Focusing public attention on emerging privacy and civil liberties issues

Previous Top News 2002

  • EPIC Files Comments on Canadian Surveillance Proposal. EPIC has submitted recommendations (PDF) on a government proposal (PDF) that would require telecommunications and Internet service providers to enable broader police surveillance of private communications. The comments expressed support for the views of Canadian civil liberties organizations. (Dec. 19)
  • Pentagon Makes Incomplete Response to TIA FOIA Request. After EPIC filed suit (PDF) challenging its failure to release documents about the controversial "Total Information Awareness" program, the Defense Department has provided one document - a study titled "Security with Privacy" (PDF, 840K). The study recommends more DoD research on privacy, but does not address policy issues and states that it is "not a review of Total Information Awareness." (Dec. 19)
  • FTC Announces National Do-Not-Call List. The FTC will establish a national DNC list that will accommodate both Internet and toll-free phone number enrollment. The new regulations also require telemarketers to transmit caller ID information, establish new rules for the use of preacquired account number information, and prohibit "abandoned" calls. For the list to operate, Congress will have to approve the levying of charges to the telemarketing industry in order to fund the program. EPIC and a coalition of consumer and civil liberties groups submitted detailed comments in favor of a DNC list. For more information, see the EPIC Telemarketing Page. (Dec. 18)
  • EPIC Asks Appeals Court to Reconsider Faxed Warrant. EPIC filed a response (PDF) to a petition for reconsideration in the Eighth Circuit, urging the Circuit to reconsider a November ruling (PDF) that service of a warrant on an ISP by fax complies with the "reasonableness" requirements of the Fourth Amendment. EPIC filed an amicus brief (PDF) in the case, arguing that U.S. search and seizure law has mandated officer presence at the service of a warrant since the 1700s. EPIC's latest filing argues that the November opinion didn't adequately consider the distinction between service of a warrant and execution of a warrant. For more information, see EPIC's Bach Page. (Dec. 17)
  • EPIC Urges DC Council to Reject General Video Surveillance. The DC Council held a hearing on the use of video surveillance in the District of Columbia at which EPIC's Executive Director testified and proposed a new draft bill (PDF) that combines the procedural safeguards of Councilmember Kathy Patterson's bill (PDF) with a second bill's (PDF) prohibition of general video surveillance. For further information, see EPIC's Video Surveillance Page and the new "DC Police Cameras" Slide Show. (Dec. 13)
  • EPIC Files Suit for "No-Fly List" Information. Seeking information about aviation security watchlists, EPIC has filed a lawsuit (PDF) against the Transportation Security Administration (TSA) in federal court in Washington. The legislation creating TSA authorizes the agency to maintain such lists, which reportedly have been used to interfere with the travel of political activists. Background information is available at EPIC's Air Travel Privacy Page. (Dec. 12)
  • EPIC Files Comments on the TCPA. EPIC and ten leading advocacy groups filed comments with the Federal Communications Commission on the Telephone Consumer Protection Act (TCPA). The groups advocated the creation of a telemarketing "do-not-call" registry and for the requirement that telemarketers send Caller ID information. For more information, see the EPIC Telemarketing Page. (Dec. 8)
  • EPIC Opposes FCC Broadcast Flag Mandate. In comments to the Federal Communications Commission, EPIC has recommended against the adoption of a Digital Television Broadcast Flag mandate unless it incorporates privacy protections for viewer data. The Broadcast Flag could erode anonymity in consumption of media and circumvent well-established public policy that protects viewer data. For more information, see the EFF BPDG Blog and the EPIC Digital Rights Management Page. (Dec. 6)
  • CA Senator Speier Challenges Banks, Introduces Financial Privacy Legislation. California Senator Jackie Speier (D-San Mateo) with support of the Senate President, John Burton (D-San Francisco) has introduced SB 1, a measure that will increase protections for financial privacy. Two weeks ago, Speier sent a letter to major banks, requesting them to reveal the nature and extent of consumer information sharing. For more information, see the EPIC Gramm-Leach-Bliley Page. (Dec. 3)
  • Court Orders DOJ to Respond to PATRIOT Act Info Request. A federal judge has ordered (PDF) the Justice Department to complete its processing of an EPIC/ACLU information request concerning the USA PATRIOT Act by January 15. EPIC, joined by the ACLU and library and booksellers' organizations, filed a lawsuit (PDF) under the Freedom of Information Act on October 24 seeking the disclosure of information concerning implementation of the controversial anti-terrorism law. See EPIC's USA PATRIOT Act FOIA Litigation page for further information. (Nov. 27)
  • EPIC Files Comments on ENUM. In comments to the ENUM-Forum, EPIC advocated a framework of protections for enrollees and users of ENUM. ENUM is a developing technology that enables a user to store contact information that can be accessed by another person through the use of a single number. The system may facilitate spam and other unsolicited commercial messages. For more information, see the EPIC ENUM Page. (Nov. 25)
  • EPIC Urges FCC to Reject Data Retention. EPIC filed comments (PDF) before the Federal Communications Commission last week, urging the agency to reject the FBI's proposal to mandate limited retention of customer telecommunications information. EPIC's comments address the danger of adopting any data retention regime, and requested the Commission to consider the privacy rights of United States telecommunications customers when evaluating the needs of law enforcement. The reply comments relate to the Commission's bankruptcy proceeding, in which EPIC filed comments (PDF) last month. For further information, see EPIC's CPNI Page. (Nov. 25)
  • EPIC Holds Briefing on Total Information Awareness. EPIC held a briefing at the National Press Club today on Total Information Awareness and the civil liberties implications of the Homeland Security Act. Speakers included EPIC's Executive Director Marc Rotenberg and General Counsel David Sobel; Katie Corrigan, ACLU; and Steven Aftergood, Federation of American Scientists. For more information, view the briefing materials. (Nov. 25)
  • Senate Passes Homeland Security Act. The Senate voted 90-9 last night to approve the Homeland Security Act of 2002. The Act creates a cabinet-level Department of Homeland Security, and contains provisions that enhance government surveillance power while weakening open government laws. For more information, see EPIC Alert 9.23. (Nov. 20)
  • EPIC Endorses ACLU Model Local Ordinance. EPIC has joined the American Civil Liberties Union (ACLU) in endorsing a model local ordinance to preserve civil liberties. Across the country, communities are adopting similar resolutions to affirm their commitment to values of freedom. For more information, see the ACLU Community Resolutions Page. (Nov. 20)
  • Groups Urge Senate to Stop Total Information Awareness. In an open letter, over 30 civil liberties groups urged Senators Thomas Daschle (D-SD) and Trent Lott (R-MS) to amend the Homeland Security Act to stop further development of the Total Information Awareness (TIA) program. For more information, see the EPIC TIA Page. (Nov. 18)
  • Circuit Court Approves Faxed Warrants. The Eighth Circuit ruled (PDF) today that service of a warrant on an ISP by fax complies with the "reasonableness" requirements of the Fourth Amendment. EPIC filed an amicus brief (PDF) in the case, arguing that police officer presence is required during the service of a warrant under such circumstances. EPIC argues that the service of a search warrant by fax machine doesn't adequately safeguard Fourth Amendment guarantee of a "reasonable" search, because U.S. search and seizure law has mandated officer presence at the service of a warrant since the 1700s. For more information, see EPIC's Bach Page. (Nov. 18)
  • Appeals Court Permits Broader Electronic Surveillance. The Foreign Intelligence Surveillance Court of Review today issued an opinion (PDF) granting the executive branch broader surveillance authority in foreign intelligence cases. The opinion, which overturned the lower court's determination, was the first issued by the Court of Review since FISA's inception in 1978. The case involves an unprecedented decision made public in August which revealed a pattern of FBI misrepresentations to a secret surveillance court. For more information, see the EPIC FISA Page. (Nov. 18)
  • Leading Newspapers Blast Defense Dept. Surveillance Project. Newspapers across the country are opposing the Department of Defense's Total Information Awareness (TIA) project. The New York Times said today that "Congress should shut down the program pending a thorough investigation." Earlier the Washington Post wrote "the defense secretary should appoint an outside committee to oversee it before it proceeds." For more information, see EPIC's TIA Page. (Nov. 18)
  • New Total Information Awareness Details. EPIC has obtained the system description (PDF, 4.5 MB) for the Total Information Awareness (TIA) Program. The document describes an elaborate system of human identification and surveillance. EPIC is pursuing a FOIA lawsuit against the Department of Defense to obtain further information about the TIA Program. (Nov. 15)
  • Homeland Security Bill Limits Open Government. The revised Homeland Security Bill now before the Senate contains an exemption to the Freedom of Information Act (FOIA) for "Critical Infrastructure Information." This provision would allow federal agencies to withhold public records that would otherwise be available under the FOIA. For more information, see the EPIC Critical Infrastructure Page and Litigation Under the Federal Open Government Laws, an EPIC publication on the FOIA. (Nov. 13)
  • Supreme Court to Hear Megan's Law Cases. On Wednesday, November 13, the Supreme Court will hear arguments in two cases determining the constitutionality of posting Megan's Law registries on line. In August, EPIC filed an amicus brief (PDF), urging the Court to hold that the Alaska Megan's law statute violates the Ex Post Facto clause of the Constitution because the mandatory online dissemination of a sex offender registry is excessive when weighed against the statutory purpose of protecting people in the geographic vicinity of released offenders. In tomorrow's consolidated hearing, the Court will also review the Second Circuit's determination that the Connecticut Megan's Law violates procedural due process. For more information, see EPIC's Megan's Law Page. (Nov. 12)
