« September 2014 | Main | November 2014 »

October 2014 Archives

October 2, 2014

OECD Forum of the Knowledge Economy

OECD Forum of the Knowledge Economy

Marc Rotenberg,
EPIC President

Ministry of Internal Affairs
and Communications
Tokyo, Japan
October 2, 2014

Posted by EPIC on October 2, 2014 11:24 AM | | TrackBacks (0)

October 14, 2014

International Working Group on Data Protection and Telecommunications

International Working Group on Data Protection and Telecommunications

Marc Rotenberg,
EPIC President

Bundesrat
Berlin, Germany
October 14-15, 2014

Posted by EPIC on October 14, 2014 11:25 AM | | TrackBacks (0)

October 27, 2014

OECD Experts on International Security Guidelines

OECD Experts on International Security Guidelines

Marc Rotenberg,
EPIC President

OECD
Paris, France
October 27, 2014

Posted by EPIC on October 27, 2014 11:27 AM | | TrackBacks (0)

October 30, 2014

Maine Judicial Conference

Maine Judicial Conference

Ginger McCall,
Director, EPIC Open Government Program

Rockport, ME
October 30-31

Posted by EPIC on October 30, 2014 10:00 AM | | TrackBacks (0)

October 2, 2014

Fourth Amendment & Privacy in the Digital Age: The Supreme Court's Cell Phone Cases and What's Next

Fourth Amendment & Privacy in the Digital Age: The Supreme Court's Cell Phone Cases and What's Next

Alan Butler,
EPIC Senior Counsel

DC Bar
Washington, D.C.
October 2, 2014

Posted by EPIC on October 2, 2014 10:31 AM | | TrackBacks (0)

October 17, 2014

The Year in Government Information: NSA Revelations, FOIA Developments, and More

The Year in Government Information: NSA Revelations, FOIA Developments, and More

Alan Butler,
EPIC Senior Counsel

ABA Administrative Law Conference 2014
Washington, D.C.
October 17, 2014

Posted by EPIC on October 17, 2014 11:15 AM | | TrackBacks (0)

October 2, 2014

California Enacts Comprehensive Student Privacy Law

California has passed the "Student Online Personal Information Protection Act," a comprehensive student privacy law. Among other provisions, the new law: (1) prohibits K-12 mobile and online service operators from using student information to target advertisements to students; (2) prohibits online service providers from creating K-12 student profiles for commercial purposes; and (3) forbids companies from selling student information. The law also requires K-12 mobile and online service operators to establish security measures and to delete student information at the request of a school or district. California also passed a law requiring schools that outsource student records to include privacy in contracts, and a law governing school social media monitoring programs. The Student Online Personal Information Protection Act incorporates many proposals EPIC outlined in the Student Privacy Bill of Rights. For more information, see EPIC: Student Privacy, EPIC: EPIC v. Education Dept., and EPIC: Echometrix.

Tags:

Posted by EPIC on October 2, 2014 11:30 AM | | TrackBacks (0)

EPIC v. CIA: EPIC Seeks Details of CIA Surveillance of Congress

EPIC has filed a Freedom of Information Act lawsuit against the Central Intelligence Agency for the Inspector General's report on the CIA's spying on a key Congressional oversight committee. The EPIC lawsuit follows from reports that that the CIA infiltrated a a computer network used by Senate staff to investigate the agency's detention and interrogation program. Senator Dianne Feinstein, Chair of the Senate Intelligence Committee, stated that the CIA's conduct raised far-reaching concerns about Constitutional separation of powers, and violations of computer crime and wiretapping laws. The CIA subsequently confirmed that the CIA's Inspector General had conducted an investigation and concluded the agency had "improperly" accessed Senate computers. EPIC sent a FOIA request to the CIA for the Inspector General's report but received no response. EPIC has sued for public release of the report. For more information, see: EPIC: EPIC v. CIA - CIA Spying on Congress.

Tags:

Posted by EPIC on October 2, 2014 11:42 AM | | TrackBacks (0)

Facebook Responds to EPIC Complaint About "Emotions Study"

Facebook has announced revised guidelines concerning user data the company discloses to researchers. In 2012, Facebook subjected 700,000 users to an "emotional" test by manipulating their News Feeds. Facebook did not get users' permission to conduct this study or notify users that their data would be disclosed to researchers. In response, EPIC filed a formal complaint to the Federal Trade Commission. "The company purposefully messed with people's minds," states the EPIC complaint. EPIC has also asked the FTC to require that Facebook make public the News Feed algorithm. Facebook is also currently under a 20 year consent decree from the FTC that requires Facebook to protect user privacy, as a result of complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. The new guidelines have improved Facebook's research process, but they still raise questions about human subject testing by advertising companies. EPIC still believes the NewsFeed algorithm should be made public. For more information, see EPIC: In re: Facebook (Psychological Study) and EPIC: Federal Trade Commission.

