epic.org: April 2018 Archives

Safety Commission Responds to EPIC's Google Home Mini Complaint

The Consumer Product Safety Commission responded to a complaint from EPIC and a coalition of consumer groups, urging the Commission to order the recall of the Google Home Mini "smart speaker." The touchpad on the device was permanently set to "on" so that Google recorded all conversations without a consumer's knowledge or consent. The groups wrote "this is a classic manufacturing defect that places consumers at risk. The defect in Google Home Mini is well within the purview of the Consumer Product Safety Commission." In the response, the Commission claimed that it monitors the hazards of IoT but said that it does not pursue privacy or data security issues. IoT devices are frequently the target of botnet attacks. According to Hacker News, "the DDoS threat landscape is skyrocketing" and the UK National Cyber Security Centre's report has called for comprehensive safeguards for IoT devices. EPIC Senior Counsel Alan Butler has written about products liability for IoT manufacturers.

Tags:

Posted by EPIC on April 2, 2018 3:50 PM | Permalink

French President: Algorithmic Transparency Key to National AI Strategy

French President Emmanuel Macron has expressed support for "Algorithmic transparency" as a core democratic principle. In an interview with Wired magazine, President Macron said that algorithms deployed by the French government and companies that receive public funding will be open and transparent. President Macron emphasized, "I have to be confident for my people that there is no bias, at least no unfair bias, in this algorithm." President Macron's statement echoed similar comments in 2016 by German Chancellor Angela Merkel, "These algorithms, when they are not transparent, can lead to a distortion of our perception, they narrow our breadth of information." EPIC has a longstanding campaign to promote transparency and to end secret profiling. At UNESCO headquarters in 2015, EPIC said that algorithmic transparency should be a fundamental human right. In recent comments to UNESCO, EPIC highlighted the risk of secret profiling, content filtering, the skewing of search results, and adverse decision-making, based on opaque algorithms.

Tags:

algorithmic transparency

Posted by EPIC on April 2, 2018 4:05 PM | Permalink

EPIC Sues AccuWeather for Deceptively Tracking Consumers

EPIC has filed a consumer protection lawsuit against AccuWeather for deceptively tracking the location of subscribers who downloaded the company’s app. In papers filed in the District of Columbia, EPIC charged that AccuWeather tracked consumers even when they expressly opted out of location tracking. EPIC also charged that AccuWeather failed to disclose that it transferred location data to third-party advertisers. EPIC alleges that these practices violate the District of Columbia Consumer Protection Procedures Act. EPIC has long advocated for the privacy of location data. EPIC filed a “friend of the court” brief with the US Supreme Court in a case concerning police surveillance and a complaint with the Federal Trade Commission concerning Uber’s tracking of subscribers. EPIC also opposed Apple’s tracking of iPhone users. EPIC also maintains detailed webpages on location privacy.

Posted by Alan Butler on April 2, 2018 4:24 PM | Permalink

D.C. Circuit Won't Fix Deeply Flawed Ruling in EPIC’s Case Against Presidential Election Commission

The D.C. Circuit Court of Appeals has refused to void an earlier ruling in EPIC's case to halt the collection of state voter data by the Presidential Election Commission. Although the Commission was disbanded in January, last year's decision by a three-judge panel of the D.C. Circuit remains on the books. The panel wrongly held that EPIC, a privacy and open government organization, did not have standing to challenge the Commission's failure to conduct and publish a privacy impact assessment required by law. EPIC asked the full D.C. Circuit to take the rare step of revisiting the panel's decision, but the court declined. EPIC's lawsuit previously led the Commission to suspend the collection of voter data, discontinue the use of an unsafe computer server, delete the voter information that was unlawfully obtained. Many states and over 150 members of Congress opposed the Commission's efforts to collect state voter data. EPIC will continue to pursue the case, which is eligible for appeal to the U.S. Supreme Court. The case is EPIC v. Commission, No. 17-1320 (D.D.C.) & 17-5171 (D.C. Cir.).

