epic.org: June 2018 Archives

EPIC's Spotlight on Surveillance: Social Media Monitoring

In 2011, EPIC uncovered the first government program to monitor social media. EPIC v. DHS revealed that a government agency was tracking posts on social media to identify critics of government. Today EPIC released a new report on the recent developments in government media monitoring. The report follows a case filed by EPIC this week concerning a new DHS program for "Media Monitoring Services." The report explores different media monitoring systems and points to the absence of effective controls. EPIC's Spotlight on Surveillance also highlights the privacy and civil liberties risks, including chilling free speech, discrimination, unreliability, and misattribution. EPIC's Spotlight on Surveillance project explores the privacy and civil liberties implications of surveillance programs in the United States. EPIC has previously released reports on drones, the FBI's Next Generation Identification program, and "enhanced" driver's licenses.

Tags:

Posted by EPIC on June 1, 2018 9:30 AM | Permalink

EPIC Urges Appeals Court to Deny Immunity for Dating App that Ignores Egregious Abuse

EPIC has filed an amicus brief in a case about whether a dating app should be liable for failing to remove false profiles, including name and likeness, that posed a danger to personal safety. In Herrick v. Grindr, LLC, EPIC told the Second Circuit Court of Appeals that Section 230, a provision in the Communication Decency Act, was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC emphasized that a lower court opinion "would not advance the speech-promoting policy of the statute." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if Internet services are not accountable for harassment and abuse. EPIC frequently participates as amicus curiae in cases concerning emerging privacy and civil liberties issues, including hiQ Labs v. LinkedIn and Eichenberger v. ESPN.

Tags:

Posted by EPIC on June 1, 2018 10:45 AM | Permalink

EPIC, Coalition Call for Investigation into FBI's Inflated Encryption Statistic

EPIC and a coalition of twenty organizations called for the Department of Justice Inspector General to investigate the FBI's "grossly inflated" statistic of encrypted devices inaccessible to law enforcement in 2017. The Washington Post reported that the FBI repeatedly stated it was locked out of 7,800 devices, but subsequent review suggested the actual number is about 1,200. The coalition wrote to the IG asking him to investigate the error, why DOJ officials used the data point after it was discovered to be incorrect, and what measures were taken to inform Congress and the public of the FBI's miscalculation. EPIC President Marc Rotenberg previously told POLITICO that the revelation was "a very serious matter" that "calls into question" the FBI's other statements about "the scope of electronic surveillance in the United States."

Tags:

Posted by EPIC on June 5, 2018 12:30 PM | Permalink

Facebook Overrode Users’ Privacy Settings And Allowed Device Makers To Access Personal Data

Facebook had secret arrangements with at least 60 device makers granting them access to users' personal data, according to a report by the New York Times. Facebook overrode users privacy settings to allow companies to access sensitive information that users' had explicitly set to private. These arrangements directly contradict Facebook's previous statements that it cut off third party access to user data in 2015. Facebook is already under FTC investigation for violating a 2011 Consent Order that EPIC and consumer privacy organizations obtained. The Order bars Facebook from disclosing data to third parties without explicit consent. EPIC recently urged the FTC to enforce the Consent Order following revelations that Facebook allowed Cambridge Analytica to access the data of 87 million users. In a recent memo, FTC Commissioner Rohit Chopra stated that "FTC orders are not suggestions."

Tags:

Posted by EPIC on June 5, 2018 12:40 PM | Permalink

Sec. Dunlap, Sec. Padilla, Dr. Neumann and Dr. Perrin Receive EPIC Awards

At the National Press Club in Washington, DC, EPIC presented the 2018 Champions of Freedom Awards to Maine Secretary of State Matthew Dunlap and California Secretary of State Alex Padilla for their defense of the privacy of state voter records. Secretary Dunlap and Secretary Padilla successfully opposed the efforts of the Presidential Advisory Commission on Election Integrity to obtain voter data on state residents. The inscription on the award read "Guardian of privacy and democratic institutions." Dr. Peter Neumann received the 2018 EPIC Lifetime Achievement Award for his work on computer-related risk. Dr. Stephanie Perrin received the 2018 EPIC Privacy Champion Award for her work on WHOIS privacy. The EPIC Champion of Freedom Awards are presented annually to individuals who defend democratic values with courage and integrity. Previous recipients include Senator Patrick Leahy, Judge Pat Wald, Tim Cook, and Garry Kasparov. The EPIC awards event was preceded by a policy panel on the GDPR with FTC Commissioner Rohit Chopra and leading experts in data protection and privacy law.

