PREVIOUS TOP
NEWS
2009
-
EPIC Urges Massachusetts High Court to Protect Drivers From Warrantless Tracking by Law Enforcement, Warns of "Pervasive Mass Surveillance". Today, EPIC filed a "friend of the court" brief in the Massachusetts Supreme Judicial Court, urging the Justices to require a warrant before police covertly track drivers using concealed surveillance technology. In Commonwealth v. Connolly, the Court will determine whether the police must obtain a search warrant before covertly installing location tracking devices on individuals' cars. The systems record a vehicle's location and speed around the clock, and transmit the data to police. EPIC said the profileferation of police tracking devices "creates a large, and largely unregulated, repository containing detailed travel profiles of American citizens." The EPIC brief warned that "law enforcement access to such information raises the specter of mass, pervasive surveillance without any predicate act that would justify this activity." For more, see EPIC's Commonwealth v. Connolly page. (Apr. 20)
-
Senate to Investigate NSA "Overcollection". Senator Dianne Feinstein has announced that the Senate Intelligence Committee will hold a hearing on the National Security Agency's interception of phone calls and private e-mail messages of Americans. Recently, the New York Times reported that the NSA's activities went beyond the legal limits established by the Congress last year. EPIC has a related lawsuit asking a federal court to force the release of memos on the legal authority for domestic surveillance of American citizens. For more information, see EPIC's page on Freedom of Information Act Work on the National Security Agency's Warrantless Surveillance Program. (Apr. 17)
-
European Commission Seeks to Protect Internet Privacy. Following complaints about Phorm's Deep Packet Inspection Technology with UK internet service providers, the European Commission has opened a formal investigation. The EU e-Privacy and Data Protection Directives protect the confidentiality of communications by prohibiting interception and surveillance without the user's consent. Deep Packet Inspection allows internet service providers to intercept virtually all customers' Internet activity, including web surfing data and other Internet related activities. The Commission charges that the UK government could not permit this activity under European Union privacy law. In the US, Congressional leaders also objected to Deep Packet Inspection. For more information, see EPIC's page on Deep Packet Inspection and Privacy and Privacy Human Rights Report. (Apr. 14)
- EPIC Demands Disclosure of Documents Detailing "Virtual Strip Search" Airport Scanners. Today, EPIC filed a Freedom of Information Act request demanding disclosure of records detailing airport scanners that take naked pictures of American travelers. Security experts describe the "whole body imaging" scanners as virtual strip searches. The Transportation Security Administration plans to make the scans mandatory at all airport security checkpoints, despite prior assurances that whole body imaging would be optional. EPIC's request seeks documents concerning the agency's ability to store and transmit detailed images of naked U.S. citizens. For more information, see EPIC's Whole Body Imaging page and EPIC's FOIA Litigation Manual (Apr. 14)
- FCC Proposes Nationwide Broadband Expansion, Seeks Public Comments on Privacy Safeguards. Today, the Federal Communications Commission announced that it will develop a plan to expand broadband access. The plan will attempt to "ensure that every American has access to broadband capability," and will be submitted to Congress in February 2010. The Commission seeks comments from the public concerning how to best safeguard consumers' privacy in the face of technologies such as deep packet inspection and behavioral advertising. Chairman Michael J. Copps identified priorities for the broadband expansion, including "avoiding invasions of people’s privacy." EPIC previously advocated for the FCC to require strong privacy safeguards for telephone customers' personal information, and protect wireless subscribers from telemarketing. For more information, see EPIC's pages on deep packet inspection. (Apr. 8)
- Five Country Study Finds Diminished Protection for Anonymity. A new study by leading scholars from the USA, Canada, UK, Netherlands and Italy has revealed that laws are reinforcing technology's ability to undermine the anonymity of citizens. The law reveals a preference for legislation requiring people to submit to identification and an increasing encroachment of rules into areas where there were previously no regulations prohibiting anonymity. EPIC was a partner in the project. Consider purchasing the Lessons from the Identity Trail. For more information, see EPIC's page on Free Speech and Internet Anonymity. (Apr. 7)
-
European Parliament Adopts Report on Fundamental Freedoms and the Internet. The European Parliament adopted with 481 votes a report on Security and Fundamental Freedoms on the Internet. Expressing strong support for privacy, data protection, securty and freedom of speech, the report called on Member States to make use of existing law, exchange best practices and draw up a series of regulations to protect privacy. The Parliament also urged Member States to update legislation to protect children using the Internet and called on the Council and Commission to develop a comprehensive strategy to combat cybercrime, identity theft and fraud. A draft of the report was released in January. See also EPIC's report on Privacy & Human Rights 2006. (Mar. 26)