Tags:

Posted by EPIC on April 2, 2018 5:20 PM | Permalink

Congress Launches Caucus on Artificial Intelligence

Congressional leaders have announced the establishment of the Congressional Artificial Intelligence Caucus. The Caucus will bring together experts from academics, government, and the private sector to inform policymakers of the technological, economic and social impacts of advances in AI. The Congressional AI Caucus is bipartisan and co-chaired by Congressmen John Delaney (D-MD) and Pete Olson (R-TX). This is one of several initiatives in Congress to pursue AI policy objectives. Rep. Delaney introduced the FUTURE of Artificial Intelligence Act (H.R. 4625) and Rep. Elise Stefanik (R-NY) introduced a bill (H.R. 5356) that would create the National Security Commission on AI. In 2015, EPIC launched an international campaign for Algorithmic Transparency. EPIC has also warned Congress about the growing of opaque and unaccountable techniques in automated decision-making.

Tags:

Posted by EPIC on April 3, 2018 3:35 PM | Permalink

EPIC, Consumer Groups to Urge Federal Trade Commission to Investigate Facebook's Use of Facial Recognition

EPIC and a coalition of consumer groups will file a complaint with the FTC on Friday charging that Facebook's use of facial recognition techniques threaten user privacy and violate the 2011 Consent Order with the Commission. "The scanning of facial images without express, affirmative consent is unlawful and must be enjoined," the groups wrote. Last week the organizations urged the Federal Trade Commission to reopen the 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the consent order, and noting that the order also prohibited Facebook from "making misrepresentations about the privacy or security of consumers' personal information." The FTC has confirmed that an investigation is now underway. The FTC said, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements." Facebook CEO Mark Zuckerberg will testify next week before the Senate Judiciary Committee and the House Commerce Committee. In 2011 EPIC urged the FTC to investigate Facebook's facial recognition practices. In 2012 EPIC advised the FTC "Commercial actors should not deploy facial techniques until adequate safeguards are established. As such safeguards have not yet been established, EPIC would recommend a moratorium on the commercial deployment of these techniques."

Tags:

Posted by EPIC on April 5, 2018 11:35 AM | Permalink

UPDATE - EPIC, Consumer Groups Urge FTC to Investigate Facebook's Use of Facial Recognition

EPIC and a coalition of consumer groups have filed a complaint with the FTC, charging that Facebook's use of facial recognition techniques threaten user privacy and "in multiple ways" violate the 2011 Consent Order with the Commission. "The scanning of facial images without express, affirmative consent is unlawful and must be enjoined," the groups wrote. Last week the organizations urged the Federal Trade Commission to reopen the 2009 investigation of Facebook, arguing that the disclosure of user data to Cambridge Analytica violated the consent order, and noting that the order also prohibited Facebook from "making misrepresentations about the privacy or security of consumers' personal information." In 2011 EPIC and consumer groups urged the FTC to investigate Facebook’s facial recognition practices. In 2012 EPIC advised the FTC "Commercial actors should not deploy facial techniques until adequate safeguards are established. As such safeguards have not yet been established, EPIC would recommend a moratorium on the commercial deployment of these techniques." EPIC President Marc Rotenberg said today, "Facebook should suspend further deployment of facial recognition pending the outcome of the FTC investigation."

Tags:

Posted by EPIC on April 6, 2018 9:35 AM | Permalink

EPIC Comments to UN Highlight Privacy Flaws in US Surveillance, Consumer Protection

EPIC has submitted input to the UN Office of the High Commissioner for Human Rights for an upcoming report on the right to privacy in the digital age. The OHCHR is soliciting information for a report to Human Rights Council on the right to privacy around the world. EPIC's comments detail shortcomings in US privacy law, including the CLOUD Act, the reauthorization of FISA Section 702, and FTC's failure to enforce consumer privacy guarantees. EPIC also highlighted the need for the Special Rapporteur on Privacy to promote fundamental privacy rights, particularly Article 12 of the Universal Declaration of Human Rights.

Tags:

Posted by EPIC on April 6, 2018 1:30 PM | Permalink

EPIC Urges Senate to Focus on FTC Consent Order with Facebook

In advance of a joint hearing about Facebook's failure to protect the personal data of users, EPIC has sent a comprehensive statement to the Senate Committee on the Judiciary and the Senate Committee on Commerce. EPIC is urging the Senators to focus on the 2011 Consent Order between Facebook and the Federal Trade Commission. In 2009, EPIC and a coalition of consumer groups presented the FTC with a complaint, containing detailed evidence, legal theories, and proposed remedies to address growing concerns about Facebook. The FTC adopted a Consent Order in 2011, based on EPIC's Complaint, but failed to enforce the Order even after EPIC sued the agency in a related matter. In numerous comments to the FTC, EPIC and others urged the FTC to enforce its consent order. In the statement to the Senate this week, EPIC contends that the Cambridge Analytica debacle could have been prevented if the FTC enforced the Order.

