Latest News - October 1, 2014
EPIC has filed a complaint with the Federal Trade Commission concerning the loss of personal information of almost 2.5 m current and former students, employees, and vendors in Maricopa County. According to EPIC, the District's failure to maintain a comprehensive information security program led to a "massive breach of names, addresses, phone numbers, e-mail addresses, Social Security numbers, dates of birth, certain demographical information, and enrollment, academic, and financial aid information." EPIC further alleges the District violated the Federal Trade Commission's Safeguards Rule by failing to protect students financial information. EPIC's complaint follows a similar complaint by DataBreaches.net. EPIC said that, "many education institutions in the United States are subject to the Safeguards Rule. The District's case is a particularly egregious example of the risk of failing to safeguard sensitive personal information." For more information, see EPIC: Student Privacy.
EPIC has filed extensive comments in response to a request from the Consumer Financial Protection Bureau. EPIC urged the Bureau to limit the information debt collectors gather on consumers. EPIC advised the Bureau to prohibit debt collectors from contacting employers and others about consumer debt. EPIC also advised the Bureau to require debt collectors to protect the information they acquire and to allow consumers to see the information about hem that js collected. EPIC routinely submits comments to federal agencies, urging them to uphold the Privacy Act and protect individuals from telephone and Internet misuse. In 2004, EPIC submitted comments regarding the "CAN-SPAM" Act and the proposed National "Do Not Email" Registry. In 2006, EPIC testified before Congress regarding the Truth in Caller ID Act of 2006. And in 2009, EPIC submitted comments on the Truth in Caller ID Act of 2009, recommending a prohibition against overriding calling parties' privacy choices. For more information, see EPIC: Comments on the Fair Debt Collection Practices Act, and EPIC: The Fair Credit Reporting Act.
The U.S. Court of Appeals for the Ninth Circuit ruled in United States v. Dreyer that an agent for the Naval Criminal Investigative Service violated Defense Department regulations and the Posse Comitatus Act when he conducted a surveillance operation in Washington state to identify civilians who might be sharing illegal files. The 1878 Act prevents the U.S. military from enforcing laws against civilians. The appeals court ruled that the NCIS intrusion into civilian networks showed “a profound lack of regard for the important limitations on the role of the military in our civilian society.” The court also ruled that the evidence obtained by NCIS should be suppressed to “deter future violations.” In a petition to the Supreme Court, EPIC challenged the NSA’s surveillance of domestic communications. The NSA is a component of the Department of Defense. For more information, see In re EPIC and EPIC v. DOJ: Warrantless Wiretapping Program.
EPIC has obtained new documents detailing the Department of Army’s use of surveillance blimps over the nation’s capital. The documents include thirty heavily redacted pages of equipment descriptions and data. In May EPIC filed suit against the Department of the Army to obtain details about a sophisticated tracking and targeting system that will be deployed over Washington, DC during the next three years. JLENS is comprised of two 250' blimps. One blimp conducts aerial and ground surveillance over a 340-mile range, while the other has targeting capability including HELLFIRE missiles. The JLENS was originally deployed in Iraq. In the FOIA Request, EPIC asked the Army for technical specifications as well as any policies limiting domestic surveillance. An Army spokesperson said recently that JLENS will “absolutely not” include video surveillance gear. Similar blimps have been deployed by the DHS for border security. They include video surveillance. For more information, see EPIC: EPIC v. Army - Surveillance Blimps and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.
The Federal Aviation Administration granted six exemptions for the commercial use of drones to companies in the film and television industry this week. The agency found that the proposed operation do not “pose a threat to national airspace users or national security.” Safety requirements include: line of site tracking, restrict flights to the “sterile area” on the set, inspection after each flight, and prohibiting operation at night. The agency is currently considering another 40 requests from various commercial entities. Currently, no privacy protections are in place to address the commercial use of drones. EPIC has testified in Congress in support of a comprehensive drone privacy law—calling for use limitations, data retention limitations, transparency, and public accountability. The Federal Aviation Administration to develop drone privacy guidelines after an EPIC-lead coalition petition. EPIC also urged the agency to mandate minimum privacy standards for drone operators. For more information, see EPIC: Domestic Drones.
The most recent product announcement from Apple, includes several privacy enhancing techniques that EPIC has favored, including randomized MAC addresses, end-to-end encryption, robust screen lock, and implementation of secure electronic payment systems. Still, EPIC has raised questions about Health Kit, which enables the collection and transfer of sensitive medical information, and the enforcement of developer guidelines. For more information, see, EPIC: Practical Privacy Tools and EPIC: Location Privacy.
EPIC has just received documents about the FBI's Rap Back program. The FBI now routinely collects biometric data for ongoing background checks on nongovernment employees. In response to EPIC's FOIA request, the FBI is currently reviewing thousands of pages about the "Rap Back" program. Rap Back is part of the FBI's Next Generation Identification initiative, one of the largest biometric databases in the world, tied to data centers managed by the Department of Homeland Security, Department of Defense, and other government agencies. EPIC previously sued the FBI for documents about the NGI database and uncovered agency acceptance of high error rates. For more information, see Spotlight on Surveillance: Next Generation Identification.
In comments to the Consumer Financial Protection Bureau, EPIC and other public interest organizations urged the Bureau to publish consumer complaint narratives. The Bureau currently publishes limited complaint information on financial products and services, including debt collection and credit reports. The Bureau is now considering a plan to provide consumer perspectives on experiences with the financial industry. The consumer groups support this effort and also recommend obtaining consumer consent and removing personally identifiable information before posting the complaints. Last year, EPIC uncovered documents revealing that many student debt collection companies fail to meet legal privacy obligations. For more information, see EPIC: Comments on the Fair Debt Collection Practices Act, and EPIC: The Fair Credit Reporting Act.
