« November 2017 | Main | January 2018 »

December 2017 Archives

December 5, 2017

EPIC Urges Congress to Examine FBI Response to Russian Cyber Attacks

EPIC has sent a statement to the House Judiciary Committee ahead of Thursday's FBI Oversight hearing. EPIC urged the Committee to question FBI Director Wray about the agency's ability to respond to future cyberattacks concerning the 2018 elections. A recent Associated Press investigation found that the FBI, the lead agency for cyber response, did not notify U.S. officials that their email accounts were compromised during the 2016 election. According to documents obtained by EPIC, the FBI is to notify victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act lawsuit, EPIC v. FBI, filed earlier this year. EPIC is currently pursuing several related FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. ODNI (Russian hacking), EPIC v. IRS (Release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity).

Tags:

Posted by EPIC on December 5, 2017 1:50 PM |

European Privacy Experts Call for New Review of EU-US Data Arrangement

The Article 29 Working Party, a group of European privacy experts, is calling for a reexamination of the Privacy Shield, a framework permitting the flow of European consumers' personal data to the United States. In a new report, the Working Party said that "significant concerns" should be resolved by May 25, 2018 when the GDPR goes into force. If not "the members of WP29 will take appropriate action," including litigation. The Working Party cited the US failure to appoint an Ombudsperson to review complaints, vacancies at the Privacy and Civil Liberties Oversight Board, and continued mass surveillance practices by U.S. intelligence agencies. The report follows an earlier review of the EU-US agreement which found "sufficient" protection of EU personal data to the United States. EPIC Senior Counsel Alan Butler has also highlighted weaknesses in US privacy in DPC v. Facebook, a case now before the European Court of Justice. In a related development, the Working Party also established a task force which will coordinate national investigations of the Uber data breach now underway in Europe.

Tags:

Posted by EPIC on December 5, 2017 3:15 PM |

EPIC Offers 10 Recommendations for the FTC's Five-Year Strategic Plan

EPIC has submitted 10 recommendations for the Federal Trade Commission's "Draft Strategic Plan" for 2018-2022. EPIC explained how the FTC can protect consumers, promote competition, and encourage innovation. Among the several proposals, EPIC urged the FTC to enforce consent orders, incorporate public comments into settlements, promote transparency, produce concrete outcomes, and endorse data protection legislation. EPIC and several consumer privacy groups outlined these proposals in a letter to the FTC in February, 2017. EPIC has consistently urged the FTC to exercise its full authority in protecting consumers, and even filed a lawsuit in 2012 to get the FTC to enforce an existing consent order against Google. EPIC has also filed several consumer privacy complaints with the FTC, including a recent complaint about "toys that spy."

Tags:

Posted by EPIC on December 5, 2017 4:20 PM |

December 6, 2017

Federal Student Aid Office Not Protecting Student Privacy, GAO Audit Finds

The Federal Student Aid office (FSA) at the Department of Education is not doing enough to protect student privacy, according to an audit by the Government Accountability Office. The GAO found that FSA has failed to hold schools accountable for their lax data security practices that have resulted in numerous data breaches, and has not assessed the privacy risks for its own electronic records system. FSA collects personal information on students and their families to evaluate schools that receive federal student aid. The FSA claims that the FTC can manage privacy protection. EPIC has done extensive work to protect student privacy including a 2014 complaint to the FTC about a massive data breach that impacted students in Maricopa County. The FTC failed to act even though Maricopa county violated the FTC Safeguards Rule by failing to protect students' financial information. EPIC also urged Congress to strengthen student privacy protections following a FAFSA data breach. In 2012 EPIC sued the Department of Education for weakening student privacy protections. EPIC has proposed a Student Privacy Bill of Rights.

Tags:

Posted by EPIC on December 6, 2017 9:40 AM |

John Anderson, 1922-2017

Congressman and former Presidential candidate John Anderson has passed at age 95. Among his many activities, John Anderson helped launch the Electronic Privacy Information Center in 1994 and served on the EPIC Advisory Board for more than 20 years. John Anderson was one of the early advocates for the freedom to use encryption and drafted a privacy platform for the 2008 Presidential candidates. He joined EPIC's campaign to oppose secret watch lists and served as EPIC's first chair. He also wrote the forward to the Electronic Privacy Papers by Bruce Schneier and Dave Banisar.