Tags:

Posted by EPIC on April 9, 2018 12:10 PM | Permalink

EPIC Provides U.S. Report for Privacy Experts Meeting

EPIC has provided a comprehensive report explaining the latest developments in U.S. privacy law and policy for the 63rd meeting of the International Working Group on Data Protection. The Working Group includes Data Protection Authorities and experts from around the world who work together to address emerging privacy challenges. The EPIC 2018 report details the CLOUD Act, the FTC's failure to enforce its legal judgment against Facebook, the ongoing investigation of the Russian interference in the 2016 election, federal nominees to the FTC and PCLOB, recent legislative proposals on Artificial Intelligence, and more. The 64th meeting of the IWG will take place in Queenstown, New Zealand on November 29-30. In April 2017, EPIC hosted the 61st meeting of the IWG in Washington, D.C. at the Goethe-Institut, Germany's cultural institute.

Tags:

Posted by EPIC on April 9, 2018 5:20 PM | Permalink

EPIC Sues ICE Over Technology Used to Conduct Warrantless Searches of Mobile Devices

EPIC has filed a Freedom of Information Act lawsuit against Immigration and Customs Enforcement for details of the agency's use of mobile forensic technology to conduct warrantless searches of mobile devices. ICE has contracts with a company called Cellebrite for techniques to unlock, decrypt, and extract data from mobile devices, including personal data stored in cloud-based accounts. Privacy complaints regarding the search of mobile devices at the border continue to increase. In a statement to Congress last year, EPIC warned that enhanced surveillance at the border will impact the rights of U.S. citizens. Senator Patrick Leahy (D-VT) and Senator Steve Daines (R-MT) have introduced legislation to place restrictions on searches and seizures of electronic devices at the border.

Tags:

Posted by EPIC on April 9, 2018 5:30 PM | Permalink

US and European Consumer Groups Urge Mark Zuckerberg to Comply with GDPR in All Countries

The Transatlantic Consumer Dialogue (TACD), a coalition of more than 70 consumer organization in North America and Europe, has sent a letter to Facebook CEO Mark Zuckerberg urging him to comply with the EU General Data Protection Regulation (GDPR) as a baseline standard, not just for EU consumers as it is required, but for all Facebook services. TACD wrote, "The GDPR helps ensure that companies such as yours operate in an accountable and transparent manner, subject to the rule of law and the democratic process. The GDPR provides a solid foundation for data protection, establishing clear responsibilities for companies that collect personal data and clear rights for users whose data is gathered. These are protections that all users should be entitled to no matter where they are located." Zuckerberg will testify before the Senate and House this week on Facebook's failure to protect user data. The TransAtlantic Consumer Dialogue was established in 1998 and works to promote the consumer interest in EU and US policy making.

Tags:

Posted by EPIC on April 9, 2018 5:35 PM | Permalink

Zuckerberg Confirms Global Compliance with GDPR

In response to a series of questions from Rep. Gene Green, (D-TX), Facebook CEO Mark Zuckerberg confirmed that Facebook will comply with the new European Union privacy law - "the GDPR" - in all jurisdictions. Earlier this week, the Transatlantic Consumer Dialogue (TACD), a coalition of more than 70 consumer organization in North America and Europe, sent a letter to Mr. Zuckerberg urging him to comply with the GDPR as a baseline standard for all Facebook users worldwide. TACD wrote, "The GDPR helps ensure that companies such as yours operate in an accountable and transparent manner, subject to the rule of law and democratic process."

Tags:

Posted by EPIC on April 11, 2018 11:30 AM | Permalink

EPIC Tells Senate Finance Committee: Support Release of Trump Tax Records

In advance of a hearing regarding challenges facing the IRS, EPIC sent a statement to the Senate Finance Committee urging the release of President Trump's tax returns. EPIC v. IRS is one of several FOIA cases EPIC is pursuing concerning Russian interference in the 2016 Presidential election. EPIC recently filed the opening brief in the case before the D.C. Circuit Court of Appeals. EPIC told the court that the IRS has the authority to disclose the President's returns to correct numerous misstatements of fact concerning financial ties to Russia. For example, President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"--a claim "plainly contradicted by his own attorneys, family members, and business partners." As EPIC told the Court, "there has never been a more compelling FOIA request presented to the IRS."