Posted by EPIC on June 7, 2018 5:15 PM | Permalink

Court of Appeals Vacates FTC's LabMD Order, Finding It Lacked Specifics

The Court of Appeals for the Eleventh Circuit has vacated an administrative order by the Federal Trade Commission, which required the medical testing company LabMD to implement "reasonable" data security measures, finding that the order was not specific enough to be enforceable. The court explained that the FTC can require companies to implement data security measures as long as it provides specific guidance. EPIC has repeatedly urged the FTC to mandate specific data security requirements in consumer privacy settlements, including in comments on recent settlements with Uber and PayPal. EPIC also submitted an amicus brief in FTC v. Wyndham, a case in which the Third Circuit Court of Appeals upheld the FTC's authority to enforce data security standards.

Tags:

Posted by EPIC on June 7, 2018 5:25 PM | Permalink

EPIC Tells Congress to Consider Census Privacy Risks

In advance of a hearing on the 2020 Census, EPIC told Congress to consider the privacy issues arising from potential misuse of Census data. After the Department of Commerce announced that the 2020 Census will include a question on citizenship status, many have expressed concerns about the confidentiality of the data collected. EPIC told Representatives: "your committee should ensure that the data collected by the federal government is not misused." The census raises significant privacy risks and has been used to discriminate. EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to the Department of Homeland Security after 9-11. As a consequence, the Census Bureau revised its policy on disclosing statistical information about "sensitive populations" to law enforcement or intelligence agencies. Customs and Border Protection also changed its policy on requesting "information of a sensitive nature from the Census Bureau."

Tags:

Census
foia

Posted by EPIC on June 8, 2018 10:50 AM | Permalink

EPIC FOIA: EPIC Obtains Documents About Decision to Add Census Citizenship Question

Through a Freedom of Information Act request, EPIC has obtained documents (part 1, part 2, part 3, part 4) considered by Commerce Secretary Wilbur Ross to add a citizenship question to the 2020 Census. Following a request from the Department of Justice, the Census Bureau announced that it would ask about citizenship status for the first time in over 50 years. The documents obtained by EPIC, and others who made similar requests, reflect the varying opinions from lawmakers, scientists, and immigration groups about the proposal. The documents also reveal that Kris Kobach, former Vice Chair of the now-defunct Presidential Advisory Commission on Election Integrity, urged Secretary Ross "on the direction of Steve Bannon" to add the citizenship question. According to an analysis conducted by the Census Bureau, the impact of asking about citizenship would be "very costly, harms the quality of the census count, and would use substantially less accurate citizenship data than are available" from other government resources. In a FOIA case against DHS, EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to the Department of Homeland Security after 9-11. As a consequence, the Census Bureau revised its policy on sharing statistical information about "sensitive populations" with law enforcement or intelligence agencies.

Tags:

Posted by EPIC on June 11, 2018 6:00 PM | Permalink

European Civil Liberties Committee: 'Privacy Shield' Should Be Suspended

Members of European Parliament are calling for the suspension of the EU-U.S. Privacy Shield if the U.S. does not comply in full by September 1, 2018. The Civil Liberties Committee ("LIBE") passed a resolution stating that the pact, which permits the flow of European consumers' personal data to the U.S, does not adequately protect privacy. LIBE urged US authorities to respond without delay to the Cambridge Analytica breach of 87 million Facebook users. The groups also expressed "strong concerns" about the CLOUD Act which permits US law enforcement to unilaterally access personal data stored in Europe. EPIC recently told the FTC that the Cambridge Analytica breach could have been avoided had the agency enforced a 2011 Consent Order that EPIC and a coalition of consumer privacy groups obtained.

