Focusing public attention on emerging privacy and civil liberties issues

Previous Top News: 2012

  • . The Supreme Court has agreed to hear Clapper v. Amnesty International USA, a challenge to the FISA Amendments Act of 2008. The Act expanded the Government's authority to engage in warrantless surveillance, and followed news of the Bush administration's program to wiretap international communications. A group of lawyers, journalists, and public interest organizations, who regularly engage in international communications, challenged the new law saying they feared that their private communications would be intercepted. The US Court of Appeals for the Second Circuit ruled that the case could proceed even though the plaintiffs had not established that they were subject to surveillance. The Government filed a petition for the Supreme Court to hear the case, which was granted today. EPIC recently filed an amicus brief in a Supreme Court case, First American v. Edwards, raising similar Article III standing issues in the context of a consumer protection statute. EPIC also filed an amicus brief along with the Stanford Constitutional Law Center and other interested groups, in Hepting v. AT&T, a case challenging AT&T's involvement in the FISA warrantless wiretapping program. For more information, see EPIC: Foreign Intelligence Surveillance Act (FISA). (May. 21, 2012)
  • . In response to a notice of proposed rulemaking, EPIC has submitted comments to the Drug Enforcement Administration of the Department of Justice, urging the agency to uphold Privacy Act protections, and to not claim broad exemptions from the Privacy Act. The proposed rule would exempt the agency from complying with crucial Privacy Act provisions, including the rights of record access and correction, and the duty to only collect relevant and necessary personal information. The proposed rule would even excuse the agency from any civil liability arising from willful Privacy Act violations. Following the Supreme Court decision in FAA v. Cooper, EPIC has set out proposed changes to the Privacy Act that would compensate individuals for provable nonpecuniary harms caused by willful violations of the Privacy Act. For more information, see EPIC: FAA v. Cooper and EPIC: The Privacy Act of 1974. (May. 21, 2012)
  • . The Court of Appeals for the District of Columbia Circuit issued an opinion rejecting Shelby County, Alabama's constitutional challenge to the preclearance requirements of the Voting Rights Act of 1965. The Court held that Section 5 of the Act, which requires "covered jurisdictions" to show that new voting procedures, such as Voter ID requirements, are nondiscriminatory before those changes can be put into effect, is constitutional. Shelby County challenged the preclearance requirements after Congress reauthorized Section 5 in 2006. The Department of Justice recently blocked Voter ID laws in South Carolina and Texas through the Section 5 preclearance process. EPIC has argued that unreasonable voter ID requirements are an impermissible burden on the right to vote. For more information, see EPIC: Voter Photo ID and Privacy and EPIC: Crawford v. Marion County. (May. 18, 2012)
  • . The House of Representatives has approved an amendment, introduced by Congressman Landry (R-LA), to the National Defense Authorization Act to prohibit information collected by Department of Defense drones without a warrant from being used as evidence in court. New legislation requires the Federal Aviation Administration to develop rules governing the operation of drones in the U.S. National Airspace. Shortly after passage, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in US airspace. The petition is still pending with the agency. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (May. 17, 2012)
  • . The Senate Committee on the Judiciary has approved President Obama's five nominees for the Privacy and Civil Liberties Oversight Board. The Board is an independent entity charged with ensuring that fundamental rights are protected in the implementation of government programs, including cybersecurity. Originally convened in 2004, the five seats on the Board have remained vacant for the past five years. Senator Leahy, the Chairman of the Judiciary Committee, said, "When we worked to create this board, we did so to ensure that our fundamental rights and liberties would be preserved…The Senate should move quickly to confirm the nominees to the board so that they can get to their important work." For more information, see EPIC: 9/11 Commission Report and "The Sui Generis Privacy Agency: How the United States Institutionalized Privacy Oversight After 9-11." (May. 17, 2012)
  • . In a Statement for the Record, EPIC has expressed support for H.R. 2168, the "Geolocational Privacy and Surveillance Act," which prohibits the interception of location information by private parties and government agents acting without a search warrant. The bill will be considered at a hearing before the House Subcommittee on Crime, Terrorism, and Homeland Security. EPIC said "as communications technologies evolve, new forms of personal information are generated that require new legal safeguards." EPIC also recommended that Congress adopt purpose-specification and data limitation requirements for data stored by private companies, require affirmative consent prior to the collection of location data, and clarify an exception that permits the interception of location data made available through publicly accessible systems. For more information, see EPIC: Location Privacy. (May. 16, 2012)
  • .

    Marc Rotenberg,
    EPIC Executive Director

    Stanford Law School and Microsoft Innovation & Policy Center
    Washington, D.C.
    May 16, 2012

