« September 2017 | Main | November 2017 »

October 2017 Archives

October 2, 2017

EPIC Obtains Documents about DARPA's "Brandeis" Program

EPIC has received documents about the Defense Advanced Research Projects Agency's (DARPA) Brandeis Program, following a 2015 FOIA request. According to the agency, the program is intended to "research and develop tools for online privacy." EPIC obtained over 1,100 pages of documents about the Program. The documents include email communications (parts 1, 2, 3), budget appropriation justifications for fiscal year’s 2015 (parts 1, 2) and 2016 (parts 1, 2), as well as the names of contract awardees. According to the documents obtained by EPIC, the $75 million program provided $75 million over 4.5 years. Contract recipients include UC Berkley, UC Irvine, MIT, Carnegie Mellon University, Raytheon, SRI International, Stealth Software Technologies, and Galois.

October 3, 2017

European High Court to Consider Future of Personal Data Transfers to US

The European Court of Justice will now hear a second case on legal protections for personal data sent from Europe to the United States. Data Protection Commissioner v. Facebook considers whether Facebook’s transfers of data from Ireland to the United States violate the European Charter of Fundamental Rights. The Irish High Court ruled this week that there are “well-founded concerns that there is an absence of an effective legal remedy in U.S. law” and referred the matter to the high court of Europe. The case in Ireland follows the landmark 2015 decision Schrems v. DPC, which found insufficient legal protections for the transfer of data to the United States. In the Irish case, Max Schrems, an Austrian privacy advocate, challenged Facebook’s transfer of personal data to the U.S. under “standard contractual clauses.” EPIC was designated the US NGO amicus curiae in DPC v. Facebook, and provided a detailed assessment of US privacy law. EPIC was represented before the Irish court by FLAC (Free Advice Legal Centres), an independent human rights organization, based in Dublin.

Continue reading "European High Court to Consider Future of Personal Data Transfers to US" »

EPIC, Coalition Call for End to Warrantless Section 702 Searches of Americans' Data

EPIC and a coalition of over 50 organizations called on lawmakers to require federal agencies to obtain a probable cause warrant before searching foreign intelligence databases for information about U.S. citizens and residents. Section 702 of the Foreign Intelligence Surveillance Act allows agencies - without a warrant and in a broad range of circumstances - to search for information about Americans among communications collected for foreign intelligence purposes. In a letter to leaders of the House Judiciary Committee, the groups explained that this practice "undermine[s] constitutional protections create an unacceptable loophole to access Americans' communications in criminal and foreign intelligence investigations alike." EPIC and a coalition also recently urged Director of National Intelligence Dan Coates to uphold a promise to give a public estimate of how many Americans are caught up in NSA surveillance of foreign targets. EPIC is currently pursuing a Freedom of Information Act request for a government report to the Foreign Intelligence Surveillance Court about FBI search of Section 702 data for domestic criminal investigations.

EPIC Asks Senate to Enforce Privacy Safeguards for "Dreamers"

EPIC warned the Senate Judiciary Committee that 800,000 DACA applicants face privacy risks as a result of the decision to end the Deferred Action for Childhood Arrivals. According to EPIC, the Department of Homeland Security has failed to ensure that DACA applicant's information will be used exclusively for the purpose it was disclosed, as set out in the 2012 privacy impact assessment. EPIC urged the Committee to uphold Privacy Act safeguards for DACA applicants.

EPIC Urges Congress To Hold Equifax Accountable, Update Data Protection Law

EPIC has sent statements to Congress ahead of hearings in the House and Senate on the Equifax data breach. EPIC underscored the risk to American consumers of data breaches which are increasingly severe. EPIC urged Congress to require prompt data breach notification, data minimization, and privacy enhancing techniques. In 2011 EPIC testified in the House and Senate on data breaches in the financial services sector. EPIC President Marc Rotenberg recently outlined in the Harvard Business Review steps Congress should now take to protect American consumers.

October 4, 2017

EPIC Recommends Measures to Protect Seniors from Robocalls

EPIC sent a letter to the Senate Committee on Aging in advance of a hearing on robocalls and fraud against seniors. EPIC explained that "criminals target senior citizens, believing they are wealthy and will be unable to detect crime or report that a crime has occurred." In comments to the FCC earlier this year, EPIC expressed support for regulations that would allow block unsolicited calls from invalid numbers. EPIC told the Committee that the FCC rule could protect seniors and other consumers from predatory robocalls.