Posted by EPIC on December 6, 2017 9:50 AM |

December 7, 2017

EPIC Urges Supreme Court to Preserve Wiretap Act Suppression Remedy

EPIC has filed an amicus brief in Dahda v. United States, a case concerning the federal Wiretap Act and the suppression of evidence obtained following an invalid wiretap order. The Wiretap Act requires exclusion of evidence obtained as a result of an invalid order. However, the lower court denied suppression even though the order was invalid. EPIC wrote that “it is not for the courts to create atextual exceptions” to federal privacy laws. EPIC explained that Congress enacted broad and unambiguous privacy provisions in the Wiretap Act. “If the government wishes a different outcome,” EPIC wrote, “then it should go to Congress to revise the statute.” EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, most recently in Byrd v. United States (suspicionless searches of rental cars) and Carpenter v. United States (warrantless searches of cellphone location records).]

Tags:

Posted by Alan Butler on December 7, 2017 6:26 PM |

Senators Question Privacy and Safety of Facebook’s "Messenger Kids" App

Senators Edward Markey (D-Mass) and Richard Blumenthal (D-Conn) wrote to Facebook CEO Mark Zuckerberg with questions about Facebook’s Messenger Kids app, aimed at children 6-12. The Senators said, “we remain concerned about where sensitive information collected through this app could end up and for what purpose it could be used.” The Children’s Online Privacy Protection Act specifically limits the collection and use of data on children under the age of 13. Concerns about the misuse of children data remains high. EPIC and several consumer privacy organizations filed a complaint with the FTC in 2016 alleging that the Internet-connected doll Cayla spied on children. EPIC also backed a L6 recent campaign to recall Mattel’s Aristotle, a device that collected data from young children. The campaign led Mattel to cancel the sale of Aristotle.

Tags:

Posted by Caitriona Fitzgerald on December 7, 2017 5:39 PM |

Presidential Election Commission Suspends Activities?

The Presidential Election Commission is ignoring inquiries from state election officials about the transfer of sensitive voter data sought by the Commission, according to the New Hampshire Union-Leader. The Commission previously promised—in a filing from an EPIC lawsuit—that it would tell states how to “securely” submit voter data. But New Hampshire election officials say they have been unable to reach the Commission or obtain instructions for over a month. Other posts at the Commission website suggests the agency is no longer responding to email. EPIC filed suit in July to halt the Commission’s collection of state voter data and to compel the Commission to conduct a Privacy Impact Assessment required by law. EPIC’s initial filing led the Commission to suspend the collection of voter data, discontinue the use of an unsafe computer server, and delete the voter information that was unlawfully obtained. Many states and over 150 members of Congress have opposed the Commission’s efforts to collect state voter data. EPIC’s case is EPIC v. Commission, No. 17-1320 (D.D.C.) & 17-5171 (D.C. Cir.).

Tags:

Posted by Caitriona Fitzgerald on December 7, 2017 6:00 PM |

December 12, 2017

EPIC Urges Congress to Regulate AI Techniques, Promotes 'Algorithmic Transparency'

In advance of a hearing on "Digital Decision-Making: The Building Blocks of Machine Learning and Artificial Intelligence," EPIC warned a Senate committee that many organizations now make decisions based on opaque techniques they don't understand. EPIC told Congress that algorithmic transparency is critical for democratic accountability. In 2015, EPIC launched an international a campaign in support of Algorithmic Transparency. At a speech to UNESCO in 2015, EPIC President Marc Rotenberg called knowledge of the algorithm "a fundamental human right." Earlier this year, EPIC filed a complaint with the FTC that challenged the secret scoring of athletes by Universal Tennis. EPIC said to the FTC that it "seeks to ensure that all rating systems concerning individuals are open, transparent and accountable."