Tags:

EPIC v. IRS

Posted by Caitriona Fitzgerald on April 12, 2018 9:11 AM | Permalink

EPIC Sues to Enforce Transparency Obligations of FAA's Drone Advisory Committee

EPIC has filed suit to enforce the open government obligations of the Drone Advisory Committee, an industry-dominated committee that advises the Federal Aviation Administration on U.S. drone policy. For over a year, the Committee has conducted much of its work in secret and ignored the privacy risks posed by the deployment of drones, even after the Committee identified privacy as a top public concern. EPIC's lawsuit would force the Committee to disclose its work to the public. EPIC has a long history of promoting government transparency. EPIC's case to establish drone privacy regulations, EPIC v. FAA, No. 16-1297, is pending before the D.C. Circuit Court of Appeals.

Tags:

Posted by EPIC on April 12, 2018 10:50 AM | Permalink

European Court of Justice Receives Key Questions on Future of EU-US Personal Data Transfers

The Irish High Court has sent eleven questions to the European Court of Justice for review in Data Protection Commissioner v. Facebook. The case considers whether Facebook's transfers of data from Ireland to the United States violate the European Charter of Fundamental Rights. The case follows the 2015 landmark decision Schrems v. DPC, which found that the US had insufficient privacy law to protect the personal data of Europeans. The new case examines "standard contractual clauses" and whether the US provides sufficient remedies for privacy violations, whether future data transfers should be suspended, and whether the EU-US "Privacy Shield" matters. EPIC was designated the US NGO amicus curiae in this case, and provided a detailed assessment of US privacy law.

Tags:

Posted by EPIC on April 12, 2018 12:30 PM | Permalink

FTC Strengthens Penalties Against Uber for Covering Up Data Breach

The Federal Trade Commission has strengthened its 2017 settlement with Uber because the company hid a massive data breach and bug bounty program in 2016. Under the revised settlement, Uber must submit all of its privacy audits to the FTC, and will face civil penalties if it fails to disclose another breach. In February 2018, EPIC advised Congress that "bug bounty programs do not excuse non-compliance with data breach notification laws." The FTC's 2017 settlement with Uber was the result of EPIC's 2015 complaint to the Commission detailing Uber's numerous privacy abuses. In public comments, EPIC advised the FTC to strengthen the settlement by making all of Uber's privacy audits available to the public.

Tags:

Posted by EPIC on April 12, 2018 1:20 PM | Permalink

EPIC Pursues Privacy Impact Assessments for DHS Database of Journalists

EPIC has submitted a Freedom of Information Act request to the Department of Homeland Security seeking Privacy Impact Assessments and other records related to the solicitation for "media monitoring services." The DHS posted a solicitation to compile a database of journalists and "media influencers," including bloggers and social media influencers. The DHS is seeking to identify journalists based on their beat, publication, contact information, and articles published. Agency officials plan to search lists and analyze news coverage. By law, a federal agency is required to conduct a Privacy Impact Assessment before procuring information technology that contains personally identifiable information. In a prior FOIA lawsuit, EPIC obtained Privacy Impact Assessments from the FBI that were not publicly available. And in EPIC v. Presidential Election Commission, EPIC challenged the failure of the Commission to undertake a Privacy Impact Assessment prior to the collection of state voter data. The Commission was shuttered earlier this year.

Tags:

Posted by EPIC on April 13, 2018 12:20 PM | Permalink

EPIC to UK Privacy Commissioner: Data Protection Assessments Require Algorithmic Transparency

EPIC has submitted extensive comments on proposed guidance for Data Protection Impact Assessments. The new European Union privacy law - the "GDPR" — requires organizations to carefully assess the collection and use of personal data. In comments to UK privacy commissioner, EPIC said that disclosure of the technique for decision making is a core requirement for Data Protection Impact Assessments. EPIC supports "Algorithmic Transparency". EPIC has pursued criminal justice FOIA cases, and FTC consumer consumer complaints to promote transparency and accountability. EPIC has warned Congress of the risks of "citizen scoring."