    (May. 16, 2012)
  • . The Federal Aviation Administration has announced new procedures for government agencies that operate drones in the United States. The procedures will streamline the process through which government agencies, including local law enforcement, receive drone licenses. However, the FAA has so far failed to establish privacy safeguards for drone use. On February 24, 2012, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in US airspace. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (May. 15, 2012)
  • . Following the recent decision of the Supreme Court in FAA v. Cooper, EPIC has set out proposed changes to the Privacy Act that would compensate individuals for provable nonpecuniary harms caused by willful violations of the Privacy Act. In Cooper, the Supreme Court held that the Privacy Act "does not unequivocally authorize" compensatory damages for mental or emotional distress. Justice Sotomayor, joined by Justices Ginsburg and Breyer, wrote in dissent that "the primary, and often only, damages sustained as a result of an invasion of privacy are . . . mental or emotional distress." EPIC recommended that the Privacy Act explicitly define "actual damages" to include provable mental and emotional distress. EPIC's letter follows an earlier request from Senator Daniel Akaka (D-HI) for comment on S.1732, the Privacy Act Modernization for the Information Age Act of 2011. For more information, see, EPIC: FAA v. Cooper and EPIC: The Privacy Act of 1974. (May. 14, 2012)
  • . EPIC submitted comments to the Federal Trade Commission for the May 30 workshop on mobile advertising disclosures. EPIC recommended that the agency focus on the development of substantive privacy protections, such as the Consumer Privacy Bill of Rights announced by the President earlier this year, for mobile services. EPIC also recommended that the workshop address a series of problems with the "notice and consent" approach, as well as the merits of innovative, nonverbal approaches proposed by privacy scholars. The workshop follows an FTC report calling for privacy legislation and an investigation that documented privacy problems with mobile applications for children. For more information, see EPIC: Federal Trade Commission. (May. 11, 2012)
  • . In a hearing with Federal Communications Commission Chairman Julius Genachowski, Senator Dick Durbin (D. IL.) criticized the agency's decision to issue a mere $25,000 fine against Google following the investigation of Street View data collection. (Hearing video beginning at 64:20) Senator Durbin said that Google's interception and collection of private wi-fi communication was a clear violation of privacy. Chairman Genachowski defended the agency's decision but agreed with the committee chairman that "the law should protect people even if they have unencrypted wi-fi." Senator Durbin said that he would consider changes to the law if that is necessary. Senator Durbin also asked the FCC to provide the legal memoranda supporting the FCC's decision not to find Google guilty of violating the Communications Act. EPIC has a similar FOIA request pending with the agency. For more information, see EPIC: FCC Investigation of Google Street View and EPIC: Electronic Communications Privacy Act. (May. 11, 2012)
  • . The DC Circuit Court of Appeals ruled today the National Security Agency need neither "confirm nor deny" the existence of any records about the agency's relationship with Google, even after such a collaboration was widely reported in the national media. EPIC filed a Freedom of Information Act (FOIA) request with the NSA following a cyber attack in January 2010 that led Google to contact the NSA. The NSA refused to either confirm or deny the existence of responsive records, claiming that such information is exempt from disclosure under the NSA Act. EPIC challenged this "Glomar" response and argued that the agency had a responsibility to locate records that could be disclosed, but a lower court ruled in favor of the NSA and the appellate court affirmed. EPIC has several other pending FOIA matters concerning the NSA, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority which the agency has refused to release to the public. For more information, see EPIC v. NSA: Google / NSA Relationship. (May. 11, 2012)
  • . In comments to the Federal Aviation Administration (FAA), EPIC emphasized the need for transparency and accountability in drone operations, and recommended the development of privacy protections before drones are more widely deployed in the US. The FAA Notice of Proposed Rulemaking set out proposed criteria for drone testing. Congress has tasked the FAA with facilitating the use of drones in the domestic airspace. February, EPIC, joined by a coalition of more than 100 organizations, experts, and members of the public, petitioned the FAA to conduct a rulemaking on the privacy implications of domestic drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (May. 9, 2012)
  • . The Federal Trade Commission has reached a settlement with the social networking service Myspace over charges that Myspace allowed advertisers to access personally-identifying information after promising to keep such information private. Advertisers were able to access the unique "Friend ID" of users and link this identifier to other personal information. The settlement requires Myspace to implement a comprehensive privacy program, submit to independent audits, and refrain from privacy misrepresentations. For more information, see EPIC: Federal Trade Commission and EPIC: Social Networking Privacy. (May. 8, 2012)
  • . According to the 2011 Foreign Intelligence Surveillance Act (FISA) Report the Justice Department submitted 1,745 applications to the Foreign Intelligence Surveillance Court, a 10.5% increase over 2010. Of the 1,745 FISA search applications, 1,676 concerned electronic surveillance. The FISA court did not deny any applications, though it did modify 30 applications. Also in 2011, the FBI made 16,511 National Security Letter requests for information pertaining to 7,201 different U.S. persons. This is a substantial decrease from the 24,287 national security letter requests concerning 14,212 U.S. persons in 2010. The annual report on FISA, released by the Department of Justice, is far less extensive than the annual wiretap report, produced by the Administrative Office of the US Courts. EPIC has recommended greater accountability for the FISA Court. For more information, see: EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2011 and EPIC: Foreign Intelligence Surveillance Act. (May. 4, 2012)
  • . The Department of Homeland Security Office of Inspector General has completed an investigation into the effectiveness of the body scanner program as deployed in airports as a primary passenger screening system. The unclassified summary of the report notes that several vulnerabilities were found in the program, which has already cost more than $87 million. The full report consists of "Sensitive Security Information" (SSI) and will not be released to the public, according to the Inspector General. EPIC has challenged the SSI designation, arguing that it is an improper standard for classification. The Government Accountability Office, technical experts, Members of Congress, and bloggers have also questioned the effectiveness of the devices. In a federal lawsuit, EPIC challenged the body scanner program, calling it "invasive, unlawful, and ineffective." For more information, see EPIC v. DHS (Suspension of body scanners). (May. 4, 2012)
  • . Reps. Eliot Engel (D-NY) and Jan Schakowsky (D-IL) introduced the Social Networking Online Protection Act, a bill that would prohibit employers, colleges, universities, and K-12 schools from seeking usernames or passwords for the social media accounts of employees or students. Similar legislation was introduced in California. Maryland became the first state to ban employers from asking employees or applicants for social networking passwords. Senators Blumenthal and Schumer have asked the Equal Employment Opportunity Commission and the U.S. Department of Justice to investigate the practice. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy. (May. 1, 2012)
  • . In response to several demands from Congress, the Office of Government Information Services (OGIS) has released a long-delayed report with recommendations to improve the administration of the Freedom of Information Act. The report addresses several FOIA processing issues, but doesn't examine the significant issue of delays in FOIA processing and efforts by agencies - such as the Department of Justice - to create new obstacles for FOIA requestors. And OGIS did not address EPIC's pending request to determine whether DHS's practice of vetting FOIA requests by political appointees is permissible. For more information, see EPIC: Open Government. (May. 1, 2012)
  • . Shortly after EPIC filed a Freedom of Information Act request with the Federal Communications Commission for the unredacted version of its report on Google Spy-Fi, Google has released a mostly unredacted version of the report. The FCC Report undercuts the company's prior statements that a rogue engineer was responsible for the payload data collection. Instead, it indicates that Google intentionally intercepted payload data for business purposes and that many supervisors and engineers within the company reviewed the code and the design documents associated with the project. EPIC will continue to press for more details on the investigation through FOIA requests to the Federal Communications Commission and the Department of Justice. For more information see EPIC: Investigations of Google Street View. (Apr. 30, 2012)
  • . EPIC has appealed a denial of a Freedom of Information Act request that sought records concerning the sale of surveillance technology by U.S. companies to repressive regimes like Syria and Yemen. "The failure to adequately justify the claim that no segregable portions of records exist violates FOIA, especially given the past practice of releasing aggregate data in response to substantially similar requests," the appeal states. EPIC also filed a follow-up request to the Department of Commerce seeking records related to the agency's investigation of companies like Blue Coat Systems, which sold surveillance devices to Syria. Recently, President Obama signed an executive order authorizing U.S. officials to impose sanctions against persons involved in the use of information and communications technology to facilitate human rights abuses in Syria and Iran. For more information, see EPIC: Freedom of Information Act. (Apr. 27, 2012)
  • . EPIC has submitted a FOIA request to the Department of Justice for documents related to the agency's investigation of Google Street View and possible violations of federal wiretap laws. In an April 26, 2012 letter to the FCC In a related matter, Google claimed that the Department of Justice had "conducted and long ago completed its own thorough examination of the facts" related to the Google Street View matter. EPIC had asked the Justice Department to pursuer the matter. EPIC also has a pending FOIA request for the FCC's heavily redacted report on the Google Street View investigation. For more information see EPIC: Investigations of Google Street View. (Apr. 27, 2012)
  • . The House of Representatives passed the Cyber Intelligence Information Protection Act ("CISPA"), a cybersecurity bill that allows the government to obtain detailed information about Internet users from the private sector. The bill preempts established privacy protections in other federal laws and opens the door for increased surveillance of individuals in the United States. The bill also creates a new Freedom of Information Act exemption, which will reduce government transparency and accountability. Earlier this year, EPIC said in a statement to the Senate that the Freedom of Information Act provides the public important information about network security, and warned that the National Security Agency has become a “black hole” for public information about cybersecurity. For more information, see EPIC: Cybersecurity and EPIC: EPIC v. NSA (FOIA for NSA Cybersecurity Authority), and EPIC: EPIC v. NSA (FOIA for Google/NSA Relatioship). (Apr. 27, 2012)
  • . EPIC has filed a FOIA lawsuit against the FBI for documents related to the Government's use of cell phone tracking technology, known as "Sting Ray.".For more than 15 years the FBI has used cell-site simulator technology to track the location of a cell phones and other communications devices. Cell-site simulators act like a fake cell towers and can be used to monitor and track cell phone users even when the device is not in use. The technique also tracks all individuals in a region, irregardless of whether they are the suspect in an investigation. Government attorneys have recently fought against the discovery of documents related to the use of these devices. In February 2012, EPIC filed a Freedom of Information Act request with the FBI, but so far the agency has not responded or disclosed any documents as required by law. EPIC has recently filed amicus curiae briefs in Supreme Court, and Federal Court cases related to Government location tracking. For more information see: EPIC: Locational Privacy, EPIC: US v. Jones and EPIC: In re US Application for Historic Cell-Site Location Information. (Apr. 27, 2012)
  • . A three-judge panel overseeing a critical voter ID case, State of South Carolina v United States of America, set out an unusually detailed requirements in an Scheduling and Procedures Order issued today. According to the concurring statement of Judge Bates, joined by Judge Kollar-Kotelly, the state has engaged in delaying tactics even as it has urged a swift resolution of the matter, concerning new voting ID procedures adopted by the state. The court cited South Carolina's lack of responsiveness to the Department of Justice, "despite repeated requests" for the "final versions of the implementing procedures" for provisions of the law. The court expects to issue a final ruling in early September 2012., prior to the fall Presidential election. For more information, see EPIC: Voter Photo ID and Privacy. (Apr. 26, 2012)
  • . Google’s Terms of Service--which govern Google’s cloud-based file storage, Google Drive--give the company the right to “reproduce, modify, create derivative works” using uploaded content, as well as to “publicly perform, [and] publicly display” files. In 2009, EPIC asked the FTC to require privacy safeguards for Google's cloud-based services. EPIC cited previously-discovered privacy and security flaws, including one that disclosed user-generated documents saved on Google Docs to users of the service who lacked permission to view the files, and another that permitted unauthorized individuals to access user-generated Google Docs content. For more information, see EPIC: Cloud Computing and Privacy. (Apr. 26, 2012)
  • . President Obama signed an executive order authorizing U.S. officials to impose sanctions against persons involved in the use of information and communications technology to facilitate human rights abuses in Syria and Iran. EPIC previously filed a Freedom of Information Act request seeking information regarding the export of surveillance technology by U.S. companies. In 2006, EPIC urged the Commerce Department to reexamine policies that allow for the export of surveillance technology to China. For more information, see EPIC: Freedom of Information Act. (Apr. 24, 2012)
  • . Facebook has re-opened its Statement of Rights and Responsibilities for comment after making changes to the original document. Although users’ personal data can still be accessed by the apps of their friends, Facebook clarified that users could prevent this by changing the “Apps and Websites” settings. Facebook also deleted a provision reserving the right to “exclude or limit the provision of any service or feature in our sole discretion” in certain geographic areas after users raised concerns about censorship. The FTC recently issued a proposed settlement with Facebook after finding that Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public." The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 and bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. In comments filed with the FTC, EPIC recommended that Facebook restore the privacy settings that users had in place when the violations occurred. In response to Facebook's prior policy change, EPIC noted that the data-disclosure practices of applications implicated issues that led the creation of the consent order. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement. (Apr. 23, 2012)
  • . The Department of Homeland Security has published a Privacy Impact Assessment Update for Secure Flight, a DHS program that compares airline passenger records with various watch lists. The assessment describes the agency's plans to expand the Known Traveler program so as to expedite airline screening for certain categories of individuals. The DHS also intends to incorporate into Secure Flight the Automated Targeting System, a controversial program that allows the government to assign a risk assessment number to individual travelers. That number provides the basis for further screening. In 2007, EPIC urged DHS to either suspend the Automated Targeting System or to fully apply all Privacy Act safeguards to any individual subject to ATS. In 2010, EPIC advocated for stronger privacy protections of DHS trusted traveler programs that compare passenger names against watch lists. For more information, see EPIC: Secure Flight and EPIC: Automated Targeting Systems. (Apr. 23, 2012)
  • .

    Privacy and Data Protection - Evaluating Obligations Under Applicable Laws and Regulations

    Lillie Coney,
    Associate Director

    World Jurist Association
    Washington, DC
    April 22, 2012

    (Apr. 22, 2012)
  • . Congressman Markey (D-Mass) and Congressman Barton (R-TX) sent a letter to the Federal Aviation Administration (FAA), raising concerns about the increased use of drones in the United States. The Congressmen noted, "there is...potential for drone technology to enable invasive and pervasive surveillance without adequate privacy protections." The letter called on the FAA's Acting Administrator to supply key information about the drone program, including plans to ensure that the drone licensing process includes privacy protections and public transparency. In February, EPIC, joined by a coalition of more than 100 organizations, experts, and members of the public, petitioned the FAA to conduct a rulemaking on the privacy implications of domestic drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (Apr. 19, 2012)
  • . EPIC has filed a FOIA request for the unredacted version of the FCC's Google Street View report. The Federal Communications Commission announced that it will fine Google $25,000 for obstructing an investigation concerning Google Street View and federal wiretap law. A heavily redacted report released this week revealed that the Commission found that Google impeded the investigation by "delaying its search for and production of responsive emails and other communications, by failing to identify employees, and by withholding verification of the completeness and accuracy of its submissions." But the redacted report also raised questions about the scope of the FCC' Street View investigation. Surprisingly, the FCC concluded that Google had not violated the federal wiretap act, even though a federal court recently held otherwise. For more information, see EPIC: Investigations of Google Street View. (Apr. 19, 2012)
  • . An open government coalition has asked House lawmakers to oppose provisions in "CISPA" that would cut off public access to information held by federal agencies. The Cyber Intelligence Sharing and Protection Act would allow the government to refuse to disclose broad swaths of information, otherwise subject to FOIA, that companies provide to the government. More than three dozen groups have signed the petition - including Openthegovernment.org, the Sunlight Foundation, Project On Government Oversight, and EFF. The groups have asserted that the legislation "constitutes a wholesale attack on public access to information under the Freedom of Information Act" and would impede the public's ability to evaluate whether the government is adequately combating cybersecurity threats. In a statement for a hearing on the FOIA and critical infrastructure information, EPIC also warned against new FOIA exemptions and said that the National Security Agency has become a "black hole" for public information about cybersecurity. For more information see EPIC: Cybersecurity, EPIC: EPIC v. NSA, Litigation Under the Federal Open Government Laws 2010. (Apr. 18, 2012)
  • .