-
Federal Trade Commission to Review EPIC Cloud Computing Complaint. The Federal Trade Commission will review EPIC's March 17, 2009 complaint, which describes Google's unfair and deceptive business practices concerning the firm's Cloud Computing Services. EPIC's complaint describes numerous data breaches involving user-generated information stored by Google, including the recently reported breach of Google Docs. EPIC's complaint "raises a number of concerns about the privacy and security of information collected from consumers online," federal regulators said. EPIC urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines. For more information, see EPIC's complaint to the FTC. EPIC's Cloud Computing Page (Mar. 19)
-
Senators Introduce Open Government Bill, Celebrate Sunshine Week. Senators Patrick Leahy (D-Vermont) and John Cornyn (R-Texas) introduced legislation to improve government transparency and strengthen the Freedom of Information Act. The proposal comes during Sunshine Week, an annual celebration of open government. The OPEN FOIA Act of 2009 would reduce government secrecy by limiting the circumstances in which government records can be exempted from disclosure. "Excessive government secrecy is a constant temptation and the enemy of a vibrant democracy," Senator Leahy said. In 2007, Senators Leahy and Cornyn co-sponsored the OPEN Government Act, a law that imposed meaningful deadlines on federal agencies, created a FOIA Ombudsman, and provided "news media" standing for freelance journalists and bloggers. For more information, see EPIC's Litigation Under the Federal Open Government Laws. (Mar. 19)
- Attorney General Issues New FOIA Guidelines. The Attorney General today set out new Freedom of Information guidelines pursuant to President Obama's memorandum directing all executive branch departments and agencies to maintain a presumption of openness in releasing information requested from them. In the memorandum, the Attorney General strongly encouraged agencies to make discretionary disclosures of information to the fullest extent possible. Rescinding the FOIA Memorandum of October 12, 2001, the Attorney General stated that the Justice Department will defend a FOIA request only if the disclosure would harm an interest protected by a statutory exemption or its disclosure is prohibited by law. The memorandum also directs that each agency is fully accountable for its administration of FOIA and should be mindful of their obligation to work "in a spirit of cooperation." For more information, see EPIC's Open Government page. (Mar. 19)
- EPIC Petitions FTC to Investigate Google, Cloud Computing Services. EPIC has formally asked the Federal Trade Commission to open an investigation into Google's Cloud Computing Services -- including Gmail, Google Docs, and Picasa -- to determine "the adequacy of the privacy and security safeguards." The petition follows the recent report of a breach of Google Docs. EPIC cited the growing dependence of American consumers, businesses, and federal agencies on cloud computing services, and urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines.(Mar. 17)
- EPIC Celebrates Sunshine Week. Open government and media organizations throughout the country are celebrating Sunshine Week by highlighting the importance of government transparency. EPIC publishes the most comprehensive up-to-date manual on federal open government law. EPIC is pursuing Freedom of Information Act litigation to obtain government memos describing the legal basis for the warrantless wiretapping of American citizens by the Bush Administration. To learn more about your right to access government information, see EPIC's Open Government page and Litigation Under the Federal Open Government Laws 2008. (Mar. 17)
- Cybersecurity Czar Steps Down, Warns of Growing NSA Influence. Rod Beckstrom, Director of the National Cybersecurity Center, has resigned. In a letter to Homeland Security Secretary Janet Napolitano, Beckstrom warned of the increasing role of the National Security Agency in domestic security. The "intelligence culture is very different than a network operation or security culture... the threats to our democratic processes are significant if all top government network and monitoring are handled by any one organization... we have been unwilling to subjugate the NSCS under the NSA," wrote the former NCSC Director. The announcement follows Congressional testimony from the new Director of National Intelligence that the NSA should be responsible for network security. EPIC has long maintained that the NSA, though it plays a vital role in gathering foreign intelligence, should not be the lead agency for domestic network security because it also engages in extensive and unregulated spying. See EPIC Computer Security Act of 1987. (Mar. 9)