Senate Commerce To Consider Automated Vehicles Bill, Privacy Safeguards Still Missing

Today the Senate Commerce Committee considers the "AV START Act," a bill that aims to facilitate deployment of automated vehicles in the United States. The bill sets out voluntary cybersecurity measures and lacks consumer privacy standards. Senator Markey (D-MA) has proposed privacy amendments. Privacy safeguards for connected vehicles is now a global concern. Last week Privacy Officials from more than 40 countries adopted a resolution on Data Protection in Automated and Connected Vehicles urging all parties to "fully respect the users' rights to the protection of their personal data and privacy."

EPIC Sues Department of Homeland Security for Release of Russian Interference Records

EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security to obtain records related to Russian interference in the 2016 U.S. Presidential Election. Earlier this year, the DHS has designated state election systems as critical infrastructure and published a Joint Analysis Report acknowledging Russian interference with U.S. election systems. However, DHS has not provided any significant new information to the American public about the extent of the Russian interference. EPIC now seeks disclosure of the agency's "research, integration, analysis" related to the scope of Russian interference. EPIC's FOIA lawsuit follows H.Res. 235, a bill sponsored by Rep. Thompson (D-MS) that would have directed the DHS to provide this information to Congress, but was blocked by the House Homeland Security Committee. EPIC has filed several FOIA lawsuits to determine the scope of Russian interference. The cases include: EPIC v. FBI (Russian Hacking), EPIC v. ODNI (Russian Hacking), and EPIC v. IRS (Donald Trump's Tax Records).

No Plans to Target Dreamers Using DACA Data

A Department of Homeland Security official told the Senate Judiciary Committee today that the agency has no "plans to target any Dreamers based on any information [they] have received." James McCament Acting Director of Immigration Services said that DHS will adhere to the 2012 Privacy Impact Assessment, which limits the use of personal data obtained from DACA applicants. EPIC earlier recommended that DHS comply with the Privacy Impact Assessment and the federal Privacy Act.

Connected Vehicles Bill Moves Forward in Senate, Privacy Reporting Added

Today the Senate Commerce Committee favorably reported the "AV START Act," a bill that aims to facilitate the deployment of connected vehicles. The Committee adopted Senator Edward Markey's (D-MA) amendment that directs the National Highway Traffic Safety Administration to create a publicly accessible database to determine the personal data collected by connected cars, how that information is used, data minimization and retention practices, security measures, and privacy policies of car manufacturers. EPIC has long supported privacy protections for automated vehicles.

October 5, 2017

Mattel Cancels "Aristotle," an Internet Device that Targeted Children

Mattel will scrap its plans to sell Aristotle, an Amazon Echo-type device that collects and stores data from young children. The Campaign for a Commercial-Free Childhood sent a letter and 15,000 petition signatures to the toymaker, warning of privacy and childhood development concerns. CFCC said that "young children shouldn't be encouraged to form bonds and friendships with data-collecting devices." Senator Markey (D-MA) and Representative Barton (R-TX) also chimed in, demanding to know how Mattel would protect families' privacy. EPIC backed the CFCC campaign and urged the FTC in 2015 to regulate "always-on" Internet devices. A pending EPIC complaint at the FTC concerns the secret scoring of young athletes.

EPIC FOIA: EPIC Seeks Annex of "National Security Presidential Memorandum"

EPIC has submitted urgent Freedom of Information Act requests to the Departments of Homeland Security, Commerce, and Justice for the annex to the “National Security Presidential Memorandum.” NSPM-7 establishes authority to collect, transfer and use “National Security Threat Actor Information” across the federal government. The annex, which was not published, categorizes individuals, organizations, and groups “assessed to be a threat to the safety, security, or national interests of the United States.” EPIC has previously pursued secret Presidential orders under the Freedom of Information Act and successfully obtained the release of NSPD-54 concerning the NSA’s domestic surveillance authority.