  • Supreme Court to Review Library Filtering Law. The Supreme Court decided today to hear a case determining if public libraries can be forced to install software blocking sexually explicit Web sites. The case, which will likely be heard in the Spring of 2003, reviews the Childrens Internet Protection Act, which requires the installation of filtering software on computers in libraries that receive federal support. EPIC is acting as co-counsel in the lawsuit, which was brought by a coalition of libraries and patrons. A three-judge panel in Philadelphia ruled in May that the law-the government's third attempt to censor the Internet-violates the First Amendment because it would restrict substantial amounts of protected speech "whose suppression serves no legitimate government interest." The lower court also noted that the law infringes upon the First Amendment right to anonymity because it forces patrons to reveal their identity in order to get certain cites unblocked. EPIC's recent publication, Filters & Freedom 2.0, details the free expression implications of filtering technologies. For more background about the proceedings, see EPIC's CIPA Page. (Nov. 12)
  • DARPA Plans "Total Information Awareness." The New York Times reports that the Defense Advanced Research Projects Agency (DARPA) is developing a tracking system called "Total Information Awareness" (TIA), that claims to detect terrorists through analyzing troves of information. The system, being developed by John Poindexter, the director of DARPA's Information Awareness Office, is envisioned to give law enforcement access to private data without suspicion of wrongdoing or a warrant. For more information, see DARPA's TIA Page, and the EPIC Profiling Page. (Nov. 11)
  • DC Council Attacks Camera System, Adopts Regulations. The Washington Post has reported that members of the District of Columbia City Council sharply criticized a network of surveillance cameras installed by police with no public oversight or regulation. The members voted in favor of regulations for the cameras that included recommendations from EPIC, and several members opposed police use of the cameras altogether. For more information, see the EPIC Surveillance Web Page, and the ACLU National Capital Area Web site. (Nov. 8)
  • Washington State Adopts Customer-Privacy Rules. Washington State today adopted rules protecting the privacy of telephone customer calling data. The rules are more protective of customer privacy than those adopted in July by the Federal Communications Commission, which Order specifically left open the possibility of more protective state regulation. The Washington rules mandate opt-in--express approval--for all "call detail" information, and permit information sharing only within companies under common ownership. EPIC and WashPIRG submitted comments in the Washington proceeding, urging the state to adopt opt-in for all calling data. For more information, see EPIC's CPNI Page. (Nov. 7)
  • EPIC Opposes P2P Monitoring in Higher Education. In an open letter to the higher education community, EPIC advised colleges and universities not to adopt invasive peer-to-peer (P2P) network monitoring systems. Such systems peer into private communications, chill free speech, and can become systems of general surveillance. EPIC recommended that institutions adopt a recent report (PDF) from the National Science Foundation (NSF) Logging and Monitoring Project (LAMP) to evaluate computer policy in the higher education context. For more information, see the EPIC Digital Rights Management and Student Privacy Pages. (Nov. 6)
  • EPIC Publishes 2002 Privacy Law Sourcebook. The Privacy Law Sourcebook is the leading resource for students, attorneys, researchers, and journalists interested in privacy law in the United States and around the world. It includes the full text of major privacy laws and directives such as the FCRA, Privacy Act, FOIA, Family Educational Rights and Privacy Act, Right to Financial Privacy Act, Privacy Protection Act, Cable Communications Policy Act, ECPA, Video Privacy Protection Act, OECD Privacy Guidelines, OECD Cryptography Guidelines, and European Union Data Directive for Data Protection and Commerce. The Privacy Law Sourcebook is updated and expanded for 2002 with information about the USA PATRIOT Act, the full text of the Foreign Intelligence Surveillance Act, recent reports of the Article 29 Working Group, and updated summaries of key statutes for the non-specialist. Also included is an extensive section on privacy resources with useful websites and contact information for privacy agencies, organizations, and publications. Order now from the EPIC Bookstore! (Nov. 4)
  • New EPIC Report: Why is P3P Not a PET? EPIC has released a new online report entitled "Why is P3P Not a PET?" (PDF). Privacy-enhancing technologies (PETs) are protocols, standards, and tools that directly assist in protecting personal identity and minimizing - or, if possible, eliminating - the collection of personally identifiable information. The Platform for Privacy Preferences (P3P) is a protocol that requires Web sites to specify their privacy policies in a machine-readable format. The report finds that, because P3P does not aim at protecting personal identity or minimizing the collection of personally identifiable information, and is in fact on a completely different trajectory than the one prescribed by the definition of PETs, P3P fails as a privacy-enhancing technology. The report was also submitted to the W3C Workshop on the Future of P3P. (Nov. 1)
  • EPIC Supports Campaign Against New Spanish Law. The new Spanish "Law of Information Society Services and Electronic Commerce" (LSSI), which became effective on October 12, could violate freedom of speech, the presumption of innocence, confidentiality of communications and the right to anonymity as protected by international human rights conventions. Kriptopolis (a member of the Global Internet Liberty Campaign) and more than 350 other entities have spontaneously taken their Web pages offline to protest against the prospects of censorship created by the LSSI. The new regulation also worries Spanish ISPs and the telecommunications industry because it compels them to retain their customers' communications traffic data (e-mails, browsing activity, mobile phone location data, etc.) for up to a year. For more information, see EPIC's pages on LSSI and Data Retention. (Oct. 29)
  • EPIC Files Lawsuit Seeking PATRIOT Act Info. EPIC, joined by the ACLU and library and booksellers' organizations, has filed suit under the Freedom of Information Act seeking the disclosure of information concerning implementation of the controversial USA PATRIOT Act. The lawsuit (PDF) covers some of the information the Justice Department recently withheld from the House Judiciary Committee. (Oct. 24)
  • EPIC Urges FCC to Protect Telecom Customer Information. EPIC filed comments (PDF) before the Federal Communications Commission (FCC) yesterday, urging the agency to adopt opt-in standards for the use of customer information by the succeeding carrier in a telecommunications bankruptcy proceeding. The bankruptcy rulemaking is related to the FCC's final order involving telecommunications carriers' use of sensitive personal customer information, which was released in July. For further information, see EPIC's CPNI Page. (Oct. 22)
  • DOJ Releases PATRIOT Act Info, Withholds Some Data. The House Judiciary Committee has released the Justice Department's response (PDF, 3.4MB) to the committee's June 13 letter seeking information about implementation of the USA PATRIOT Act. The response sheds some light on the use of the new law, but DOJ has classified a large amount of important information required for proper public oversight. EPIC and the ACLU are seeking this information through the Freedom of Information Act. See EPIC's USA PATRIOT Act page for further information. (Oct. 18)
  • New Registry for .ORG. ICANN has selected the Public Interest Registry (PIR) to operate .ORG beginning in 2003. PIR was created by the Internet Society to promote the noncommericial use of the Internet. EPIC President Marc Rotenberg was selected as one of the founding board members of PIR. More information about ISOC's .ORG bid. (Oct. 17)
  • Court Hears Argument in Warrant Service Procedure Case. The Eighth Circuit held oral arguments yesterday in United States v. Bach, a case involving how the Fourth Amendment protects stored e-mails and other files held by an ISP. The issue raised is whether a police officer's presence is required during service of a warrant on an ISP. EPIC filed an amicus brief (PDF) in the Eighth Circuit arguing that police officer presence is required because U.S. search and seizure law has mandated officer presence at the service of a warrant since the 1700s. See EPIC's page on the case for more information. (Oct. 11)
  • Memo Reveals FBI Wiretap Violations. A recently disclosed FBI memo reveals that agents illegally videotaped suspects, intercepted e-mails without court permission, recorded the wrong phone conversations, and allowed electronic surveillance operations to run beyond their legal deadline, during sensitive terrorism investigations. The mistakes referenced in the internal memo are different than those delineated and criticized in May by the Foreign Intelligence Surveillance Court. The existence of the memo was first revealed in documents EPIC obtained in a FOIA lawsuit. For background information, see EPIC's FISA Page. (Oct. 10)
  • FCC Solicits Comments on Telemarketing. The Federal Communications Commission (FCC) has issued a notice of proposed rulemaking on the Telephone Consumer Protection Act (TCPA), a federal law that regulates telemarketing and fax advertising. The notice requests comments on creating a national do-not-call list, and on regulations for autodialers and prerecorded voice telemarketing. Any member of the public can comment until November 22, 2002, and TCPALaw.com has posted a system to facilitate submission of comments. For more information, see the EPIC Telemarketing Page. (Oct. 8)
  • EPIC, Junkbusters Urge AGs to Protect Privacy of Amazon.com Booklists. EPIC and Junkbusters have sent a letter to state Attorneys General urging them to protect records of book purchases collected by Amazon.com. Under previous privacy policies, the company promised never to sell customer information, but Amazon.com reneged on this guarantee, and now claims it can sell customer records as a business asset. The letter urges the AGs to uphold Amazon's promise to never sell personal information, to guarantee customer access to and deletion of records, and for Amazon.com to undergo an audit of its information practices. After Amazon.com changed its privacy policy in September 2000, EPIC severed its relationship with the company and filed a complaint with the FTC. For more information, see the Junkbusters page on Amazon.com. Update: The Massachusetts Attorney General office has responded (PDF) to the letter, and has requested comment from Amazon.com on the access, deletion, and audit issues. (Oct. 8)