    Ginger McCall,
    Director, Open Government Project

    ACLU of the Nation's Capital
    Washington, DC
    April 20, 2012

    (Apr. 20, 2012)
  • . EPIC wrote a letter to Attorney General Eric Holder asking the Department of Justice to investigate Google’s collection of Wi-Fi data from residential networks by means of "Street View" vehicles. The Federal Communications Commission recently fined Google $25,000 for obstructing an investigation concerning Street View and federal wiretap law. But as EPIC noted "by the agency’s own admission, the investigation conducted was inadequate and did not address the applicability of federal wiretapping law to Google's interception of emails, usernames, passwords, browsing histories, and other personal information." Members of Congress have expressed support for EPIC's recommendation to the Justice Department. Senator Richard Blumenthal said that "Google's interception and collection of private wireless data potentially violates the Wiretap Act or other federal statutes, and I believe the Justice Department and state attorneys general should fully investigate this matter." Congressman Ed Markey said that "[t]his fine is a mere slap on the wrist for Google," and called for a more comprehensive investigation. Many countries have found Google guilty of violating national privacy laws, and a US federal court recently held that unencrypted wireless network communications are not exempt from the protections of the Wiretap Act. For more information, see EPIC: Investigation of Google Street View and EPIC: Ben Joffe v. Google. (Apr. 17, 2012)
  • .

    "Food for Thought" Training Seminar The Impact of the Consumer Privacy Bill of Rights

    Lillie Coney,
    Associate Director

    ASAP
    Washington, DC
    April 19, 2012

    (Apr. 19, 2012)
  • . The Federal Communications Commission announced that it will fine Google $25,000 for obstructing an investigation concerning Google Street View and federal wiretap law. The Commission found that Google impeded by "delaying its search for and production of responsive emails and other communications, by failing to identify employees, and by withholding verification of the completeness and accuracy of its submissions." In May 2010, EPIC wrote to the FCC and urged the agency to undertake an investigation after it became clear that Google had intercepted the private communications of millions of users of wi-fi networks in the United States. Shortly afterward, the head of the FCC Bureau of Consumer and Governmental Affairs wrote that Google's behavior "clearly infringes on consumer privacy." Many countries around the world have found Google guilty of violating national privacy laws. Surprisingly, the FCC said that Google had not violated the federal wiretap act, even though a federal court recently held otherwise. For more information, see EPIC: Investigations of Google Street View and EPIC: Ben Joffe v. Google. (Apr. 16, 2012)
  • . The New York Times reported that Facebook would provide users with a downloadable archive containing many types of data that the company stores about users. Although the new archive contains more user information than Facebook first offered in 2010, Max Schrems, the German law student and founder of Europe v. Facebook, said that Facebook is still only providing 39 of 84 data categories. EPIC called on Facebook to give users full access to all of the data that the company keeps about them through EPIC’s Know What They Know campaign. In comments on a settlement between Facebook and the Federal Trade Commission, EPIC recommended that the FTC require Facebook to give users full access to their data. For more information, see EPIC: Facebook Privacy and EPIC: Know What They Know. (Apr. 12, 2012)
  • .

    Amie Stepanovich,
    EPIC Associate Litigation Counsel

    American Library Association
    April 19, 2012
    (Registration)

    (Apr. 19, 2012)
  • . The Maryland legislature passed the first bill banning employers from asking employees or applicants for social networking passwords. The bill was introduced after Robert Collins, an employee at the Department of Public Safety and Correctional Services, was asked to turn over his Facebook password as part the process of being reinstated as a corrections officer. Recently, Senators Blumenthal and Schumer asked the Equal Employment Opportunity Commission and the U.S. Department of Justice to investigate the practice of employers asking job applicants to surrender user names and passwords for social networking sites like Facebook. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy. (Apr. 11, 2012)
  • . EPIC has announced the 2012 members of the EPIC Advisory Board. They are Colin Bennett, Professor of Political Science at University of Victoria; Ryan Calo, Director of Privacy and Robotics, Center for Internet and Society at Stanford Law School; Laura Donohue, Associate Professor at Georgetown University Law Center; Cynthia Dwork, Distinguished Scientist, Microsoft Research; Orin Kerr, Professor of Law at George Washington University; and Frank A. Pasquale , Professor of Law at Seton Hall University. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Joining the EPIC Board of Directors in 2012 are Grayson Barber, Pamela Jones Harbor and Ray Ozzie. Press Release. For more information, see EPIC: EPIC Advisory Board. (Apr. 10, 2012)
  • . EPIC has filed an amicus brief in United States v. Hamilton, urging the Fourth Circuit Court of Appeals to uphold employee privacy interests in personal e-mails. The Government contends that it may obtain private emails from an employer even when they are privileged communications between spouses and there is no use policy in place, explaining that communications are subject to disclosure. The district court agreed. EPIC argued that employees in the modern workplace routinely communicate about private matters with spouses and that an employee's privacy interest cannot be retroactively waived by a use policy implemented a year later, as the lower court suggested. For more information, see EPIC: Workplace Privacy and EPIC: United States v. Hamilton. (Apr. 9, 2012)
  • . As the result of a Freedom of Information Act request, EPIC has obtained more than 650 pages of documents related to the PATRIOT Act. EPIC had requested information related to the FBI's abuse of PATRIOT Act authorities and documents concerning the 2009 sunset of the PATRIOT Act. The documents disclosed by the FBI include training presentations, answers to questions from Senators Leahy and Specter, and a list of reporting requirements. In an answer to Senator Leahy, the FBI stated that while it would discontinue the use of exigent letters, which the Inspector General had previously noted as a frequent source of abuse, the agency planned to continue its use of the emergency disclosures provision of the Electronic Communications Privacy Act. For more information, see EPIC: USA PATRIOT Act. (Apr. 4, 2012)
  • . A national survey by Consumer Reports found that most consumers had serious concerns about their online privacy and about the collection and use of their personal data. 71 percent of respondents said they were very concerned about companies disclosing their information without their permission; 65 percent of smartphone owners were very concerned that apps could access their contacts, photos, and location data without their permission; and 53 percent were concerned about data about their online activities and purchases being used to deny employment or loans. For more information, see EPIC: Public Opinion on Privacy. (Apr. 4, 2012)
  • . EPIC submitted comments to the National Telecommunications and Information Administration of the Department of Commerce, urging the agency to implement the principles set out in the White House Consumer Privacy Bill of Rights. The Department of Commerce announced it would convene a multistakeholder process to develop enforceable codes of conduct for consumer privacy protection. EPIC wrote that the Administrative Procedures Act is a more effective and transparent way to solicit public comment and produce a meaningful outcome. For more information, see EPIC: White House - Consumer Privacy Bill of Rights and EPIC: Administrative Procedure Act Comments. (Apr. 4, 2012)
  • . In a 5-4 opinion by Justice Kennedy, the Supreme Court held that the suspicionless strip search of a prison detainee does not violate the Fourth Amendment. The case, Florence v. Board of Chosen Freeholders, involved a wrongful arrest based on an invalid warrant. Justices Roberts and Alito filed concurring opinions noting potential exceptions to the Court's general rule, such as when a detainee will be kept separate from the general prison population. Justice Breyer's dissenting opinion argued that strip searches are an "affront to human dignity and to individual privacy," and questioned whether they are necessary given other, less intrusive, screening methods available. EPIC has opposed the use of airport body scanners, which collect images of naked air travelers, and filed an amicus brief challenging a wrongful arrest based on errors in a Government database. For more information, see: EPIC: Herring v. US. (Apr. 4, 2012)
  • . EPIC has filed an amicus brief in the Ninth Circuit urging the court to affirm legal protections for users of home Wi-Fi networks. In Joffe v. Google, the plaintiffs sued Google for the interception and capture of private communications transferred over residential Wi-Fi networks. Google argued that it should be exempt from liability under the federal Wiretap Act because Wi-Fi communications are "readily accessible to the general public." However, a lower court held that saying "that a network is unencrypted does not render that network readily accessible to the general public and serve to remove the intentional interception of electronic communications from that network from liability under the ECPA." EPIC's brief for the Court of Appeals, which contains a detailed technical discussion of Wi-Fi technology, explains that residential Wi-Fi networks are unlike traditional radio broadcasts and should be protected Electronic Communications Privacy Act. EPIC also said that consumers should not bear the burden of securing their networks against sophisticated eavesdroppers when the purpose of the ECPA is to protect communications from such interception. For more information, see EPIC: Investigation of Google Street View, EPIC: Ben Joffe v. Google. (Apr. 2, 2012)
  • .

    "Will Big Data and Big Money Mean Big Trouble?"

    Marc Rotenberg,
    EPIC Executive Director

    To the Point with Warren Olney
    KCRW
    April 2, 2012

    Also see, Aspen Institute: "The Promise and Peril of Big Data"