Tags:

Posted by EPIC on December 12, 2017 9:45 AM |

Support for Bills Establishing Oversight of AI Grows in Congress

Senators Maria Cantwell (D-WA) and Brian Schatz (D-HI) are planning legislation to establish new oversight committees for the use of AI. Cantwell's bill—Future of Artificial Intelligence Act of 2017—is cosponsored by Senators Ed Markey (D-MA) and Todd Young (R-IN) and would establish an AI committee at the Commerce Department. A companion bill in the House is sponsored by Representatives John Delaney (D-MD) and Pete Olson (R-TX), co-chairs of the Artificial Intelligence Caucus. Schatz has announced his intent to introduce a bill creating an independent AI commission. In 2015, EPIC launched an international campaign in support of Algorithmic Transparency and has warned Congress about the use of opaque technique in automated decision-making.

Tags:

Posted by EPIC on December 12, 2017 4:45 PM |

EPIC Urges House Judiciary to Examine FBI Response to Russian Cyber Attacks

EPIC has sent a statement to the House Judiciary Committee ahead of Wednesday's DOJ Oversight hearing. EPIC urged the Committee to question Deputy Attorney General Rosenstein about the FBI's ability to respond to future cyberattacks concerning the 2018 elections. A recent Associated Press investigation found that the FBI, the lead agency for cyber response, did not notify U.S. officials that their email accounts were compromised during the 2016 election. According to documents obtained by EPIC, the FBI is to notify victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act lawsuit, EPIC v. FBI, filed earlier this year. EPIC is currently pursuing several related FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. ODNI (Russian hacking), EPIC v. IRS (Release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity).

Tags:

Posted by EPIC on December 12, 2017 4:50 PM |

FAA Drone Registration Requirement Flies Again

A defense authorization bill signed by the President today restores the FAA's drone registration requirement. The registration requirement was struck down by a federal appeals court earlier this year. EPIC supports registration for commercial drones because of the unique privacy risks they pose. In 2015, EPIC submitted extensive comments to the FAA, proposing that commercial drones also routinely broadcast location, course, speed over ground, as well as owner identifying information, similar to the Automated Identification System for commercial vessels. Earlier this year, EPIC also submitted statements to the House Transportation Committee and the Senate Commerce Committee emphasizing the privacy risks of commercial drones. EPIC is currently challenging the FAA's failure to establish privacy safeguards. EPIC v. FAA is before the D.C. Circuit Court of Appeals, with oral arguments scheduled for January 25, 2018.

Tags:

Posted by EPIC on December 12, 2017 5:35 PM |

EPIC Urges Congress to Focus on Consumer Privacy and Data Security in Antitrust Hearing

In a statement to the Senate Judiciary committee, EPIC urged lawmakers to consider consumer privacy at a hearing on "The Consumer Welfare Standard in Antitrust." EPIC emphasized the privacy risks of mergers, stating that "when companies merge, they combine not only their products, services, and finances, but also their vast troves of personal data." EPIC reminded Congress that the United States is experiencing an epidemic of data breaches, and large databases of personal data are more vulnerable to attack. EPIC testified before the Senate Judiciary Committee in 2007 about the growing risks to competition and privacy of mergers in the online advertising industry. EPIC also warned the FTC about the consumer privacy risks of high profile mergers. In 2000, EPIC opposed Doubleclick's acquisition of Abacus. In 2007, EPIC told the FTC that Google's proposed acquisition of DoubleClick would lead to consumers being tracked and profiled by advertisers across the web. And in 2014 EPIC urged the FTC to mandate privacy safeguards for Facebook's acquisition of WhatsApp.