Tags:

Posted by EPIC on October 2, 2014 6:24 PM | | TrackBacks (0)

Department of Homeland Security Releases 2014 Privacy Report

The Department of Homeland Security released the 2014 Privacy Office Annual Report to Congress. The report describes a joint review conducted with the European Commission regarding the transfer of EU Passenger Name Records to the US. The European Commission found the redress mechanisms were lacking for passengers denied boarding. The Commission also found that DHS would often review passenger records without a legal reason. The Annual Report describes the sixth Compliance Review of the department’s social media monitoring program. The review found that the DHS began collecting GPS and geo-location of Internet users without assessing or mitigating the privacy risks. In 2012, EPIC obtained FOIA documents revealing that the Department of Homeland Security monitored social media for political dissent. For more information, see EPIC: EU-US Airline Passenger Data Disclosure and EPIC: EPIC v. DHS - media monitoring.

Tags:

Posted by EPIC on October 2, 2014 6:32 PM | | TrackBacks (0)

October 3, 2014

At OECD Global Forum, EPIC Urges "Algorithmic Transparency"

Speaking to delegates at the OECD Global Forum for the Knowledge Economy in Tokyo, EPIC President Marc Rotenberg urged OECD member countries to endorse "algorithmic transparency," the principle that data processes that impact individuals be made public. Mr. Rotenberg explained that companies are too secretive about what they collect and how they use personal data. Mr. Rotenberg also spoke about the growing risk of identity theft and cited the recent data breaches at Target, Home Depot, and JP Morgan, and urged OECD countries to update privacy laws. Earlier this year, EPIC submitted extensive comments on the White House's review of "Big Data and the Future of Privacy." EPIC called for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. For more information, see EPIC - Big Data, The Public Voice, CSISAC.

Tags:

Posted by EPIC on October 3, 2014 11:04 AM | | TrackBacks (0)

October 7, 2014

NSA Releases "12333" Report, Fails to Address Bulk Collection

The NSA released a privacy report on its surveillance activities under 12333, an Executive Order that provides broad authority for data collection. But the report only addresses a narrow aspect of the EO 12333 collection - protections for U.S. persons in the context of targeted signal intelligence activities. The report fails to address bulk collection or privacy protections for non-U.S. persons. A previously disclosed internal audit revealed that the NSA violated both legal rules and privacy restrictions thousands of times each year since 2008. Another document shows how NSA analysts are trained to avoid giving "extraneous information" to their "FAA overseers" when they want to target an individual. The NSA privacy report did not address these previous violations. Earlier this year, EPIC urged the Privacy and Civil Liberties Oversight Board to review the surveillance activities conducted under EO 12333. EPIC is also pursuing several FOIA matters to learn more about the use of 12333 authorities. For more information, see EPIC: Executive Order 12333.

Tags:

Posted by EPIC on October 7, 2014 2:09 PM | | TrackBacks (0)

October 10, 2014

Supreme Court Strikes Down Voter ID Law

The US Supreme Court has ruled that officials in Wisconsin may not requires voters to present photo ID before voting in an upcoming election. A federal court in Texas also struck down a state voter ID requirement saying it disproportionately burdened minority voters. In 2007 EPIC raised similar arguments in an amicus brief for the US Supreme Court in Crawford v. Marion County. EPIC said of the Indiana ID law, “Not only has the state failed to establish the need for the voter identification law or to address the disparate impact of the law, the state’s voter ID system is imperfect, and relies on a flawed federal identification system.” The Supreme Court upheld the law. Justice Souter dissented, saying “this statute imposes a disproportionate burden upon those without” government-issued photo IDs. For more information, see EPIC: Voter Photo ID and Privacy and EPIC: Voting Privacy.