    (Apr. 2, 2012)
  • . The Federal Trade Commission announced that a federal judge has ordered the defendants behind a deceptive robocall scheme to pay a $30 million civil penalty and surrender more than $1.1 million in ill-gotten gains. The scheme promised "cash grants" to individuals—many of whom were on the Do No Call Registry--but merely referred them to grant-related websites that charged a fee for providing general information about obtaining grants from private sources. The FTC determined that the robocalls violated the FTC Act and the Telemarketing Sales Rule. For more information, see EPIC: Federal Trade Commission and EPIC: Telephone Consumer Protection Act. (Apr. 2, 2012)
  • . In a 5-3 opinion, the Supreme Court held today that the Privacy Act does not allow recovery of mental and emotional damages suffered as a result of the Government's "willful and intentional violation" of the Act. Justice Alito, writing for the Court in FAA v. Cooper, said that the key term "actual damages" was ambiguous, and should be narrowly construed to limit Government liability. In a dissenting opinion, joined by two other Justices, Justice Sotomayor argued that the purpose of the Privacy Act is unambiguous: to protect individuals from "substantial harm, embarrassment, inconvenience, or unfairness" that result from Government privacy violations. EPIC filed an amicus curiae brief in the case, stating that privacy laws routinely provide recovery for mental and emotional harm, that such damages are the most common result of privacy violations, and that civil remedies are necessary to ensure enforcement of the Privacy Act. Congress is currently considering amendments to the Privacy Act. For more information, see EPIC: FAA v. Cooper and EPIC to Congress: Privacy Act Modernization Bill Should be Stronger. (Mar. 28, 2012)
  • . The Federal Trade Commission announced a settlement with the social game site RockYou over charges that the site's poor security allowed hackers to access the personal information of 32 million users. The FTC also alleged that RockYou violated the Children's Online Privacy Protection Act Rule by knowingly collecting approximately 179,000 children's email addresses and associated passwords without the consent of their parents. The settlement prohibits future deceptive claims by the company regarding privacy and data security and future violations of the COPPA Rule, and requires the company to implement a data security program and to pay a $250,000 civil penalty. Last year, the FTC proposed new COPPA rules to better protect children, about which EPIC submitted comments. For more information, see EPIC: Children’s Online Privacy and EPIC: FTC. (Mar. 27, 2012)
  • . In response to a request from Senator Daniel Akaka(D-HI), EPIC sent a letter explaining that S.1732, the Privacy Act Modernization for the Information Age Act of 2011, should be strengthened to ensure better privacy protection. The Privacy Act of 1974 governs federal agencies' collection, retention, and use of personally identifiable information. In October 2011, Senator Akaka proposed the Privacy Act Modernization bill, which would update the Privacy Act of 1974. EPIC's letter points out that the proposed circumstances under which agencies can disclose personal information should be narrowly tailored. EPIC also noted that certain proposed amendments in the bill insufficiently warn individuals of government security breaches affecting individuals' personal information. For more information, see EPIC: The Privacy Act of 1974. (Mar. 27, 2012)
  • . The DHS Privacy Office has issued its First Quarter Fiscal Year 2012 Report to Congress. The report details DHS programs and functions that affect privacy, such as privacy impact assessments and system of records notices. The report also summarizes the 295 privacy compliance complaints that DHS has received between September 1, 2011 and November 30, 2011. EPIC has closely followed DHS Privacy Office activities, and has worked to ensure timely release of DHS privacy reports. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy. (Mar. 26, 2012)
  • . Today the Federal Trade Commission released Protecting Consumer Privacy in an Era of Rapid Change. The FTC report called for the enactment of baseline privacy legislation and for legislation that gives consumers the right to access personal information held by data brokers. However, the framework is not as extensive as the White House Consumer Privacy Bill of Rights and depends on industry self-regulation. EPIC previously commented on an earlier draft of the framework, pointing out that the FTC "mistakenly endorses self-regulation and 'notice and choice,' and fails to explain why it has not used its current Section 5 authority to better safeguard the interests of consumers." For more information, see EPIC: Federal Trade Commission. (Mar. 26, 2012)
  • . Senators Blumenthal and Schumer asked the Equal Employment Opportunity Commission and the Department of Justice to investigate the practice of employers asking job applicants to surrender Facebook user names and passwords. The Senators pointed out that accessing an applicant's profile could reveal sensitive information that employers are not permitted to ask about or base hiring decisions on. Thus, employers could be violating the Civil Rights Act and other federal laws, including the Stored Communication Act and the Computer Fraud and Abuse Act, which prohibit "unauthorized access" to electronic information. “Requiring applicants to provide login credentials to secure social media websites and then using those credentials to access private information stored on those sites may be unduly coercive and therefore constitute unauthorized access under both [Acts]," the letter states. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy. (Mar. 26, 2012)
  • . Under revised guidelines for the National Counterterrorism Center, the intelligence agency officials will be able to profile and track American citizens, suspected of no crime, for up to five years. The change represents a dramatic expansion of government surveillance and appears to violate the Privacy Act of 1974, which limits data exchanges across federal agencies and establishes legal rights for US citizens. In 2003, Congress put an end to a similar program. For more information, see EPIC - Total Information Awareness. (Mar. 23, 2012)
  • . The Privacy Office of DHS has released several revised Privacy Impact Assessments for various DHS programs. These reports analyze the privacy risks of federal government systems. Last year, EPIC FOIA requests regarding a Minority Report-like program called "FAST" found that the DHS had failed to adequately assess privacy risks. According to the agency, the "Future Attribute Screening Technology" program assesses "physiological and behavioral signals" to determine the probability that an individual might commit a crime. For more information, see: EPIC: Future Attribute Screening Technology (FAST) Project FOIA Request. To order the movie Minority Report from Amazon and support EPIC, click here. (Mar. 23, 2012)
  • . Facebook has begun to review comments on changes to its Statement of Rights and Responsibilities. Among other changes, Facebook now states that a user's information is disclosed to apps used by his or her friends, that Facebook software or plugins that users download may automatically download updates, upgrades, and additional features, and that users may not tag others who do not wish to be tagged. The FTC recently issued a proposed settlement with Facebook after finding that Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public." In particular, the FTC found that Facebook had misled users about the extent to which their personal information would be made available to apps used by their friends. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 and bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. In comments filed with the FTC, EPIC said that the settlement is "insufficient to address the concerns originally identified by EPIC and the consumer coalition, as well as those findings established by the Commission." For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement. (Mar. 23, 2012)
  • .

    Ginger McCall,
    Director, EPIC's Open Government Project

    American-Arab Anti-Discrimination Committee
    Washington, DC
    March 28, 2012

    (Mar. 28, 2012)
  • . The U.S. House of Representatives Committee on Oversight and Government Reform issued a "Report Card on Federal Government's Efforts to Track and Manage FOIA Requests." The Report Card assigned letter grades to agencies based upon their "ability and willingness . . . to submit information" to the House Committee about the agencies’ FOIA tracking systems. This information included the requester's name, the date of the request, a description of the records sought by requesters, the date the request was closed, and whether the agency provided responsive records to the request. The Federal Trade Commission was one of the highest scoring agencies, earning an "A+" for its FOIA management. The Department of Justice, the Department of Defense, and the Department of Homeland Security each received a "D" letter grade for their FOIA tracking systems. For more information, see: EPIC: Open Government. (Mar. 20, 2012)
  • . EPIC will pursue its Freedom of Information Act request with the National Security Agency in scheduled arguments before the Court of Appeals for the DC Circuit this Tuesday morning. EPIC submitted the FOIA request in February 2010, following a widely reported collaboration between Google and the NSA after the China hack. The agency replied that it could "neither confirm nor deny" the existence of records responsive to EPIC's request. A lower court ruled in favor of the NSA, but EPIC has challenged that opinion, and the federal appeals court will hear the case on March 20, 2012. The case is EPIC v. NSA, No. 11-5233. (Mar. 19, 2012)
  • . Policymakers from the United States and the European Union are participating in a joint conference today on Privacy and Protection of Personal Data. EU Vice President Viviane Reding and US Commerce Secretary John Bryson issued a common statement reaffirming a commitment to privacy protection. US and EU consumer and privacy organizations also issued a statement commending the new US Consumer Privacy Bill of Rights but cautioning that the US has far more to do to safeguard the interests of users of new Internet-based services. For more information, see Public Voice - The Madrid Declaration. (Mar. 19, 2012)
  • . EPIC filed a "Friend of the Court" brief in the Fifth Circuit urging the court to uphold Fourth Amendment protections for cell phone users. In the case, In re US for Historical Cell-Site Data, the lower court held that the disclosure of historical cell phone location records without a warrant would violate the Fourth Amendment. EPIC argued that this opinion should be upheld in light of the Supreme Court's recent decision in United States v. Jones, because cell phone location records are collected without the knowledge or consent of users. The records in this case, EPIC argued, create a "comprehensive map of an individual’s movements, activities, and relationships, . . . precisely the type of information that individuals reasonably and justifiably believe will remain private." For more information, see In re Historical Cell-Site Location Information, EPIC: State v. Earls, and EPIC: US v. Jones. (Mar. 19, 2012)
  • . Both the House and the Senate introduced bills last month that would require the Department of Homeland Security "to contract with an independent laboratory to study the health effects of backscatter x-ray machines used at airline checkpoints operated by the Transportation Security Administration," and to provide improved notice of the health effects to airline passengers. The bills focus on the health effects of those screened by the backscatter x-ray machines, including frequent air travelers, flight crews, and individuals with greater sensitivity to radiation, such as children, pregnant women, the elderly, and cancer patients. In 2010, EPIC filed a Freedom of Information Act lawsuit asking a court to force the Department of Homeland Security to disclose documents about radiation testing results and agency fact sheets on radiation risks. For more information, see EPIC: EPIC v. DHS - Full Body Scanner Radiation Risks. (Mar. 15, 2012)
  • .

    Marc Rotenberg,
    EPIC Executive Director

    European Institute
    Washington, DC
    March 21, 2012

    (Mar. 21, 2012)
  • .

    EPIC v. NSA. No. 11-5233

    EPIC's challenge to the "neither confirm nor deny" response of NSA regarding a FOIA request for information about the agency's relationship with Google.

    DC Circuit Court of Appeals
    Washington, DC
    March 20, 2012

    (Mar. 20, 2012)
  • .

    "Privacy and Protection of Personal Data"

    Marc Rotenberg,
    EPIC Executive Director

    US Institute of Peace
    Washington, DC / Brussels
    March 19, 2012

    (Mar. 19, 2012)
  • . Open government organizations have sent a letter to Senator John McCain, opposing specific provisions in a cybersecurity bill he introduced. The SECURE IT Act would create a new Freedom of Information Act exemptions for "cyber threat information" as well as for all information shared with a cybersecurity center. FOIA exemptions limit public access to government information. The organizations stated, "Unnecessarily wide-ranging exemptions of this type have the potential to harm public safety and the national defense more than they enhance those interests." In a statement for a hearing on the FOIA and critical infrastructure information, EPIC also warned against new FOIA exemptions and said that the National Security Agency has become a "black hole" for public information about cybersecurity. For more information, see EPIC: Cybersecurity. (Mar. 14, 2012)
  • . The Department of Health and Human Services announced a settlement with Blue Cross Blue Shield after the company’s inadequate security measures allowed 57 unencrypted hard drives containing private health information to be stolen from a facility in Tennessee. The agency cannot issue a fine greater than $1.5 million, but it could have filed criminal charges or requires Blue Cross to mitigate future patient harms. For more information, see EPIC: Medical Privacy. (Mar. 14, 2012)
  • .

    Drone Summit: Killing and Spying by Remote Control

    Amie Stepanovich,
    EPIC National Security Counsel

    CodePink

    Washington, D.C.
    April 28, 2012

    (Apr. 28, 2012)
  • .

    Navigating a Framework for Consumer Policy in a Digital Age

    Lillie Coney,
    EPICAssociate Director

    Joint Center for Political and Economic Studies
    Washington DC
    March 15, 2012

    (Mar. 15, 2012)
  • .

    "Freedom of Information Day; Is Exemption 3 Out of Control?"