  • House Passes Federal Agency Privacy Bill. The House of Representatives has passed H.R. 4561, the Federal Agency Protection of Privacy Act, which was introduced by Rep. Bob Barr (R-GA). The Act would require federal agencies to carefully consider how newly issued regulations would affect privacy. The companion bill was introduced in the Senate by Senator Max Cleland (D-GA) as S.2492 and may pass in the final days of the session. (Oct. 8)
  • FTC Pursues Student Profilers. The FTC has settled a case with three student profiling companies for collecting information from schoolchildren in violation of federal law. The companies distributed surveys to children through teachers and guidance counselors under the pretense that the information was only for college admissions. However, the companies were selling the information to commercial marketers. For more information, see the EPIC Profiling Page and the EPIC FERPA Page. (Oct. 2)
  • EPIC Testifies in Congress on Anti-Privacy Bill. EPIC Executive Director Marc Rotenberg testified before the House Subcommittee on Commerce, Trade, and Consumer Protection that the Consumer Privacy Protection Act "favors industry over the consumer, the invasion of privacy over the protection of privacy." Mr. Rotenberg noted that even the White House panel charged with protecting the country from cyberterrorism had shown greater regard for privacy protection. "Certainly, there could be a similar commitment to privacy in less critical circumstances," the EPIC statement concluded. (Sept. 24)
  • Rights Groups File Brief With Secret Appeals Court. EPIC today joined with a coalition of civil liberties groups to urge a secret appeals court to reject a government bid for broadly expanded powers to conduct "national security" surveillance on U.S. citizens. In an amicus brief (PDF) filed with the Foreign Intelligence Surveillance Court of Review, the groups said that expanding such powers would jeopardize fundamental constitutional interests. The case involves an unprecedented decision made public last month which revealed a pattern of FBI misrepresentations to a secret surveillance court. See EPIC's Foreign Intelligence Surveillance page for background on the controversy. (Sept. 20)
  • EPIC Testifies on Need to Limit SSN Use. In testimony before a joint hearing of the House Ways and Means Subcommittee on Social Security and the House Judiciary Subcommittee on Immigration, Border Security, and Claims, EPIC Legislative Counsel Chris Hoofnagle advocated the adoption of comprehensive privacy protections for Social Security Numbers (SSNs). EPIC urged Congress to adopt a legislative strategy that discourages the collection and dissemination of the SSN and encourages organizations to develop alternative systems of record identification and verification. For more information, see the EPIC SSN Page. (Sept. 19)
  • EPIC Urges Senate Commerce Committee to Reject Biometric IDs. In a letter to the Senate Commerce Committee, EPIC urged legislators to reject attempts to create a system of biometric identification in S. 2949, the Aviation Security Improvement Act (PDF). Section 302 of that bill would authorize the Department of Transportation to create biometric identification technologies without public oversight or debate. For more information, see the EPIC National ID and Biometrics Pages. (Sept. 19)
  • Privacy Groups Urge the Senate to Strengthen Financial Privacy Law. EPIC has joined the testimony (PDF) of U.S. PIRG before the Senate Committee on Banking, Housing, and Urban Affairs in an oversight hearing on Financial Privacy and the Gramm-Leach-Bliley Act (GLBA). The testimony focuses on the failure of the GLBA to promote financial privacy, and on the rights of states to pass legislation that exceeds federal protections. For more information, see the EPIC GLBA Page. (Sept. 19)
  • Bush Administration Releases Cybersecurity Plan. The President's Critical Infrastructure Protection Board has released a report (PDF) with recommendations, programs, and discussions designed to secure Internet communications. The public may comment on the draft until November 18, 2002. (Sept. 18)
  • EPIC Publishes FOIA Litigation Manual. EPIC, the James Madison Project, and Access Reports have released a revised edition of Litigation Under the Federal Open Government Laws. The book draws upon the expertise of practicing attorneys who are recognized experts in the field. Appendices include the text of relevant acts and sample pleadings for litigators. This comprehensive guide to FOIA and open government is essential for anyone interested in open access laws. (Sept. 12)
  • EPIC Urges FTC to Adopt Effective Strategy for Passport. In comments to the Federal Trade Commission, EPIC and a coalition of advocacy groups urged the agency to amend its Consent Order regarding Microsoft Passport to include greater privacy protections. The groups commented that Passport users should have access to their entire profile, that security risks justify limits on the Passport system, and that the Commission should examine other developing authentication systems, such as AOL's Screen Name Service and Project Liberty. For more information, see the EPIC Passport Page. (Sept. 9)
  • EPIC Joins Brief Opposing Identification of ISP Subscriber. EPIC and a coalition of civil liberties groups have filed an amicus brief challenging the Recording Industry Artists of America's attempt to identify a Verizon ISP subscriber. The groups argued that a portion of the Digital Millennium Copyright Act is unconstitutional since it violates individuals' right to anonymous communications. (Sept. 3)
  • EPIC, PI Release Privacy Report. EPIC and Privacy International released the 2002 edition of Privacy and Human Rights: An International Survey of Privacy Law and Developments at the National Press Club in Washington, DC on Tuesday, September 3. The report documents the expansion of government surveillance activities since September 11. (Sept. 2)
  • NY AG Brings Suit Against Student Profiler. New York Attorney General Eliot Spitzer has brought suit against Student Marketing Group (SMG) alleging that the company uses college financial aid surveys as a front for collecting marketing data from high school students. The company sent surveys to high schools for students to complete, but failed to disclose that the information was also used for marketing purposes. For more information, see the EPIC Profiling Page and the New York Attorney General petition against SMG. (Aug. 29)
  • DoubleClick Settles with State AGs. DoubleClick has settled an investigation led by the New York Attorney General into the company's online profiling practices. In the agreement (PDF), DoubleClick agreed to greater transparency measures, including regular audits and giving individuals the ability to view their profiling cookies. For more information, see the EPIC Cookies Page. (Aug. 26)
  • FISA Court Chastises DOJ, FBI. In a published opinion (PDF), the secretive Foreign Intelligence Surveillance Act (FISA) Court has sharply criticized the DOJ and FBI for providing the tribunal misleading information in 75 cases. The Court limited the request of the DOJ to share intelligence information for criminal prosecutions. The Court said that DOJ substituted relaxed foreign intelligence gathering wiretapping procedures to evade higher requirements for standard criminal investigations: "The 2002 procedures appear to be designed to amend the law and substitute the FISA for Title III electronic surveillancesÖ" The Court continues to say that this may be because "Öthe government is unable to meet the substantive requirements of these law enforcement tools..." For more information, see the EPIC Wiretapping Page. (Aug. 23)
  • NASA Responds to Info Obtained by EPIC under FOIA. EPIC recently obtained documents under the Freedom of Information Act that show NASA researchers have proposed the use of "non-invasive neuro-electric sensors" for aviation security. In response to media coverage based on those documents, NASA has issued a press release stating that it has not approved of any research in the area of "mind reading" and that "because of the sensitivity of such research," the agency will seek independent review before granting approval to future projects. See EPIC's Air Travel Privacy page for more information. (Aug. 21)
  • European Council Draft Decision Mandates Data Retention. In a recently leaked draft framework decision, the executive body representing EU governments is pushing to harmonize electronic surveillance laws across Europe by mandating every State to adopt sweeping data retention regimes on all forms of communications, including telephone calls, mobile calls, e-mail, faxes, and Internet browsing. The Council's decision comes after the European Parliament voted in May on a directive (PDF) that leaves each EU national parliament free to adopt data retention laws. Although most countries in Europe do not allow preventative retention of communications data, or have allowed such retention only for short periods of time, the framework decision ñ which will bind Member States if adopted by the Council ñ would compel EU countries to implement retention measures for all their citizens for a minimum of 12 months. For more information, see EPIC's Data Retention Page. (Aug. 20)
  • NTIA to Examine Privacy Aspects of ENUM. The National Telecommunications and Information Agency (NTIA) is holding a public roundtable today on ENUM, a service that integrates the phone network with Internet resources. ENUM has serious privacy implications, including law enforcement access to communications data, mining of personal information, and it could enable an unprecedented amount of unsolicited commercial advertising. The roundtable will be webcast. For more information, see the EPIC ENUM Page. (Aug. 14)
  • HIPAA Privacy Rule Eliminates Consent Requirement, Allows Marketing. The Department of Health and Human Services (HHS) has released a modified HIPAA Privacy Rule that eliminates the consent requirement before a doctor can access medical records and authorizes marketing based on individually-identifiable health conditions. For more information, see the EPIC Medical Privacy Page and the Health Privacy Project Release. (Aug. 12)
  • FTC Announces Action Against Microsoft Passport. The Federal Trade Commission (FTC) has settled a privacy enforcement action against Microsoft for violations associated with the Passport identification and authentication system. The agreement (PDF) requires that Microsoft establish a comprehensive information security program for Passport, and that it must not misrepresent its practices of information collection and usage. In July and August 2001, EPIC and a coalition of consumer advocacy groups filed complaints detailing the privacy risks associated with Passport. For more information, see the FTC's complaint (PDF), the EPIC Passport Investigation Page and the EPIC Sign Out of Passport Page. (Aug. 8)