Tags:

Posted by Julia Horwitz on October 10, 2014 10:40 AM | | TrackBacks (0)

October 14, 2014

Japan Adopts "Right to Be Forgotten"

A Japanese court has ordered Google to delete about half of the search result for a man linked to a crime he didn't commit. Judge Nobuyuki Seki of the Tokyo District Court said that the search results "infringe personal rights," and had harmed the plaintiff. A recent poll also found that 61 percent of Americans favor the EU Court of Justice decision regarding the right to be forgotten. And Canada is now debating the establishment of a similar legal right. For more information, see EPIC: Right to Be Forgotten, EPIC: Public Opinions and Privacy, and EPIC: Expungement.

Tags:

Posted by EPIC on October 14, 2014 9:57 AM | | TrackBacks (0)

Italy Launches Internet Bill of Rights

The Italian Parliament has proposed a Declaration of Internet Rights. The Declaration addresses a wide range of issues including Internet Access, Protection of Personal Data, Anonymity, the Right to be Forgotten, and Internet Governance. Italy, currently chair of the European Council, plays a leading role in European Union policy in 2014 and has made progress on data protection as a top priority. EPIC spoke earlier this year to the Italian Parliament about the need for a strong framework to protect the rights of Internet users. For more information, see Civil Society Seoul Declaration and Madrid Privacy Declaration.

Tags:

Posted by EPIC on October 14, 2014 11:45 AM | | TrackBacks (0)

October 20, 2014

"An Evening Not to be Forgotten"

"An Evening Not to be Forgotten"

John Tran,
EPIC Open Government Fellow

Georgetown University
Washington, D.C.
October 20, 2014

Posted by EPIC on October 20, 2014 1:43 PM | | TrackBacks (0)

October 15, 2014

EPIC Obtains New Documents About Lack of Student Privacy Enforcement

EPIC has obtained new documents from the Department of Education detailing parent and student complaints about the misuse of education records. The Department released the documents in response to an EPIC Freedom of Information Act request. EPIC is expecting to receive more documents about the agency's enforcement of the Family Educational Rights and Privacy Act. Other documents that EPIC has uncovered reveal that schools and districts have disclosed students' personal records without consent, possibly in violation of the federal student privacy law. The documents also reveal that the Department failed to investigate many FERPA complaints. For more information, see EPIC: Department of Education's FERPA Enforcement, EPIC: Student Privacy, and EPIC: Open Government.

Tags:

Posted by EPIC on October 15, 2014 2:10 PM | | TrackBacks (0)

October 17, 2014

Data Protection Commissioners Urge Limits on "Big Data"

The International Data Protection Commissioners have adopted a resolution on Big Data. The resolution endorses several privacy safeguards, including purpose specification, data minimization, individual data access, anonymization, and meaningful consent when personal data is used for big data analysis. The data protection commissioners also passed a resolution supporting the UN High Commissioner's report on Privacy in the Digital Age and the Mauritius Declaration on the Internet of Things. Earlier this year, EPIC joined by 24 organizations petitioned the White House to accept public comments on its review of Big Data and the Future of Privacy. EPIC also submitted extensive comments detailing the privacy risks of big data and calling for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. For more information, see EPIC: Big Data and EPIC: Internet of Things.

Tags:

Posted by EPIC on October 17, 2014 1:48 PM | | TrackBacks (0)

Obama Issues Executive Order to Strengthen Consumer Privacy

President Obama signed an Executive Order today to Improve the Security of Consumer Financial Transactions. The Order will require enhanced security features for government financial transactions, including chip-and-PIN technology which has greatly reduced financial fraud and identity crimes in Europe. The Executive Order states that "the Government must further strengthen the security of consumer data and encourage the adoption of enhanced safeguards nationwide in a manner that protects privacy and confidentiality..." The White House also announced a series of measures to safeguard consumer financial security, including more secure payment systems, efforts to reduce identity theft and support "algorithmic transparency." EPIC has endorsed many of these proposals. The White House also announced a summit on cybersecurity and consumer protection. For more information, see EPIC: "Cybersecurity and Data Protection in the Financial Sector" (House 2011), EPIC: "Cybersecurity and Data Protection in the Financial Sector" (Senate 2011), and EPIC: Identity Theft.