Tags:

Posted by EPIC on June 12, 2018 1:40 PM | Permalink

EPIC to Senate Commerce: Work with NTIA to Update U.S. Privacy Laws

EPIC sent a statement to the Senate Commerce Committee in advance of a hearing on the NTIA, a key technology policy agency. EPIC warned that "American consumers face unprecedented privacy and security threats," citing both data breaches and "always on" devices that record users' private conversations. EPIC said that Congress and the NTIA should establish protections that minimize the collection of personal data and promote security for Internet-connected devices. EPIC urged Congress and the NTIA to work together to update U.S. privacy laws and establish a data protection agency. EPIC has testified before Congress, litigated cases, and filed complaints with the FTC regarding connected cars, "smart homes," consumer products, and "always on" devices.

Tags:

Posted by EPIC on June 12, 2018 4:30 PM | Permalink

EPIC to Senate Committee: Suspend Action on Drone Bill Until Agency Reports Complete

As the Senate Commitee on Homeland Security and Government Affairs considers S. 2836, the Preventing Emerging Threats Act of 2018: Countering Malicious Drones, EPIC has sent a statement to the Committee urging that action on the bill be suspended until DHS and other federal agencies establish and publish drone privacy procedures as required by a 2015 Presidential Memorandum. EPIC has brought a series of open government cases against the DHS and the Department of Defense to determine the use of drones by the federal government in the United States. EPIC's cases have determined that drones operated by the DHS intercept private communications, conduct human identification at a distance, and may include military payloads.

Tags:

drones

Posted by EPIC on June 13, 2018 10:25 AM | Permalink

EPIC Advises FCC on Robocalls Regulation

EPIC advised the FCC on how to interpret the Telephone Communications Protection Act to best protect consumers in light of a recent decision in ACA Int'l v. FCC. EPIC filed a friend of the court brief in that case arguing that consumers could revoke consent by any "reasonable means." The court agreed but vacated other aspects of the rule. EPIC's comments argue that the FCC should require callers to meet three conditions to simplify the revocation of consent: (1) inform consumers of their right to revoke, (2) provide a simple means of revocation, and (3) comply in a timely manner. EPIC contributed to the development of the Telephone Communications Protection Act and regularly submits comments to the FCC.

Tags:

Posted by EPIC on June 13, 2018 4:25 PM | Permalink

Apple Will Bolster Encryption Of Devices, Prevent Apps From Selling Contact Lists

Apple announced two measures to strengthen the privacy and security of its devices: it will close a loophole that allowed law enforcement to access devices and it will prevent apps from secretly selling contact lists. In 2016, Apple refused a demand by the FBI to build backdoor access to iPhones to allow the FBI to unlock the phone of a criminal suspect. The FBI sued Apple, and EPIC filed an amicus brief in support of Apple, arguing that the FBI's demand "places at risk millions of cell phone users across the United States." The FBI eventually dropped the case. In a privacy complaint to the FTC, EPIC also opposed Google's plan to launch "Buzz," a social networking service, with private address book information. Google later backed off the plan and shuttered Buzz. In 2015, EPIC gave the Champion of Freedom Award to Apple CEO, Tim Cook, for his work protecting privacy and promoting encryption.

Tags:

Posted by EPIC on June 14, 2018 5:00 PM | Permalink

EPIC to House Committee: The "Digital Advertising Ecosystem" is Not Healthy

EPIC has submitted a statement to the House Energy & Commerce Committee regarding today's hearing on "Understanding the Digital Advertising Ecosystem." EPIC told the Committee "The 'Digital Advertising Ecosystem' today is not healthy. Two companies dominate the market. The privacy of Internet users is under assault. The revenue model that sustained journalism is broken. The ad platforms are manipulated by foreign adversaries. Secrecy and complexity are increasing as accountability is diminished. It would be foolish to imagine that the current model is sustainable." In 2000, EPIC opposed Doubleclick's acquisition of Abacus. In 2007, EPIC told the FTC that Google's proposed acquisition of DoubleClick would lead to consumers being tracked and profiled by advertisers across the web.

