Electronic Privacy Information Center

Focusing public attention on emerging privacy and civil liberties issues

President Announces Privacy Safeguards for Cybersecurity Initiative

Today, the President announced the Administration’s Cybersecurity Policy. President Obama stressed privacy protections in several aspects of the new initiative, including the selection of a privacy and civil liberties officer. Anticipating concerns that the Administration would establish new surveillance mandates, President Obama pledged that “our pursuit of cybersecurity will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans.” For more information, see EPIC’s web pages on critical infrastructure protection and the Computer Security Act of 1987.

White House Seeks User Comments on Government Transparency

The White House is seeking public comments on the open government proposal. President Obama's memorandum on Transparency and Open Government directed the Chief Technology Officer, the Office of Management and Budget, and the General Services Administration to develop these recommendations. The Open Government Directive will instruct executive departments and agencies on specific actions to implement transparency principles. The first phase of the initiative involves an online brainstorming session and comments are due by May 28, 2009. To learn more about transparency and open government, consider purchasing EPIC's FOIA litigation manual.

FBI's Use of FISA Increasing

In a report to Congress, the Justice Department revealed a substantial increase in the use of National Security Letters to acquire information on American citizens without court order. In 2008, the FBI made 24,744 NSL requests pertaining to 7,225 persons compared to 16,804 requests pertaining to 4,327 persons in 2007. The report also detailed 2,082 applications by the FBI to the Foreign Intelligence Surveillance Court for authority to conduct surveillance and physical searches. An earlier audit had revealed that some "blanket-NSLs" did not document the relevance of the information sought to a national security investigation and the statistics were not reported to the Congress. For more information, see EPIC's Page on Foreign Intelligence Surveillance Act, National Security Letters, and Wiretapping.

EPIC Launches Campaign to Suspend 'Whole Body Imaging' at Nation's Airports

EPIC announced a national campaign today to suspend the use of "Whole Body Imaging" -- devices that photograph American air travellers stripped naked in US airports. The campaign responds to a policy reversal by the TSA which would now make the the "virtual strip search" mandatory, instead of voluntary as originally announced. EPIC and others say that there are inadequate safeguards to prevent the misuse of the images. They are asking Homeland Security Secretary Janet Napolitano to suspend the program and to allow for public comment. For more information, see EPIC's Backscatter X-ray, Whole Body Imaging page.

European Commission Sets Out RFID Privacy Guidelines

The European Commission has announced Recommendations and provided a Citizens Summary for the implementation of privacy and data protection safeguards for radio-frequency identification. RFID applications transfer personal data wirelessly between an embedded tag, typically in an ID card or product, and a reader. Many privacy concerns have been raised. The EC Recommendations reaffirm the privacy rights and obligations in the European Privacy Directives. The guidance directs organizations to perform privacy impact assessments, apply risk minimization techniques, and inform individuals about RFID. In the US, EPIC has urged strong consumer protections for RFID before the Alaska and New Hampshire state legislatures, the Federal Trade Commission and the DHS on the use of RFID embedded passports. For more information, see EPIC's page on Radio Frequency Identification (RFID) Systems.

State Courts Split on Warrantless GPS Tracking

Today, the New York Court of Appeals ruled that police must obtain a warrant before installing GPS tracking devices on individuals' vehicles. The decision prohibits law enforcement from secretly using GPS trackers to compile comprehensive travel histories on citizens without a warrant. The case follows last week's Wisconsin Appeals Court decision authorizing warrantless GPS surveillance by police. Other states have split on the application of a warrant requirement. On April 20, 2009, EPIC filed a brief in Commonwealth v. Connolly, urging the Massachusetts Supreme Judicial Court to require a warrant before police track drivers using concealed surveillance technology. The EPIC brief warned that warrantless GPS tracking "raises the specter of mass, pervasive surveillance without any predicate act that would justify this activity." For more information see EPIC's Commonwealth v. Connolly page.

