Uncovers Complaints from Education Department about Misuse of Education Records

EPIC has obtained documents from the Department of Education detailing parent and student complaints about the misuse of educational records. The Department released the documents in response to an EPIC Freedom of Information Act request. The documents reveal that schools and districts have disclosed students' personal records without consent, possibly in violation of the Family Educational Rights and Privacy Act. The documents also reveal that the Department failed to investigate many FERPA complaints. EPIC is expecting to receive more documents about the agency’s enforcement of the federal student privacy law. For more information, see EPIC: Student Privacy and EPIC: Open Government.

EPIC Files Lawsuit For Details of Government Profiling System

EPIC has filed a Freedom of Information Act lawsuit about a controversial government data mining program, operated by the Department of Homeland Security. The "Analytical Framework for Intelligence" contains a vast amount of sensitive personal information obtained from government agencies and the private sector. The system is used by the DHS for link analysis, anomaly detection, pattern analysis, and predictive modeling. The system also incorporates "risk assessment" scores from the Automated Targeting System also operated by the DHS. EPIC has urged the suspension of the risk assessment system, arguing that the use of such factors as race and nationality in a government database is unconstitutional. The case is EPIC v. Customs and Border Protection, No 14-1217 (D.D.C. filed 7/18/2014). For more information see: EPIC: Automated Targeting System, EPIC: Open Government and EPIC: EPIC v. Customs and Border Protection (Analytical Framework for Intelligence).

July 22, 2014

Privacy Lawsuit Against Google for Policy Change Moves Forward

A federal court in California has ruled that a class action privacy lawsuit against Google can continue. The plaintiffs are Android users who sued Google in 2012 after the company consolidated user data across many separate services, including Gmail, Google+, and Youtube. They allege that Google concealed a plan to modify its privacy policies and also that Google violated the privacy policy for GooglePlay. After dismissing similar claims, the court held that the case may now go forward. In 2012, EPIC objected to the same change in Google's policy and urged the Federal Trade Commission to block the change because of a 2011 consent order in which Google agreed not to combine user data without user consent. After the FTC failed to act, EPIC sued the agency. Members of Congress, state Attorneys General, European Justice Officials, technical experts, and IT managers in government and the private sector also expressed concern about the 2012 Google policy change. For more information, see EPIC: EPIC v. FTC (Google Consent Order) and EPIC: FTC.

EPIC Urges Privacy Board to Address Concerns About 12333 Surveillance Authority

EPIC National Security Counsel Jeramie Scott has urged the Privacy and Civil Liberties Oversight Board to focus on surveillance conducted under Executive Order 12333. The Executive Order, signed in 1981, granted broad surveillance authority to the Intelligence Community with little oversight. The Order has enabled vast surveillance of Americans, but has received little attention. EPIC previously urged the Privacy Board to establish greater legal protection for metadata, increase safeguards for personal data, and minimize data collection. At the Board's first public meeting in 2012, EPIC recommended that the Board ensure Privacy Act adherence and investigate privacy concerns with the Fusion Center program, closed-circuit television surveillance, body scanners, surveillance drones, and Suspicious Activity Reporting. So far, the Privacy Board has focused almost entirely on "section 215" and "section 702" surveillance programs. For more information, See EPIC: Executive Order 12333.

July 25, 2014

EPIC Tells Congress FTC Does Not Enforce Consent Orders

EPIC has sent a letter to the House Committee on Oversight and Government Regulation stating that the Federal Trade Commission rarely enforces "Section 5" consent orders. EPIC also said that the Commission has never modified a consent order in response to public comments or required companies to implement the Consumer Privacy Bill of Rights. The Committee believed the Commission has gone too far to protect the privacy of American consumers. EPIC wrote "the opposite is true." Senator Rockefeller also wrote a letter, urging the Committee not to interfere in the FTC's "well-established legal authority." For more information, see EPIC: Wyndham Hotels and EPIC: FTC.

Obama Drone Order Fails to Safeguard Privacy

According to reports, President Obama is set to issue an executive order on drone privacy. The order would call for the development of voluntary best practices for the commercial use of drones. Senator Markey and Representative Welch immediately responded to the reports with a letter to the President urging "strong, enforceable rules - not voluntary best practices...." EPIC has testified in Congress in support of a comprehensive drone privacy law. EPIC called for drone legislation to include use limitations, data retention limitations, transparency, and public accountability. The Federal Aviation Administration agreed to address drone privacy issues after an EPIC-led coalition petitioned the agency two years ago. Last year, EPIC urged the agency to mandate minimum privacy standards for drone operators. For more information, see EPIC: Domestic Drones.