Tags:

Google/DoubleClick

Posted by EPIC on June 14, 2018 6:10 PM | Permalink

EPIC Urges Safety Commission to Regulate Privacy and Security of IoT Device

EPIC submitted comments to the Consumer Product Safety Commission, urging the agency to regulate the privacy and security of Internet of Things devices. EPIC advised the Commission to require IoT manufacturers to (1) minimize data collection, (2) conduct privacy impact assessments, and (3) implement Privacy Enhancing Techniques (“PETs”). EPIC recently told Congress that “CPSC should establish mandatory privacy and security standards, and require certification to these standards before IoT devices are allowed into the market stream.” EPIC has also called out the CPSC for its reluctance to address the privacy and security challenges of IoT. In the statement to Congress, EPIC described the increasing risks to American consumers.

Tags:

Posted by Caitriona Fitzgerald on June 15, 2018 3:33 PM | Permalink

EPIC Urges Senate Judiciary to Examine FBI Response to Russian Cyber Attacks

EPIC has sent a statement to the Senate Judiciary Committee ahead of Monday's hearing "Examining the Inspector General’s First Report on Justice Department and FBI Actions in Advance of the 2016 Presidential Election." EPIC urged the Committee to explore the FBI's ability to respond to future cyberattacks. According to documents obtained by EPIC, the FBI is to notify victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." But an AP investigation found that the FBI failed to notify hundreds of officials whose email was hacked during the 2016 election. EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act lawsuit, EPIC v. FBI. Last month, a federal court ruled that the agency may withhold records still sought by EPIC but said that lawmakers should pursue threats to democratic institutions described in the EPIC lawsuit.

Tags:

Posted by Caitriona Fitzgerald on June 15, 2018 4:23 PM | Permalink

EPIC Pursues Privacy Impact Assessments for Proposed DHS Biometric Database

EPIC has submitted an urgent Freedom of Information Act request to the Department of Homeland Security seeking the Privacy Impact Assessment for the "Homeland Advanced Recognition Technology," a proposed system that will integrate biometric identifiers across the federal government. HART would replace IDENT, which now contains biometric records on over 220 million unique individuals. In 2015 a breach at the Office of Personnel Management compromised 22 m records, including 5 m digitized fingerprints. It appears that Homeland Security failed to complete the Privacy Assessment prior to launching HART. By law, a federal agency is required to conduct a Privacy Impact Assessment before procuring information technology that stores personally identifiable information. In EPIC v. Presidential Election Commission, EPIC challenged the failure of the Commission to undertake a Privacy Impact Assessment prior to the collection of state voter data. The Commission was shuttered earlier this year.

Tags:

Posted by EPIC on June 18, 2018 1:10 PM | Permalink

EPIC Urges Senate Committee to Focus on Consent Order with Facebook

EPIC has sent a statement to the Senate Commerce Committee outlining the FTC's failure to enforce the 2011 Consent Order with Facebook. The statement from EPIC is for a hearing on "Cambridge Analytica and Other Facebook Partners: Examining Data Privacy Risks." In 2009, EPIC and several consumer groups pursued a complaint, containing detailed evidence, legal theories, and proposed remedies to address growing concerns about Facebook's data practices. The FTC established a Consent Order in 2011, but failed to enforce the Order even after EPIC sued the agency in a related matter. In the statement to the Senate this week, EPIC contends that the FTC could have prevented the Cambridge Analytica debacle and Facebook's secret arrangements with device makers if the agency enforced the 2011 Order.