  • OECD Announces Computer Security Guidelines. The Organization for Economic Cooperation and Development has released principles for computer security (PDF) that emphasize democracy, transparency, privacy, and education. The OECD principles are intended to protect important civil society values as countries and private sector organizations go forward with computer security plans. For more information, see the OECD Press Statement and EPIC's Computer Security page. (Aug. 7)
  • EPIC Files Amicus Against On-Line Offender Registry. EPIC filed an amicus brief (PDF) with the Supreme Court today, urging the Court to hold that the Alaska Megan's law statute violates the Ex Post Facto clause of the Constitution. EPIC argues that the mandatory online dissemination of a sex offender registry is excessive when weighed against the statutory purpose of protecting people in the geographic vicinity of released offenders. See the EPIC Megan's Law Page. (Aug. 2)
  • Court Orders DOJ To Disclose Names of 9/11 Detainees. In a decision (PDF) issued on August 2, U.S. District Judge Gladys Kessler has directed the Justice Department to disclose, within 15 days, the identities of individuals detained in connection with its September 11 terrorist investigation. Detainees desiring confidentiality of their identities can file statements requesting non-disclosure. The decision marks a significant defeat for government secrecy in the wake of the terrorist attacks. EPIC joined with a coalition of other groups in seeking the disclosure of the information under the FOIA. EPIC has produced a resource page with background on the litigation. (Aug. 2)
  • Senators Introduce Bill for Study Commission on Civil Liberties. Senators Charles Schumer (D-NY) and John Edwards (D-NC) have introduced the Security and Liberty Preservation Act (PDF), a bill that would create an independent commission to study the effects of new surveillance technologies before they are deployed. The commission will examine electronic surveillance, including video cameras, monitoring of Internet activity, and profiling. See the Observing Surveillance Page and EPIC's pages on Video Surveillance, Carnivore and Profiling. (Aug. 2)
  • EPIC Argues Officer Presence Required for Warrant Service. EPIC filed an amicus brief (PDF) in the Eighth Circuit arguing that police officer presence is required during the service of a warrant on an ISP. The case arose after Yahoo! was served with a search warrant sent by fax machine, a procedure that EPIC argues doesn't adequately safeguard Fourth Amendment guarantee of a "reasonable" search. EPIC's brief details the history of U.S. search and seizure law, which has mandated officer presence at the service of a warrant since the 1700s. See EPIC's page on the case for more information. (July 30)
  • Eli Lilly Settles With States, Agrees to New Safeguards. On July 25, the New York State Attorney General announced (PDF) a multi-state agreement (PDF) regarding an incident last year in which pharmaceutical company Eli Lilly accidentally disclosed the email addresses of 700 mental health information list subscribers. Among other things, the agreement requires Lilly to pay the states $160,000, as well as strengthen its standards relating to privacy protection, training, and monitoring. These requirements build on an administrative order issued by the Federal Trade Commission (FTC) in January, in response to a July 2001 ACLU complaint highlighting Lilly's negligence. (July 26)
  • FCC Declines to Address Location Privacy. The Federal Communications Commission has decided not to develop rules governing the collection and use of location data generated by wireless communications systems. In an order (PDF) released on July 24, the Commission said that a federal statute enacted in 1999 "imposes clear legal obligations and protections for consumers," and that "the better course is to vigorously enforce the law as written, without further clarification of the statutory provisions by rule." Commissioner Michael Copps dissented, citing comments submitted by EPIC that noted that "Commission action is needed because the statute's meaning apparently is subject to varying interpretations within the industry." See EPIC's initial comments (PDF) and reply comments (PDF) filed with the FCC. (July 25)
  • EPIC Files Amicus in Wrongful Invasion of Privacy Suit. EPIC filed an amicus brief arguing that private investigators and information brokers should be liable for wrongful privacy invasions of third parties about whom they are collecting and disseminating information. The case arose after Amy Boyer was stalked and killed by a man who obtained information about her through Docusearch, an information brokerage run by private investigators. Docusearch used "pretexting" to obtain information about Ms. Boyer &endash; including her address &endash; which was subsequently used by its client to track and kill her. For more information and examples of similar privacy invasions, see EPIC's page on the Amy Boyer case. (July 22)
  • EPIC: DRM Anti-Consumer, Threatens Privacy, Free Speech, Fair Use. In comments to the Department of Commerce Technology Administration workshop on Digital Rights Management (DRM), EPIC argued that DRM technologies threaten privacy, free speech, and fair use. For more information, see the EPIC DRM Page. (July 18)
  • EPIC Submits Statement for Congress on Identity Theft. In response to a request from the Senate Select Committee on Aging, EPIC has submitted a report on identity theft and biometrics. The report summarizes the problem of identity theft for the elderly community and then surveys various biometric techniques, concluding that such techniques would be impractical on a national level and are likely to create new risks to privacy. The report also endorses the recent conclusion of a Consumer Reports article that "[t]he nation urgently needs to tackle the complex task of regulating biometrics before vast stores of data are built." For more information, see EPIC's Biometrics page. (July 17)
  • FTC Prevails in Privacy Case Against Trans Union. The U.S. Court of Appeals for the District of Columbia Circuit has rejected free speech challenges by Trans Union to privacy regulations drafted by federal agencies pursuant to the Gramm-Leach-Bliley Act (GLBA). The decision will limit credit bureaus from using personal information for marketing. For more information, see the EPIC Profiling Page. (July 17)
  • FCC Adopts Modified Opt-In Plan for Customer Information. The Federal Communications Commission today adopted rules (PDF) designed to protect sensitive personal information of customers of telecommunications carriers. The Order provides for opt-in &endash; or express consent &endash; customer approval for carriers' release of customer information to third parties, but permits opt-out consent for release of information to affiliated parties. The Order specifically states that the Commission will not block or preempt state efforts to further protect CPNI. EPIC, other consumer groups, and 39 state Attorneys General filed comments (PDF) with the Federal Communications Commission in 2001, urging the FCC to adopt opt-in for all customer calling data. For further information, see FCC Commissioner Copps' statement and EPIC's CPNI Page. (July 16)
  • Bush Releases National Strategy for Homeland Security. The Office of Homeland Security's National Strategy contains proposals for increased information sharing, biometric identification, and standardization of state driver's licenses. For more information, see the EPIC Profiling, Biometrics, and ID Cards Pages. (July 16)
  • EPIC Urges Openness for Homeland Security Dep't. In testimony before the House Energy and Commerce Committee, EPIC General Counsel David Sobel today urged rejection of a proposal to exempt from the FOIA large amounts of material relating to "infrastructure protection" and counter-terrorism measures. Testifying on the Bush Administration's legislation to create a new Department of Homeland Security, Sobel said an FOIA exemption would "cast a shroud of secrecy over one of the Department's critical functions, removing any semblance of meaningful public accountability. See EPIC's Critical Infrastructure Protection Page for additional information. (July 9)
  • DC Police Use Surveillance Cameras on July 4th. The Park Police and District Police will conduct video surveillance of the Fourth of July celebrations on the National Mall, according to articles in The Washington Post and The Washington Times. Sergeant Scott Fear of the US Park Police claims that their surveillance plans are secret. EPIC sought details of the Park Service plans in March under open government law but was informed that no records existed. EPIC has obtained logs of helicopter surveillance from the Park Police, which reveal that public protests and peaceful demonstrations have routinely been recorded and shared with law enforcement agencies. EPIC will be seeking under the Freedom of Information Act any records of the surveillance conducted by the Park Police during the July 4th celebration. See EPIC's video surveillance page and Observing Surveillance for more information. (July 3)
  • EU Launches Probe of Passport. Reuters reports that the European Union (EU) has begun an investigation to determine whether the Microsoft Passport identification system violates the Data Protection Directive. EPIC and a coalition of groups filed complaints with the Federal Trade Commission (FTC) in July and August 2001 urging that American authorities investigate the system under consumer protection law. For more information, see the EPIC Passport Investigation Docket Page. (July 2)
  • Coalition Opposes National ID. EPIC and forty other civil liberties organizations have sent a letter to the House of Representatives urging Members to oppose national ID systems. For more information, see the EPIC National ID Page and Your Papers, Please, a report on the AAMVA national ID system. (June 27)
  • ACTION: Convince DC Council to Limit Cameras. The District of Columbia is still accepting public comments on the Metropolitan Police Department's draft video surveillance regulations until July 27, 2002. You should act now to express your views on this matter. The D.C. City Council recently held an oversight hearing on the use of video surveillance in the Nation's Capital, at which EPIC Executive Director Marc Rotenberg testified. For background information, see EPIC's Video Surveillance page and the Observing Surveillance project. (June 27)
  • EPIC Comments on Privacy Implications of Cable Modem Service. EPIC submitted comments (PDF) for an FCC proceeding regarding the classification of cable modem services. An FCC ruling in March subjects cable modem services to the stringent privacy mandates of the Cable Communications Policy Act. EPIC's comments applaud the FCC's determination, which "meets the Commission's responsibility to protect the privacy interests of those using the Nation's cable services and upholds the Congressional intent ... to protect consumer privacy in the interactive network environment." The decision, which is supported by legislative intent and the language of the Cable Act, recognizes the substantial privacy interests implicated by technological advancements. (June 19)