House Bill Expands Drone, Biometric, Communications Tracking at Border

The House Homeland Security Committee passed H.R. 4548, the "Border Security for America Act," which would dramatically expand surveillance capabilities along the northern and southern borders of the U.S. The bill seeks “to achieve situational awareness and operational control of the border,” with unmanned aerial vehicles (drones), radar surveillance systems, license plate readers, and biometric databases. The Border Security Act would establish a biometric exit data system at US airports, seaports, and land ports. Biometric data would be combined with other Federal databases. The Privacy Act normally limits the government’s ability to collect personal data, but this bill would exempt the Department of Homeland Security from compliance with the Privacy Act. Previous EPIC FOIA lawsuits have revealed that border surveillance by drones would capture imagery, data, and wifi data of US citizens,

October 11, 2017

EPIC Defends User Privacy in Case Concerning hiQ Labs "Scraping" of Personal Data

EPIC has filed an amicus brief in hiQ Labs, Inc. v. LinkedIn Corp., a case concerning the use of personal data provided by Internet users to LinkedIn. A lower court ordered LinkedIn to provide LinkedIn user data to hiQ Labs, a data analytics firm that scores employees and provides secret intelligence to employers about "flight risk." EPIC argued that, "the lower court has undermined the fiduciary relationship between LinkedIn and its users." EPIC also said the order is "contrary to the interests of individual LinkedIn users" and contrary to the public interest "because it undermines the principles of modern privacy and data protection law." Siding with neither party, EPIC urged reversal to protect online privacy. EPIC routinely participates as amicus curiae in cases concerning consumer privacy.

EPIC, Open Government Groups Call for Release of Trump's Tax Returns

EPIC and a coalition of leading open government organizations have urged the Joint Committee on Taxation and the IRS Commissioner to release Donald Trump's tax returns to correct numerous misstatements of fact concerning the President's financial ties to Russia, such as "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING." These statements have been directly contradicted by his attorneys, members of his family, and various news reports. The IRS Commissioner, with the approval of the Joint Committee on Taxation, is authorized to release tax records to "correct misstatements of fact," and the agency exercised the authority ten times in one year. EPIC is also pursuing a lawsuit against the IRS after the agency failed to release Trump's tax records in response to a FOIA request. EPIC v. IRS is now pending before the D.C. Circuit Court of Appeals.

October 12, 2017

EPIC Urges House to Strengthen US Privacy Laws for Cross Border Data Flows

EPIC sent a letter to a House committee on Digital Commerce and Consumer Protection for the hearing "21st Century Trade Barriers: Protectionist Cross Border Data Flow Policy's Impact on U.S. Jobs." EPIC explained that foreign governments are reluctant to permit the transfer of the personal data of their citizens to the U.S. due to the U.S.'s lax privacy laws. EPIC recommended Congress take four steps to update U.S. privacy law: (1) enact the Consumer Privacy Bill of Rights, (2) modernize the Privacy Act, (3) establish an independent data protection agency, and (4) ratify the International Privacy Convention. EPIC also noted that the Schrems II decision calls into question the viability of "Privacy Shield," the current data transfer scheme between the US and EU.

EPIC's Rotenberg to Testify in Senate on Equifax Breach

The Senate Banking Committee has asked EPIC President Marc Rotenberg to testify before the Committee on Tuesday, October 17, 2017 regarding the Equifax data breach. The Senate hearing will explore "Consumer Data Security and the Credit Bureaus." In the Harvard Business Review, Rotenberg recently urged comprehensive reform of the credit reporting industry. The Senate hearing follows a recent hearing on the "Equifax Cybersecurity Breach" with former Equifax CEO Richard Smith.

EPIC Renews Lawsuit Against Presidential Election Commission to Protect Voter Data

EPIC has filed a revised complaint against the Presidential Election Commission, charging that the Commission has violated federal law by collecting state voter data without a required Privacy Impact Assessment and misrepresented its legal status. The Commission has claimed that, unlike every other federal agency, it can collect sensitive personal data without a privacy assessment. But EPIC's new complaint, following revelations by the Commission itself, makes clear that the Commission is part of the General Services Administration, which must complete Privacy Impact Assessments. EPIC also highlighted to the court misrepresentations made by the Commission in earlier proceedings. EPIC's original lawsuit forced the Commission to suspend the collection of voter data in July. The case is EPIC v. Commission, No. 17-1320, and the related appeal is EPIC v. Commission, No. 17-5171. The argument before the D.C. Circuit Court of Appeals is scheduled for November 21, 2017.