Tags:

Posted by EPIC on October 17, 2014 2:46 PM | | TrackBacks (0)

October 20, 2014

Supreme Court to Rule on Privacy of Hotel Records

Today the Supreme Court agreed to hear Los Angeles v. Patel, a challenge to a local ordinance that allows police to inspect hotel guest registries without a warrant or judicial supervision. A federal appeals court ruled that the LA law was "facially" unconstitutional because the authority could violate the Fourth Amendment. The Supreme Court will consider both the scope of privacy protections for hotel guests and also whether the Fourth Amendment prohibits laws that allow unlawful searches. The second issue has far-reaching consequences because many recent laws authorize the police searches without judicial review. Thus far, courts have only considered "as applied" challenges on a case-by-case basis. EPIC will likely file an amicus brief in the Supreme Court case in support of the decision of the federal appeals court. For more information, see EPIC: Los Angeles v. Patel and EPIC: Amicus Briefs.

Tags:

Posted by EPIC on October 20, 2014 11:52 AM | | TrackBacks (0)

October 21, 2014

Freedom of Information Act Modernization Federal Advisory Committee Meeting

Freedom of Information Act Modernization Federal Advisory Committee Meeting

Ginger McCall,
Director, EPIC Open Government Project

National Archives
Washington, D.C.
October 21, 2014

Posted by EPIC on October 21, 2014 1:46 PM | | TrackBacks (0)

EPIC Urges Department of Transportation to Protect Driver Privacy

EPIC has submitted detailed comments to the National Highway Traffic Safety Administration, urging the agency to protect driver privacy for "vehicle-to-vehicle" (V2V) technology. The technology transmits data between vehicles to "facilitate warnings to drivers concerning impending crashes." NHTSA is in the initial stages of mandating vehicle-to-vehicle technology. EPIC's comments pointed to several privacy and security risks with V2V techniques. EPIC urged NHTSA to "complete a more detailed privacy and security assessment of V2V communications" and to: "(1) not collect PII without the express, written authorization of the vehicle owner; (2) ensure that no data will be stored either locally or remotely; (3) require end-to-end encryption of V2V communications; (4) require end-to-end anonymity; and (5) require auto manufacturers to adhere to the Consumer Privacy Bill of Rights." Last year EPIC, joined by a coalition of consumer privacy organizations and members of the public, urged NHTSA to protect driver privacy and establish privacy safeguards for car "black boxes." For more information, see EPIC: Event Data Recorders and EPIC: Internet of Things.

Tags:

Posted by EPIC on October 21, 2014 4:08 PM | | TrackBacks (0)

October 23, 2014

New Report Reviews Progress on Signals Intelligence Reform

The Office of the Director of National Intelligence has released the first report on the implementation of Presidential Policy Directive 28. In January, the President proposed a revised policy for foreign signals intelligence. Under the revised directive, PPD-28, intelligence agencies are required to "review and update" their policies and "establish new ones as necessary" to safeguard personal information collected through signals intelligence. Signals intelligence activities must also be "as tailored as feasible," and there must be limitations on the querying, use, dissemination, and retention of personal information. The report states that all intelligence agencies in place by January 17, 2015, one year after the President's speech. EPIC previously challenged the NSA's bulk collection of domestic and international call detail records. EPIC has also filed Freedom of Information Act requests with the NSA and other intelligence agencies elements seeking disclosure of current procedures regarding surveillance conducted under Executive Order 12333. For more information, see EPIC: EO 12333 and In re EPIC.

Tags:

Posted by EPIC on October 23, 2014 4:06 PM | | TrackBacks (0)

EPIC Recommends Research on "Privacy Enhancing Technologies"

In comments to a federal agency developing a privacy research agency, EPIC expressed support for Fair Information Practices and the Consumer Privacy Bill of Rights. EPIC also recommended research on Privacy Enhancing Technologies ("PETs") that "minimize or eliminate the collection of personally identifiable information." EPIC highlighted current privacy issues including identity theft, security breaches, financial fraud, and the increasing use of predictive analytics in big data analysis. Earlier this year, EPIC submitted comments on "Big Data and the Future of Privacy" and called for the end of opaque algorithmic profiling. The White House's subsequent report on Big Data and the Future of Privacy incorporated several recommendations from EPIC and other privacy organizations. For more information, see EPIC: Big Data and the Future of Privacy.