- EPIC v. DOJ - EPIC Urges Court to Require Disclosure of Warrantless Wiretap Memos. EPIC, the ACLU, and the National Security Archive asked a federal court in Washington, DC to order the immediate disclosure of government memos describing the legal basis for the warrantless wiretapping of American citizens by the Bush Administration. The court is currently reviewing the documents, prepared by the Office of Legal Counsel, as part of an EPIC Freedom of Information Act lawsuit. This week, the Attorney General released several related memos, which previously were secret. The new release follows President Obama's recent statement on government transparency. "The Freedom of Information Act should be administered with a clear presumption: In the face of doubt, openness prevails," the President said. For more information, see EPIC v. DOJ. (Mar. 6)
- Justice Department Releases Domestic Surveillance Memos and Opinions. Attorney General Eric Holder announced that the Department of Justice will make public memos and opinions concerning warrantless surveillance, and other controversial claims of Presidential authority, that were prepared in the wake of 9/11. The documents describe the legal basis for President Bush's domestic surveillance program. After learning of the warrantless wiretap program, EPIC sued the Department of Justice under the Freedom of Information Act to compel disclosure of legal memos concerning the program. Government lawyers subsequently disavowed the justifications for the warrantless surveillance. For more, see EPIC's "National Security Agency's Warrantless Surveillance Program" page. (Mar. 3)
- Responding to Privacy Concerns, Whitehouse.gov Drops YouTube for Broadcasting Presidential Speeches. Following protests that YouTube was creating persistent cookies for people who visited the White House web site, the latest Weekly Address of President Obama no longer secretly tracks Whitehouse visitors. Federal policy restricts the use of tracking cookies by federal agencies. Privacy concerns remain for media content delivered by Congressional offices. For more information, see EPIC's Cookies Page. (Mar. 2)
- Homeland Security Secretary Proposes Increase in Spending for Domestic Surveillance Programs. Homeland Security Secretary Janet Napolitano testified before the House Committees on Homeland Security, and said that DHS plans to connect governmental databases containing personal information, expand the government's employment tracking system, promote passenger screening, use e-passports, employ watchlists and utilize contactless identity verification cards. EPIC has opposed Fusion Centers, the E-Verify program and the use of Backscatter X-Ray devices. EPIC has also objected to the use of RFIDs in passports, in Air Travel and in driver's licences. (Feb. 27)
- Facebook Announces Governing Principles, Statement of Rights and Responsibilities. Today, Facebook proposed guidelines and a statement of rights and responsibilities governing its relationship with users. The social networking service called for user comment on the principles, which include "Ownership and Control of Information" and "Transparent Process." Facebook further committed to "open up Facebook so that users can participate meaningfully in our policies and our future." Facebook's announcement follows last week's abandonment of changes to its Terms of Service on the eve of an EPIC complaint to federal regulators. For more and see the efforts of People Against the New Terms of Service, and EPIC's "Social Networking Privacy" page. (Feb. 26)
- Supreme Court to Hear Argument in "Identity Theft" Case, EPIC Urges Justices to Protect Privacy Enhancing Technologies. On Wednesday, the Supreme Court will hear arguments in a case that will determine whether individuals who include identification numbers that are not theirs, but don’t intentionally impersonate others, can be subject to harsh criminal punishments under federal law. In Flores-Figueroa v. United States, the petitioner challenged his conviction for "aggravated identity theft." EPIC filed a "friend of the court" brief, on behalf of 17 legal scholars and technical experts, urging the Justices to protect techniques that allow individuals to safeguard privacy. EPIC explained that the crime of "identity theft" should require an intent to impersonate another. The EPIC brief urges the Court to avoid "a precedent that might inadvertently render the use of privacy enhancing pseudonyms, anonymizers, and other techniques for identity management unlawful." For more, see EPIC's Flores-Figueroa v. United States page. (Feb. 23)
- On Eve of EPIC Trade Commission Complaint, Facebook Backs Down on Revised Terms of Service. Hours before EPIC planned to file a complaint with the Federal Trade Commission regarding changes to Facebook’s Terms of Service, the social network service announced that it will restore the original policy. The new Terms of Service were announced on Feb. 4, were widely criticized, and were to be the subject of the EPIC complaint. Facebook users observed that, under the revised policies, Facebook asserted broad, permanent, and retroactive rights to users' personal information - even after they deleted their accounts. The EPIC complaint was supported by more than a dozen consumer and privacy organizations. Previous EPIC Complaints at the FTC have concerned Choicepoint, Microsoft Passport, and the Google-Doubleclick merger. For more, see EPIC's "Social Networking Privacy" page. Support EPIC's efforts to maintain your privacy in the social networking world. (Feb. 18)