October 13, 2017

Consumer Groups Ask Safety Commission to Recall Google Home

EPIC and a coalition of leading consumer groups have asked the Consumer Product Safety Commission to recall the Google Home Mini "smart speaker." The touchpad on the Google device is permanently set to "on" so that it records all conversations without a consumer's knowledge or consent. The consumer groups said that "as new risks to consumers arise in consumer products, it is the responsibility of the Consumer Product Safety Commission to respond." The groups also urged the Safety Commission to enforce the Duty to Report to CPSC against manufacturers of "IoT" devices. Last year, a coalition of consumer groups pursued a complaint about My Friend Cayla, an Internet connected toy that recorded the private conversations of young children. The Cayla complaint spurred a Congressional investigation and toy stores across Europe removed the doll from their shelves.

October 16, 2017

Supreme Court to Review Two Cases on Communications Privacy

The Supreme Court has agreed to review United States v. Microsoft, a landmark case about whether the U.S. government can force email providers to turn over users’ private messages that are stored outside of the United States. The government claims that the Electronic Communications Privacy Act allows investigators to demand emails from all over the world, in violation of national privacy laws. A federal appeals court rejected the government’s arguments last year and ruled that Microsoft was not required to hand over emails that the company stores in Ireland. The Supreme Court has also agreed to review Dahda v. United States, a related case about whether the Fourth Amendment allows the government to use evidence obtained through an unlawful court order. Both cases are expected to be argued in early 2018. EPIC regularly files amicus briefs in privacy cases before the Supreme Court, including recently in Carpenter v. United States, Packingham v. North Carolina, and Utah v. Strieff.

In Senate Testimony, EPIC Calls for Reform of Credit Reporting Industry

EPIC's President Marc Rotenberg will testify this week before the Senate Banking Committee on reform of the credit reporting industry following the Equifax breach. The hearing, "Consumer Data Security and the Credit Bureaus," follows several Congressional hearings with Equifax CEO Richard Smith. Rotenberg will emphasize the need to limit the use of the Social Security number in the private sector and to give consumers control over their personal data. EPIC will recommend a national credit "freeze" and free life-term credit monitoring services for all U.S. consumers. Rotenberg detailed how the credit reporting industry is broken in a recent article in the Harvard Business Review. He also warned that the failure to update U.S. privacy law has placed the digital economy at risk and may lead to the suspension of trans-border data flows. EPIC has previously testified before the House and Senate on the need for Congress to address data breach and identity theft.

October 18, 2017

Scrutiny of Presidential Election Commission Grows

The Presidential Election Commission is coming under increasing scrutiny from lawmakers and even its own members. On Tuesday, Commissioner Matthew Dunlap charged that the Commission had given him "utterly no information" about the Commission's activities. Dunlap involved the public records statute to demand documents about the Commission he sits on. Members of the Senate Judiciary Committee are also demanding records from the Department of Justice about the Department's possibly unlawful coordination with the Commission. Questions have also been raised about the Commission's hiring practices. The Commission was previously forced to suspend the collection of voter data in response to EPIC's lawsuit, but it recently resumed that process. EPIC has urged state election officials not to release any voter information until the Commission conducts a Privacy Impact Assessment. EPIC's case is EPIC v. Commission, No. 17-1320 (D.D.C.), and the related appeal is EPIC v. Commission, No. 17-5171 (D.C. Cir.). The argument before the D.C. Circuit Court of Appeals is scheduled for November 21, 2017.

EU Approves Data Transfer Arrangement, But Seeks Stronger U.S. Privacy Protections

Following the first annual review of the pact, the European Commission has approved the EU-U.S. Privacy Shield, a framework permitting the flow of European consumers' personal data to the United States. However, the Commission urged the U.S. to appoint a permanent Ombudsperson to review complaints, to restore the Privacy and Civil Liberties Oversight Board, and to pass the Obama-era Presidential Policy Directive-28 into law. In a recent letter to Congress, EPIC emphasized the need to update U.S. privacy laws. EPIC Senior Counsel Alan Butler has also highlighted weaknesses in US privacy in DPC v. Facebook, a case now before the European Court of Justice.