Tags:

Posted by EPIC on April 13, 2018 3:00 PM | Permalink

EU Privacy Officials Back Strong Crypto

The Article 29 Working Party has released a statement on encryption policy. The Working Party stated "strong and efficient encryption is a necessity in order to guarantee the protection of individuals with regard to the confidentiality and integrity of their data which are the elementary underpinning of the digital economy." The Working Party found that "backdoors and master keys deprive encryption of its utility and cannot be used in a secure manner. Any obligation aiming at reducing the effectiveness of those techniques in order to allow law enforcement access to encrypted data could seriously harm the privacy of European citizens." The Working Party is a group of leading privacy officials in the European that often issues reports and opinions on emerging privacy issues. Under the GDPR, the Working Party will become the European Data Protection Board with new legal authorities. Communications services with escrow encryption, and other similar techniques, could be prohibited under the GDPR. EPIC began in April 1994 with the first internet petition, the campaign to stop the Clipper Chip, a key escrow encryption scheme developed by the NSA.

Tags:

Posted by EPIC on April 16, 2018 11:10 AM | Permalink

EPIC Urges Secretary of State to Support International Privacy Convention

EPIC submitted a statement following the Senate nomination hearing on Mike Pompeo for Secretary of State. EPIC said that the US Secretary of State should uphold privacy as a fundamental human right around the world. The United States Department of State publishes an annual human rights report that covers "internationally recognized individual, civil, political, and worker rights, as set forth in the Universal Declaration of Human Rights and other international agreements." EPIC also said that "international agreements provide the best opportunity to establish data protection standards" and urged the Secretary of State to ratify the International Privacy Convention. Privacy experts and advocates have also called for adoption of the Madrid Privacy Declaration, a comprehensive framework for data protection.

Tags:

Posted by EPIC on April 16, 2018 12:30 PM | Permalink

EPIC to House Oversight Committee: Support Release of Trump Tax Records

In advance of a hearing regarding IRS oversight, EPIC sent a statement to a House committee urging the release of President Trump's tax returns. As EPIC explained, "candidates for the Presidency have routinely released tax record information to the American public. Mr. Trump broke with that tradition even though he pledged to make this information publicly available." As a consequence, EPIC brought a FOIA suit for the release of the President's tax returns. EPIC recently filed the opening brief in EPIC v. IRS, now before the D.C. Circuit Court of Appeals. EPIC told the court that the IRS has the authority to disclose the President's returns to correct numerous misstatements of fact concerning financial ties to Russia. For example, President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"--a claim "plainly contradicted by his own attorneys, family members, and business partners." As EPIC explained to the Court and to Congress, "there has never been a more compelling FOIA request presented to the IRS."

Tags:

Posted by EPIC on April 17, 2018 9:35 AM | Permalink

Supreme Court Vacates Microsoft Email Privacy Case

The Supreme Court has vacated United States v. Microsoft, a case concerning whether a U.S. communications law can be used by a U.S. law enforcement agency to obtain personal data stored outside of the U.S. While the case was pending, the Congress quickly passed the CLOUD Act, which requires internet companies to hand over personal data to U.S. law enforcement agencies, no matter where that data is stored. The Court then determined that there was no longer a matter to adjudicate and ended the proceeding. EPIC's amicus brief to the Supreme Court argued that human rights law and privacy standard should govern law enforcement access to personal data stored abroad. In recent comments to the UN, EPIC explained that the CLOUD Act "undermines communications privacy protections."

Tags:

Posted by EPIC on April 17, 2018 2:30 PM | Permalink

Tax Day: EPIC Files Second Lawsuit to Obtain Trump Tax Records

EPIC has filed a second Freedom of Information Act lawsuit to obtain President Trump's tax records. EPIC is seeking information about IRS settlements involving the President and his businesses—information which the agency is required to disclose to the public upon request. The IRS agreed to process EPIC's request in February but has failed to release any records to date. EPIC previously sued the IRS for the release of the President's personal tax returns to correct misstatements of fact about his financial ties to Russia. President Trump tweeted "I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim contradicted by the President's own lawyers. That case, EPIC v. IRS, is now before the D.C. Circuit Court of Appeals. EPIC is litigating several other FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. FBI (response to Russian cyber attack) and EPIC v. DHS (election cybersecurity).