Tags:

Posted by EPIC on June 19, 2018 9:30 AM | Permalink

DC Circuit Denies EPIC's Petition, Will Not Mandate Privacy Rules for Drones

The D.C. Circuit ruled today in EPIC v. FAA that EPIC lacked standing to compel the FAA to establish privacy rules for commercial drones. In 2012 EPIC, backed by more than one hundred organizations and privacy experts, petitioned the agency to establish privacy safeguards for drones. EPIC also cited a 2012 law requiring the FAA to develop a "comprehensive plan" for drone deployment. EPIC subsequently filed suit against the FAA, challenging the 2016 rule authorizing commercial drone operations without any privacy safeguards. Today the D.C. Circuit declined to reach the merits of EPIC's challenge, finding that neither EPIC nor its members had established an "injury" caused by the FAA rule. EPIC will continue to push for the establishment of drone privacy safeguards at the FAA. The drone privacy case is EPIC v. FAA, No. 16-1297 (D.C. Cir.).

Tags:

Posted by EPIC on June 19, 2018 12:00 PM | Permalink

D.C. Circuit Sets Date for Argument in EPIC v. IRS, FOIA Case for Trump's Tax Returns

The D.C. Circuit has scheduled oral argument in EPIC v. IRS, EPIC's Freedom of Information Act case to obtain public release of President Trump's tax returns. The Court will hear the case on Thursday, September 13, 2018. EPIC has argued that the IRS has the authority to disclose the President's returns to correct numerous misstatements of fact concerning his financial ties to Russia. For example, President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim "plainly contradicted by his own attorneys, family members, and business partners." As EPIC told the Court, "there has never been a more compelling FOIA request presented to the IRS." A broad majority of the American public favor the release of the President's tax returns. EPIC v. IRS is one of several FOIA cases EPIC is pursuing concerning Russian interference in the 2016 Presidential election, including EPIC v. FBI (response to Russian cyber attack) and EPIC v. DHS (election cybersecurity).

Tags:

Posted by EPIC on June 19, 2018 12:10 PM | Permalink

At Senate Hearing, Former FTC CTO States That Facebook Violated FTC Consent Order

In a Senate Commerce Committee hearing today on Facebook and data privacy, former FTC CTO Ashkan Soltani stated that Facebook violated the 2011 FTC Consent Order by transferring personal data to Cambridge Analytica and device makers contrary to user privacy expectations. Soltani said that Facebook continued to misrepresent the extent to which users could control their privacy settings and allowed device makers to override users' privacy settings. Senator Blumenthal and other members of Congress had previously said the company violated the Consent Order, which was the result of complaints filed by EPIC in 2009 and 2010. In a statement to the Committee in advance of the hearing, EPIC urged the Senate to focus on the FTC's failure to enforce the Consent Order with Facebook.

Tags:

Posted by EPIC on June 19, 2018 5:25 PM | Permalink

FTC Launches New Inquiry on "Competition and Consumer Protection in the 21st Century"

The FTC Chairman Joe Simmons announced today that the FTC will hold a series of public hearings this fall on how to safeguard consumer protection and competition in light of economic and technologic developments. "The hearings may identify areas for enforcement and policy guidance, including improvements to the agency's investigation and law enforcement processes, as well as areas that warrant additional study," said the FTC. The hearings will focus on several topics, including "the intersection between privacy, big data, and competition" and "the use of algorithmic decision tools, artificial intelligence, and predictive analytics." The FTC is requesting public comment in advance of the hearings. This will be the first time the FTC has reexamined its approach to consumer protection and competition since the FTC's 1995 hearings on "Global Competition and Innovation." EPIC participated in those hearings and helped the FTC develop authority to address emerging privacy issues. More recently, EPIC has put forward "10 Recommendations" for how the FTC can protect consumers, promote competition, and encourage innovation.