In a joint submission to the United Nations, the Brennan Center, EPIC, and other public interest organizations urged the Human Rights Council to review U.S. surveillance programs. The Council regularly performs a Universal Periodic Review of the human rights record of UN Member States. As a result of the Council's last review, the U.S. Government committed to protect individual privacy and stop spying on citizens without judicial authorization. The coalition letter argues that U.S. has not honored this commitment and that U.S. "surveillance activities also violate the rights to privacy, freedom of expression, and the freedom of peaceful assembly and association..." guaranteed by the Universal Declaration of Human Rights. In January 2010, twenty-nine experts in privacy and technology affiliated with EPIC wrote to then U.S. Secretary of State Hillary Clinton to urge that the United States ratify the Council of Europe Convention on Privacy. For more information, see EPIC: Council of Europe Privacy Convention.
The FBI announced that the Next Generation Identification system, one of the largest biometric databases in the world, has reached "full operational capability." In 2013, EPIC filed a Freedom of Information Act lawsuit about the NGI program. EPIC obtained documents that revealed an acceptance of a 20% error rate in facial recognition searches. Earlier this year, EPIC joined a coalition of civil liberties groups to urge the Attorney General Eric Holder to release an updated Privacy Impact Assessment for the NGI. The NGI is tied to "Rap Back," the FBI's ongoing investigation of civilians in trusted positions. EPIC also obtained FOIA documents revealing FBI agreements with state DMVs to run facial recognition searches, linked to NGI, on DMV databases. EPIC's recent Spotlight on Surveillance concluded that NGI has "far-reaching implications for personal privacy and the risks of mass surveillance." For more information, see EPIC: EPIC v. FBI - Next Generation identification.
EPIC has filed a Freedom of Information Act lawsuit to obtain test reports about an online voting program promoted by the Department of Defense. The records sought relate to the functionality and security of electronic voting systems. The California Secretary of State, Members of Congress, and voting rights advocates have tried to obtain these documents, but DOD has kept them secret even after promising public disclosure in 2012. Computer scientists have long warned about the risks of electronic voting systems. In the complaint, EPIC states that "it is absolutely critical for the documents sought in this matter be disclosed prior to further deployment of e-voting systems in the United States." The case is EPIC v. Department of Defense, No 14-1555 (D.D.C. filed 9/11/2014). For more information, see EPIC: EPIC v. DOD - E-voting Security Tests.
EPIC has filed an amicus curiae brief, joined by 33 technical experts and legal scholars, in support of a challenge to the NSA telephone record collection program. The case Smith v. Obama will be heard by the Court of Appeals for the Ninth Circuit this fall. Earlier this year, a lower court ruled that the Fourth Amendment does not protect telephone call record information because of a 1979 case Smith v. Maryland. In the brief for the federal appeals court, EPIC wrote that "changes in technology and the Supreme Court's recent decision in Riley v. California favor a new legal rule that recognizes the privacy interest inherent in modern communications records." EPIC routinely participates as a friend of the court in cases raising novel privacy and civil liberties issues. For more information, see EPIC: Smith v. Obama, EPIC: Riley v. California, and EPIC Amicus Briefs.
Top News Archive
Defend Student Privacy.
Opt Out of Marketing:
Vote For EPIC's SXSWedu 2015 Panel
"Data Privacy: Can Innovation and Privacy Coexist?"
Vote for EPIC's SXSW Interactive 2015 Panel
"When Brands Get Creepy: Where to Draw the Line?"
EPIC in the News
Student Data Collection Is Out of Control
New York Times
September 24, 2014
LA County to collect more personal data without public notice
The Center For Investigative Reporting
September 24, 2014
Google Wi-Fi Roundup Has Lawyers Chasing Landmark Jackpot
September 24, 2014
More EPIC in the News >>
OECD Forum of the Knowledge Economy
Ministry of Internal Affairs
October 2, 2014
Fourth Amendment & Privacy in the Digital Age: The Supreme Court's Cell Phone Cases and What’s Next
EPIC Senior Counsel
October 2, 2014
International Working Group on Data Protection and Telecommunications
October 14-15, 2014
The Year in Government Information: NSA Revelations, FOIA Developments, and More
EPIC Senior Counsel
ABA Administrative Law Conference 2014
October 17, 2014
OECD Experts on International Security Guidelines
October 27, 2014
Maine Judicial Conference
Director, EPIC Open Government Program
"Bird's Eye View: Transatlantic Data Exposures and Regulatory Enforcement"
Director, EPIC Open Government Program
More EPIC Events >>
Recent EPIC Events
EPIC 2014 Champion of Freedom Awards Dinner
June 2, 2014
January 14, 2014
USA Today: Facebook Study Sparks Outrage and an FCC Complaint
Designing Technology to Restore Privacy: Deborah C. Peel, MD at TEDxTraverseCity 2014
Privacy Video Archive >>
In re EPIC
In re EPIC
(Petition to U.S. Supreme Court Challenging NSA Telephone Records Program)
EPIC FOIA Cases
EPIC v. DOJ
(Government Surveillance Reports)
More EPIC FOIA Cases >>
EPIC Amicus Briefs
Riley v. California
(Warrantless Search of a Cell Phone During an Arrest)
More EPIC Amicus Briefs >>
Other EPIC Filings
Facebook - WhatsApp
More EPIC Filings >>