  • Supreme Court Upholds Anonymity, Free Speech. The Supreme Court ruled today that an ordinance requiring door-to-door petitioners to obtain a permit and identify themselves upon demand violates the right of anonymity inherent in the First Amendment freedom of speech. The Court stated that "it is offensive, not only to the values protected by the First Amendment, but to the very notion of a free society, that in the context of everyday public discourse a citizen must first inform the government of her desire to speak to her neighbors and then obtain a permit to do so." In November 2001, EPIC, the ACLU, and 14 legal scholars filed an amicus curiae brief (PDF), arguing that the ordinance implicates privacy, as well as the First Amendment rights of anonymity, expression, and freedom of association. See EPIC's Watchtower Bible Page for more information. (June 17)
  • North Dakota: 72% Opt for Opt-In. In a statewide referendum yesterday, North Dakota voters chose to reestablish opt-in privacy protections for financial information. A "No" vote on Constitutional Measure Two (PDF) rejected an opt-out standard for financial privacy that was adopted after the same weak standard passed Congress in 1999. Banks in opposition to opt-in raised over $100,000 to defeat the measure. Yesterday's referendum was the first time citizens have had the opportunity to vote directly on opt-in. (June 12)
  • Coalition Urges Review of AG Guidelines. More than thirty educational, scientific, religious, civil liberties, and other organizations organizations across the country wrote (PDF) this week to Chairman Leahy and Senator Hatch to express their concern that the recent decision of the Attorney General to loosen the guidelines that restrict the surveillance of religious and political organizations in the United States "raises matters of Constitutional authority that require immediate Congressional attention." The new rules expand FBI authority to use data mining to profile individuals and to engage in warrantless monitoring of conversations. The Senate Judiciary Committee will hold an oversight hearing on Counter-Terrorism on June 6. For more information, see the EPIC AG Guidelines Page. (June 5)
  • EPIC, EFF Urge House Subcommittee to Consider Risks of DRM. In a letter to the House Judiciary Subcommittee on the Courts, the Internet, and Intellectual Property, EPIC and the Electronic Frontier Foundation (EFF) urged Members to consider the harms to consumer and societal rights posed by digital rights management (DRM) technologies. The Subcommittee will hold a hearing today focusing on the consumer benefits of DRM, with a panel consisting only of content protection representatives, and no witnesses to discuss the risks to privacy, fair use, free expression, or innovation. For more information, see the EPIC Digital Rights Management and Privacy Page and the EFF Campaign for Audiovisual Free Expression Page. (June 5)
  • EPIC, SonicBlue Successful in Blocking Collection of Viewer Data. Bloomberg News reports that a federal judge has overturned an order requiring SonicBlue to reveal data on its customers' viewing habits. EPIC filed a brief with the court last week arguing that the order violated viewers' privacy. For more information, see the EPIC Replaytv Litigation Page. (June 1)
  • District Court Finds Library Filtering Law Unconstitutional. A three-judge panel in Philadelphia ruled (also available in PDF) today that the government's latest attempt to censor the internet violates the First Amendment because it would restrict substantial amounts of protected speech "whose suppression serves no legitimate government interest." The Childrens Internet Protection Act, which requires the installation of filtering software on computers in libraries that receive federal support, was challenged by a coalition of libraries and patrons. EPIC is acting as co-counsel in the lawsuit. Today's decision also notes that the law infringes upon the First Amendment right to anonymity because it forces patrons to reveal their identity in order to get certain cites unblocked. The statute provides for an automatic right of review to the Supreme Court. EPIC's recent publication, Filters & Freedom 2.0, details the free expression implications of filtering technologies. For more background about the proceedings, see EPIC's CIPA Page. (May 31)
  • European Parliament Vote in Favor of Surveillance of Communications. Despite a successful campaign organized by a group of 60 civil liberties organizations from 15 countries with wide endorsement by more than 16,000 individuals from 73 countries, the EP has approved data retention. The European directive now makes it much easier for police to collect from Internet service providers and telephone companies a wide range of traffic data of their subscribers' phone calls, emails and Internet communications. On the other hand, the measure bans almost every future 'spamming' unless the addressee 'opts-in', and restricts the use of 'cookies'. For more details, see the new EPIC's data retention page. Meeting minutes and vote results are available. (May 30)
  • FBI's Carnivore Hampered Anti-Terror Investigation. Documents obtained by EPIC under the FOIA show that an FBI anti-terrorism investigation possibly involving Usama bin Laden was hampered by technical flaws in the Bureau's controversial Carnivore Internet surveillance system. The Carnivore "software was turned on and did not work correctly." The surveillance system captured not only the electronic communications of the court-authorized target, "but also picked up E-Mails on non-covered" individuals (a violation of federal wiretap law), resulting in the destruction of the lawfully obtained material. The documents describe the incident as part of a "pattern" indicating "an inability on the part of the FBI to manage" its foreign intelligence surveillance activities. The documents are available at the EPIC Carnivore FOIA Litigation page. (May 28)
  • EU Officials Launch Investigation of Microsoft Passport. The New York Times reports that the European Commission is investigating the Microsoft Passport online identification and authentication program for privacy violations. EPIC filed complaints in July and August 2001 alleging that the Microsoft Passport system facilitates online profiling, and that the company has engaged in unfair and deceptive trade practices. Microsoft officials have stated that the goal of the system is to create a profile of every Internet user, to upsell individuals to subscription accounts, and to engage in ad targeting of Passport members. For more information, see the EPIC Sign Out of Passport Page. (May 28)
  • Coalition Asks European Parliament to Vote Against Data Retention. In an open letter sent to all Members of the European Parliament, EPIC and 40 civil liberties organizations from 15 countries strongly recommended that Members vote against general data retention of communications by law enforcement authorities. The vote, scheduled for May 29 in Brussels, is critical, as it constitutes the major step before the final adoption of the new EU Telecommunications Directive. It may have serious consequences on the manner in which data retention is currently regulated in the United States and other countries around the world. Individuals are also encouraged to endorse the letter, and may do so until May 28. For more information, see EPIC's new Data Retention page. (May 22)
  • Minnesota Passes ISP Privacy Law. Minnesota Governor Jesse Ventura has signed into law S.F. 2908, a bill that limits the use of data collected by ISPs. The bill requires consent of the user before an ISP can reveal browsing history or the user's personal information. The bill also places restrictions on the transmission of unsolicited commercial e-mail, including a prohibition on falsification of headers and the requirement of an "ADV" label. The bill affords Minnesotans a private right of action with liquidated damages and attorney's fees. (May 22)
  • Congress to Hold Hearings on WHOIS Database and Domain Name Registration. On May 22, the U.S. House of Representatives Subcommittee on Courts, the Internet, and Intellectual Property will hold a hearing on the "Accuracy and Integrity" of the WHOIS database. The Subcommittee on Crime, Terrorism, and Homeland Security also plans to hold a hearing shortly on H.R. 4640, a bill to provide criminal penalties for providing false information in registering a domain name on the Internet. EPIC has previously submitted statements to Congress on the privacy and free speech implications of the WHOIS database in July and February of 2001. (May 21)
  • Internet Privacy Bill Moves Forward. The Senate Commerce Committee today voted 15-8 in favor of the Online Personal Privacy Act (PDF). The bill provides important protections for Internet users. The measure now goes to the full Senate for consideration. See EPIC Testimony on S. 2201 (also available in PDF) and EPIC's Internet Privacy Page. The New York Times Editorial Board has urged Senate Majority Leader Tom Daschle (D-SD) to make S. 2201 a priority. (May 17)
  • Court Grants SonicBlue's Request for Stay. CNET reports that on Wednesday, a federal court put on hold the previously ordered product re-engineering of the ReplayTV4000 "Personal Television" digital recorder. A magistrate judge had earlier ordered SonicBlue to create and transmit software within 60 days that would allow surveillance of individual users in their homes. EPIC filed an amicus brief requesting that the order be reversed. A hearing is scheduled for June 3rd. For more information, see the EPIC ReplayTV Page. (May 16)
  • EPIC Files Brief in Opposition to Mandatory TV Surveillance. EPIC, joined by a coalition of civil liberties and consumer groups, filed an amicus brief (PDF) asking a federal court to overrule a decision mandating enforced surveillance of ReplayTV 4000 television users (view press release). Two weeks ago, numerous television studios persuaded a judge to issue an order requiring SONICblue to electronically monitor and record the TV uses of its customers. The ReplayTV 4000 is a personal video recorder (PVR) that allows users to digitally store television programming to hard disks for later viewing. SONICblue had never before collected viewing data from ReplayTV 4000 users because of privacy concerns. In the amicus brief, the civil liberties and consumer groups argue that the court order infringes on individuals' privacy rights and intellectual freedom. For more information, see the EPIC ReplayTV Page. (May 13)
  • Supreme Court Retains Ban on COPA Enforcement. The Supreme Court has preserved an injunction barring enforcement of the Childrens Online Protection Act, ruling (PDF) that COPA, which makes it a crime to post "harmful to minors" materials on the Internet, raises unresolved free speech questions that must be decided by the lower court before the law's constitutionality can be fully assessed. The Court questioned the validity of the only conclusion reached by the lower court&emdash;that COPA's reliance on "community standards" renders the law unconstitutional&emdash;but did not conclusively resolve the issue. Civil liberties groups, including EPIC and the ACLU, challenged the law shortly after its passage in 1998, claiming that COPA violates the First Amendment. For background information, see EPIC's COPA Page. (May 13)