    Ginger McCall,
    EPIC Open Government Director

    American University Washington College of Law
    Washington, DC
    March 16, 2012

    (Mar. 16, 2012)
  • . In a detailed statement to the Senate for a hearing on the "Freedom of Information Act: Safeguarding Critical Infrastructure and the Public's Right to Know," EPIC said that safeguarding FOIA was critical to ensure government oversight and accountability. EPIC described how the FOIA provides the public important information about safety and security, but also warned that the National Security Agency has become a "black hole" for public information about cyber security. EPIC described several NSA programs, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority which the agency has refused to release to the public. EPIC v. NSA, a challenge to the agency's "neither confirm nor deny" response to an EPIC FOIA request will be heard next week by the DC Circuit Court of Appeals. For more information, see EPIC: Cybersecurity. (Mar. 12, 2012)
  • . The Department of Justice has determined that a Texas voter ID law that requires photo identification violates the Voting Rights Act of 1965. The Texas law requires voters to present a driver's license or ID card issued by the state. The law also permits a voter to use military photo ID, a US citizenship certificate that contains the person's photograph, a US passport, or a license to carry a concealed handgun. The Department of Justice found that the Texas voter ID law disproportionately affects Hispanic voters because Hispanic voters are between 47% and 120% more likely than non-Hispanic registered voters to lack acceptable photo identification. The Department of Justice found that Texas "has not met its burden of proving that . . . the proposed [voter ID law] will not have a retrogressive effect, or that any specific features of the proposed law will prevent or mitigate that retrogression." In the voting conext, "retogression" refers to the disenfranchisement of eligible voters. For more information, see EPIC: Voter Photo ID and Privacy. (Mar. 12, 2012)
  • . In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2012. The gallery highlights key documents obtained by EPIC in the past year, including the Federal Bureau of Investigation's watch list guidelines, records of the Department of Homeland Security's social media monitoring program, Google's first Privacy Compliance Report, records detailing the government's FAST scanning program, records of the FBI's surveillance of Wikileaks supporters, and DHS records detailing the use of body scanners at the U.S. border. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA. (Mar. 12, 2012)
  • . A Pew study found that users of search engines were pleased with the quality of search results but opposed targeted advertising and search results, and were generally anxious about the collection of personal information by search engines. Specifically, 73 percent of those surveyed were opposed to search engines tracking their searches, and 68 percent opposed behavioral advertising. 83 percent of respondents reported using Google to conduct searches. Recently, Google began combining user data gathered from more than sixty Google products and services—including Google search--to create a single, comprehensive profile for each user. For more information, see EPIC: Search Engine Privacy and EPIC: EPIC v. FTC. (Mar. 9, 2012)
  • . A popular video "How To Get Anything Through TSA Nude Body Scanners" show that it is easy to bypass airport body scanners by hiding materials perpendicular to the plane of the scanning devices. The video also notes that traditional metal detectors, now being removed from US airports, would routinely alert to the presence of metallic objects. Still more interesting may be the recent blog post by a 25-year FBI agent, expert in aviation security, who writes that the "TSA has never foiled a terrorist plot or stopped an attack on an airliner" and that "the entire TSA paradigm is flawed." In a federal lawsuit, EPIC challenged the TSA airport scanner program, calling it "invasive, unlawful, and ineffective." For more information, see EPIC v. DHS (Suspension of body scanners). (Mar. 9, 2012)
  • .

    Big Data: Privacy Threat or Business Model?

    Lillie Coney,
    EPIC Associate Director

    SXSW
    Austin, TX
    March 11, 2012

    (Mar. 11, 2012)
  • . A Wisconsin state court has granted a temporary order blocking the state from enforcing a new voter ID requirement. Wisconsin is one of eight states that now require voters to present a government-issued photo ID. Voter ID laws typically discourage voter turnout, particularly among poor and minority communities. In NAACP v. Walker, the Wisconsin court said that the "scope of impairment has been shown to be serious, extremely broad and largely needless." For more information, see EPIC: Voter Photo ID and Privacy. (Mar. 6, 2012)
  • . The Department of Homeland Security has released the 2011 Annual Data Mining Report. The report must include all of the Agency's current activities that fall within the legislative definition of "data mining." Among other things, this year's report references the Agency's programs to profile individuals entering or leaving the country to determine who should be subject to "additional screening." A FOIA request by EPIC in 2011 revealed that the FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law. The report also provides information on Secure Flight and Air Cargo Advanced Screening. For more information, see EPIC: FBI Watch List FOIA and EPIC: DHS Privacy Office. (Mar. 5, 2012)
  • . Twitter recently announced a deal with the analytics firm Datasift that authorizes Datasift to sell the content of public tweets posted over the last two years. Companies who buy the data from Datasift will be able to market to users based on the topic or location of the tweets. DataSift will be required to regularly remove tweets that users delete. Previously, Twitter gave the Library of Congress access to every public tweet since the company’s inception in 2006. In 2011, the Federal Trade Commission reached a settlement with Twitter over charges that inadequate security measures allowed computer criminals to gain administrative access to the company. For more information, see EPIC: Federal Trade Commission. (Mar. 2, 2012)
  • . Earlier this week, EPIC submitted comments to the DHS on "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research." DHS sought public views on the privacy implications of ethical human subject research in information and communication technology research. EPIC said that many federal privacy laws, such as the Privacy Act of 1974, set out legal standard for how government agencies should protect personal data. EPIC strongly urged DHS to abide by federal privacy laws rather than adopt non-binding principles, which are not enforceable and provide few rights for individuals. For more information, see EPIC: Privacy and The Common Rule. (Mar. 1, 2012)
  • . European Justice Minister Vivian Reding said today that Google's March 1 changes to its terms of service violate European Union law "in numerous respects." Commissioner Reding pointed to the failure of the company to obtain user consent, the lack of transparency, and the fact that most users do not read privacy policies. European privacy officials recently concluded that the changes do not comply with the European Union Data Protection Directive and asked the company to suspend its planned changes. In the US, EPIC has urged a federal court to require the Federal Trade Commission to determine whether Google's changes changes violate a 2011 Consent Order. The court denied the motion. The case is now on appeal. For more information, see EPIC v. FTC (Google Consent Order). (Mar. 1, 2012)
  • . EPIC filed a "friend of the court" brief in the New Jersey Supreme Court urging the court to uphold Fourth Amendment protections for cell phone users. In State of New Jersey v. Thomas W. Earls, the lower court held that an individual has no legitimate expectation of privacy in the location of their cell phone. EPIC argued that the lower court opinion should be overturned in light of the Supreme Court's recent decision in United States v. Jones. The cell phone tracking techniques in this case, EPIC argued, "is more invasive than the GPS tracking in Jones." For more information, see EPIC: State v. Earls, and EPIC: US v. Jones. (Feb. 29, 2012)
  • . EPIC has filed a lawsuit under the Administrative Procedure Act against the Department of Education. EPIC's lawsuit argues that the agency's December 2011 regulations amending the Family Educational Rights and Privacy Act exceed the agency's statutory authority, and are contrary to law. In 2011, the Education Department requested public comments regarding the proposed changes. In response, EPIC submitted extensive comments, addressing the student privacy risks and the agency's lack of legal authority to make changes to the privacy law without explicit Congressional intent. The agency issued the revised regulations despite the fact that "numerous commenters . . . believe the Department lacks the statutory authority to promulgate the proposed regulations." EPIC is joined in the lawsuit by co-plaintiffs Grayson Barber, Pablo Molina, Peter G. Neumman, and Dr. Deborah Peel. The case is EPIC v. US Department of Education, No. 12-00327. For more information, see EPIC: Student Privacy. (Feb. 29, 2012)
  • . A group of U.S. senators have asked the Government Accountability Office to study the “alarming number” of new state laws that will make it “significantly harder” for millions of eligible voters to cast ballots this November. New state identification laws, by one estimate, will have a direct impact on 21 million American citizens who do not have a government-issued photo ID. The majority of those people are young would-be voters, the elderly, African Americans, Hispanics, and those earning $35,000 per year or less. For more information, see EPIC: Voting Privacy and Voter Photo ID and Privacy. (Feb. 29, 2012)
  • . According to the Federal Trade Commission, identity theft was the top source of consumer complaints in 2011 comprising 15 percent of the 1.8 million total complaints filed. This is the 12th year in a row in which identity theft has occupied the top position. The report contains data on 30 complaint categories, which are broken down by metropolitan areas and provided to state and local law enforcement offices. For more information, see EPIC: FTC and EPIC: Identity Theft. (Feb. 29, 2012)
  • . The Transatlantic Consumer Dialogue, a coalition of leading consumer organizations in North America and Europe, today urged Google CEO Larry Page to drop the plan to combine user data on March 1. Citing the pending changes to Google's terms of service, the groups said "It is both unfair and unwise for you to 'change the terms of the bargain' as you propose to do." TACD said "consumers have relied on your policies and your terms of service in choosing your products." Late Friday, EPIC filed an emergency appeal with the DC Circuit of Appeals in an attempt to force the Federal Trade Commission to take action prior to March 1. For more information, see EPIC: EPIC v. FTC (Google Consent Order). (Feb. 29, 2012)