Tags:

Posted by EPIC on June 20, 2018 1:55 PM | Permalink

Victory for Privacy: Supreme Court Says Cell Phone Location Records Protected Under Fourth Amendment

In a landmark ruling, the U.S. Supreme Court held that the Fourth Amendment protects location records generated by mobile phones. The government in Carpenter v. United States had obtained more than 6 months of location records without a warrant. EPIC filed a "friend-of-the-court" brief in Carpenter, signed by thirty-six technical experts and legal scholars, urging the Court to recognize that the "world has changed since Smith v. Maryland" was decided. EPIC argued that "Cell phones are now as necessary to the life of Americans as they are ubiquitous" and that users expect their location data will remain private. The Court agreed, in a decision by the Chief Justice, emphasizing the importance of protecting privacy as technology advances: "As technology has enhanced the Government's capacity to encroach upon areas normally guarded from inquisitive eyes, this Court has sought to 'assure[ ] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.'" The Court held that "an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through" a cell phone. Dissenting opinions were filed by Justices Kennedy, Thomas, Alito, and Gorsuch.

Tags:

Posted by EPIC on June 22, 2018 10:35 AM | Permalink

EPIC To Congress: Require Transparency for Use of AI

In advance of a hearing on "Artificial Intelligence - With Great Power Comes Great Responsibility," EPIC told the House Science Committee that Congress must implement oversight mechanisms for the use of AI. EPIC said that Congress should require algorithmic transparency, particularly for government systems that involve the processing of personal data. EPIC said that Congress should amend the E-Government Act to require disclosure of the "logic" of algorithms that profile individuals. EPIC also said that the White House Select Committee on Artificial Intelligence should be open to public comment. EPIC has pursued several criminal justice FOIA cases, and FTC consumer complaints to promote transparency and accountability. In 2015, EPIC launched an international campaign for Algorithmic Transparency.

Tags:

Posted by EPIC on June 25, 2018 5:05 PM | Permalink

EPIC Seeks Records about White House AI Committee and Transparency

EPIC has submitted a Freedom of Information Act request to the General Service Administration about the White House's Select Committee on Artificial Intelligence. The Select Committee will advise the President and coordinate AI policies among executive branch agencies. The Select Committee charter states that it may receive advice from private sector groups, but it does not state whether the public will participate in the committee's activities. EPIC is seeking records from the GSA to determine whether the Committee intends to comply with federal open meeting obligations. EPIC has previously told Congress that the Select Committee should be open to public comment.

Tags:

Posted by EPIC on June 26, 2018 9:20 AM | Permalink

In EPIC FOIA Case, FTC Releases New Information from Facebook Audits

In response to an EPIC Freedom of Information Act lawsuit, the Federal Trade Commission today released materials, previously withheld, from the biennial Facebook audits. The audits were required by the FTC's 2011 Consent Order with Facebook. Heavily redacted versions of those audits were previously available on the FTC's website. But in March, following the Cambridge Analytica breach, EPIC filed an urgent FOIA request for the complete 2013, 2015, 2017 Facebook audits. (The 2017 audit covers the period the Cambridge Analytica breach.) In a detailed letter to Congress in April, EPIC explained that the FTC failed to review the reports and failed to enforce the 2011 consent order against Facebook. The documents released today to EPIC contain information that was not previously available to the public. EPIC is currently reviewing the documents obtained from the FTC.

Tags:

Posted by EPIC on June 26, 2018 4:20 PM | Permalink

After Carpenter Decision, EPIC Calls on Congress to Update Federal Wiretap Law

In advance of a hearing on “Bolstering Data Privacy and Mobile Security” EPIC has told the House Science Committee that Congress should apply a heightened “super warrant” standard to "StingRays,” a technique for tracking cell phones users. After an EPIC FOIA lawsuit revealed that the FBI was using stingrays without a warrant, the Bureau changed its practices. EPIC filed amicus briefs in U.S. v. Jones and Carpenter v. U.S., two recent Supreme Court cases, arguing that a warrant is required to obtain location information. In a landmark ruling last week, the Supreme Court held that the Fourth Amendment protects location records generated by mobile phones. As a consequence, EPIC said, Congress should update federal privacy law.