Tags:

Posted by EPIC on April 17, 2018 3:40 PM | Permalink

EPIC Tells Congress to Consider Census Privacy Risks

In advance of a hearing on the Census Bureau, EPIC told Congress to consider the privacy issues arising from potential misuse of Census data. After the Department of Commerce announced that the 2020 Census will include a question on citizenship status, many have expressed concerns about the confidentiality of the data collected. EPIC told Representatives: "your committee should ensure that the data collected by the federal government is not misused." The census raises significant privacy risks and has been used to discriminate. EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to the Department of Homeland Security after 9-11. As a consequence, the Census Bureau revised its policy on sharing statistical information about "sensitive populations" with law enforcement or intelligence agencies. Customs and Border Protection also changed its policy on requesting "information of a sensitive nature from the Census Bureau."

Tags:

Posted by EPIC on April 17, 2018 6:05 PM | Permalink

EPIC Supports Additional Regulation of Robocalls

In advance of a hearing on "Abusive Robocalls and How We Can Stop Them" EPIC recommended reforms that would combat fraud while protecting privacy. EPIC supports regulations that would (1) allow phone providers to proactively block numbers that are unassigned, unallocated, or invalid; (2) block invalid numbers without requiring consumer consent; (3) provide strong security measures for any database of blocked numbers; and (4) prohibit spoofing with the intent to defraud or cause harm. EPIC played a leading role in the creation of the Telephone Consumer Protection Act and continues to defend the Act.

Tags:

Posted by EPIC on April 17, 2018 6:40 PM | Permalink

EPIC Tells House Committee: Require Transparency for Government Use of AI

In advance of a hearing on "Game Changers: Artificial Intelligence Part III, Artificial Intelligence and Public Policy," EPIC told the House Oversight Committee that Congress must implement oversight mechanisms for the use of AI by federal agencies. EPIC said that Congress should require algorithmic transparency, particularly for government systems that involve the processing of personal data. EPIC also said that Congress should amend the E-Government Act to require disclosure of the logic of algorithms that profile individuals. EPIC made similar comments to the UK Privacy Commissioner on issues facing the EU under the GDPR. A recent GAO report explored challenges with AI, including the risk that machine-learning algorithms may not comply with legal requirements or ethical norms. EPIC has pursued several criminal justice FOIA cases, and FTC consumer complaints to promote transparency and accountability. In 2015, EPIC launched an international campaign for Algorithmic Transparency.

Tags:

Posted by EPIC on April 19, 2018 10:50 AM | Permalink

Latin American Consumer Groups Urge Facebook to Comply with GDPR in All Countries

A coalition of 14 consumer groups in Latin America has sent a letter to Facebook CEO Mark Zuckerberg, urging him to comply with the EU General Data Protection Regulation (GDPR) at a global level. The groups wrote, "The GDPR provides a solid foundation for the protection of personal data: it establishes clear responsibilities for companies that collect and process personal data and provides data subjects, Facebook users whose data your company collects and processes, with clear rights. These are protections that all users should be entitled to, regardless of where they are located." Earlier this month, the Transatlantic Consumer Dialogue (TACD), a coalition of consumer groups in North America and Europe, also sent a letter to Facebook advocating for the GDPR to be implemented as a baseline standard of data protection for all users.

Tags:

Posted by EPIC on April 19, 2018 11:00 AM | Permalink

Senator Blumenthal Calls On FTC To Enforce Consent Order Against Facebook

Senator Richard Blumenthal (D-CT) has called for "monetary penalties that provide redress for consumers and stricter oversight" in a letter to the Federal Trade Commission. Senator Blumenthal focused on the FTC's 2011 Consent Order that EPIC, and a coalition of consumer groups obtained, after preparing a detailed complaint in 2009. Referring to the Cambridge Analytica scandal, Senator Blumenthal wrote that "three of the FTC's claims concerned the misrepresentation of verification and privacy preferences of third-party apps." Senator Blumenthal also raised questions about the FTC's monitoring of the consent order, noting that "even the most rudimentary oversight would have uncovered these problematic terms of service." And the Senator stated, "The Cambridge Analytica matter also calls into question Facebook's compliance with the consent decree's requirements to respect privacy settings and protect private information." EPIC and other consumer groups recently urged the FTC to reopen the investigation. The FTC has confirmed that an investigation of Facebook is now underway.