- American Recovery Act Includes Strong Medical Information Safeguards. President Obama signed the American Recovery & Reinvestment Act, which includes comprehensive safeguards for medical information. The Act prohibits the unauthorized sale of medical records and provides exceptions for research, public health and treatment. The Act also limits marketing, requires covered entities and business associates to keep an audit trail of personnel having access to the information, mandates policies setting standards for technology systems to restrict sensitive information, use data encryption and directs breach notifications. The new law prescribes monetary penalties for violations and requires monitoring of contracts and reporting on compliance. Patient Privacy Rights led the campaign for strong medical privacy protection. For more information, see EPIC's page on Medical Privacy. (Feb. 18)
- Federal Appeals Court Upholds Opt-In Privacy Rule for Telephone Services. Today, a federal court in the District of Columbia upheld telephone privacy regulations that require phone companies to obtain affirmative, opt-in consent from customers before they disclose personal information to outside corporations. The decision rejects an industry challenge to the rule. The Court recognized that "the government has a substantial interest in protecting the privacy of customer information and that requiring customer approval advances that interest," and cited EPIC's 2005 petition as spurring the rulemaking process. In May 2008, EPIC filed a “friend of the court” brief urging support for opt-in safeguards for telephone customers. The brief was filed on behalf of consumer and privacy organizations, technical experts, and legal scholars. For more, see EPIC's pages on NCTA v. FCC and CPNI (Customer Proprietary Network Information). (Feb. 13)
- Trade Commission Issues Voluntary Guidelines for Online Tracking, Targeting, and Advertising. Today, the Federal Trade Commission released voluntary guidelines for Internet advertising and behavioral targeting. The guidelines set out four principles: "1) transparency and consumer control; 2) reasonable security and limited data retention for consumer data; 3) affirmative express consent for material retroactive changes to privacy promises; and 4) affirmative express consent to (or prohibition against) use of sensitive data." There is no means to enforce the guidelines, and Commissioners Jon Leibowitz and Pamela Jones Harbour warned that they are insufficient to ensure consumers' privacy. Commissioner Harbour cautioned that the guidelines "focus too narrowly" and urged rulemakers to "take a more comprehensive approach to privacy." The guidelines are in part a response to EPIC's 2007 Complaint regarding the Google-Doubleclick merger raising concerns about the profiling of Internet users and the need to establish clear privacy safeguards as a condition of the merger. For more information, see EPIC's Complaint regarding the Google/DoubleClick merger and page Privacy? Proposed Google/DoubleClick Deal (Feb. 12)
- Report: Google Latitude Poses Significant Privacy Risks. Privacy International has identified a major security flaw in Google's new phone locational tracking service. According to the London-based organization, the tracking feature in Google Latitude can be easily enabled by anyone with access to the phone. Moreover, there is no simple way for a user to determine the tracking status of their phone. Question have also been raised about Google's plan to use cell phone data location records for advertising purposes. For more information, see EPIC's page on Personal Surveillance. (Feb. 5)
- National Academies Report Calls for New Approach to Medical Privacy (embargoed - 02-04-09, 11 am ET). As the Congress considers establishing a national network for electronic health records, a report from the Institute of Medicine recommends a new approach to medical record privacy. "Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research" finds that the current medical privacy regulations do not protect privacy and unnecessarily impede health research. The expert panel recommends revising research guidance, enhancing security for personally identifiable information, establishing trusted third parties for clearly defined research purposes, and developing new techniques that enable deidentification. The report also said it was vital to "Apply privacy, security, transparency, and accountability obligations to all health records used in research." EPIC Director Marc Rotenberg participated in the study project. More information, see EPIC Medical Privacy page. (Feb. 4)
- House Economic Recovery Bill Includes Privacy Safeguards for Medical Information. The American Recovery and Reinvestment Act of 2009, adopted by the House this week, includes strong privacy provisions ("Subtitle D - Privacy") for the proposed medical health network. Among the key provisions: a ban on the sale of health information, audit trails, encryption, rights of access, improved enforcement mechanisms, and support for advocacy groups to participate in the regulatory process. Patient Privacy Rights has expressed support for the legislation. A similar bill, S. 336, is pending in the Senate. Senator Leahy has called for strong safeguards to protect America's health privacy. For more information, see EPIC's page on Medical Privacy. (Jan. 29).