Tags:

Posted by Caitriona Fitzgerald on June 27, 2018 8:08 AM | Permalink

US Consumer Groups Urge FTC To Examine 'Deceived by Design' Practices

EPIC and a coalition of consumer organizations sent a letter to the FTC about recent tactics by Facebook and Google to trick users into disclosing personal data. "We urge you to investigate the misleading and manipulative tactics of the dominant digital platforms in the United States, which steer users to 'consent' to privacy-invasive default settings," the letter states. The letter highlights a report by the Norwegian Consumer Council entitled "Deceived by Design," which details how companies employ numerous tricks and tactics to nudge users into selecting the least privacy-friendly options. EPIC and consumer privacy organizations previously filed complaints with the FTC when Facebook undermined users' privacy settings and Google automatically opted users into Google Buzz. In both cases, the FTC determined that the companies had engaged in "unfair and deceptive trade practices." Both Facebook and Google settled with the FTC and were then subject to 20 year consent orders that were intended to prevent the companies from engaging in similar practices in the future.

Tags:

Posted by EPIC on June 27, 2018 9:59 AM | Permalink

EPIC Testifies at FEC Hearing on Online Political Ads, Urges Greater Transparency

The Federal Election Commission is holding a two day hearing to hear expert testimony on the agency's proposed rule governing disclosures for political ads on the Internet. Christine Bannan, EPIC Administrative Law and Policy Fellow, will testify on the second day of the hearing. EPIC submitted multiple comments to the FEC urging the agency to promulgate rules that would require online political ads to disclose funders as is required for traditional media ads. EPIC proposed the FEC adopt "algorithmic transparency" procedures that would require advertisers to disclose the demographic factors behind targeted political ads, as well as the source and payment, and maintain a public directory of advertiser data. EPIC's Project on Democracy and Cybersecurity, established after the 2016 presidential election, seeks to safeguard democratic institutions from various forms of cyber attack.

Tags:

Posted by EPIC on June 27, 2018 11:35 AM | Permalink

EPIC Urges Appeals Court to Protect Consumers Against Invasive Cookie Tracking Practices

EPIC has filed an amicus brief with the Ninth Circuit Court of Appeals in In re: Facebook, Inc. Internet Tracking Litigation. At issue is whether Facebook violated the privacy rights of users by tracking their web browsing even after they logged out of the platform. EPIC explained that cookies "no longer serve the interests of users" and instead "tag, track, and monitor users across the Internet." EPIC said a lower court wrongly concluded that users should develop countermeasures to assert their privacy rights. EPIC responded that it would be absurd to expect users to compete in a "technical arms race" when "Facebook's tracking techniques are designed to escape detection and the company routinely ignores users' privacy protections." EPIC first identified the privacy risks of cookie tracking in a 1997 report "Surfer Beware: Personal Privacy and the Internet." EPIC frequently participates as amicus curiae in consumer privacy cases, including hiQ Labs v. LinkedIn and Eichenberger v. ESPN.

Tags:

Posted by EPIC on June 27, 2018 12:20 PM | Permalink

Court Orders Defunct Presidential Election Commission to Release Records

A federal court in Washington, DC has ruled that the Presidential Election Commission must release a large volume of records detailing its activities from last year. The ruling, in a case brought by Maine Secretary of State and EPIC Champion of Freedom Matthew Dunlap, requires the Commission to disclose all "relevant documents that any of the former commissioners generated or received." After the court ordered the Commission to release the same records in December, the President abruptly disbanded the Commission. EPIC brought the lead case against the Commission, forcing it to suspend the collection of voter data, discontinue the use of an unsafe computer server, and delete the voter information that was unlawfully obtained. EPIC is continuing to pursue its case on appeal and will ask the Supreme Court to grant review.