  • EPIC Urges Openness, Accountability for Infrastructure Protection. In testimony before the Senate Governmental Affairs Committee, EPIC General Counsel David Sobel criticized proposals to create a new FOIA exemption for "critical infrastructure information." He told the Committee that, "rather than seeking ways to hide information, Congress should consider approaches that would make as much information as possible available to the public" concerning security flaws in critical systems. See EPIC's Critical Infrastructure Protection Page for additional information. (May 8)
  • Coalition Wants House to Adopt Higher Standard for Privacy Protection. EPIC and a coalition of consumer organizations have sent a letter urging Members of the House Commerce Subcommittee on Commerce, Trade, and Consumer Protection to evaluate new privacy legislation under a framework of Fair Information Practices. The letter comes in response to legislation introduced today by Rep. Cliff Stearns that would preempt state privacy laws and give individuals no remedy against privacy violators. (May 8)
  • EPIC: Doubleclick Settlement Not in the Public Interest. EPIC and Junkbusters have filed a formal objection to a proposed settlement in re Doubleclick Privacy Litigation, a case that will resolve several class-action lawsuits against Doubleclick for online tracking of individuals. EPIC argued that the settlement is not fair, reasonable, or adequate because the company has not significantly changed its business practices. For more information, see the EPIC Cookies Web Page. (May 7)
  • DOJ Says Homeland Security Office Not Subject to FOIA. The Justice Department is seeking the dismissal of EPIC's Freedom of Information Act lawsuit against the Office of Homeland Security (OHS). In a brief submitted to the U.S. District Court in Washington, DOJ argues that OHS is not an "agency," and therefore is not subject to the FOIA's open government requirements. See EPIC's Homeland Security Page for more information. (May 7)
  • Ridge Briefs Senate on National ID Plan. Homeland Security Director Tom Ridge disclosed on May 2 that the Bush administration is considering ways to set national standards for driver's licenses. Ridge spoke at an informal question-and-answer period organized by Senator Orrin Hatch (R-UT), while a concurrent hearing on the homeland security budget, at which Ridge had refused to testify, took place in the Senate Appropriations Committee. Ridge said that the White House is looking at developing legislation to act on proposals by state groups, including the American Association of Motor Vehicle Administrators (AAMVA), that aim to establish a national identification system. See EPIC's related report, "Your Papers, Please" (PDF). (May 3)
  • EPIC, Consumer Groups, State AGs Argue for Stronger Privacy Safeguards for Financial Records. EPIC, Privacy Rights Clearinghouse, U.S. PIRG and Consumers Union submitted comments (PDF) on May 1 for a U.S. Treasury Department study on the effectiveness of Gramm-Leach-Bliley Act financial privacy protections. The study is required by law to shed light on the information sharing practices of the financial services industry. The comments describe flaws in the implementation of the GLB Act and demonstrate the benefits for consumers if an "opt-in" approach is adopted for financial information sharing. 37 state Attorneys General also filed comments for the study, stating that "current law does not adequately protect consumers' privacy" and poses a significant risk to consumers. (May 3)
  • Reps. Moran, Davis Introduce National ID Bill. Representatives James Moran (D-VA) and Tom Davis (R-VA) have introduced the Driver's License Modernization Act of 2002, a bill that would establish a National ID system in America. The bill calls for standardization of driver's licenses, increased motor vehicle information sharing, the collection of biometric identifiers, and $300,000,000 in grants to create the system. For more information, see the EPIC National ID Card page and Your Papers, Please (PDF), an EPIC report on National ID. (May 1)
  • EPIC Calls New Privacy Bill "An Important Step Forward for Privacy Law in the United States." On April 25, EPIC Executive Director Marc Rotenberg gave testimony (also available in PDF) before the Senate Commerce Committee on the Online Personal Privacy Act (PDF). View a section by section analysis of the bill. Update: Members of the Federal Trade Commission (FTC) have written letters (see under "April 26") to Senator John McCain, who requested their views on the bill. (Apr. 29)
  • Free Speech Groups Cite Post-9/11 Info Restrictions. EPIC has joined with other free expression and open government advocates in a statement marking the six-month anniversary of Congress' passage of the USA PATRIOT Act. The groups detail the legislation's chilling effect on speech and other government efforts to restrict public access to information. The statement was released by the Free Expression Network at a Capitol Hill press conference that featured Sen. Russell Feingold and Rep. Patsy Mink, both vocal critics of the legislation. (Apr. 25)
  • Rep. Barr to Introduce Federal Agency Privacy Bill. Representative Bob Barr (R-GA) held a press conference at the House Triangle to announce the upcoming introduction of the Federal Agency Protection of Privacy Act. This bill would require federal agencies to issue a privacy impact analysis when promulgating new rules. (Apr. 24)
  • Privacy International Holds U.S. Big Brother Awards. At last week's Computers, Freedom & Privacy (CFP) Conference, Privacy International announced the winners of the 4th Annual U.S. Big Brother Awards. "Most Invasive Proposal" went to the Expanded Computer Assisted Passenger Screening Program's plan to profile and spy on travelers. "Greatest Corporate Invader" went to Larry Ellison, CEO of Oracle, for backing a National ID Card plan using his software (see EPIC's National ID Card page). "Worst Public Official" was awarded to Attorney General John Ashcroft, for attacking privacy and freedom of information. "Lifetime Menace" went to Admiral John Poindexter and the new Office of Information Awareness. "Brandeis" awards were awarded to state Senator Jackie Speier, Warren Leach, and the San Francisco Chronicle Editorial Page, who have done excellent work to protect and champion privacy. (Apr. 22)
  • EPIC Advises Senate Against Standardized Driver's License. EPIC submitted a letter for the record of a Senate hearing on standardizing the state driver's license system. The letter notes the significant public opposition to such a scheme and the privacy and security risks of creating a national identification system based on the state driver's license (see EPIC Report "Your Papers, Please: From the State Drivers License to a National Identification System," PDF). For more information, see EPIC's ID Card page. (Apr. 17)
  • D.C. Police Issue Spycam Guidelines. The Metropolitan Police Department of Washington, D.C. has issued a draft General Order on Closed Circuit Television Cameras that will regulate surveillance cameras in the nation's capital. For background information, see EPIC's Face Recognition Page and Observing Surveillance. (Apr. 17)
  • Microsoft Backs Down, Privacy and Security Risks Bury Hailstorm. Microsoft has abandoned its Hailstorm or "My Services" platform because of privacy and security risks inherent in centralized storage of personal information. EPIC, along with fifteen leading consumer organizations, sent a series of complaints to the Federal Trade Commission in July and August 2001 detailing the privacy risks in the Microsoft Hailstorm system. For more information, see the EPIC Sign Out of Passport Page. (Apr. 11)
  • Senate Holds Hearing on Homeland Security Budget. The Senate Appropriations Committee is beginning public hearings on the proposed $38 billion homeland security budget. In a letter to Senators Byrd and Stevens, EPIC expresses support for the hearings, and further urges that the Office of Homeland Security comply with a pending request under the federal Freedom of Information Act for information about a national identification system. See EPIC's Office of Homeland Security Page for more information. (Apr. 10)
  • EPIC Advocates Anonymity in Internet Broadcast Listening. In comments to the Copyright Office, EPIC joined the Electronic Frontier Foundation (EFF) in advocating that individuals should be able to listen to webcasts anonymously. The comments come in response to proposed changes to copyright regulations that would require information collection and the assignment of a unique identifier to listeners. For more information, see the EFF release and the EPIC Digital Rights Management and Privacy Page. (Apr. 10)
  • EPIC Files Comments on Telemarketing Practices. EPIC and thirteen leading consumer advocacy groups filed comments with the Federal Trade Commission on the Telemarketing Sales Rule (TSR). The groups advocated the creation of a telemarketing "do-not-call" registry, a requirement that telemarketers send Caller ID information, and for a prohibition on automatic dialers that produce abandoned calls. Individuals can still comment on the TSR until April 15, 2002. For more information, see the EPIC Telemarketing Page. (Apr. 10)
  • Colorado Upholds Rights of Anonymity, Privacy in Bookseller Records. The Colorado Supreme Court ruled today that customer purchase records enjoy First Amendment protection and may only be disclosed to the police if there is a "compelling need" that outweighs the interests of the customers. The case arose after Tattered Cover, a Denver-based bookstore, challenged a court order for book purchase records. Tattered Cover argued that requiring booksellers to turn over this information would chill speech by making customers afraid to purchase controversial titles. See EPIC's Page on Free Speech and Anonymity. (Apr. 8)
  • INS Purchases Personal Information on Latin Americans. Documents obtained by EPIC from a Freedom of Information Act (FOIA) request show that the Immigration and Naturalization Service (INS) has purchased personal information from the national ID databases of several Latin American countries. ChoicePoint, a data brokerage company, has a contract with INS to provide citizen registry, motor vehicle, and other information for Brazil, Argentina, Mexico, Columbia, and Costa Rica. For more information about government purchase of personal data, see the EPIC Public Records and Privacy Page. (Apr. 3)
  • EPIC Files Suit Against Office of Homeland Security. EPIC filed suit today against the Office of Homeland Security (OHS), seeking the expedited release of documents concerning the secret development of a government National identification system (EPIC v. Office of Homeland Security, filed April 2, 2002, D.C. Dist. Ct., PDF file). See EPIC's new page on Government Oversight and the Office of Homeland Security for more information. (Apr. 2)
