epic.org

Facebook Users Force Vote on Privacy Changes

2012-05-22T15:46:02Z

Facebook users have registered enough comments on Facebook's proposed privacy changes to force a vote on the issue. A provision in Facebook’s Statement of Rights and Responsibilities states that Facebook will allow users to vote on proposed alternatives if more than 7,000 users comment on a proposed change. The vote is binding if "more than 30 percent of all active registered users as of the date of the notice vote." Facebook's Data Use Policy accumulated 10,500 comments in English. The group Europe v. Facebook generated 30,000 comments on the German version of the page. The FTC recently issued a proposed settlement with Facebook that follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement.

Supreme Court Set to Review Wiretap Case

2012-05-21T19:39:17Z

The Supreme Court has agreed to hear Clapper v. Amnesty International USA, a challenge to the FISA Amendments Act of 2008. The Act expanded the Government's authority to engage in warrantless surveillance, and followed news of the Bush administration's program to wiretap international communications. A group of lawyers, journalists, and public interest organizations, who regularly engage in international communications, challenged the new law saying they feared that their private communications would be intercepted. The US Court of Appeals for the Second Circuit ruled that the case could proceed even though the plaintiffs had not established that they were subject to surveillance. The Government filed a petition for the Supreme Court to hear the case, which was granted today. EPIC recently filed an amicus brief in a Supreme Court case, First American v. Edwards, raising similar Article III standing issues in the context of a consumer protection statute. EPIC also filed an amicus brief along with the Stanford Constitutional Law Center and other interested groups, in Hepting v. AT&T, a case challenging AT&T's involvement in the FISA warrantless wiretapping program. For more information, see EPIC: Foreign Intelligence Surveillance Act (FISA).

EPIC Urges the Drug Enforcement Administration to Uphold Privacy Act Protections

2012-05-21T19:04:27Z

In response to a notice of proposed rulemaking, EPIC has submitted comments to the Drug Enforcement Administration of the Department of Justice, urging the agency to uphold Privacy Act protections, and to not claim broad exemptions from the Privacy Act. The proposed rule would exempt the agency from complying with crucial Privacy Act provisions, including the rights of record access and correction, and the duty to only collect relevant and necessary personal information. The proposed rule would even excuse the agency from any civil liability arising from willful Privacy Act violations. Following the Supreme Court decision in FAA v. Cooper, EPIC has set out proposed changes to the Privacy Act that would compensate individuals for provable nonpecuniary harms caused by willful violations of the Privacy Act. For more information, see EPIC: FAA v. Cooper and EPIC: The Privacy Act of 1974.

Federal Appeals Court Backs Justice Department in Voting Rights Dispute

2012-05-18T18:46:49Z

The Court of Appeals for the District of Columbia Circuit issued an opinion rejecting Shelby County, Alabama's constitutional challenge to the preclearance requirements of the Voting Rights Act of 1965. The Court held that Section 5 of the Act, which requires "covered jurisdictions" to show that new voting procedures, such as Voter ID requirements, are nondiscriminatory before those changes can be put into effect, is constitutional. Shelby County challenged the preclearance requirements after Congress reauthorized Section 5 in 2006. The Department of Justice recently blocked Voter ID laws in South Carolina and Texas through the Section 5 preclearance process. EPIC has argued that unreasonable voter ID requirements are an impermissible burden on the right to vote. For more information, see EPIC: Voter Photo ID and Privacy and EPIC: Crawford v. Marion County.

House Approves Amendment to Defense Spending Bill to Limit Defense Drones Surveillance

2012-05-17T21:41:00Z

The House of Representatives has approved an amendment, introduced by Congressman Landry (R-LA), to the National Defense Authorization Act to prohibit information collected by Department of Defense drones without a warrant from being used as evidence in court. New legislation requires the Federal Aviation Administration to develop rules governing the operation of drones in the U.S. National Airspace. Shortly after passage, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in US airspace. The petition is still pending with the agency. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

Privacy Board Approved by Judiciary Committee, Vote Moves to Senate

2012-05-17T17:52:58Z

The Senate Committee on the Judiciary has approved President Obama's five nominees for the Privacy and Civil Liberties Oversight Board. The Board is an independent entity charged with ensuring that fundamental rights are protected in the implementation of government programs, including cybersecurity. Originally convened in 2004, the five seats on the Board have remained vacant for the past five years. Senator Leahy, the Chairman of the Judiciary Committee, said, "When we worked to create this board, we did so to ensure that our fundamental rights and liberties would be preserved…The Senate should move quickly to confirm the nominees to the board so that they can get to their important work." For more information, see EPIC: 9/11 Commission Report and "The Sui Generis Privacy Agency: How the United States Institutionalized Privacy Oversight After 9-11."

EPIC Supports Geolocation Privacy Act, Suggests Improvement

2012-05-16T21:19:25Z

In a Statement for the Record, EPIC has expressed support for H.R. 2168, the "Geolocational Privacy and Surveillance Act," which prohibits the interception of location information by private parties and government agents acting without a search warrant. The bill will be considered at a hearing before the House Subcommittee on Crime, Terrorism, and Homeland Security. EPIC said "as communications technologies evolve, new forms of personal information are generated that require new legal safeguards." EPIC also recommended that Congress adopt purpose-specification and data limitation requirements for data stored by private companies, require affirmative consent prior to the collection of location data, and clarify an exception that permits the interception of location data made available through publicly accessible systems. For more information, see EPIC: Location Privacy.