October 19, 2017

Senate Bill to Improve Transparency and Accountability for Online Political Ads

Several senators announced a bipartisan bill to make online political advertisements more transparent. The Honest Ads Act is a direct response to Russian interference in the 2016 election, which included political ads on Facebook, Google and Twitter. The bill, co-sponsored by Senators Klobuchar (D-MN), Warner (D-VA), and McCain (R-AZ), would impose the same disclosure requirements for online ads as for TV and radio ads. "First and foremost this is an issue of national security — Russia attacked us and will continue to use different tactics to undermine our democracy," Senator Klobuchar said. The FEC also announced on October 10 that "in light of developments" it would reopen for public comment its disclosure rules for online political ads. EPIC is fully engaged in the challenge of protecting democracy by promoting cybersecurity and election integrity. EPIC has filed several FOIA lawsuits to determine the scope of Russian interference. The cases include: EPIC v. FBI (Russian Hacking), EPIC v. ODNI (Russian Hacking), and EPIC v. IRS (Donald Trump's Tax Records).

EPIC Urges Congress, GSA to Suspend Collection of State Voter Data

In a letter to a Senate oversight committee, EPIC urged Congress and the incoming Administrator of the General Services Administration to block the Presidential Election Commission from collecting state voter data. As EPIC recently explained in a case before a federal judge in Washington, DC, the Commission is part of the GSA and must comply with that agency’s requirement to conduct a Privacy Impact Assessment prior to the collection of personal data. In the letter to the Senate Committee, EPIC wrote that "the very last thing that the Senate Committee or the incoming GSA Administrator should tolerate is a federal entity that seeks to avoid legal obligations to protect the privacy of Americans." The Commission was previously forced to suspend the collection of voter data in response to EPIC's lawsuit, but it later resumed that process. EPIC's case is EPIC v. Commission, No. 17-1320 (D.D.C.), and the related appeal is EPIC v. Commission, No. 17-5171 (D.C. Cir.). The argument before the D.C. Circuit Court of Appeals is scheduled for November 21, 2017.

EPIC Opposes DHS Plan for Social Media Surveillance

In comments to the Department of Homeland Security, EPIC opposed a plan to add social media information to the official files of all immigrants. EPIC said the DHS proposal threatens First Amendment rights, risked abuse, and would disproportionately impact minority groups. A coalition of organizations also submitted comments to express concern about the proposal. EPIC previously opposed a Customs and Border Protection proposal to collect social media identifiers from visa applicants. In a FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. EPIC is currently pursuing a FOIA request about a revised DHS plan to require disclosure of social media passwords before allowing entry into the country.

October 20, 2017

EPIC, Coalition Call for Public Hearings on Surveillance Reform Proposals

EPIC joined a coalition of privacy and civil liberty organizations urging the Senate Intelligence Committee to open to the public any markup hearing on proposals to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, which authorizes the surveillance of foreigners located abroad. "To the greatest degree possible, the consideration of legislation pertaining to Section 702...Should take place in public," the groups made clear in the letter to Senate Intelligence Committee leaders. EPIC has previously backed open public hearing on important security matters, include consideration of the Cyber Intelligence Sharing and Protection Act of 2013.

Pew Survey Examines "Future of Truth and Misinformation Online"

The Pew Research Center released a report on how to address the spread of digital misinformation in the coming decade. The report's respondents were evenly divided on whether technological advances in the coming decade will fix the problem of misinformation, or only compound it. EPIC President Marc Rotenberg told Pew, "The problem with online news is structural: There are too few gatekeepers, and the internet business model does not sustain quality journalism. The reason is simply that advertising revenue has been untethered from news production." The prevalence of "fake news" was one of the most significant issues in the 2016 presidential election. EPIC's Democracy and Cybersecurity Project seeks to restore integrity in democratic elections. EPIC is also pursuing details of the Russian election interference in FOIA cases against the FBI, the Office of Director in National Intelligence, and the IRS. This week several senators introduced bipartisan legislation to strengthen disclosure requirements for online political ads.

Report: Body Cameras Failed to Improve Police Behavior

In the largest study to date of police body cameras, a new report concluded that the cameras had no impact on police use of force and civilian complaints. The report is a result of a project in Washington, D.C. to assess the benefits of the body cameras worn by the Metropolitan Police Department. EPIC previously testified before the D.C. City Council, warning of the risks of mass public surveillance and arguing that police body cameras were "an intrusive and ineffective technology that does not address underlying problems with police accountability."