  • EPIC Calls Proposed DoubleClick Settlement "Anti-Consumer." A New York district court has announced a in litigation concerning Doubleclick, the company that sought to secretly profile Internet users. The settlement would affect all Internet users who "had Doubleclick cookies placed upon their computers or browsers between Jan 1, 1996 and March 28, 2002." The agreement will, among other things, require future DoubleClick cookies to expire within 5 years, two years after the typical user has changed computers. Background on the original EPIC complaint to the FTC. (Mar. 29)
  • EPIC Carnivore Case Moves Forward -- Court Orders FBI to Disclose More Documents. EPIC has succeeded in its effort to compel the FBI to conduct a more complete search for documents concerning the Carnivore Internet surveillance system. U.S. District Judge James Robertson issued an order on March 25 in EPIC's FOIA lawsuit directing the Bureau to initiate a new search for responsive documents. The search must be conducted in the FBI's offices of General Counsel and Congressional & Public Affairs, and be completed no later than May 24, 2002. Background information, including previously released Carnivore documents, is available at EPIC's Carnivore FOIA Litigation page. (Mar. 26)
  • Study Finds Bias in Industry Privacy Reports -- EPIC Releases Updated Public Opinion Page. A new report critiques business studies of privacy and finds that they ignore the costs imposed on consumers and on society by self-regulatory systems for protecting privacy. Additionally, EPIC released its updated Public Opinion and Privacy Page to reflect survey data that shows strong support for opt-in privacy protections and that the current self-regulatory framework is insufficient to protect privacy. (Mar. 26)
  • ACLU, EPIC, Library Groups Challenge Mandatory Internet Filtering Law. Proceedings began today before a three-judge federal court in Philadelphia on the constitutionality of the Children's Internet Protection Act. The law, which requires the installation of filtering software on computers in libraries that receive federal support, is being challenged by a coalition of libraries and patrons. EPIC is acting as co-counsel in the lawsuit (PDF). EPIC's recent publication, Filters & Freedom 2.0, details the free expression implications of filtering technology. The ACLU maintains a comprehensive archive of material on the pending court case. (Mar. 25)
  • Congress Holds Hearing on Video Cameras in DC -- EPIC Launches "Observing Surveillance." Today the House Committee on Government Reform held a hearing on electronic surveillance in Washington DC. EPIC has launched a new Web site &endash; "Observing Surveillance" &endash; to document the growing presence of spy cameras in the Nation's Capital. EPIC has also filed a series of Freedom of Information Act requests (PDF) to learn more about the cost, use, and impact of the camera system. For more information, see EPIC's Face Recognition Page. (Mar. 22)
  • Administration Backs Down on Medical Privacy Safeguards. On March 21, the Bush administration proposed changing federal rules designed to protect medical records privacy. For more information, see EPIC's Medical Records Privacy Page. (Mar. 22)
  • EPIC FOIA Request Seeks Homeland Security Documents. EPIC filed a Freedom of Information Act request today with the Office of Homeland Security asking for detailed information on Gov. Ridge's proposal to create a new biometric identity card for air travelers. EPIC is also asking for information about draft legislation from the Office that seeks to link the driver's license to visa status (see story, "Ridge: Link Driver's License, Visa"). This is the first FOIA request sent to the new Office of Homeland Security, which has ten days to respond to the request. EPIC believes that substantive proposals from the Office, as with other federal agencies, implicating constitutional values and rights should be subject to public oversight. To view other post-9/11 FOIA requests made by EPIC, visit the FOIA Gallery. (Mar. 20)
  • CIA Gets Hand Caught in Cookie Jar. The CIA decided on March 18 to remove cookies from its Electronic Reading Room Web site after Daniel Brandt, director of Public Information Research (PIR), a Texas-based non-profit organization, discovered that the site issued a persistent cookie that recorded a visitor's IP number and issued a unique ID. The use of cookies &endash; especially persistent ones &endash; on government Web sites is considered to be a violation of guidelines issued by the Office of Management and Budget (OMB) in 2000. For more information on cookies, see the EPIC Cookies Page. (Mar. 20)
  • Sen. Wellstone Urges More Privacy for Calling Data. Senator Paul Wellstone (D-MN) has circulated a "Dear Colleague" letter (PDF) requesting that other senators join him in communicating to the FCC their support of an "opt-in" approach towards Customer Proprietary Network Information (CPNI). An opt-in approach would ensure that consumers must affirmatively consent to the sharing of their information by telephone companies before such information is shared. Wellstone's letter notes that this position is supported by 39 state Attorneys General who last year petitioned the FCC and advocated for an "opt-in" approach to protecting consumer privacy for CPNI, consistent with provisions in the 1996 Telecommunications Act. An example of the opt-out notices currently being provided can be found here (PDF). (Mar. 18)
  • EPIC Seeks Details of Air Travel Security Proposals. EPIC has filed suit against the Department of Transportation, seeking the expedited release of documents concerning proposed air travel security systems. EPIC asserts in the lawsuit (PDF) that the potential privacy implications of such proposals require full and informed public debate on the design of security systems. See EPIC's Air Travel Privacy page for background on previous security proposals. (Mar. 14)
  • Opposition to National ID Continues to Grow. Two recently published polls show that support for a national ID card has decreased. Results from a poll on the February 27 Washington Post Federal Page showed that public opinion was divided on the issue, with 47% of Americans thinking that national ID will improve interaction with government and business and 44% viewing it as "an invasion of people's civil liberties and privacy." A new survey released on March 12 by Gartner Inc. found that 26 percent of Americans are in favor of a national ID card, while 41 percent oppose the idea. See Wired News: Support for ID Cards Waning. (Mar. 13)
  • PI Hosts 2002 UK Big Brother Awards. On March 4, Privacy International presented the 4th annual UK "Big Brother" awards to the government and private sector organization that have done the most to invade personal privacy in Britain. The award for "Worst Public Servant" went to Sir Richard Wilson, Cabinet Secretary; "Most Invasive Company" went to Norwich Union; "Most Appalling Project" went to the National Criminal Intelligence Service (NCIS), and "Most Heinous Organization" went to the Department of Education and Skills. A "Lifetime Menace" award was given to the national identification and data sharing scheme. "Winston" awards were also given to individuals and organizations that have made an outstanding contribution to the protection of privacy, as well as to people who have been victims of privacy invasion. See the awards page for more information. (Mar. 8)
  • "Key Logger" Case Ends in Plea Bargain. The government and Nicodemo Scarfo entered into a plea agreement on February 28, ending a case that raised novel privacy issues. In a decision issued in December, a federal judge in New Jersey upheld the legality of the FBI's use of a "key logger system" secretly installed on Scarfo's computer to capture his encryption passphrase, and denied a defense motion to suppress evidence obtained through the technique. As a result of the plea bargain, there will be no appellate consideration of the issues raised in the case. Background information and a complete set of court filings in U.S. v. Scarfo is available. (Mar. 1)
  • EPIC Report on DOJ Budget: "Paying for Big Brother." On February 27, EPIC released the report "Paying for Big Brother: A Review of the Proposed FY2003 Budget for the Department of Justice" (PDF). The report analyzes the Administration's budget request for an additional $1.8 billion funding for Department of Justice initiatives such as surveillance and profiling systems. The New York Times has published a relevant article: How Sept. 11 Changed Goals of Justice Dept. (Feb. 28)
  • Anonymity Case Goes to Supreme Court. On Tuesday, February 26, the Supreme Court will hear arguments in the case of Watchtower Bible v. Stratton, Ohio. The case concerns an ordinance requiring that door-to-door petitioners obtain a permit and identify themselves upon demand. In November 2001, EPIC, the ACLU, and 14 legal scholars filed an amicus curiae brief (PDF), arguing that the ordinance implicates privacy, as well as the First Amendment rights of anonymity, expression, and freedom of association. See EPIC's Free Speech Page for more information. (Feb. 25)
  • ICANN Reconsiders At-Large Participation. At a private retreat of board directors in Washington this weekend, Mr. Stuart Lynn, President of the Internet Corporation for Assigned Names and Numbers (ICANN), proposed a major reorganization of the body's current governing structure. His proposed changes would abolish ICANN public, non-commercial (or "At-Large") elections and grant 5 of 15 board seats to national governments. For additional commentary and related information, see the Internet Democracy Project and ICANN Watch. (Feb. 25)
  • Supreme Court Rejects "Peer Grading" Privacy Claim. In Owasso Independent School District v. Falvo (opinion available in PDF), the Supreme Court upheld the practice of having one student grade another's work, ruling Tuesday that the activity did not violate federal privacy law. The Supreme Court rejected Kristja Falvo's argument that forcing children to have their grades read aloud in the classroom is a violation of a 1974 federal law that guarantees the privacy of student records. In its next term, the Court will address two more cases of interest as it debates the legality of posting sex offenders' names online (Otte v. Doe) and whether Congress can extend copyrights, a move that could result in thousands of classic works becoming freely available via the Internet (Eldred v. Ashcroft, lower court opinion available). (Feb. 20)
  • EPIC Files FOIA Requests for DC Camera Records. EPIC has sent a series of Freedom of Information Act (FOIA) requests to the District of Columbia Police Department and to federal agencies to obtain records regarding a massive public surveillance camera system activated in Washington. See the press release for more details. (Feb. 13)