Justice Department Restores Antitrust Enforcement

Speaking at the Center for American Progress, Assistant Attorney General Christine Varney announced that the Antitrust Division will be "aggressively pursuing cases where monopolists try to use their dominance in the marketplace to stifle competition and harm consumers." Ms. Varney withdrew a 2008 Department report on monopolization offenses that generally allows monopoly practices to go unchallenged. In 2007, EPIC objected to the merger of Internet advertisers Google and Doubleclick, arguing that it was vital to impose privacy safeguards and to preserve a advertising options for web publishers. More information, see EPIC, "Privacy? Proposed Google/Doubleclick Deal."

EPIC Testifies Before Congress on Data Breach Bill, Urges Changes to Strengthen Act

EPIC Director Marc Rotenberg testified before Congress on the Data Accountability and Trust Act, which would require security policies for consumer information, regulate the information broker industry, and establish a national breach notification law. Rotenberg said "companies need to know that they will be expected to protect the data they collect and that, when they fail to do so, there will be consequences." The EPIC Director opposed the preemption of stronger state laws, and recommended the use of text messages for breach notices, and suggested that personally identifiable information be broadly defined to include any information that "identifies or could identify a particular person." To learn more about Identity Theft, see EPIC's Identity Theft page.

DHS Seeks Nominations to the Agency's Data Privacy and Integrity Advisory Committee

The Department of Homeland Security is seeking applications for appointments to the agency's Data Privacy and Integrity Advisory Committee. The committee provides advice at the request of the Secretary of DHS and the agency's Chief Privacy Officer on privacy related matters. The agency is seeking to fill two terms that would expire in January 2012, and January 2013. Applications for the positions must be received by the agency on or before June 8, 2009. For more information, see: EPIC's Web page Spotlight on Surveillance.

For Identity Theft Law, Supreme Court Rules that the Government Must Prove Intent to Impersonate

In a critical case for the emerging field of identity management, the Supreme Court today reversed a lower court opinion and ruled unanimously in favor of the petitioner. The Court held that individuals who provide identification numbers that are not their own, but don’t intentionally impersonate others, cannot be subject to harsh criminal punishments under federal law. The case involved a mandatory 2-year prison term, added on to a prior conviction, for presenting a fake Social Security Number to an employer. EPIC filed an amicus brief in support of the petitioner, arguing that the "unknowing use of inaccurate credentials does not constitute identity theft." For more information, see EPIC, Flores-Figueroa v. United States.

EPIC Seeks Government Agreements with Social Networking Companies

EPIC submitted a Freedom of Information Act request to the Government Services Administration seeking agency records concerning agreements the GSA negotiated between federal agencies and social networking services, including Flickr, YouTube, Vimeo, Blip.tv, and Facebook. In the FOIA request, EPIC is asking for the public release of the contracts and any legal opinions concerning the application of the Privacy Act of 1974 and Freedom of Information Act to the services that collect information on citizens. For more information see EPIC’s pages Social Networking, Facebook, and Cloud Computing.

EPIC Urges Greater Accountability for Network Surveillance

Today, EPIC asked Senator Patrick Leahy to investigate the Department of Justice's failure to make public statistics detailing federal use of "pen registers" and "trap and trace" devices, which record "non-content" information about telephone calls, email and web traffic. In a letter to the Chairman of the Senate Judiciary Committee, EPIC observed that the Attorney General is required to provide to Congress detailed statistics concerning the use of these techniques. Yet, "the DOJ does not publicly disclose pen register reports as a matter of course." EPIC also raised questions regarding the agency's compliance with reporting requirements for the period 2004-2008. The lack of public accountability for these network monitoring techniques contrasts with the U.S. Courts' routine public reporting of federal wiretaps, EPIC said. The Courts released the most recent wiretap report on April 27, 2009. For more information, see EPIC's Wiretapping page.