  • . The Virginia Senate passed a controversial voter photo ID law by one vote. The bill now goes to the Virginia House for consideration. Voter ID laws implicate the privacy rights rights of voters and also discourage voter turnout particularly among poorer voters who may not have necessary credentials, such as a drivers license. In 2007, EPIC challenged the Indiana voter photo ID law. For more information, see EPIC: Voting Privacy and EPIC: Crawford v. Marion County. (Feb. 28, 2012)
  • . Pressure is building as the March 1 deadline for Google's planned changes in user privacy approaches. In an interview with C-Span, the Chairman of the Federal Trade Commission said that users of Google services face a "brutal" choice." The head of the French Data Protection Agency, on behalf of European privacy agencies, has warned that Google's proposed change violates European Union privacy law. She is reiterated the recommendation of Europe's Justice Minister that Google suspend the change. In Washington, DC, EPIC has filed an emergency appeal with the DC Circuit Court of Appeals to force the FTC to enforce the 2011 consent order against Google. For more information, see EPIC v. FTC (Google Consent Order). (Feb. 28, 2012)
  • . A Pew study found that users are becoming more active in managing their social media accounts. Compared to 2009, a higher percentage of users reported deleting people from their “friends” lists, deleting comments made by others on their profile, and removing their names from photos in which they were tagged. The report also found that women and young users were the most active in protecting their privacy. The Federal Trade Commission is currently finalizing a consent order with Facebook over charges that the company changed users' privacy settings to make personal information more available to the public and to Facebook's business partners. For more information, see EPIC: Social Networking Privacy, EPIC: Facebook Privacy, and EPIC: Public Opinion and Privacy. (Feb. 27, 2012)
  • . Within hours after a federal court in Washington, DC ruled that it could not require the Federal Trade Commission to enforce a consent order against Google, EPIC filed an emergency appeal with the Court Appeals for the DC Circuit. EPIC has asked the appellate court to overturn the lower court decision before March 1, when Google will change its terms of service and consolidate user data without consent. For more information, see EPIC - EPIC v. FTC (Google Consent Order). (Feb. 27, 2012)
  • . EPIC, joined by more than 100 organizations, experts, and members of the public, has sent a petition to the Federal Aviation Administration, urging the agency to address the privacy threats associated with the increased use of drones in the United States. Congress recently passed legislation requiring the Agency to assess the safety of drones used by commercial and government operators. The petition asserts that "The privacy threat posed by the deployment of drone aircraft in the United States is great. The public should be given the opportunity to comment on this development." For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (Feb. 24, 2012)
  • . Five privacy organizations, including EPIC, wrote today to Rep. Bono-Mack to urge the Chairwoman of a powerful Congressional committee to hold a public hearing on Google's proposed changes in business practices that will take effect March 1. Rep. Bono-Mack has held closed-door meetings with the Internet giant, but so far has scheduled no public hearings on the plan to consolidate user data, which EPIC alleges violates a 2011 Consent Order with the Federal Trade Commission. The consumer groups also asked the Congresswoman to urge Google to suspend its plan pending an investigation. They said there would be "overwhelming public support for this action" and cited recent statements from Members of Congress, Attorneys General, European Justice Officials, the President, technical experts, and IT managers in government and the private sector. For more information see EPIC: EPIC v. FTC. (Feb. 24, 2012)
  • . A federal court today dismissed EPIC's lawsuit against the FTC, because the "decision to enforce the Consent Order is committed to agency discretion and is not subject to judicial review." However, the Judge also said "the Court has not reached the question of whether the new policies would violate the consent order or if they would be contrary to any other legal requirements." And she said "the FTC, which has advised the Court that the matter is under review, may ultimately decide to institute an enforcement action." EPIC will appeal the decision on judicial review, asking the DC federal appeals court to rule that courts can require federal agencies to enforce final orders. For more, see EPIC: EPIC v. FTC (Google Consent Order). (Feb. 24, 2012)
  • . The Obama Administration put forward a comprehensive privacy framework with principles designed to establish new safeguards for consumers and new responsibilities for companies that collect and use personal information. The principles include (1) individual control over the collection and use of personal data; (2) transparency; (3) respect for the context in which data is collected; (4) security; (5) access and correction rights for consumers; (6) data limitation; and (7) accountability. President Obama stated that "even though we live in a world in which we share personal information more freely than in the past, we must reject the conclusion that privacy is an outmoded value. It has been at the heart of our democracy from its inception, and we need it now more than ever." EPIC praised the framework and the President's support for privacy, and said that the challenge ahead would be implementation and enforcement. For more information, see EPIC: Commerce Department and EPIC: Federal Trade Commission, and EPIC: White House - Consumer Privacy Bill of Rights. (Feb. 23, 2012)
  • . EPIC has submitted a letter to Congress following a hearing on DHS monitoring of social networks and media organizations. In the letter, EPIC highlights new documents obtained as a result of a FOIA lawsuit and points out to inconsistencies in DHS' testimony about the program. Though DHS testified that it does not monitor for public reaction to government proposals, the documents obtained by EPIC indicate that the DHS analysts are specifically instructed to look for criticism of the agency and then to redirect reports that would otherwise be circulated to other agencies. EPIC wrote that the DHS' monitoring program should be suspended, as it exceeds the agency's statutory authority and chills First Amendment activity. For more information, see EPIC: EPIC v. DHS: Media Monitoring. (Feb. 23, 2012)
  • . Attorneys general from 36 states and territories sent a letter to Google raising new questions about the plan to consolidate user data on March 1. "The new policy forces consumers to allow information across all of these products to be shared, without giving them the ability to opt out.," the letter says. The state AGs also say "this invasion of privacy is virtually impossible to escape for the nation's Android-powered smartphone users, who comprise nearly 50% of the national smartphone market. For these consumers, avoiding Google's privacy policy change may mean buying an entirely new phone at great personal expense." The AGs point out that Google told Android users "We will not reduce your rights under this Privacy Policy without your explicit consent." Last week, EPIC filed a lawsuit to force the Federal Trade Commission to require Google to honor its previous commitments to Google users. EPIC has alleged that the proposed changes in the company's practices violate a 2011 Consent Order. For more information, see EPIC: EPIC v. FTC (Google Consent Order). (Feb. 22, 2012)
  • . The Federal Aviation Administration is about to begin a public rulemaking on public safety related to drone use. EPIC would like the FAA to also undertake a rulemaking on privacy. The use of drones in US airspace poses a real threat to important privacy interests, and the Agency has the authority to regulate the use of drones. If you would like to sign EPIC's petition, please send an e-mail with the subject line "I support the EPIC Drone Privacy Petition to the FAA," your full name, and email address or twitter handle to drones@epic.org. Your name will be added as a signatory. All emails must be received by midnight on Friday, February 24, 2012. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (Feb. 22, 2012)
  • . In a reply brief filed today in Washington, DC, EPIC said that the Federal Trade Commission's failure to enforce the Consent Order against Google prior to March 1 would cause "irreparable injury." EPIC cited Google's plans to combine user data without consent, and pointed to numerous cases that establish the need for the Court to assess the FTC's failure to act. Dismissing arguments asserted by the government that "FTC enforcement decisions are not subject to judicial review," EPIC said that Congress has clearly told the Federal Trade Commission to enforce its final orders. And in response to a claim that EPIC's request for action by March 1 is "arbitrary," EPIC wrote "If the government is unaware that Google plans to make a substantial change in its business practices on March 1, 2012, it should turn on a computer connected to the Internet." For more information, see EPIC, EPIC v. FTC (Google Consent Order). (Feb. 21, 2012)
  • . According to White House budget documents and the Congressional Testimony of Secretary Napolitano, DHS will not purchase any new airport body scanners in 2013. However, the agency will expand a wide range of programs for monitoring and tracking individuals within the United States. This includes the development of biometric identification techniques for programs such as Secure Communities. DHS will also seek funding for "Einstein 3," a network intrusion detection program that enables surveillance of private networks. EPIC has urged the DHS to comply with the requirements of the federal Privacy Act, and is currently pursuing several Freedom of Information Act lawsuits against the agency. For more information see, EPIC - Body Scanners and Radiation Risks, EPIC - E-Verify, EPIC - Secure Communities, EPIC - Fusion Centers, EPIC - Drones, EPIC - Cybersecurity, EPIC - Secure Flight. (Feb. 20, 2012)
  • . The Federal Trade Commission today filed an opposition and a motion to dismiss in response to EPIC's complaint to compel the agency to enforce the October 2011 Consent Order against Google. The government stated that EPIC would "deprive the Commission of the discretion to exercise its enforcement authority." The government also charged that EPIC's lawsuit is "completely baseless." The papers were filed in federal District Court on the same day that the Wall Street Journal reported that Google had subverted the privacy settings of millions of users of the Internet browser software Safari. For more information see: EPIC: EPIC v. FTC (Google Consent Order). (Feb. 17, 2012)
  • .