October 23, 2017

Communications Privacy Directive Moves Forward in European Parliament

European Parliament Committee on Civil Liberties, Justice and Home Affairs - or LIBE Committee - has approved an update to EU communications privacy law in a key step toward finalizing the regulation. The proposed e-Privacy Regulation would extend consumer safeguards to users of all online communications services, cover content and metadata, and limit tracking of internet users. The Members recommended "privacy by default" settings be standardized, strong encryption by providers, and that users' consent obtained before the use of any personal data. In the U.S., EPIC has urged the Federal Communication Commission to bring U.S. law up to date with a similar, comprehensive approach to communications privacy. Next, the full European Parliament will vote on the legislation this week.

October 24, 2017

EPIC Opposes Social Media Data Collection by CBP

In comments to Custom and Border Protection, EPIC opposed the federal agency's proposal to collect social media information, including metadata, for a new intelligence database. CBP also proposed to exempt the database from protections of the Privacy Act and to create numerous "routine uses" for the information. EPIC said that CBP should narrow the Privacy Act exemptions and limit the number of routine uses. In a FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. EPIC is currently pursuing a FOIA request about a revised DHS plan to require disclosure of social media passwords before allowing entry into the country.

FTC Provides Guidance on Voice Recordings and Kids

The Federal Trade Commission has clarified how the Children's Online Privacy Protection Act applies to toys that make voice recordings of children. The Commission's enforcement policy statement stated that an audio file may only be used "as a replacement for written words," and may only be maintained "for the brief time necessary for that purpose." Additionally, "the operator may not make any other use of the audio file in the brief period before the file is destroyed — for example, for behavioral targeting or profiling purposes." EPIC has supported efforts by consumer groups to warn of the risks smart toys pose to childhood development. Last year, a coalition of consumer groups pursued a complaint about My Friend Cayla, an Internet connected toy that recorded the private conversations of children. The complaint spurred a Congressional investigation and the toy was recalled in Europe.

EPIC Asks Senate to Probe Customs & Border Protection Nominee on Facial Recognition, Drones

EPIC has sent a letter to the Senate Finance Committee with questions for the next Commissioner of U.S. Customs and Border Protection. The Committee will consider the nomination of Kevin McAleenan to head the CBP at a hearing this week. EPIC raised questions regarding (1) whether Kevin McAleenan would use DACA data for purposes unrelated to DACA eligibility; (2) CBP's use of facial recognition technology; (3) CBP's collection of social media information; (4) CBP's proposed exemption of Privacy Act safeguards for a new agency database; and (5) CBP's use of drones to conduct aerial surveillance on American citizens. EPIC asked "How will CBP ensure that the collection and use of biometric data will not expand beyond the original purpose?" and "Will CBP link images collected by drones with facial biometrics in CBP or DHS databases?" EPIC has submitted comments to DHS and CBP concerning their collection of social media information. EPIC has also filed a FOIA lawsuit seeking documents on CBP's biometric tracking programs and EPIC's Jeramie Scott has written an op-ed for The Hill about CBP's use of facial recognition technology.

Senators Introduce USA Rights Act, Back Significant Reforms to FISA Spying

Eleven senators introduced bipartisan legislation to reauthorize the Foreign Intelligence Surveillance Act with significant new civil liberties protections. Among other reforms, the USA Rights Act codifies the ban on collecting "about" communications, prohibits collection of domestic communications, expands the powers of the Civil Liberties Oversight Board, and requires independent amicus review during the FISC's annual authorization. The bill does not establish certain protections sought by Europeans during the recent Privacy Shield review. Senate Intelligence Committee Chair Richard Burr bill would expand 702 surveillance authorities. EPIC and a coalition of organizations recently urged the markup hearing on the proposal be opened to the public.

European Court Adviser Says Local Regulators Can Enforce Privacy Laws Against Facebook

The opinion of a key adviser to the European Court of Justice holds that local European data protection authorities can directly enforce privacy laws against Facebook. The case involves a German data protection authority's order to deactivate a local Facebook fan page for illegally tracking users. The opinion from Advocate General Bot said regional data protection authorities can intervene to stop unlawful data practices. The European Court of Justice typically adopts the opinions of the Advocate General. The Court of Justice will also consider DPC v. Facebook, involving whether Facebook's data transfers from Ireland to the U.S. violate European Fundamental Rights.