Tags:

Posted by EPIC on December 12, 2017 5:40 PM |

December 15, 2017

EPIC FOIA: Justice Department Admits Algorithmic Sentencing Report Doesn't Exist

The Justice Department, in response to an EPIC FOIA lawsuit, has admitted that the United States Sentencing Commission never produced an evaluation of "risk assessment" tools in criminal sentencing. In 2014, Attorney General Eric Holder expressed concern about bias in criminal sentencing "risk assessments" and called on the Sentencing Commission to study the problem and produce a report. But after EPIC requested that study and sued the DOJ to obtain it, the DOJ conceded that the report was never produced. EPIC did obtain emails confirming the existence of a 2014 DOJ report about "predictive policing" algorithms, but the agency also withheld that report. "Risk assessments" are secret techniques used to set bail, to determine criminal sentences, and even make decisions about guilt or innocence. EPIC has pursued several FOIA cases to promote "algorithmic transparency", including cases on passenger risk assessment, "future crime" prediction, and proprietary forensic analysis.

Tags:

Posted by EPIC on December 15, 2017 9:55 AM |

EPIC FOIA - EPIC Sues for Details of Palantir's Government Systems

EPIC has filed a Freedom of Information lawsuit against Immigration and Customs Enforcement seeking details of the agency's relationship with Palantir. The federal agency contracted with the Peter Thiel company to establish vast databases of personal information, and to make secret determinations about the opportunities for employment, travel, and also who is subject to criminal investigations. EPIC is seeking the government contracts with Palantir, as well as assessments and other related documents. The ICE Investigative Case Management System and the FALCON system pull together vast troves of personal data from across the federal government. EPIC wrote in the complaint, "Palantir's 'big data' systems raise far-reaching privacy and civil liberties risks." In an earlier FOIA lawsuit, EPIC v. CBP, EPIC uncovered Palantir's role in the Analytical Framework for Intelligence, a program that assigns "risk assessment" scores to travelers, including U.S. citizens.

Tags:

Posted by EPIC on December 15, 2017 10:05 AM |

December 18, 2017

EPIC FOIA: Report Reveals Failure of Border Biometric Matching Program

Through a Freedom of Information Act lawsuit, EPIC has obtained a report from Custom and Border Protection, which evaluated iris imaging and facial recognition scans for border control. The "Southwest Border Pedestrian Field Test" reveals that the agency program does not perform operational matching at a "satisfactory" level. In a statement to Congress earlier this year, EPIC warned that biometric identification techniques are unreliable and lack proper privacy safeguards. EPIC is pursuing related documents for the use of biometrics at airports. EPIC has extensively litigated airport screening techniques, including EPIC v. TSA (concerning body scanner modifications) and EPIC v. DHS (concerning full body scanner radiation risks).

Tags:

Posted by EPIC on December 18, 2017 1:25 PM |

December 19, 2017

EPIC FOIA - Court Concedes Significance of Russia Report, But Fails to Order Disclosure

A federal court in Washington, DC has ruled that the that the Office of Director of National Intelligence may withhold the Complete Assessment of the Russian interference in the 2016 presidential election, sought by EPIC under the Freedom of Information Act. In EPIC v. ODNI, EPIC had argued that the federal agency was required to disclose the document because it contained unclassified information and many of the report's conclusions had been released by the Intelligence Community in a public summary. While the Court acknowledged that "the single document at issue in this Freedom of Information Act suit is of interest to a great many people, both in the United States and abroad" it ruled that "the entire report, even portions of the report that have already been released in a separate document" could be withheld by the agency. EPIC had urged the judge to undertake an independent assessment to determine whether the agency properly asserted classification authority. EPIC v. ODNI is one of four leading FOIA cases seeking public disclosure of details of the Russian interference in the 2016 election. In related FOIA suit EPIC v. FBI, EPIC obtained the FBI's "Victim Notification Procedures" which were the subject of a Congressional hearing earlier this year.