"Privacy And Security: An Evening Conversation With Leading Experts"

2012-05-16T14:30:01Z

Marc Rotenberg,
EPIC Executive Director

Stanford Law School and Microsoft Innovation & Policy Center
Washington, D.C.
May 16, 2012

FAA Revises Drone License Procedures, Privacy Petition Still Pending

2012-05-15T18:07:23Z

The Federal Aviation Administration has announced new procedures for government agencies that operate drones in the United States. The procedures will streamline the process through which government agencies, including local law enforcement, receive drone licenses. However, the FAA has so far failed to establish privacy safeguards for drone use. On February 24, 2012, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in US airspace. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

EPIC Proposes Update to Privacy Act to Address Recent Supreme Court Decision

2012-05-14T20:57:02Z

Following the recent decision of the Supreme Court in FAA v. Cooper, EPIC has set out proposed changes to the Privacy Act that would compensate individuals for provable nonpecuniary harms caused by willful violations of the Privacy Act. In Cooper, the Supreme Court held that the Privacy Act "does not unequivocally authorize" compensatory damages for mental or emotional distress. Justice Sotomayor, joined by Justices Ginsburg and Breyer, wrote in dissent that "the primary, and often only, damages sustained as a result of an invasion of privacy are . . . mental or emotional distress." EPIC recommended that the Privacy Act explicitly define "actual damages" to include provable mental and emotional distress. EPIC's letter follows an earlier request from Senator Daniel Akaka (D-HI) for comment on S.1732, the Privacy Act Modernization for the Information Age Act of 2011. For more information, see, EPIC: FAA v. Cooper and EPIC: The Privacy Act of 1974.

EPIC Calls on FTC to Develop Substantive Privacy Protections at Workshop on Mobile Advertising

2012-05-11T21:52:19Z

EPIC submitted comments to the Federal Trade Commission for the May 30 workshop on mobile advertising disclosures. EPIC recommended that the agency focus on the development of substantive privacy protections, such as the Consumer Privacy Bill of Rights announced by the President earlier this year, for mobile services. EPIC also recommended that the workshop address a series of problems with the "notice and consent" approach, as well as the merits of innovative, nonverbal approaches proposed by privacy scholars. The workshop follows an FTC report calling for privacy legislation and an investigation that documented privacy problems with mobile applications for children. For more information, see EPIC: Federal Trade Commission.

On Google Spy-Fi, Senator Durbin Calls for Update to Wiretap Law, FCC Chair Agrees Law Should Protect Unencrypted Communications

2012-05-11T19:09:20Z

In a hearing with Federal Communications Commission Chairman Julius Genachowski, Senator Dick Durbin (D. IL.) criticized the agency's decision to issue a mere $25,000 fine against Google following the investigation of Street View data collection. (Hearing video beginning at 64:20) Senator Durbin said that Google's interception and collection of private wi-fi communication was a clear violation of privacy. Chairman Genachowski defended the agency's decision but agreed with the committee chairman that "the law should protect people even if they have unencrypted wi-fi." Senator Durbin said that he would consider changes to the law if that is necessary. Senator Durbin also asked the FCC to provide the legal memoranda supporting the FCC's decision not to find Google guilty of violating the Communications Act. EPIC has a similar FOIA request pending with the agency. For more information, see EPIC: FCC Investigation of Google Street View and EPIC: Electronic Communications Privacy Act.

Federal Appeals Courts Sides with NSA, Rejects EPIC's Arguments that Agency Should Provide Information About Collaboration with Google

2012-05-11T17:32:20Z

The DC Circuit Court of Appeals ruled today the National Security Agency need neither "confirm nor deny" the existence of any records about the agency's relationship with Google, even after such a collaboration was widely reported in the national media. EPIC filed a Freedom of Information Act (FOIA) request with the NSA following a cyber attack in January 2010 that led Google to contact the NSA. The NSA refused to either confirm or deny the existence of responsive records, claiming that such information is exempt from disclosure under the NSA Act. EPIC challenged this "Glomar" response and argued that the agency had a responsibility to locate records that could be disclosed, but a lower court ruled in favor of the NSA and the appellate court affirmed. EPIC has several other pending FOIA matters concerning the NSA, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority which the agency has refused to release to the public. For more information, see EPIC v. NSA: Google / NSA Relationship.

EPIC Stresses Need For Privacy Evaluation in Drone Testing

2012-05-09T16:13:06Z

In comments to the Federal Aviation Administration (FAA), EPIC emphasized the need for transparency and accountability in drone operations, and recommended the development of privacy protections before drones are more widely deployed in the US. The FAA Notice of Proposed Rulemaking set out proposed criteria for drone testing. Congress has tasked the FAA with facilitating the use of drones in the domestic airspace. February, EPIC, joined by a coalition of more than 100 organizations, experts, and members of the public, petitioned the FAA to conduct a rulemaking on the privacy implications of domestic drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

Myspace Settles With FTC Over Deceptive Practices Complaint

2012-05-08T19:57:50Z

The Federal Trade Commission has reached a settlement with the social networking service Myspace over charges that Myspace allowed advertisers to access personally-identifying information after promising to keep such information private. Advertisers were able to access the unique "Friend ID" of users and link this identifier to other personal information. The settlement requires Myspace to implement a comprehensive privacy program, submit to independent audits, and refrain from privacy misrepresentations. For more information, see EPIC: Federal Trade Commission and EPIC: Social Networking Privacy.