Tags:

Posted by EPIC on April 20, 2018 9:25 AM | Permalink

EPIC Obtains Partial Release of 2017 Facebook Audit

EPIC has obtained a redacted version of the 2017 Facebook Assessment required by the 2012 Federal Trade Commission Consent Order. The Order required Facebook to conduct biennial assessments from a third-party auditor of Facebook's privacy and security practices. In March, EPIC filed a Freedom of Information Act request for the 2013, 2015, and 2017 Facebook Assessments as well as related records. The 2017 Facebook Assessment, prepared by PwC, stated that "Facebook's privacy controls were operating with sufficient effectiveness" to protect the privacy of users. This assessment was prepared after Cambridge Analytica harvested the personal data of 87 million Facebook users. In a statement to Congress for the Facebook hearings last week, EPIC noted that FTC Commissioners represented that the Consent Order protected the privacy of hundreds of millions of Facebook users in the United States and Europe.

Tags:

Posted by EPIC on April 20, 2018 4:10 PM | Permalink

EPIC Sues FTC for Release of Facebook's Audits

EPIC has filed a Freedom of Information Act lawsuit to obtain the release of the unredacted Facebook Assessments from the FTC. The FTC Consent Order. required Facebook to provide to the FTC biennial assessments conducted by an independent auditor. In March, EPIC filed a Freedom of Information Act request for the 2013, 2015, 2017 Facebook Assessments and related records. EPIC's FOIA request drew attention to a version of the 2017 report available at the FTC website. But that version is heavily redacted. EPIC is suing now for the release of unredacted report. EPIC has an extensive open government practice and has previously obtained records from many federal agencies. The case is EPIC v. FTC, No. 18-942 (D.D.C. filed April 20, 2018).

Tags:

Posted by EPIC on April 20, 2018 4:45 PM | Permalink

EPIC to Senate: Weaknesses in Cybersecurity Threaten Both Consumers and Democratic Institutions

EPIC submitted a statement to the Senate Homeland Security Committee in advance of a hearing on "Cyber Threats Facing America." Last year, the White House National Security Strategy report set out the administration's goals for global policy. EPIC supports several of the goals in the National Strategy report, including enhanced cybersecurity, support for democratic institutions, and protection of human rights. EPIC wrote to the Senate Committee to seek assurances that those goals will remain priorities for this administration. Quoting former world chess champion Garry Kasparov, EPIC also said "perhaps it is a firewall and not a border wall that the United States needs to safeguard our national interests at this moment in time."

Tags:

Posted by EPIC on April 24, 2018 9:40 AM | Permalink

EPIC to Congress: Enhanced Surveillance at Border Will Impact Rights of U.S. Citizens

EPIC has sent a statement to the House Homeland Security Committee in advance of a hearing with the Commissioner of Customs and Border Protection. EPIC urged the Committee to ask the CBP Commissioner about the collection of biometric data at US airports. EPIC described the growing use of facial recognition that capture the images of US travelers. EPIC also pointed to a recent study that found racial disparities with the technique. EPIC is currently seeking records from the federal agency concerning the accuracy of facial recognition. EPIC also recommended the Committee examine how CBP will comply with state laws prohibiting warrantless aerial surveillance when deploying drones at the border. As a result of an earlier FOIA lawsuit, EPIC found that the CBP is deploying drones with facial recognition technology without warrant authority.

Tags:

Posted by EPIC on April 24, 2018 4:50 PM | Permalink

U.S. Courts Release 2017 FISA Report

The Administrative Office of the U.S. Courts has issued the 2017 report on activities of the Foreign Intelligence Surveillance Court. Scrutiny of FISA applications increased substantially in 2017. The 2017 FISA report reveals that there were 1,614 FISA applications in 2017, of which 1,147 were granted, 391 were modified, 50 were denied in part, and 26 were denied in full. As compared to 2016, the FISA court denied nearly two times as many applications in part, and denied nearly three times as many applications in full. EPIC testified before Congress in 2012 on the need to improve review of FISA applications. In recent comments on US surveillance authority, EPIC noted the reauthorization of 702 spying authorities without sufficient safeguards.

Tags:

fisa
FISC

Posted by EPIC on April 25, 2018 5:15 PM | Permalink

EPIC Urges Congress to Require Algorithmic Transparency For Dominant Internet Firms

In advance of a hearing on Filtering Practices of Social Media Companies, EPIC has sent a statement to the House Judiciary Committee. EPIC said that "algorithmic transparency" could help establish fairness, transparency, and accountability for much of what users see online. In 2011, EPIC sent a letter to the FTC stating that Google's acquisition of YouTube led to a skewing of search results after Google substituted its secret "relevance" ranking for the original objective ranking, based on hits and ratings. The FTC took no action on EPIC's complaint. But last year, after a seven year investigation, the European Commission found that Google rigged search results to give preference to its own shopping service. The Commission required Google to change its algorithm to rank its own shopping comparison the same way it ranks its competitors.