October 26, 2017

Senate Restores Forced Arbitration, Undermines Data Protection

The Senate voted 51-50 (with Vice President Pence breaking the tie) to repeal the CFPB rule that prevented financial companies from forcing consumers into individual arbitration. Fine-print arbitration clauses in consumer contracts have proliferated ever since a pair of Supreme Court rulings held that courts must enforce these clauses. Equifax generated public outrage after its breach when it lured consumers into signing away their rights to sue the company. As the CFPB found, arbitration clauses that ban class actions inhibit consumers from obtaining meaningful relief and holding financial institutions like Equifax and Wells Fargo accountable when they break the law. Senators Franken (D-MN) and Leahy (D-VT) have introduced legislation that would prohibit companies from denying individuals their right to go to court. EPIC President recently testified before the Senate Banking Committee on the Equifax data breach. Rotenberg said, the "company tried to trick consumer into an arbitration agreement, guaranteeing that there would be few legal remedies for consumers following the breach."

Government Drone Advisory Group Holds Secret Meetings with Industry, Ignores Privacy

According to a Washington Post article, the FAA's Drone Advisory Committee hosted secret meetings and asked participants to sign confidentiality agreements. Documents obtained earlier by EPIC uncovered similar secret meetings leading to the FAA policy on drones that ignored privacy safeguards. The closed-door meetings appear to violate the Federal Advisory Committee Act. EPIC has also sued the FAA to obtain the meeting documents of the FAA's Drone Registration Task Force. EPIC's case to establish national privacy regulations, EPIC v. FAA is currently pending before the D.C. Circuit Court of Appeals.

Presidential Memo Promotes Local Drone Regulations

A Presidential Memorandum on "Unmanned Aircraft Systems Integration Pilot Program" seeks to promote local state involvement in "development and enforcement" of Federal regulations as well as "inform the development of future Federal guidelines and regulatory decisions" on drone operations nationwide. As the FAA has failed to establish national standards for privacy, many local governments have passed laws to regulate the use of drones. According to the National Conference on Site Legislation, at least 38 states are considering legislation related to drones in the 2017 legislative session. In 2016, EPIC renewed its suit against the FAA, arguing the agency failed to protect the public from aerial surveillance. EPIC v. FAA is currently before the D.C. Circuit Court of Appeals. Argument will likely take place this fall.

October 27, 2017

European Privacy Experts Press WhatsApp on Data Practices

The Article 29 Working Party, a group of European privacy experts, warned WhatsApp that it is still not complying with data protection law. Following Facebook's acquisition of WhatsApp, WhatsApp transferred users' personal data to Facebook, violating past privacy promises. In a letter to WhatsApp, Article 29 said "the information presented to users was seriously deficient as a means to inform their consent," and a WhatsApp must promptly establish "clear, comprehensive resolution." Backed by over a dozen US consumer groups, in 2016 EPIC filed a complaint with the FTC urging the agency to block Facebook's acquisition of WhatsApp if privacy safeguards were not put in place. The FTC wrote to both companies, explaining that their failure to honor privacy obligations could violate U.S. law.

Government Accountability Office to Investigate Presidential Election Commission

The Government Accountability Office announced this week that it will conduct an investigation into the activities of the Presidential Election Commission. The decision follows a letter by three senators urging the GAO to launch a probe and warning that the Commission’s lack of transparency will “unnecessarily diminish confidence in our democratic process.” Among the issues raised in the letter from the Senators are: “The steps the PACEI has taken to protect any voter information that is has collected” and “The steps the PACEI took to adhere to regulations governing its activity.” EPIC sued the Commission in July for failing to conduct a Privacy Impact Assessment prior to establishing a database of personal voter data. Last week, EPIC urged Congress and the General Services Administration to block the Commission from collecting voter information. EPIC's case is EPIC v. Commission, No. 17-1320 (D.D.C.), and the related appeal is EPIC v. Commission, No. 17-5171 (D.C. Cir.). The argument before the D.C. Circuit Court of Appeals is scheduled for November 21, 2017.

At OECD, EPIC Renews Call for Algorithmic Transparency

Speaking at the OECD conference "Intelligent Machines, Smart Policies," EPIC President Marc Rotenberg urged support for Algorithmic Transparency. "We must establish this principle of accountability as the cornerstone of AI policy," said Mr. Rotenberg. Rotenberg spoke in support of Algorithmic Transparency at the 2014 OECD Global Forum for the Knowledge Economy in Tokyo. EPIC is now working with OECD member states, NGOs, business groups, and technology exports on the development of an AI policy framework, similar to earlier OECD policy frameworks on privacy, cryptography, and critical infrastructure protection.