    "New Concerns Over Online Privacy"

    Marc Rotenberg,
    EPIC Executive Director

    The Diane Rehm Show
    National Public Radio
    WAMU (DC)
    February 20, 2012

    (Feb. 17, 2012)
  • . As the result of a Freedom of Information Act request to the Federal Trade Commission, EPIC has obtained a full copy of Google's first Privacy Compliance Report. Last year, spurred by a complaint pursued by EPIC, the FTC reached a settlement with Google and required the company to file regular reports with the Commission detailing its steps to comply with the Consent order. However, the report obtained by EPIC raises new questions about the company's efforts to safeguard user privacy. EPIC has recently filed a lawsuit against the FTC to compel the agency to enforce the Consent Order. For more information see: EPIC: EPIC v. FTC (Google Consent Order) and EPIC: In re Google Buzz. (Feb. 17, 2012)
  • . Today EPIC wrote to the Federal Trade Commission urging it to enforce the consent order with Google in light of a recent Wall Street Journal article based on research from Stanford's Jonathan Mayer that described how Google had been circumventing the privacy settings of Safari users despite Google's promise to respect such settings. EPIC said that Google "took elaborate measures to circumvent the Safari privacy safeguards, and it benefited from the misrepresentations by the commercial value it surreptitiously obtained." EPIC has filed a lawsuit to force the FTC to require Google to comply with the Consent Order to protect the privacy interests of Google users. The FTC's Response to the EPIC motion is due February 17; EPIC's reply is due February 21, 2012. For more information, see EPIC: EPIC v. FTC (Google Consent Order). (Feb. 17, 2012)
  • . Members of a House Committee today questioned DHS officials about the agency's monitoring of social networks and media organizations for information that "reflects adversely" on the agency or the federal government. Several members expressed support for EPIC's proposal that DHS suspend the program, warning that this activity violates First Amendment rights. New questions also arose when the DHS witnesses claimed that no other federal agencies were engaged in similar practices. According to many news sources, the FBI wants to monitor social media. The House hearing was called after EPIC obtained nearly 300 pages of documents detailing the Department of Homeland Security's activities. For more information see: EPIC v. Department of Homeland Security: Media Monitoring. (Feb. 16, 2012)
  • . The Federal Trade Commission issued a report today that found widespread failure among app stores and app developers to provide information to parents about the collection and use of children's data. The report noted that there are currently more than 500,000 apps in the Apple App Store and 380,000 in the Android Market, and that young children and teens are increasingly using smartphones for entertainment and educational purposes. The FTC report recommends that apps provide simple, short disclosures about their information collection and use practices, and that app stores assume greater role in providing information about the apps that they sell. EPIC previously submitted comments to the FTC on a proposed rule for the Children's Online Privacy Protection Act. For more information, see EPIC: Children's Online Privacy Protection Act and EPIC: Federal Trade Commission. (Feb. 16, 2012)
  • . The Federal Communications Commission has issued new rules that strengthen consumer protections against telemarking calls. The rules require telemarketers to obtain written consent of consumers before placing a robocall, require telemarketers to allow consumers to revoke consent to a robocall during the call itself, and close a loophole that allowed telemarketers to place calls to customers with whom they had an established business relationship. EPIC was one of the consumer and privacy groups that advocated for the original Do Not Call registry. EPIC has also urged the FCC to require strong privacy safeguards for telephone customers' personal information, and protect wireless subscribers from telemarketing. For more information, see EPIC: EPIC Telemarketing and Telephone Consumer Protection Act. (Feb. 16, 2012)
  • . In a Statement for the Record, EPIC has asked the House Committee on Homeland Security to suspend a DHS program that has permitted the agency to gather comments critical of the agency and the government by monitoring social networks and media organizations. The hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy" was called after EPIC obtained nearly 300 pages of documents detailing the Department of Homeland Security's activities. The documents, obtained as a result of EPIC's Freedom of Information Act lawsuit, include instructions from the DHS to General Dynamics to monitor media reports that "reflect adversely" on the agency or the federal government. For more information see: EPIC v. Department of Homeland Security: Media Monitoring. (Feb. 15, 2012)
  • . In response to an EPIC Freedom of Information Act request, Customs and Border Protection has disclosed nearly 1,000 pages of documents on automated license plate readers and border body scanners. The documents include contracts with several companies, such as Rapiscan and L3, for vehicle and cargo screening x-ray devices. Previous documents obtained by EPIC revealed that the agency is developing integrated vehicle scanners, with backscatter x-ray, Closed Circuit Television, and automated license plate readers, that would be used with human subjects. Radiation experts have questioned the safety of these systems, which produce ionizing radiation. For more information see EPIC FOIA: Automated License Plate Readers and Border Checkpoint Body Scanners. (Feb. 14, 2012)
  • . The Google privacy compliance report, made public today, raises new questions about the company's failure to comply with an FTC Consent Order. The Order required Google to answer detailed questions about how it protects the personal information of Google users. But Google chose not to answer many of the questions. Most significantly, the company did not explain to the Commission the impact on user privacy of the proposed changes that will take place on March 1. EPIC has filed a lawsuit to force the Federal Trade Commission to require Google to comply with the Consent Order to protect the privacy interests of Google users. For more information, see EPIC v. FTC (Google Consent Order). (Feb. 10, 2012)
  • . The National Institute of Standards and Technology has released a report detailing the governance structure for the White House’s National Strategy for Trusted Identities in Cyberspace. EPIC, joined by the Liberty Coalition, submitted comments on the original proposal, emphasizing the need for transparency and balanced representation. NIST adopted many of EPIC’s suggestions, including the establishment of a Privacy Coordination Committee. However, the final document ignored EPIC’s recommendation that legislation be enacted to safeguard privacy. For more information, see EPIC: National Strategy for Trusted Identities in Cyberspace. (Feb. 10, 2012)
  • . In response to EPIC's complaint and motion to compel the Federal Trade Commission to enforce a consent order against Google, a federal district court judge has ordered an accelerated briefing schedule. The FTC's Response to the EPIC briefs is due February 17, EPIC's reply is due February 21, 2012. The Court's deadlines reflect Google's imminent, substantial changes to the company's business practices. Google intends to consolidate the personal data of Google users across 60 services on March 1. EPIC contends that these changes constitute a violation of the consent order with the Federal Trade Commission. For more information, see EPIC v. FTC (Google Consent Order). (Feb. 9, 2012)
  • . The U.S. Customs and Border Protection, a component within the Department of Homeland Security, issued a final rule approving Global Entry, a traveler screening program, despite the substantial privacy and security risks brought to the agency's attention. Under the Global Entry program, the CBP collects detailed personal information, including social security numbers and biometric information, that should be subject to Privacy Act safeguards. However, the agency rejected EPIC's recommendations that it comply with the Privacy Act by limiting the distribution of information to only those that need the information for screening purposes. In EPIC's comments, EPIC also noted that CBP violated federal law by not conducting a Privacy Impact Assessment before implementing the new Global Entry program. For more information, see: EPIC: Global Entry. (Feb. 8, 2012)
  • . In the Re-Authorization Bill for the Federal Aviation Administration, Congress has required the agency to develop rules governing the operation of drones within U.S. National Airspace. Currently, the only barriers to operation of unmanned aircraft are procedural requirements that oblige drone operators to obtain operation certificates. The FAA Modernization and Reform Act of 2012 requires the agency to conduct a public rule-making that will assess public safety concerns, licensing requirements, flight standards, and air traffic requirements. The FAA Secretary will also undertake safety studies and develop standards for "Safe Operation" in US airspace. However, the legislation does not consider the need to assess the privacy risks of the deployment of drones in US airspace. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (Feb. 8, 2012)
  • . EPIC today filed a Complaint and a Motion for Temporary Restraining Order and Preliminary Injunction in Federal District Court in Washington, DC. EPIC is seeking to compel the Federal Trade Commission to act prior to March 1, when Google plans to make changes in its terms of service that will make it possible for the company to combine user data without user consent. EPIC alleges that this change in business practice is in clear violation of the consent order that Google entered into on October 13, 2011. The consent order arises from a complaint that EPIC brought to the Commission in February, 2010 concerning Google Buzz and a similar attempt by Google to combine user data without user consent. For more information, see EPIC - In re Google Buzz, FTC - "FTC Charges Deceptive Privacy Practices in Google's Rollout of Its Buzz Social Network." (Feb. 8, 2012)
  • . On February 16, 2012, the House Committee on Homeland Security will hold a hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy." The hearing was called after EPIC obtained nearly 300 pages of documents, as a result of a Freedom of Information Act lawsuit, detailing the Department of Homeland Security's monitoring of social networks and media organizations. The documents included guidelines from DHS instructing General Dynamics to monitor for media reports that "reflect adversely" on the agency or the federal government. For more information see: EPIC v. Department of Homeland Security: Media Monitoring. (Feb. 6, 2012)
  • . In response to growing concern about the impact of Google's proposed policy change on user privacy and cloud-computing services, the company said that its planned privacy changes will not apply to US federal agencies. A report from Safegov.org "Google’s New Privacy Policy Is Unacceptable and Jeopardizes Government Information in the Cloud" recommended that "Google immediately suspend the application of its new privacy policy to Google Apps For Government users." Google told POLITICO's Morning Tech "cloud contracts are crafted with 'narrow, specific obligations' on how data can be used and stored. And those data requirements in the cloud contracts trump the company's standard privacy policy." (Feb. 3, 2012)
  • . Leading privacy officials in Europe have asked Google "for a pause" in the company's planned consolidation of user data "in the interests of ensuring that there can be no misunderstanding about Google's commitments to the information rights of their users and EU citizens. . ." EU Commissioner Vivian Reding (@VivianeRedingEU) has expressed support, tweeting "Good that Europe's data protection authorities are ensuring @Google's new privacy policy complies with EU law." EPIC has urged the United States to begin the process of ratification of Council of Europe Privacy Convention, which would establish global standards for privacy protection. (Feb. 3, 2012)
  • . EPIC has filed a Freedom of Information Act request with the Federal Trade Commission for the Privacy Report that Google was recently required to submit to the agency. The Commission had previously investigated Google after EPIC filed a complaint regarding Google's Buzz product, which transformed private user contacts into publicly available social network data. Last fall the Commission reached a settlement with Google and, as a result, the company is subject to a consent order that requires it to file regular reports with the Commission. EPIC has requested that Google's first report, filed on January 26, 2012, be released to the public. Because of Google's plan to change its business practice on March 1, 2012, EPIC has asked the FTC to expedite the disclosure of the report. For more information see EPIC: In re Google Buzz. (Feb. 1, 2012)
  • . In detailed comments to the Federal Trade Commission, EPIC today recommended the suspension of facial recognition technology deployment until adequate safeguards and privacy standards are established. EPIC said that facial recognition is often used by strangers to determine a person's actual identity and that this poses a risk to privacy and personal security. EPIC also noted that some companies have adopted techniques that are more favorable to privacy as they allow users to control the image database while others undermine privacy, as the image database is centrally maintained. EPIC previously submitted a complaint to the FTC about Facebook's use of facial recognition technology to build a secret database of users' biometric data and allowing the company to automatically tag users in photos. The comments follow an FTC workshop exploring the privacy and security issues raised of facial recognition technology. For more information, see EPIC: Federal Trade Commission, EPIC: Face Recognition, and EPIC: Facebook and Face Recognition. (Feb. 1, 2012)
  • .

    "Google, Facebook, and Your Privacy"