July 29, 2014

EPIC, Consumer Groups Challenge Facebook on Web Snooping

EPIC, along with a coalition of consumer groups, has urged the Federal Trade Commission to block Facebook's plan to collect users' web browsing history. Facebook recently announced plans to collect user data from sites all over the web. But the practice may violate a Federal Trade Commission order prohibiting Facebook from changing its business practices without users' express consent. The groups asked the FTC "to act immediately to notify the company that it must suspend its proposed change in business practices to determine whether it complies with current U.S. and EU law." EPIC has also filed a FOIA request, seeking the FTC's communications with Facebook about this change. For more information, see EPIC: Facebook Privacy, EPIC: Online Tracking and Behavioral Privacy, and EPIC: FTC.

Federal and State Wiretaps Up 5% in 2013 According to Annual Report, But Stats Don't Support FBI Claims of "Going Dark"

The Administrative Office of the U.S. Courts has issued the 2013 Wiretap Report, detailing the use of surveillance authorities by law enforcement agencies. This annual report, one of the most comprehensive issued by any agency, provides an insight into the debate over surveillance authorities and the use of privacy-enhancing technologies. In 2013, wiretap applications increased 5%, from 3,576 to 3,395. Authorities encountered encryption during 41 investigations, but encryption prevented the government from deciphering messages in only 9 cases. This statistic contradicts claims that law enforcement agencies are "going dark" as new technologies emerge. Of the 3,074 individuals arrested based on wiretaps in 2013, only 709 individuals were convicted based on wiretap evidence. EPIC has repeatedly called on greater transparency of FISA surveillance, citing the Wiretap Report as a model for other agencies. EPIC also maintains a comprehensive index of the annual wiretap reports and FISA reports. For more information, see EPIC: Title III Wiretap Orders, EPIC: Wiretapping, and EPIC: Foreign Intelligence Surveillance Act.

Senator Leahy Introduces Bill to End NSA Bulk Record Collection

Today Senator Patrick Leahy (D-VT), joined by Democratic and Republican Senators, introduced legislation to end the NSA's practice of collecting telephone records of Americans. Leahy described the bill as "the most significant reform of government surveillance authorities since Congress passed the USA PATRIOT Act 13 years ago." The USA Freedom Act would require require the government to specify specific "search terms" to obtain telephone record information. The government would have to demonstrate that it has a "reasonable, articulable suspicion" that the search term is associated with a foreign terrorist organization. The bill also requires a comprehensive transparency report for the use of FISA surveillance authorities. However, the bill exempts the FBI from certain reporting requirements. Civil liberties organizations support the bill. EPIC previously filed a Petition for Mandamus with the U.S. Supreme Court, seeking to end the bulk collection of American's phone records. EPIC's petition was supported by legal scholars, technical experts, and former members of the Church Committee. For more information, see In re EPIC and EPIC: FISA Reform.

July 30, 2014

Senators Markey and Hatch Introduce Student Privacy Legislation

Today, Senators Edward Markey (D-MA) and Orrin Hatch (R-UT) introduced legislation to require privacy safeguards for education records and prohibit the use of student information for advertising purposes. The "Protecting Student Privacy Act of 2014" would give students the right to access and amend their records that are held by private companies. The bill also requires schools to minimize the amount of personally identifiable information transferred to private companies. The bill requires companies to destroy student information "when the information is no longer needed for the specified purpose." The bill incorporates many of the proposals EPIC set out in the Student Privacy Bill of Rights. Senator Markey announced plans to introduce student privacy legislation earlier this year at EPIC's public panel on student privacy. For more information, see EPIC: Student Privacy.

July 31, 2014

DC Circuit Rules for EPIC in Case Against NSA, Vacates Lower Court Ruling That Secret Order Is Not Subject to FOIA

The U.S. Court of Appeals for the D.C. Circuit ruled in favor of EPIC today in a Freedom of Information Act case seeking the full text of National Security Presidential Directive 54, a previously-secret Presidential order granting the government broad authority over cybersecurity matters. EPIC successfully obtained the Directive from the NSA, and the DC Circuit has vacated the lower court’s Fall 2013 ruling that NSPD-54 was not an “agency record” subject to the FOIA. The Directive also includes the Comprehensive National Cybersecurity Initiative and evidences government efforts to enlist private sector companies to assist in monitoring Internet traffic. EPIC has several related FOIA cases against the NSA pending in federal court. For more information, see EPIC v. NSA: NSPD-54 Appeal and EPIC: Freedom of Information Act Cases.

About July 2014

This page contains all entries posted to epic.org in July 2014. They are listed from oldest to newest.

June 2014 is the previous archive.

August 2014 is the next archive.

Many more can be found on the main index page or by looking through the archives.