- EPIC, Freedom of Information Advocates Endorse President. EPIC joined Freedom of Information advocates from around the world in an Open Letter welcoming "President Obama's Initiative on Transparency." The organizations also supported the President's call for a "clear presumption in favor of disclosure of information." They called on "governments around the world to take similar action to promote transparency and respect for the right of access to information." For more information about open government, see EPIC's Open Government manual. (Jan. 29)
- Federal Intelligence Court Rules Warrantless Wiretapping Legal. The Foreign Intelligence Surveillance Court of Review has ordered the release of a redacted opinion. The federal intelligence court ruled in August, 2008 that warrantless wiretapping of international phone calls and the interception of e-mail messages were permissible. Giving support to the Protect America Act, the Court found that "foreign intelligence surveillance possesses characteristics that qualify" for an exception in the interest of "national security". For more information, see EPIC's page on Foreign Intelligence Surveillance Act. (Jan. 15)
- Supreme Court Permits Arrest Based on Police Database Error, EPIC Amicus Brief Cited in Dissent. In a 5-4 opinion, the Supreme Court has held that the police may use false information contained in a police database as the evidence for an arrest. Chief Justice Roberts held that, "when police mistakes are the result of negligence such as that described here, rather than systemic error or reckless disregard of constitutional requirements, any marginal deterrence does not 'pay its way.'" Justice Ginsburg, writing for four of the Justices in dissent, said that "negligent recordkeeping errors by law enforcement threaten individual liberty, are susceptible to deterrence by the exclusionary rule, and cannot be remedied effectively through other means." EPIC filed a friend of the court brief urging the Justices to ensure the accuracy of police databases, on behalf of 27 legal scholars and technical experts and 13 privacy and civil liberty groups. The EPIC brief was cited by the Justices in dissent. See EPIC Herring v. US ("Concerning a Faulty Arrest Based on Incorrect Information in a Government Database"). (Jan. 14)
- EPIC, Patient Advocates Urge Congress to "ACT" on Privacy. EPIC and more than 25 members of the Coalition for Patient Privacy at a news conference today in Washington, DC urged Congress to include critical privacy safeguards for the medical record network that may be included in the economic stimulus plan. The Coalition partners are recommending that lawmakers "ACT" on privacy and provide Accountability for access to health records, Control of personal information, and Transparency to protect medical consumers from abuse. For more information, see Patient Privacy Rights and EPIC's page on Medical Privacy. (Jan. 14)
- Consumer Groups Urge Trade Commission to Investigate Mobile Marketing. The Center for Digital Democracy and the U.S. Public Interest Research Group filed a complaint with the Federal Trade Commission to investigate the growing threat to consumer privacy in the mobile advertising world. Certain services track, analyze, and target the public and build secret profiles. Users are targeted based on their online behavior and their location. The complaint urges the Commission to define and clarify practices, review self-regulation, require notice and disclosure and also protect the public. Earlier, thirty Privacy Coalition members sent a letter to President-elect Barack Obama highlighting the importance of protecting consumer privacy in new network services. For more information, see EPIC's page on Privacy and Consumer Profiling. (Jan. 13)
- Data Breaches on the Rise in the US. A new report from the Identity Theft Resource Center found a 47 percent increase in data breaches in the United States over 2007. Noting 656 reported breaches at the end of 2008, the report identified the company, the category of breach and the number of records exposed. The Center concluded that most breached data was unprotected by either encryption or even passwords. According to the FTC, data breaches are the leading cause of identity theft. For more information, see EPIC's page on Identity Theft. (Jan. 6)
- FCC Backs Off Net Filtering Plan.
FCC Chairman Kevin Martin has said that he will not pursue a government-mandated content filter as part of a proposal for a nationwide free wireless broadband network. EPIC had opposed the provision and said that it would create a dangerous precedent that would encourage governments to limit access to unpopular or controversial speech. For more information on content filters, see the EPIC publication "Filters and Freedom" available at Powell's and Amazon
. (Jan. 6)
- FCC Backs Off Net Filtering Plan.
FCC Chairman Kevin Martin has said that he will not pursue a government-mandated content filter as part of a proposal for a nationwide free wireless broadband network. EPIC had opposed the provision and said that it would create a dangerous precedent that would encourage governments to limit access to unpopular or controversial speech. For more information on content filters, see the EPIC publication "Filters and Freedom" available at Powell's and Amazon