Tags:

Posted by EPIC on June 28, 2018 12:10 PM | Permalink

White House Organizes Secret Meeting on Future of Artificial Intelligence

The White House's Select Committee on Artificial Intelligence held its first meeting this week but the public was not invited. The Select Committee was announced last month at the White House Summit on Artificial Intelligence for American Industry which was also closed to public participation. According to the Summit report, many of the critical issues in the AI field, including "fairness," "transparency," and "accountability," were never mentioned. EPIC has filed a Freedom of Information Act request seeking records about the establishment of the Select Committee. In advance of a hearing this week on Artificial Intelligence, EPIC told the House Science Committee that Congress must implement oversight mechanisms for the use of AI by federal agencies and ensure that the White House Select Committee is open to public participation.

Tags:

Artificial Intelligence

Posted by EPIC on June 28, 2018 1:45 PM | Permalink

California Passes Milestone Privacy Law

The State of California has enacted the California Consumer Privacy Act of 2018, the most comprehensive consumer privacy state law ever enacted in the United States. The Act will establish the right of residents of California to know what personal information about them is being collected; to know whether their information is sold or disclosed and to whom; to limit the sale of personal information to others; to access their information held by others; and to obtain equal service and price, even if they exercise their privacy rights. The Act will allow individuals to delete their data and it will establish opt-in consent for those under 16. The Consumer Privacy Act provides for enforcement by the Attorney General, a private right of action, and will establish a Consumer Privacy Fund to support the purposes of Act. The California Consumer Privacy Act of 2018 follows a California ballot initiative that gathered over 600,000 signatures. After the Equifax data breach, EPIC testified in the U.S. Senate that comprehensive privacy legislation was long overdue. The EPIC State Policy Project also provides expertise to the states to help shape strong privacy laws.

Tags:

Posted by EPIC on June 28, 2018 5:10 PM | Permalink

EPIC Advises UK Data Protection Authority on GDPR Implementation

EPIC has submitted comments to the UK Data Protection Authority on implementation of the General Data Protection Regulation. EPIC urged the UK privacy agency to (1) promote transparency of enforcement proceedings, (2) increase scrutiny of mergers concerning personal data, and (3) encourage cooperation with the US FTC. EPIC said that international cooperation is necessary to hold companies accountable. Yesterday, EPIC and several consumer groups urged the FTC to investigate Facebook and Google's deceptive consent practices that violate both US and UK law. Last year, EPIC made similar recommendations on the FTC 2018-2022 Strategic Plan.

Tags:

Posted by EPIC on June 28, 2018 6:30 PM | Permalink

EPIC Advises FCC on Robocalls Regulation

EPIC advised the FCC on how to interpret the Telephone Communications Protection Act to best protect consumers in light of the recent decision in ACA Int'l v. FCC. EPIC filed a friend of the court brief in that case arguing that consumers could revoke consent by any "reasonable means." The court agreed but vacated other aspects of the rule. Many industry groups urged the Commission to make a rule that if "any" human intervention is involved in the dialing or sorting of the list of numbers a calling system would not be considered an "automatic telephone dialing system." EPIC opposed that recommendation, explaining that such a definition would allow autodialers to use deceptive tactics to evade regulation. EPIC contributed to the development of the Telephone Communications Protection Act and regularly submits comments to the FCC.

Tags:

Posted by EPIC on June 29, 2018 9:15 AM | Permalink

EPIC Supports NIST Cryptographic Standards Process

In comments to the National Institute of Standards and Technology, EPIC backed NIST's efforts to coordinate "lightweight" crypto standards. EPIC took no position on the specific proposal, but expressed support for the NIST standard-setting process. EPIC said, "NIST's expertise in cryptography, its authority to accept public comment, and its ability to bring together leading experts to evaluate proposals is critical to the adoption of trustworthy computer standards in the United States and around the world." EPIC helped establish the freedom to use encryption in the United States with the "Clipper Chip" petition and has pursued many efforts to safeguard this right. Last week, EPIC advised NIST to revise the Risk Management Framework to make clear that federal agencies are required to conduct privacy impact assessments.

Tags:

Posted by EPIC on June 29, 2018 9:25 AM | Permalink