Tags:

Posted by EPIC on April 25, 2018 5:25 PM | Permalink

EPIC, Coalition Urge Ethics Board to Prevent the Use of Facial Recognition on Body Cameras

In a letter to Axon's Artificial Intelligence Ethics Board, EPIC and a coalition of civil rights and civil liberties groups called upon the Board to prevent Axon, the largest provider of police body cameras, from implementing real-time facial recognition. The letter states that "real-time facial recognition would chill the constitutional freedoms of speech and association." In 2015, EPIC forewarned that body cameras implemented for police accountability "could easily become a system of mass surveillance." EPIC also highlighted at the time that "the benefits of body cameras as a tool of police accountability have not been established." Last year, the largest study to date of police body cameras concluded that the cameras had no impact on police use of force and civilian complaints.

Tags:

Posted by EPIC on April 26, 2018 11:30 AM | Permalink

EPIC, Coalition Condemn Russia Ban on Encrypted Messaging App

EPIC joined dozens of human rights organizations condemning Russia's attempt to block encrypted messaging app Telegram. In an open letter, the coalition states Russia's attempts to block the app have "resulted in extensive violations of freedom of expression and access to information, including mass collateral website blocking." The groups call on international organizations and governments to challenge Russia's actions, and on tech companies to resist government attempts to compromise fundamental rights. EPIC has historically campaigned in support of strong encryption. In April 1994, EPIC initiated the campaign to stop the Clipper Chip, a key escrow encryption scheme developed by the NSA.

Tags:

Posted by EPIC on April 30, 2018 10:25 AM | Permalink

Supreme Court To Review Fairness of Cy Pres Awards In Class Action Settlements

The Supreme Court today granted certiorari to address for the first time whether a class action settlement that awards cy pres but provides no direct relief to class members is "fair, reasonable, and adequate." The case, Frank v. Gaos, involves a settlement arising from Google's tracking of Internet users by circumventing their browsers' privacy settings. The settlement awarded cy pres funds to several organizations but resulted in no change in Google's business practices nor payments to class members. EPIC objected to the proposed settlement on three separate occasions, arguing that, "The proposed settlement is bad for consumers and does nothing to change Google's business practices. The company will simply revise its notice so that it may continue to engage in the privacy-invading practice that class counsel claimed at one time provided the basis for class action certification and monetary relief." EPIC has routinely opposed class action settlements that fail to compensate class members or change business practices. In 2013, Chief Justice John Roberts wrote that the Court would soon need to address "fundamental concerns" surrounding the use of cy pres in class action settlements. EPIC has proposed an objective basis to evaluate cy pres awards.

Tags:

Posted by EPIC on April 30, 2018 12:05 PM | Permalink

U.S. House Report Finds FBI Cyberattack Victim Notification Inadequate

The House Permanent Select Committee on Intelligence has published a redacted version of its report on Russian interference with the 2016 Presidential Election. The report concludes that Russia did conduct cyberattacks on U.S. political institutions in 2015 and 2016. It also found that the FBI's "notification to numerous Russian hacking victims was largely inadequate." The report recommends that the FBI improve cyberattack victim notification. In a Freedom of Information Act lawsuit EPIC v. FBI, EPIC obtained the FBI notification procedures that would have applied during the 2016 Presidential election. The documents state that "[b]ecause timely victim notification has the potential to completely mitigate ongoing and future intrusions and can mitigate the damage of past attacks while increasing the potential for the collection of actionable intelligence, CyD's policy regarding victim notification is designed to strongly favor victim notification." However, the FBI did not follow this procedure following cyber attacks on the DNC and RNC during the 2016 Presidential Election. The Committee also recommended measures to strengthen U.S. election systems, such as paper ballots, protection of voter registration systems, and funding for risk assessment of state election agency computer systems. In early 2017, EPIC launched the Project on Democracy and Cybersecurity.

Tags:

Posted by EPIC on April 30, 2018 5:15 PM | Permalink