"Privacy and Public Good: Reporting on Student Data"

Khaliah Barnes,
Director, EPIC Student Privacy Project

SXSWedu
Austin, TX
March 4, 2014

Senators Rockefeller and Markey have introduced the The Data Broker Accountability and Transparency Act of 2014 (DATA Act). The proposed Act imposes transparency and accountability requirements on data brokers and other companies that profit from the collection and sale of consumer information. Under the DATA Act, consumers would be able to access their personal information, make corrections, and opt out of marketing schemes. The DATA Act would empower the FTC to impose civil penalties on violators, and would prohibit data brokers from collecting consumer data in deceptive ways. In 2009, EPIC testified in support of new legislation to regulate the data broker industry. In 2005, EPIC's complaint to the FTC against data broker Choicepoint lead to a $10 million settlement. For more information, see EPIC: Federal Trade Commission, EPIC: Choicepoint and EPIC: Privacy and Consumer Profiling.

"Civil Liberties Dead Zone: US Border Searches" - epic.org

| No TrackBacks

"Civil Liberties Dead Zone: US Border Searches"

Marc Rotenberg,
EPIC President

Michael Chertoff,
Former Secretary DHS

Freedom of the Press Committee
National Press Club
Washington, DC
February 13, 2014

At a Senate Judiciary Committee hearing today, members of the Privacy and Civil Liberties Oversight Board discussed their review of the Section 215 program, concerning the collection of telephone records on US telephone customers. The Privacy Civil Liberties Board 238 page report found that the program was not effective and had not prevented any terrorist incidents. Recent reports also indicate that only 30% of phone records are actually collected, calling into question the value of the "metadata" program. Senate Judiciary Chairman Patrick Leahy stated that "the administration has not demonstrated" that the program "is uniquely valuable to justify the massive intrusion upon American's privacy." The President recently announced that the current bulk collection program would end and announced a transition process, requiring judicial approval of queries, prior to the expiration of the current authority on March 28. For more information, see EPIC: NSA Verizon Phone Record Monitoring.
A federal judge has denied EPIC's motion for a preliminary injunction that would have required the Department of Justice to complete processing of EPIC's Freedom of Information Act Request for FISA "Pen Register" reports within 20 days. In EPIC v. DOJ, EPIC sought public disclosure of the reports that describe the collection of the bulk Internet metadata from 2004 to 2011. The Justice Department granted EPIC's request for expedited processing in November 2013, but has not yet disclosed any responsive records. After EPIC filed suit and moved for a preliminary injunction, the Justice Department notified EPIC that it intends to complete processing of the reports by February 28, 2014. For more information, see EPIC v. DOJ (FISA Pen Register Reports).
EPIC has accepted the NSA's offer to settle a Freedom of Information Act case EPIC v. NSA. EPIC sought both National Security Presidential Directive 54, a Presidential Directive setting out the scope of the NSA's authority over computer networks in the United States, as well as documents related to NSPD 54. EPIC received some of the documents as a result of the lawsuit, "substantially prevailing" under the FOIA, and prompting the NSA to make a settlement offer to EPIC. As a consequence, EPIC will receive attorneys fees from the NSA. EPIC is simultaneously appealing the lower court's determination that NSPD-54 is not an "agency record" subject to the FOIA. It was the first time a federal court has ruled that a Presidential Directive is not subject to the Freedom of Information Act. For the appeal, EPIC has already filed a Statement of the Issue, and the parties are waiting for the D.C. Circuit Court of Appeals to set a briefing schedule. For more information, see EPIC v. NSA - Cybersecurity Authority.