Tags:

Posted by EPIC on December 19, 2017 10:20 AM |

EPIC, Coalition Urge Action on Toys that Spy

EPIC and a coalition of consumer privacy groups have asked the Federal Trade Commission to crack down on companies that sell internet-connected toys and smartwatches. The statement highlights an FTC complaint concerning My Friend Cayla and I-Que Intelligent Robot, toys that recorded and analyzed children's conversations filed more than a year ago. Many retailers worldwide have pulled these toys from their shelves, but the FTC has yet to take action on the complaint. "Connected toys raise serious privacy concerns," said EPIC President Marc Rotenberg. "Kids should play with their toys and their friends, and not with surveillance devices dressed as dolls." EPIC has backed many efforts to limit the risks of internet-connected toys. Recently, EPIC joined consumer groups in asking Mattel to cancel plans to sell Aristotle, an "always on" device that records the private conversations of young children. EPIC also supported a coalition letter asking the FTC to investigate smartwatches that track the location of children. The Norwegian Consumer Council has uncovered similar problems with Cayla and i-Que, and recently released a report on toys that track children.

Tags:

Posted by EPIC on December 19, 2017 10:35 AM |

D.C. Circuit Sets Schedule for EPIC Case to Obtain Trump Tax Returns

The D.C. Circuit Court of Appeals has set a schedule in EPIC’s case to obtain President Trump’s tax returns. EPIC previously argued that the IRS has the authority to release the records to correct numerous misstatements of fact concerning financial ties to Russia, such as President Trump’s tweet "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING." The IRS recently admitted to EPIC that it has used this authority at least 10 times in one year. The schedule for the appeal was announced the same week that Congress considers sweeping tax legislation, but Congress and the public remain in the dark about the consequences of the legislation on the President’s personal finances. According to CNN, 73% of Americans favor release of the President’s tax returns. EPIC v. IRS is one of several FOIA cases concerning Russian interference in the 2016 Presidential election, including EPIC v. ODNI (scope of Russian interference), EPIC v. FBI (response to Russian cyber attack), and EPIC v. DHS (election cybersecurity). EPIC’s opening brief in EPIC v. IRS is due January 24, 2018.

Tags:

Posted by John Davisson on December 19, 2017 4:28 PM |

December 20, 2017

French Privacy Agency to Block WhatsApp Facebook Data Transfers

France's data protection authority CNIL has given WhatsApp one month to stop sending user data to Facebook. EPIC and the Center for Digital Democracy urged the FTC in 2014 to mandate privacy safeguards for Facebook's acquisition of WhatsApp, and warned the FTC in 2016 that WhatsApp was sending user data to Facebook, violating privacy commitments. In May, Facebook was fined $122 million for misleading the European Commission during an investigation into the Facebook-WhatsApp merger, and in October, European privacy experts warned that WhatsApp was still not complying with EU data protection law.

Tags:

Posted by EPIC on December 20, 2017 9:40 AM |

FAA Advisory Panel Recommends Remote Tracking and Identification of Drones

A federal advisory panel has issued a report with recommendations for the remote tracking and identification of drones. The FAA advisory report also said the "FAA must review privacy considerations, in consultation with privacy experts and other Federal agencies, including developing a secure system that allows for segmented access to the ID and tracking information." EPIC backed remote identification and tracking of drones in comments on the agency's drone registration rule. EPIC also recommended privacy protections for the personal data collected for hobbyist drone users, though EPIC's recommendations go beyond the proposals contained in the advisory panel report. EPIC is currently challenging the FAA's failure to establish privacy safeguards. EPIC v. FAA is before the D.C. Circuit Court of Appeals, with oral arguments scheduled for January 25, 2018.

Tags:

Posted by EPIC on December 20, 2017 2:55 PM |

December 21, 2017

NYC Establishes Algorithm Accountability Task Force

New York City has passed the first bill to examine the discriminatory impacts of "automated decision systems." A task force will develop recommendations for how to make the city's algorithms fairer and more transparent. James Vacca, the bill's sponsor, said "If we're going to be governed by machines and algorithms and data, well, they better be transparent." EPIC supports algorithmic transparency and opposed systemic bias in "risk assessment" tools used in the criminal justice system. EPIC has filed Freedom of Information lawsuits to obtain information about "predictive policing" and "future crime prediction" algorithms. EPIC President Marc Rotenberg has called for laws that mandate algorithmic transparency and prohibit automated decision-making that results in discrimination.