Tags:

Posted by EPIC on October 23, 2014 4:38 PM | | TrackBacks (0)

EPIC Spotlight: Domestic Drones, Surveillance, and the Privacy Risks

EPIC's Spotlight on Surveillance Project returns to focus attention on domestic drone surveillance. Congress recently mandated that the Federal Aviation Administration integrate drones into the National Airspace, raising concerns about both safety and privacy. The FAA has begun granting limited exemptions to the current ban on commercial drones. EPIC's Spotlight "Eyes in the Sky" examines the surveillance capabilities of drone technology and recommend comprehensive privacy legislation. EPIC has also testified in Congress in support of drone privacy law, urged the FAA to mandate minimum privacy standards, and pursued several significant FOIA cases. For more information, see EPIC's Spotlight on Surveillance on Drones and EPIC: EPIC v. Army (Surveillance Blimps).

Tags:

Posted by EPIC on October 23, 2014 4:48 PM | | TrackBacks (0)

October 30, 2014

"Privacy Act Conference"

"Privacy Act Conference"

Marc Rotenberg,
EPIC President

Khaliah Barnes,
EPIC Administrative Law Counsel

Georgetown Law Center Washington, D.C.
October 30, 2014
Cybercast
#PrivacyAct
#FOIAat40

Posted by EPIC on October 30, 2014 9:44 AM | | TrackBacks (0)

October 24, 2014

50 Organizations Urge Obama to Update Freedom of Information Act

EPIC has joined a coalition of more than 50 organizations that has asked President Obama to strengthen the Freedom of Information Act. "Only statutory reform and your public commitment to that reform will ensure the commitments you have made last beyond your presidency," the groups wrote. President Obama signed a memorandum in support of Open Government the day after he was inaugurated in 2009, but open government groups say he has not done enough to promote government transparency. The groups are now urging the President to commit to a "presumption of openness" and to endorse the "foreseeable harm" standard mandated by the Attorney General. The groups would also like to see the President support a narrowing of the communication privilege and end the withholding of documents more than 25 years old. Finally, the groups said that agencies that miss statutory deadlines should not charge fees and that the FOIA ombudsman should be strengthened. For more information, see EPIC: Open Government.

Tags:

Posted by EPIC on October 24, 2014 10:53 AM | | TrackBacks (0)

Senator Rockefeller Questions Whisper About Privacy Practices

Senator Rockefeller has asked Whisper to answer several questions about the company's practices and policies. Whisper said that it does not track users and that it respects users' decisions to opt out of geolocational tracking. But the Guardian revealed that Whisper tracks "the precise time and approximate location of all messages" and specifically tracks certain users the company deems "newsworthy." Senator Rockefeller, chair of the Senate Committee on Commerce has asked Whisper to explain its tracking, data retention, and disclosure practices. EPIC has several similar matters pending before the Federal Trade Commission. For more information, see EPIC: WhatsApp, EPIC: Snapchat, and EPIC: FTC.

Tags:

Posted by EPIC on October 24, 2014 1:41 PM | | TrackBacks (0)

FCC Levies $10 Million Fine Against Carriers for Breach of Consumer Privacy

The Federal Communications Commission announced today its largest privacy fines to date. The agency's first data security case stems from an investigation of TerraCome and YourTel American who "stored Social Security numbers, names, addresses, driver's licenses, and other sensitive information belonging to their customers on unprotected Internet servers that anyone in the world could access." The carriers will be fined $10 million for their breach of consumer privacy. Last month, the FCC reached a $7.4 million settlement with Verizon over privacy violations. EPIC previously urged the FCC to determine whether Verizon violated the Communications Act when it released consumer call detail information to the National Security Agency. Also, in response to a 2005 EPIC petition, the FCC strengthened privacy protections for telephone records, which EPIC defended in a "friend of the court" brief for the DC Circuit, establishing support for opt-in privacy safeguards. For more information, see EPIC: NCTA v. FCC (Concerning privacy of CPNI) and In re EPIC (NSA Telephone Records Surveillance).

Tags:

Posted by EPIC on October 24, 2014 3:45 PM | | TrackBacks (0)

October 29, 2014

EPIC Launches FOIA.ROCKS

EPIC has launched a new web site - FOIA.ROCKS - to celebrate Open Government and the Freedom of Information Act. The site includes links to several current FOIA initiatives, including a coalition letter to President Obama on FOIA reform, recommendation for model FOIA regulations and a new recommendation from EPIC to the FOIA ombudsman on the problem for FOIA requesters of "Administrative closure." For more information, see EPIC: Open Government.

Tags:

Posted by EPIC on October 29, 2014 4:54 PM | | TrackBacks (0)

Search


About October 2014

This page contains all entries posted to epic.org in October 2014. They are listed from oldest to newest.

September 2014 is the previous archive.

November 2014 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3