    Marc Rotenberg,
    EPIC Executive Director

    On Point with Tom Ashbrook
    WBUR - Boston
    February 1, 2012

    (Feb. 1, 2012)
  • . At a hearing before the Senate Judiciary Committee, EPIC Executive Director Marc Rotenberg is expected to make several recommendations to Congress about how to update and modernize the Video Privacy Protection Act, a law passed by Congress in 1988. Among the changes recommended, EPIC will propose that Congress make clear that the law covers all video service providers (including Netflix), allow users to inspect the information that video providers collect about them as well as the algorithms that are used to recommend selections, treat IP addresses and user IDs as "personally identifiable information," inflation-adjust the damages provision, and require companies to encrypt the data collected on users. For more information, see EPIC Video Privacy Protection. Read EPIC's testimony. (Jan. 30, 2012)
  • . Speaking this week at the Computers, Privacy and Data Protection conference, EPIC President Marc Rotenberg expressed support for the Council of Europe Privacy Convention. Two years ago, twenty-nine members of the of the EPIC Advisory Board, experts in privacy law and technology, sent a letter to US Secretary of State Hillary Clinton to urge that the United States begin the process of ratification of the Council of Europe Convention on Privacy. They wrote, "privacy is a fundamental human right. In the 21st century, it may become one of the most critical human rights of all." Speaking in Brussels, Mr. Rotenberg reiterated EPIC's support for the Convention and also called attention to recent changes that modernize and update the international privacy framework. (Jan. 27, 2012)
  • . Eight members of Congress wrote to Google asking the company to explain the "steps [that] are being taken to ensure the protection of consumers' privacy rights." The letter follows Google's announcement that it would begin combining data gathered on consumers of over 60 Google products and services, including Gmail, Google+, Youtube, and the Android mobile operating system. The members' letter includes 11 specific questions ranging from the ways in which Google collects information to the specific consequences for Android phone users. In 2010, EPIC, along with other privacy groups, wrote a letter to Google about the company's decision to combine user data among 12 Google services. The groups warned that the practical effect would be to reduce privacy protection for users of Google services. For more information, see EPIC: In re: Google Buzz and EPIC: Google search. (Jan. 27, 2012)
  • . EPIC has given the 2012 Privacy Champion Awards to Canadian Privacy Commissioner Jennifer Stoddart and privacy technologist Christopher Soghoian. EPIC called Stoddart a "steadfast defender of privacy" and cited her work to strengthen international collaboration among privacy officials. Of Soghoian, EPIC said he is "an expert technologist dedicated to privacy," and cited his ability to combine technical know-how, legal expertise, and clever campaign tactics. EPIC Champion of Freedom press release. Stoddart acceptance speech. (Jan. 26, 2012)
  • . EPIC has filed suit against the Department of Justice and Federal Bureau of Investigation under the Freedom of Information Act for documents detailing surveillance of WikiLeaks supporters. After WikiLeaks' November 2010 publication of diplomatic cables, the U.S. government opened investigations into WikiLeaks supporters and pressured many online donation systems, including Amazon and Paypal, to cease processing donations to WikiLeaks. In June 2011, EPIC filed Freedom of Information Act requests with the Department of Justice and the Federal Bureau of Investigation. EPIC is seeking documents that detail government requests for information about users of Facebook, Twitter, Paypal and Visa. For more information see: EPIC: Open Government. (Jan. 25, 2012)
  • . The European Commission has proposed modernized Data Protection rules that will simplify business compliance and establish new privacy rights for individuals. EC Justice Commissioner Viviane Reding explained, "The proposal will help build trust in online services because people will be better informed about their rights and in more control of their information." In 2009, EPIC joined 110 other civil society groups and 106 experts in endorsing the Madrid Privacy Declaration, which called for the establishment of "a new international framework for privacy protection . . . . based on the rule of law, respect for fundamental human rights, and support for democratic institutions." For more information, see EPIC: EU Data Protection Directive. (Jan. 25, 2012)
  • . Google announced that it would begin combining data gathered on users of over 60 Google products and services, including Gmail, Google+, Youtube, and the Android mobile operating system. Previously, users could use one Google service, such as Google+, without having their information combined with that gathered from other services, such as Youtube. Users cannot opt out of having their data combined unless they avoid signing into their user accounts or stop using Google’s services altogether. Google’s changes come after the company began surfacing personal information from Google+ in Google search results, a move that EPIC said raised privacy and antitrust issues. In 2010, EPIC, along with other privacy groups, wrote a letter to Google over the company's decision to combine user data among 12 Google services. Google is subject to a settlement with the Federal Trade Commission that establishes new privacy safeguards for users of all Google products and services and subjects the company to regular privacy audits. For more information, see EPIC: Federal Trade Commission and EPIC: Google Search. (Jan. 25, 2012)
  • . Following the announcement of the "Good the Know" advertising campaign by a major Internet firm, EPIC has launched "Good to Really Know," a brief YouTube video that offers practical advice about Internet privacy and tips for Internet users. The EPIC video covers Internet tracking and profiling. It also reminds users "It's Your Data," and offers suggestions for how Internet companies could help protect Internet privacy. (Jan. 25, 2012)
  • . Senator Patrick Leahy, theChairman of the Senate Judiciary Committee, offered a statement commemorating Data Privacy Day, which takes place on January 28. Senator Leahy urged the Congress to adopt comprehensive data privacy legislation to "better protect Americans' sensitive personal data and reduce the risk of data security breaches." He also recommended changes to the Electronic Privacy Communications Act to "reflect the realities of our time" and to "keep us safe from cyber threats." EPIC will be participating in the annual Computers, Privacy, and Data Protection conference, taking place this week in Brussels. EPIC will also be announcing the recipients of the 2012 International Champion of Freedom Award and the 2012 US Privacy Champion Award. Join International Privacy Day on Facebook. (Jan. 24, 2012)
  • . Today the Supreme Court unanimously held in U.S. v. Jones that the warrantless use of a GPS tracking device by the police violated the Fourth Amendment. The Court said that a warrant is required "[w]here, as here, the government obtains information by physically intruding on a constitutionally protected area," like a car. Concurring opinions by Justices Sotomayor and Alito urged the court to focus on the reasonableness of the suspect's expectation of privacy because physical intrusion is unnecessary to surveillance in the digital age. EPIC, joined by 30 legal and technical experts,filed a "friend of the court" brief. EPIC warned that, "it is critical that police access to GPS tracking be subject to a warrant requirement." For more information, see EPIC: US v. Jones, and EPIC: Location Privacy. (Jan. 23, 2012)
  • .

    Constitution 3.0

    REGISTER NOW

    "Constitution 3.0: Understanding and Advancing Constitutional Rights in the Digital Age"

    EPIC and the Center for the Study of Responsive Law

    Carnegie Institute for Science
    Washington, DC
    January 19, 2012

    Listen to the audiocast.

    (Jan. 19, 2012)
  • . Bloomberg News has reported that the Federal Trade Commission has expanded its antitrust investigation of Google to include Google's social networking service, Google+. The report comes after Google announced that it would include personal data gathered from Google+ in the results of users' searches, a move that led EPIC to urge the FTC to investigate the company. EPIC said that "Google's business practices raise concerns related to both competition and the implementation of the Commission’s consent order," referring to a settlement that the FTC reached with Google that establishes new privacy safeguards for users of all Google products and services and subjects the company to regular privacy audits. Google first confirmed the FTC’s antitrust investigation in June 2011. Recently, the Senate held a hearing on Google's use of its dominance in the search market to suppress competition, and EPIC urged the Federal Trade Commission to investigate Google's use of Youtube search rankings to give preferential treatment to its own video content over non-Google content. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission. (Jan. 13, 2012)
  • .

    Internet Data Privacy Colloquium, 2012

    Amie Stepanovich,
    EPIC National Security Counsel

    Dialogue on Diversity
    Washington, D.C.
    January 26, 2012

    (Jan. 13, 2012)
  • . As the result of EPIC v. DHS, a Freedom of Information Act lawsuit, EPIC has obtained nearly thee hundred pages of documents detailing a Department of Homeland Security's surveillance program. The documents include contracts and statements of work with General Dynamics for 24/7 media and social network monitoring and periodic reports to DHS. The documents reveal that the agency is tracking media stories that "reflect adversely" on DHS or the U.S. government. One tracking report -- "Residents Voice Opposition Over Possible Plan to Bring Guantanamo Detainees to Local Prison-Standish MI" -- summarizes dissent on blogs and social networking cites, quoting commenters. EPIC sent a request for these documents in April 2004 and filed suit against the agency in December. For more information, see EPIC: EPIC v. Department of Homeland Security: Media Monitoring. (Jan. 13, 2012)
  • .

    Computers, Data Protection and Privacy 2012

    Lillie Coney,
    EPIC, Associate Director

    Brussels, Belgium
    January 26, 2012

    (Jan. 26, 2012)
  • . In a letter to the Federal Trade Commission, EPIC has called for an investigation of recent changes by Google to Google Search, the dominant search algorithm on the Internet. EPIC cited Google's decision to include personal data, such as photos, posts, and contact details, gathered from Google+ in Google Search results. “Google’s business practices raise concerns related to both competition and the implementation of the Commission’s consent order,” EPIC said, referring to a settlement that the FTC reached with Google that establishes new privacy safeguards for users of Google products and services and subjects the company to regular privacy audits. Recently, the Senate held a hearing on Google’s use of its dominance in the search market to suppress competition, and EPIC urged the Federal Trade Commission to investigate Google’s acquisition of Youtube, which allowed Google to give preferential treatment to Google's own video content. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission. (Jan. 12, 2012)
  • . Google is changing the results displayed by its search engine to include data from its social network, such as photos or blog posts made by Google+ users, as well as the public Internet. Although data from a user’s Google+ contacts is not displayed publicly, Google’s changes make the personal data of users more accessible. Users can opt out of seeing personalized search results, but cannot opt out of having their information found through Google search. Also, Google's changes come at a time when the company is facing increased scrutiny over whether it distorts search results by giving preference to its own content. Recently, the Senate held a hearing on Google's use of its dominance in the search market to suppress competition, and EPIC urged the Federal Trade Commission to investigate Google's use of Youtube search rankings to give preferential treatment to its own video content over non-Google content. Google has also acknowledged that the FTC is investigating whether Google uses its dominance in the search field to inhibit competition in other areas. For more information, see EPIC: Google/DoubleClick. (Jan. 10, 2012)
  • . According to a draft memo, the Department of Homeland Security intends to require that all states comply with the agency's "Secure Communities" program by 2013. Secure communities is a controversial deportation program that relies on extensive data collection and biometric identification. Several states, including Illinois, New York and Massachusetts, objected to the federal program, citing mismanagement, and refused to participate. Previously, the DHS maintained that the program would be voluntary. For more, see EPIC: Secure Communities. (Jan. 10, 2012)
  • . The US Supreme Court has decided to review Florida v. Jardines, a case that addresses whether a dog sniff at the front door of a home is a search that requires probable cause. This case follows Illinois v. Caballes, a 2005 case in which the Court held that a dog sniff around a car during a routine traffic stop was not a search. The Florida Supreme Court ruled that Caballes was inapplicable in the case, and that a dog sniff in front of a home is a Fourth Amendment search. This case also implicates the government's use of "enhanced" investigative techniques that are designed to detect contraband. Because these techniques are imperfect and also allow the government to search for material that is not illegal, EPIC has argued that a Fourth Amendment probable cause standard should apply. For more information, see EPIC: EPIC v. DHS (Airport Body Scanners). (Jan. 6, 2012)
  • .

    privacy-day.jpg

    (Jan. 28, 2012)
  • .

    "The Council of Europe Privacy Convention"

    Marc Rotenberg,
    EPIC Executive Director

    Council of Europe
    Brussels, Belgium
    January 27, 2012

    (Jan. 27, 2012)
  • .

    Computers, Data Protection, and Privacy 2012
    Brussels, Belgium
    January 26, 2012

    (Jan. 26, 2012)
  • .

    Facebook and Privacy

    Marc Rotenberg,
    EPIC Executive Director

    The Diane Rehm Show
    WAMU
    January 10, 2012

    (Jan. 10, 2012)
  • . A federal appeals recently revived a lawsuit, Jewel v. NSA, challenging the NSA's use of the nation's largest telecommunication providers to conduct suspicionless surveillance of Americans. The three-judge panel reversed a lower court decision that rejected claims based on lack of standing. The case will now return to the district court for a decision on the merits. The same three-judge panel also rejected a related suit against the telecommunications providers, Hepting v. AT&T, based on the "retroactive immunity" provided by Congress in 2008. EPIC, in cooperation with the Stanford Constitutional Law Center, filed a "Friend of the Court" brief in support of the plaintiffs in these cases, arguing that statutory and constitutional privacy violations are sufficient to establish standing, and that the state secrets doctrine should not bar adjudication. For more information, see EPIC: Hepting v. AT&T and EPIC: NSA Warrantless Surveillance. (Jan. 5, 2012)
  • . EPIC filed the opening brief in EPIC v. NSA, No. 11-5233, challenging the National Security Agency’s response to EPIC's Freedom of Information Act request. EPIC is seeking information about the widely publicized cybersecurity agreement between the NSA and Google that followed the January 2010 China hack. The NSA claimed it "could neither confirm nor deny" the existence of any information about its relations with Google. After the attack, Google's implemented encryption technology for Gmail by default, a privacy safeguard EPIC and technical experts had urged in 2009. For more information, see EPIC v. NSA: Google / NSA Relationship. (Jan. 4, 2012)