"On the Heels of the Week: Privacy, Fashion, and the Internet"

Khaliah Barnes,
EPIC Administrative Law Counsel

New York State Bar Association
New York, NY
February 11, 2014

EPIC, joined by 24 consumer privacy, public interest, scientific, and educational organizations petitioned the White House's Office of Science and Technology Policy to accept public comments on the Big Data and The Future of Privacy study now underway. The Office's primary function is to advise the President on scientific and technological issues. The President announced the Big Data review during a recent speech on NSA reform. The petition calls on the Office of Science and Technology Policy to incorporate the concerns and opinions of the public and lays out a number of important questions to consider, including whether current laws are adequate and also whether it is possible to maximize the benefits of big data while minimizing the risks to privacy. For more information, see EPIC: Privacy and Consumer Profiling.
The Transportation Security Administration and Customs and Border Protection, components of the Department of Homeland Security, have announced plans for agency record disclosures without Privacy Act notifications. The agencies Common Operating Picture ("COP") program would permit TSA and CBP to exchange personal information held by the agencies to place travelers on federal watch lists. Although TSA and CBP have proposed new uses for personal data, the agencies have declined to solicit public comments as required by the Privacy Act. Currently, the agencies use the Automated Targeting System to perform "risk assessments." EPIC has called for DHS to suspend "risk-based" passenger profiling and to make public the algorithms that are used to assess travelers. For more information, see EPIC: Secure Flight, EPIC: Passenger Profiling, and EPIC: Air Travel Privacy.

Alan Butler imageNew reports from the Wall Street Journal and the Washington Post reveal that the NSA's collection of telephone call records under Section 215 of the USA PATRIOT Act is not as "comprehensive" as the Government previously described. Officials now estimate that less than 30% of domestic calls are collected under the 215 program because the collection does not cover records from most cell phone carriers. This severely undercuts the government's two main justifications for the bulk metadata collection program: (1) that it is necessary to have comprehensive call records to conduct link analysis and (2) that querying the database can provide "peace of mind" by indicating that no terrorist links exist. In light of this new revelation, it is now more clear than ever that this program is ineffective and has to end.

But let's look in a bit more detail at how both justifications fall apart because the NSA collects a skewed subset of telephone records.

First, the Government has argued in its bulk collection whitepaper and congressional testimony that the current database provides a "necessary" link analysis capability. And the lower court opinions that have found the program lawful (i.e. Judge Pauley's recent SDNY opinion and Judge Eagan's FISC opinion) both relied on the Government's assertion that "the collection of virtually all telephony metadata is 'necessary' to permit the NSA, not the FBI, to do the algorithmic data analysis that allow the NSA to determine 'connections between known and unknown international terrorist operatives.''"

Judge Eagan's opinion, which the Privacy and Civil Liberties Oversight Board report revealed was the first written opinion from the FISC about the telephone metadata program, relied on the reasoning of Judge Kollar-Kotelly's 2004 Internet metadata (pen register) opinion. In that opinion, Judge Kollar-Kotelly found that the Internet metadata program was lawful because it would acquire "large volumes of communications that, in NSA's estimation, represent a relatively rich environment for finding [redacted] communications through later analysis." Thus, the justification for collection of bulk telephone records would only extend if there was a similarly "rich" sample being collected. But we now know that the telephone records collected are not rich with valuable information; they don't even contain records for most cell phone calls, which make up the majority of phone calls in the United States. It is understandable that link analysis from only landline phone records has not meaningfully contributed to any national security investigations, as the President's Review Group on Intelligence and Communications Technologies found in their report.

Second, Director Clapper and others have argued that the program is also valuable because it provides "peace of mind" to investigators who would like to know whether a particular event is connected with international terrorism. However, this justification fails because the database contains less than 30% of phone calls. There is little "peace of mind" from querying a database that does not include the vast majority of call records. 

EPIC has already argued extensively that the program in its current form is unlawful, and the Privacy and Civil Liberties Oversight Board agrees. Even the President has acknowledged that the program should not continue. Given what we know about the ineffectiveness of the NSA's bulk metadata program and the new report that it is not remotely comprehensive, it is clear that neither of the Government's justifications stand up to scrutiny. The facts don't support the Government's own theories or the requirements outlined by the judges who previously authorized the program. The program has to end.

Recent Assets

  • Jan-2014-EPIC-v-NSA.png
  • EPIC2014c.png
  • EPIC2014c.jpg
  • Bamford-Press-Club.png
  • blog2.png
  • blog.png
  • clooney.jpg
  • countdown.png
  • Jan-2014-WH-Briefing.jpg
  • 2014-Intl-Priv-Champ-Award.jpg
Powered by Movable Type 5.2.7