  • EPIC National ID Report: "Your Papers, Please." Today EPIC released the report "Your Papers, Please: From the State Drivers License to a National Identification System." The report (PDF) analyzes the proposal from the American Association of Motor Vehicle Administrators (AAMVA) to convert state driver's licenses into National ID cards. (Feb. 13)
  • Comcast Backs Down from Web Tracking. Comcast Corp., which yesterday acknowledged that it had begun tracking the Web browsing activities of its one million high-speed Internet subscribers without notifying them, announced today that it will no longer be engaging in this practice. Comcast's acknowledgment of its tracking activities raised questions from Representative Edward Markey (D-MA), a long-time privacy advocate in Congress. Markey sent a letter to Comcast, stating that he believed Comcast should be prohibited from collecting information without obtaining consent, pursuant to the 1984 Cable Act. (Feb. 13)
  • "Opt-In" CPNI Bill Introduced in Senate. Senator Paul Wellstone (D-MN) introduced S. 1928, a bill that would amend the 1996 Communications Act to require affirmative written consent by a customer to the release of customer proprietary network information. The bill has been referred to the Senate Commerce Committee. In related news, the Maryland Office of the People's Counsel &endash; an independent state agency that represents residential customers in utility matters &endash; sent a letter (also available in PDF) to the Public Service Commission of Maryland, requesting that the Commission take action to investigate Verizon's recently implemented opt-out marketing plan for customer data. (Feb. 13)
  • Another Passport Hole Discovered. The newest exploit in Microsoft's .NET initiative allows access to Passport accounts through Hotmail. EPIC, in filings to the Federal Trade Commission and State Attorneys General, has detailed the risks of Passport and its numerous security holes. These filings are available on the Sign Out of Passport Page. (Feb. 12)
  • Coalition Urges White House to Reject National ID. A broad coalition of civil liberties groups, including EPIC, have sent a letter to President Bush and Transportation Secretary Mineta urging them to reject the creation of a National ID Card through the standardization of state driver's licenses. More information on National ID is available on the EPIC ID Cards Page. (Feb. 11)
  • EPIC Asks Phone Companies to Drop Marketing Plan. In letters to Ameritech President Gail Torreano and Verizon President Ivan Seidenberg, EPIC urged the companies to follow Qwest's example by suspending their plans to use records of telephone calls for marketing purposes. Both phone companies sent opt-out notice to customers in the most recent billing statement. The notices, which required customers to telephone a toll-free number to opt-out of the sale of their calling data, have sparked controversy as customers attempting to use the toll-free number experienced numerous difficulties. For a history of the debate, see EPIC's CPNI Page. (Feb. 7)
  • FTC Seeks Comment on Telemarketing Sales Rule. EPIC is urging individuals to comment on the Federal Trade Commission's (FTC) proposed changes to the Telemarketing Sales Rule (TSR). The TSR regulates how telemarketers can make sales calls. More information and suggested comments are available on the EPIC Telemarketing Page. (Feb. 7)
  • DOT Program to Track, Profile Airline Passengers. A Washington Post article reports Department of Transportation plans for a "trusted traveler" program for airline passengers. The program would involve the use of public and private databases to profile passengers. EPIC has filed a FOIA request to learn more about the program. (Feb. 1)
  • EPIC Urges State AGs to Pursue Microsoft Passport. In a letter sent to state attorneys general across the nation, EPIC has urged authorities to protect citizens from the privacy and security risks of Microsoft Passport through the use of state laws against unfair and deceptive trade practices. For more information, see the EPIC Sign Out of Passport Page. (Jan. 29)
  • Qwest Backs Down from Marketing Plan. In response to a national campaign led by EPIC, with the support of state Attorneys General and consumers nationwide, Qwest Communications announced today that it is withdrawing plans for opt-out marketing with customer telephone records, or "CPNI." Citing numerous customer concerns, the company has stated that it will wait until the Federal Communications Commission (FCC) has proposed a final rule on the issue. EPIC initiated the campaign for opt-in at the FCC last November. For a history of the CPNI debate, see EPIC's CPNI page. (Jan. 28)
  • FTC Proposes Telemarketing Do-Not-Call List. The Federal Trade Commission has issued proposed changes to the Telemarketing Sales Rule (TSR) that would create a national Do-Not-Call (DNC) list for individuals who wish to avoid sales calls. The proposed changes would also prohibit the use of "pre-acquired account information" in telemarketing. The FTC has encouraged individuals to comment on the changes online. (Jan. 25)
  • Arizona Commissioners Take Action on Qwest Plan. Arizona Corporation Commissioners say they are willing to sue Qwest to stop it from sharing its customers' personal information. The commissioners' statement came during a special open meeting held regarding Qwest's recently issued opt-out notice. Commissioner Marc Spitzer commented, "The right to privacy is a fundamental American value. In Arizona, our state constitution specifically recognizes and guarantees that right." The Commissioners have directed their legal staff to open a rulemaking that would stop the company from implementing an opt-out policy. For background information, see EPIC's CPNI Page. (Jan. 22)
  • Eli Lilly Settles with FTC over Privacy Violation. The Federal Trade Commission (FTC) has announced a settlement in a case involving Eli Lilly's accidental disclosure of the email addresses of 700 people who were subscribed to a mental health information list. The FTC acted in response to a July 2001 ACLU complaint highlighting Eli Lilly's negligence. (Jan. 18)
  • EPIC Files FOIA Suit for Profiling Records. In a Freedom of Information Act (FOIA) lawsuit filed today, EPIC asked a federal court to order the disclosure of records regarding the sale of personal information to law enforcement agencies. The FOIA requests were submitted in response to news reports that ChoicePoint, a private profiling company, routinely sells personal information to federal law enforcement agencies. See the press release and original FOIA request for more information. (Jan. 15)
  • State Attorney General, U.S. Senator Question Qwest Plan. In a letter to Qwest Vice President Kirk Nelson, Washington State Attorney General Christine Gregoire is urging Qwest to suspend its recently implemented opt-out marketing plan. The letter states that Qwest's opt-out letter, contained within the last billing statement, "was not written in clear and conspicuous terms or designed in a way to alert customers to the important decision they should make." The letter also mentions numerous customer complaints &endash; such as disconnects and inability to reach an operator &endash; following attempts to opt-out. Senator Paul Wellstone (D-MN) sent a letter to FCC Chairman Powell today on the same matter, urging the FCC to protect consumer privacy by adopting an opt-in approach. Wellstone also gave a press conference in Minnesota today, urging Qwest to truly obtain customer consent by adopting an opt-in approach. (Jan. 14)
  • Driver's License Administrators Propose Expanding ID Scheme. A Task Force of the American Association of Motor Vehicle Administrators (AAMVA) announced today its recommendations for uniformity of state drivers' licenses and information sharing between states and law enforcement agencies. The AAMVA has not yet announced how the recommendations would be implemented: what technology would be used for unique identifiers, what changes would be made to the treatment of non-citizens, or how and by whom the national database could be used. The possible creation of de facto national identification cards through the driver's license system deserves careful examination and an open public discussion. A recording of the live webcast has been made available. Also see EPIC's ID Card page for more information. (Jan. 14)
  • FCC Still Seeking Comments for Calling Data Rulemaking. Following Qwest's initiation of an opt-out marketing plan for calling data, the FCC announced that they will continue to accept comments from consumers wishing to express their opinion in this ongoing debate. Consumers wishing to do so can comment by e-mail, at fccinfo@fcc.gov or by regular mail, FCC, 445 12th St. S.W., Washington, D.C. 20554, attn: Consumer Information Bureau. Reference Docket No. 96-115. Customers in 14 states are affected by Qwest's marketing plan. The Seattle Times reports that customers attempting to opt-out continue to express frustration and to question Qwest's sincerity about its offer to protect privacy. (Jan. 9)
  • EPIC Urges Qwest to Drop Marketing Plan for Calling Data. In a letter to Qwest President Afshin Mohebbi, EPIC is urging Qwest to suspend the plan to use records of telephone calls for marketing purposes based only upon the opt-out notice provided to Qwest customers in the most recent billing statement. The notices, which required customers to telephone a toll-free number to opt-out of the sale of their calling data, have sparked controversy as customers attempting to use the toll-free number experienced numerous difficulties. (Jan. 8)
  • Court Upholds FBI Use of "Key Logger" Technology. In a decision issued on December 26, a federal judge in New Jersey upheld the legality of the FBI's use of a "key logger system" secretly installed on a suspect's computer to capture his encryption passphrase and denied a defense motion to suppress evidence obtained through the technique. The case will proceed to trial sometime in 2002; if convicted, the defendant could raise the suppression issue on appeal. Background information and a complete set of court filings in U.S. v. Scarfo is available. (Jan. 7)
  • Future of Music Coalition Policy Summit / EPIC Digital Rights Management Page. On January 7 and 8, 2002, the Future of Music Coalition (FMC), a nonprofit collaboration between members of the music, technology, public policy and intellectual property law communities, is holding its second annual policy summit. The summit is meant to help musicians, the media, policymakers and the public better understand pressing music and technology issues, such as digital rights management (see EPIC's new Digital Rights Management page). (Jan. 6)
  • State Attorneys General Urge FCC to Protect Phone Privacy. 39 state Attorneys General filed comments with the Federal Communications Commission on December 21, urging the FCC to adopt opt-in for customer calling data. EPIC and other consumer groups filed similar comments (PDF) and reply comments in November on this matter. (Jan. 3)