Tags:

Posted by EPIC on December 21, 2017 12:45 PM |

EPIC Supports IRS Proposal to Limit SSN Collection

EPIC has filed comments with the IRS concerning its proposed rule that would allow employers to submit the last four digits of SSNs on W-2s rather than full SSNs. Due to the high risk of identity theft and financial fraud, EPIC recommended that the IRS make it mandatory to truncate SSNs on W-2s, saying "allowing the use of full SSNs will create unnecessary risk for those who do not truncate their SSNs." EPIC has participated in leading cases—Greidinger v. Davis, Beacon Journal v. Akron, and Ingerman v. IRS—involving the privacy of the SSN and has frequently testified in Congress about the need to establish privacy safeguards for the SSN.

Tags:

Posted by EPIC on December 21, 2017 1:00 PM |

Federal Appeals Court Dismisses Privacy Case Against Connected Car Makers

A federal appeals court has ruled that consumers don't have the right to seek legal relief from automakers whose connected cars endanger their privacy because the risk of remote hacking is "speculative." EPIC filed an amicus brief in the case warning that connected cars "expose American drivers to the risks of data breach, auto theft, and physical injury." EPIC urged the court to allow consumers to "the opportunity to present legal claims stemming from the defendants' sale of vehicles that place them at risk." But the court wrongly downplayed the consumers' privacy injuries and dismissed the case. EPIC recently urged the Supreme Court to reject warrantless searches of rental cars, which today collect vast troves of personal data. EPIC has filed numerous other amicus briefs defending consumer privacy rights, and EPIC has repeatedly warned the National Highway Traffic Safety Administration, the Federal Trade Commission, and the U.S. Congress about the privacy and consumer safety risks posed by connected vehicles.

Tags:

Posted by EPIC on December 21, 2017 2:30 PM |

National Security Strategy Acknowledges Importance of Democratic Institutions, Privacy

The White House has released the 2017 National Security Strategy. The report underscores the importance of democratic institutions and the rule of law. The report states the “government must do a better job of protecting data to safeguard information and the privacy of the American people,” and calls out "actors such as Russia [who] are using information tools in an attempt to undermine the legitimacy of democracies.” The report also cautions that cyber policy must be pursued "In accordance with the protection of civil liberties and privacy.” EPIC is currently pursuing several related FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. IRS (Release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity).

Tags:

Posted by Caitriona Fitzgerald on December 21, 2017 9:25 PM |

December 26, 2017

D.C. Circuit Refuses to Order Privacy Assessment in EPIC’s Suit Against Presidential Election Commission

The D.C. Circuit has issued a decision in EPIC’s suit to compel the Commission to conduct a Privacy Impact Assessment required by law and to halt the Presidential Election Commission’s collection of state voter data. The Court held that EPIC, a privacy and open government organization, did not have standing to challenge the Commission’s failure to conduct and publish a privacy assessment as required under the E-Government Act. EPIC’s initial filing led the Commission to suspend the collection of voter data, discontinue the use of an unsafe computer server, and delete the voter information that was unlawfully obtained. Many states and over 150 members of Congress have opposed the Commission’s efforts to collect state voter data. EPIC’s case is EPIC v. Commission, No. 17-1320 (D.D.C.) & 17-5171 (D.C. Cir.).

Posted by Alan Butler on December 26, 2017 12:16 PM |

December 27, 2017

EPIC Opposes State Department's Plan to Collect Social Media Identifiers of Visa Applicants

EPIC wrote comments to the State Department opposing the agency's plan to make permanent the collection of social media identifiers from individuals applying for visas to enter the U.S. EPIC warned: "this proposal leaves the door open for abuse, mission creep, and the disproportionate targeting of Muslim and Arab Americans." EPIC also opposed the agency's request for emergency approval of the plan earlier this year and a similar proposal by the Department of Homeland Security.

Tags:

Posted by EPIC on December 27, 2017 10:50 AM |

Search


About December 2017

This page contains all entries posted to epic.org in December 2017. They are listed from oldest to newest.

November 2017 is the previous archive.

January 2018 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Pro 6.3.3