Previous Top News: 2013
- EPIC Asks FTC to Investigate Snapchat. EPIC filed a complaint with the Federal Trade Commission against Snapchat, the publisher of a mobile app that encourages user to share intimate photos and videos. The company represents that users can make photos and videos "disappear forever." In fact, the photos can be retrieved by others after they should have vanished. The EPIC complaint implicates Privacy Enhancing Technologies, which if properly implemented would minimize or eliminate the collection of personally identifiable information. The FTC described similar methods in a 2012 privacy report. Previously, EPIC filed a complaint at the FTC against AskEraser, which falsely represented that search queries would be deleted when in fact they were retained by the company and made available to law enforcement agencies. For more information, see EPIC: Federal Trade Commission. (May. 17, 2013)
- Congress Seeks Answers on Google Glass Privacy Risks. Members of the bipartisan Privacy Caucus sent a letter to Google seeking answers to questions about Glass, a wearable computer that routinely records video and audio, and gathers locational data. Among several questions, the Members of Congress asked "how Google plans to prevent Google Glass from unintentionally collecting data about the user/non-user without consent?" and whether Glass would be able to use facial recognition technology. Recently, Attorneys general for 38 states and the District of Columbia reached a $7 million settlement with Google over the unauthorized collection of data from wireless networks, including private WiFi networks of residential Internet users. Early last year, Google collapsed its privacy policies, prompting objections from EPIC state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Glass and Wearable Computers. (May. 17, 2013)
- White House Supports Media Shield Law. Following the controversy concerning the Justice Department’s subpoena of Associated Press calling records, the Obama administration announced support for a media shield law. The White House has asked Senator Charles E. Schumer to reintroduce the Free Flow of Information Act, a bill that would limit government access to information about confidential sources and would allow journalists to move to quash subpoenas of their phone records. EPIC is currently seeking the legal basis for the Justice Department’s subpoena of phone records through a Freedom of Information Act request. For more information, see EPIC: Free Flow of Information Act. (May. 16, 2013)
- Colorado State Board of Education Study Session Regarding inBloom, Inc..
Colorado State Board of Education Study Session Regarding inBloom, Inc.
Khaliah Barnes,
EPIC Administrative Law CounselColorado State Board of Education
(May. 16, 2013)
May 16, 2013 - Amendment to Immigration Bill Seeks to Limit Drone Surveillance on Border. The Senate Judiciary Committee has approved an Amendment to the immigration bill to limit the range of drones surveillance in the United States. The immigration bill grants the Bureau of Customs and Border Protection authority to operate surveillance drones continuously within the border region. Senator Dianne Feinstein's (D-CA) Amendment reduces the patrol area of surveillance drones from 100 miles around the border to 25 miles. More than two-thirds of the US population lives within 100 miles of the border. In February 2013, EPIC petitioned the Bureau of Customs and Border Protection to suspend the border drone surveillance program pending the establishment of concrete privacy regulations. The petition followed the production of documents to EPIC under the Freedom of Information Act demonstrating that the border drones had the ability to intercept electronic communications and identify human targets. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (May. 15, 2013)
- EPIC Asks House Committee to Press DOJ on News Media Subpoenas. For the House Judiciary Committee hearing on Oversight of the United States Department of Justice, EPIC has sent a letter to Committee Members regarding the surveillance of Associated Press reporters. EPIC asked the Committee to determine whether the Justice Department complied with regulations on news media subpoenas, which were enacted in 1980 after passage of the Privacy Protection Act. For more information, see EPIC: Privacy Protection Act of 1980 and EPIC: Warrantless Surveillance Program. (May. 15, 2013)
- EPIC Seeks Documents on Government's Authority to Search Journalists' Email. EPIC has filed a Freedom of Information Act request with the Department of Justice Office of Legal Counsel, seeking documents explaining the DOJ's legal authority to search the electronic communications of reporters. Following news reports that the DOJ seized the telephone records of the Associated Press, EPIC's request seeks to discover the legal basis for the action as well as whether the DOJ could obtain the email or text messaging records of journalists. In 2005, EPIC filed the first FOIA request concerning the government's "warrantless wiretapping". EPIC eventually obtained emails and a memo (pdf) from a former high-level Justice Department official expressing doubt about the government's argument in favor of the legality of the program. EPIC also obtained internal messages (pdf) from the NSA's director to agency staff, defending the NSA's warrantless eavesdropping and discouraging employees from discussing the issue with the news media. For more information, see EPIC: Open Government, EPIC: New York Times v. DOJ. (May. 14, 2013)
- EPIC to Honor Senators Paul and Wyden, AP Reporter Mendoza, Consumer Advocate Grant, and Privacy Scholar Flaherty. EPIC has announced the recipients of the 2013 EPIC Champion of Freedom Awards. They are Senator Rand Paul, Senator Ron Wyden, and AP Reporter Martha Mendoza. Susan Grant will receive the EPIC Privacy Advocate award and David Flaherty will receive the EPIC Lifetime Achievement Award. The awards are given annually to courageous individuals who have defended privacy, open government, and democratic values. Previous recipients include federal judges, members of Congress, journalists, litigators, advocates, and philanthropists. The first EPIC Champion of Freedom Award was given to Senator Patrick Leahy in 2004. The 2013 award recipients will be honored at the EPIC Champion of Freedom Awards dinner in Washington, DC, Monday June 3, 2013. Tickets available. (May. 14, 2013)
- On Proposed Trade Agreement, EPIC Says Keep Privacy Off the Table. EPIC has submitted comments to the U.S. Trade Representative addressing the Transatlantic Trade and Investment Partnership, a proposed trade agreement between the US and the European Union. In its comments, EPIC recommended that the TTIP negotiations exclude consumer privacy and data policy. Mindful of the US' progress in recent years on developing the Consumer Privacy Bill of Rights and the EU's General Data Protection Regulation, EPIC cautioned the USTR that an attempt to harmonize existing privacy regulations would not end well. If provisions about cross-border data flows arises, EPIC urged the USTR to ensure that consumers are given the highest level of privacy protections. EPIC also recommended that all drafts of negotiating texts be made publicly available since previous negotiating documents in similar trade agreement negotiations have been kept secret. EPIC has recently begun a new FOIA project to obtain information about the statements of US officials who participate in international negotiations concerning privacy and data protection. For more information, see EPIC: TTIP. and EPIC: Open Government. (May. 10, 2013)
- White House Launches Open Data Project. The President issued an Executive Order and memorandum this week outlining the administration's new "Open Data Policy." According to the White House, the goal is to make information "accessible, discoverable, and usable by the public" and to "promote interoperability and openness." The Executive Order states that agencies should also "safeguard individual privacy, confidentiality, and national security." The White House has launched Project Open Data, a collection of code, tools, and case studies to help agencies adopt the open data policy. An article in Foreign Policy this week "Think Again: Big Data" raises provocative questions about the actual value of "Big Data." For more information on Open Government issues, see: EPIC: Open Government and EPIC: Privacy Act. (May. 10, 2013)
- