« February 2016 | Main | April 2016 »

March 2016 Archives

March 1, 2016

EPIC Files Brief in Suit Over Faulty Background Checks

EPIC has filed an amicus brief in Smith v. LexisNexis Screening Solutions. The case was brought by a job applicant who was denied employment after a background report incorrectly stated that he had a criminal record. A court found that LexisNexis had violated Fair Credit Reporting Act by failing to take reasonable steps to ensure "maximum possible accuracy" in the report. LexisNexis appealed. In the amicus brief, EPIC highlighted the industry practice of selling background reports with inaccurate information. EPIC argued that companies should be strictly liable when they fail to maintain accuracy in these reports. In 2005, EPIC filed a famous FTC complaint about the data broker ChoicePoint, which ultimately led to a $10 million dollar settlement.

Diffie, Hellman Win Turing Award for Public Key Encryption

Whitfield Diffie and Martin Hellman have received the 2016 Turing Award for the discovery of public key encryption, the cornerstone of network security. The award is named for Alan Turing, a computer scientist who helped pioneer modern computing and broke the German Enigma code, hastening the end of the Second World war. The Turing award is considered the Nobel Prize of computer science and is given for major contributions of lasting importance by the Association of Computing Machinery. Diffie, a member of the EPIC Advisory Board, was one of the founders of the Electronic Privacy Information Center and received the EPIC Lifetime Achievement Award in 2012.

March 2, 2016

TSA Ignores Federal Court, Public Comments and Mandates Airport Body Scanners

The Transportation Security Administration has issued a final rule on airport body scanners, nearly five years after the D.C. Circuit Court of Appeals ordered the agency to "promptly" solicit public comments on the controversial scanners. In 2011, EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. Despite public comments that overwhelmingly favor less invasive security screenings, the agency will continue to use invasive body scanners at airports. The agency also states that it may mandate airport body scanners. EPIC and 25 organizations have urged Congress to hold a hearing on TSA's decision to end the opt-out for airport body scanners. The agency previously informed the D.C. Circuit that the body scanner program was optional. The Court concluded because "any passenger may opt-out of AIT screening in favor of a patdown" there was no violation of the Fourth Amendment.

Bill to Establish Digital Security Commission Introduced in House

Rep. Lieu (D-CA) has cosponsored bipartisan legislation to create a Digital Security Commission that will explore how law enforcement should pursue investigations without undermining constitutional privacy protections or American competitiveness. Rep. Lieu emphasized, "strong national security and a strong economy requires strong encryption." The legislation comes as Apple opposes a court order to compromise iPhone security to allow government access. Congressman Lieu called upon "the FBI and DOJ to withdraw their coercive demands of Apple and allow the democratic process to work." In 2015, EPIC gave the Champion of Freedom Award to Apple CEO, Tim Cook, for his work protecting privacy and promoting encryption.

March 3, 2016

EPIC Files Brief in Support of Apple and Consumers in FBI iPhone Case

Today EPIC filed a "friend of the court" brief, joined by eight other consumer privacy organizations, in support of Apple's challenge in the FBI iPhone case. In Apple v. FBI, EPIC argued that the "security features in dispute in this case were adopted to protect consumers from crime." EPIC explained that an order to compel Apple to take extraordinary measures to undo these features places at risk millions of cell phone users across the United States. EPIC routinely files amicus briefs in cases that raise novel privacy and civil liberties issues. EPIC has filed two briefs in the United States Supreme Court in the past year in cases concerning consumer privacy and also the Fourth Amendment.

March 4, 2016

DHS Privacy Office Releases 2015 Data Mining Report

The Department of Homeland Security has released the 2015 Annual Data Mining Report. The report describes several of the Agency's profiling systems that assign secret "risk assessments" to U.S. citizens. EPIC recently prevailed in a FOIA case involving a controversial DHS passenger screening program, the "Analytic Framework for Intelligence." In EPIC v. USCG, another case concerning a DHS profiling program, EPIC uncovered records about a program to track boaters operating in US waters in which DHS stated that boaters "have no expectation of privacy." The 2015 DHS report indicates expansion of agency profiling programs, including the "Automated Targeting System."

March 7, 2016

EPIC, Consumer Privacy Groups Urge FCC to Protect Consumer Privacy

EPIC, joined by nearly a dozen consumer privacy groups, submitted a letter to the FCC reviewing the invasive consumer tracking and consumer profiling practices of Internet service providers (ISPs), which "underscore the imperative for the FCC to exercise the full extent of its rulemaking authority to protect consumer privacy." The letter explained why encryption and virtual private networks ("VPNs") are insufficient to protect consumers from ISP surveillance. The letter described how the Federal Trade Commission's reactive, "notice and choice" approach to privacy fails to provide meaningful protections for consumers. EPIC previously urged the FCC to undertake a broad rulemaking on "the full range of communications privacy issues facing US consumers." EPIC has worked with the FCC to promote consumer privacy in the communications field for more than 20 years.

March 8, 2016

New Congressional Report Explores Legal Issues Regarding Compelled Decryption

"Encryption: Selected Legal Issues," a new report from the Congressional Research Service, explores two important legal questions that arise from government requests for compelled decryption: the Fifth Amendment right agains self-incrimination and the scope of the All Writs Act, the federal statute at issue in Apple v. FBI. EPIC filed a "friend of the court" brief, joined by eight other consumer privacy organizations, in support of Apple's challenge in the FBI iPhone case, pointing to the increased risk of cell phone theft and financial fraud that would result from compelled encryption.

March 10, 2016

FCC Reaches Settlement with Verizon over Hidden "Super Cookies"

The Federal Communications Commission reached a settlement with Verizon Wireless for its practice of placing hidden, undeletable "super cookies" on customers' smartphones without their knowledge or consent. The settlement requires Verizon to notify its customers of its targeted advertising practices and to obtain opt-in consent before sharing consumer data with third parties. Verizon must also pay a $1.35 million fine. EPIC has recently urged the FCC to undertake a broad rulemaking on communications privacy issues facing consumers, including the invasive and ubiquitous tracking practices of ISPs. EPIC has also urged the Federal Trade Commission to limit the use of persistent identifiers.

FCC to Consider Privacy Rules for ISPs

The FCC will consider a proposal for consumer privacy regulations on March 31st. According to a fact sheet, the rulemaking will "apply the privacy requirements of the Communications Act" to broadband internet access services (ISPs) but not Internet websites, search services, and social media platforms. While ISPs are engaged in invasive consumer tracking and profiling practices, focusing only on these providers misses a vast amount of data collection activities by other service providers. In a previous letter to the FCC, EPIC urged the Commission to establish a broad framework for communications privacy, based on Fair Information Practices. Separately, EPIC filed a petition with the FCC, joined by 29 organizations, to end the mandatory retention of consumer data.

March 11, 2016

EPIC Publishes 2016 FOIA Gallery

In celebration of Sunshine Week, a national recognition of public access to information, EPIC has unveiled the 2016 FOIA Gallery. Since 2001, EPIC has released annual highlights of EPIC's most significant open government cases. In 2015, EPIC obtained records on e-voting tests from the Department of Defense, a secret EU-US data transfer agreement, and a massive boater tracking program operated by the DHS. In the latest FOIA Gallery, EPIC also highlights the victory in EPIC v. DOJ a FOIA case concerning electronic surveillance reports, EPIC v. NSA about cyber surveillance, and EPIC's role as "friend of the court" in an open government case before the California Supreme Court.

March 14, 2016

EPIC to Testify before Pennsylvania Senate on Domestic Drone Surveillance

EPIC Domestic Surveillance Project Director Jeramie Scot will testify at a hearing on before the Pennsylvania Senate Majority on "Unmanned Aerial Vehicles." The hearing will address the private and public sector use of drones. In a prepared statement, EPIC’s Scott urges the Pennsylvania Senate to enact legislation to limit both law enforcement and commercial drone surveillance. EPIC states, “The increased use of drones to conduct various forms of surveillance must be accompanied by increased privacy protections.” EPIC previously sued the FAA for failing to establish federal privacy rules for commercial drones. EPIC v. FAA is pending before the D.C. Circuit.

Senate to Consider FAA Funding but Drone Privacy Safeguards Missing

On March 16, 2016 the Senate will consider the FAA Reauthorization bill. Senator John Thune introduced the legislation to fund the operations of the the federal agency responsible for aviation safety. The bill requires drone operators to post privacy policies, but provides no meaningful privacy safeguards that would limit surveillance by drone operators. EPIC has urged Congress and the FAA to establish real limits on surveillance by drones. EPIC also recommended that the FAA to establish a national database detailing the surveillance capabilities of commercial drones. And after the agency failed to establish privacy rules mandated by Congress, EPIC filed a lawsuit, EPIC v. FAA that is now pending before the DC Circuit Court of Appeals.

March 16, 2016

Senate Passes FOIA Reform Bill

The Senate has passed by unanimous consent the Freedom of Information Improvement Act of 2015. The bill, cosponsored by Senator Patrick Leahy (D-VT) and Senator John Cornyn (R-TX), requires federal agencies to operate under a "presumption of openness," and places time limits on the FOIA's Exemption 5. Senator Leahy said that the bill "will help open the government to the 300 million Americans it serves and ensure that future administrations place an emphasis on openness and transparency." The House passed a similar bill in January 2016. Differences between the two versions must now be reconciled before President Obama can sign the bill into law. EPIC and a coalition of open government advocates urged the President to support the bipartisan legislation.

NGOs - "Privacy Shield" is Failed Approach for EU-US Data Protection

More than twenty civil society groups has urged European leaders to oppose adoption of the "Privacy Shield" for EU-US data flows. The NGOs state that the political agreement fails to provide sufficient data protection and does not respect the decision of the European Court of Justice in the Schrems case. The groups said the US must make changes in domestic laws and international commitments to comply with the decision and permit transfers of personal data. EPIC has launched "Data Protection 2016" to support stronger privacy safeguards in the US.

Drone Privacy Safeguards Move Forward in Senate

A Senate committee has adopted several key privacy amendments concerning drone operations in the US. The amendments, sponsored by Senator Markey (D-Mass), limit the scope of drone surveillance and require more accountability for drone operators. Markey stated, "As more and more drones take flight in our skies, the need to protect Americans' privacy is paramount." EPIC urged Congress and the FAA to establish limits on drone surveillance and recommended the FAA establish a database detailing drone surveillance capabilities. EPIC has sued the FAA for its failure to establish commercial drone privacy rules.

President Obama Nominates Merrick Garland for Supreme Court

The President has nominated D.C. Circuit Chief Judge Merrick Garland for the United States Supreme Court. Garland, a former prosecutor and head of the Department of Justice's Criminal Division, has served on the D.C. Circuit for 15 years. EPIC has previously urged the Senate to hold hearings and explore the views of earlier Supreme Court nominees, including Justice Kagan, Justice Sotomayor, and Chief Justice Roberts. EPIC frequently files amicus briefs in the US Supreme Court, including Spokeo v. Robins and Utah v. Strieff in the current term.

March 17, 2016

EPIC's Rotenberg Urges European Parliament to Condition "Privacy Shield' on End of 702 Surveillance

Speaking before the European Parliament on "Privacy Shield," Marc Rotenberg outlined several flaws in the proposed EU-US data transfer agreement, including a weak privacy framework, lack of enforcement, and a cumbersome redress mechanism. In the short term, Rotenberg recommended that the EU condition acceptance of the Privacy Shield on the end of the "702 program," which permits bulk surveillance on Europeans by the US. EPIC along with other NGOs has urged the European Commission to rewrite the Privacy Shield, saying it fails to safeguard human rights and does not reflect changes in US law as required by the Schrems decision.

March 18, 2016

EPIC Intervenes in Privacy Case before European Court of Human Rights

Today EPIC filed a brief in a case before the European Court of Human Rights. The case involves a challenge brought by 10 human rights organizations arguing that surveillance by British and U.S. intelligence organizations violated their fundamental rights. In its brief, EPIC explained that the NSA's "technological capacities" enable "wide scale surveillance" and that U.S. statutes do not restrict surveillance of non-U.S. persons abroad. "The NSA collects personal data from around the world and transfer that data without adequate legal protections." EPIC routinely files amicus briefs in federal and state cases that raise novel privacy issues. This is EPIC's first brief for the Court of Human Rights in Strasbourg.

March 20, 2016

EPIC Urges FCC to Broaden Scope, Substance of Draft Privacy Rules

EPIC has released a memo on the FCC's draft broadband privacy rules, urging the Commission to broaden its scope and strengthen its substantive data protections. The draft rules, previewed in a fact sheet on March 10, 2016, would apply to Internet service providers (ISPs) but not to email, search, or social media services. EPIC explained that the proposal's "framing of the communications privacy challenges facing US consumers is incomplete and fails to address the full range of activities that threaten online privacy." EPIC further explained that the proposal's focus on "choice, transparency and security" will fail to safeguard consumer privacy. EPIC has urged the Commission to apply the Consumer Privacy Bill of Rights to communications data.

March 22, 2016

FTC Issues Warning on Cross-Device Tracking and Surveillance Apps

The Federal Trade Commission has issued warnings to 12 Android app developers that use audio beacons to track consumers across their devices and monitor TV viewing habits. The smartphone apps contain Silverpush software that constantly listens for inaudible signals emitted by TV commercials and secretly collects and transmits viewing data. The announcement appears to be a response to two earlier complaints filed by EPIC with the Commission. EPIC previously urged the FTC to limit "cross-device tracking" technology that links consumers' smartphone activity with what they see on their laptop or television. EPIC also urged the FTC and the Department of Justice to investigate "always-on" consumer devices for possible violations of the Wiretap Act, state privacy laws, or the FTC Act.

March 24, 2016

Ninth Circuit Sends NSA Surveillance Case Back to Lower Court

A Federal Appeals court has remanded a case challenging the NSA's bulk collection of telephone records. In Smith v. Obama, the Ninth Circuit Court of Appeals instructed the lower court to consider the impact of the USA Freedom Act, which ended the bulk data collection program. EPIC, joined by thirty-three technical experts and legal scholars, filed an amicus brief in the case, arguing that modern communications systems are "entirely unlike the telephone network of the 1970s" and that a 1977 case concerning "pen registers" no longer applied. EPIC also challenged the NSA bulk collection program in a petition to the Supreme Court.

March 28, 2016

EPIC Successfully Obtains Boater Tracking Documents, Settles Case with Homeland Security

After successfully obtaining nearly 2,500 pages of documents concerning a controversial boater tracking program, EPIC has settled a Freedom of Information Act lawsuit with the Department of Homeland Security about the "Nationwide Automatic Identification Systems." According to the documents released to EPIC, the DHS believes that boaters have "no expectation of privacy with regard to any information transmitted" about the location of their boats. The documents also reveal that the agency fuses tracking data with other government data to develop detailed profiles on boaters. EPIC did not objet to the use of NAIS for marine safety; the concern is government surveillance. EPIC has also opposed a DHS plan to collect and maintain records on sea travelers.

EPIC Names New Advisory Board Members

EPIC has announced the 2016 members of the EPIC Advisory Board. They are Malavika Jayaram, Max Schrems, Katie Shilton, Stephen Vladeck, Anne L. Washington, and Shoshana Zuboff. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy, who contribute to EPIC's work on privacy and human rights issues. Joining the Board of Directors of EPIC in 2016 are Danielle Citron, author of "Hate Crimes in Cyberspace." and Frank Pasquale, author of "The Black Box Society: The Secret Algorithms that Control Money and Society."

March 29, 2016

EPIC Scrutinizes DHS "Insider Threat" Database

In comments to DHS, EPIC criticized a proposed "Insider Threat" database that would gather vast amounts of personal data on individuals outside the federal agency. EPIC urged DHS to limit the scope of data collection and drop proposed Privacy Act exemptions. Citing the recent surge in government data breaches, including the breach of 21.5 m records at OPM, EPIC warned that DHS data practices pose a risk to federal employees. EPIC has previously advocated for privacy protections in background checks and consistently warned against inaccurate, insecure, and overbroad government databases.

March 31, 2016

FCC Moves Forward With Narrow Privacy Rules

The Federal Communications Commission has voted to adopt a Notice of Proposed Rulemaking on consumer privacy regulations. The proposal follows Chairman Wheeler's earlier draft proposal, which EPIC explained was too limited to safeguard online privacy. During the vote, Commissioner Ajit Pai echoed EPIC's view that the rulemaking should not focus solely on ISPs. EPIC has argued that the FCC proposal ignores invasive practices by Internet firms, including search companies and social media firms that track and profile Internet users. EPIC previously urged the Commission to "address the full range of communications privacy issues facing US consumers" and to apply the Consumer Privacy Bill of Rights to communications data.

About March 2016

This page contains all entries posted to epic.org in March 2016. They are listed from oldest to newest.

February 2016 is the previous archive.

April 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.