October 30, 2017

EPIC Calls on House to Protect Privacy at U.S. Seaports

EPIC submitted a statement to the House Homeland Security Committee in advance of a hearing on "Examining Physical Security and Cybersecurity at Our Nation's Ports." The Committee recently reported favorably "The Border Security for America Act," which would dramatically expand U.S. border surveillance, including a biometric exit data system at U.S. seaports. EPIC has expertise regarding maritime surveillance. EPIC pursued a Freedom of Information Act lawsuit against the Department of Homeland Security concerning the Nationwide Automatic Identification System, a system designed with the support the U.S. Coast Guard to promote boating safety that the DHS has transformed into a surveillance surveillance for monitoring vessels, including recreational vessels operated by U.S. citizens. In the letter to the House Committee, EPIC warned that "many of the techniques that are proposed to enhance border surveillance have direct implications for the privacy of American citizens."

EPIC Assesses Progress on Government's Commitments to Transparency

In comments filed with the Open Government Partnership's Independent Reporting Mechanism, EPIC assessed the government's progress toward the transparency commitments it made in the National Action Plan on Open Government. EPIC advised the government to incorporate findings of the Commission on Evidence Based Policymaking including the use of Privacy Enhancing Techniques, called for the Privacy and Civil Liberties Oversight Board (PCLOB) be restored to full strength, and warned about the federal government's ongoing failure to create Privacy Impact Assessments required by law. EPIC and a coalition of civil society groups had issued recommendations for the Third National Action Plan, and, in response, the administration pledged to modernize implementation of the FOIA, streamline record declassification, and increase transparency of the intelligence community. The Plan is an initiative pursued by countries and NGOs participating in the Open Government Partnership.

October 31, 2017

EPIC Urges FTC to Focus on Data Protection at Upcoming Workshop

EPIC has sent a letter to the FTC expressing concerns regarding their upcoming workshop on "Informational Injury." In advance of the workshop, the FTC has asked, "how to best characterize" privacy injuries. EPIC stated, "the injuries consumers face are obvious," in particular the unprecedented levels of data breach and identity theft. EPIC urged the FTC to re-focus the workshop on the questions of why data breach, identity theft, and financial fraud continue to rise in the United States, and how the FTC can do more to address these issues. EPIC recently testified before Congress on consumer data security and the credit bureaus, and has called on the FTC to step up its enforcement to protect consumer privacy.

EPIC Supports "Release to One, Release to All" FOIA Policy

EPIC joined a coalition of open government groups to urge government agencies to implement the "Release to One, Release to All" policy for Freedom of Information Act requests. This policy would require federal agencies to post all Freedom of Information Act disclosures online after the information is released to a particular requester. Despite overwhelming positive public comments, the Office of Information Policy at the Department of Justice has failed to finalize the policy. EPIC supports FOIA reforms to promote government transparency and files lawsuits to force disclosure of agency records. Most recently the EPIC Democracy and Cybersecurity Project is pursuing FOIA requests concerning Russian interference with the 2016 Presidential election.

Senate Begins Investigation Into Russian Meddling

This week the Senate is holding two hearings to investigate Russians' use of social media platforms to influence the 2016 U.S. presidential election. Today, the Senate Committee on the Judiciary's Subcommittee on Crime and Terrorism is holding a hearing on "Extremist Content and Russian Disinformation Online: Working with Tech to Find Solutions." Representatives from Facebook, Twitter, and Google as well as foreign policy experts will testify. Tomorrow the Senate Select Committee on Intelligence will hold a hearing on "Social Media Influence in the 2016 U.S. Elections." In 2017, EPIC launched the Democracy and Cybersecurity project to preserve the integrity of democratic institutions. EPIC is currently pursuing several Freedom of Information Act cases to learn more about Russian interference in the 2016 Presidential election, including: EPIC v. ODNI (Russian hacking), EPIC v. FBI (Russian hacking), EPIC v. IRS (Release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity).

About October 2017

This page contains all entries posted to epic.org in October 2017. They are listed from oldest to newest.

September 2017 is the previous archive.

November 2017 is the next archive.

Many more can be found on the main index page or by looking through the archives.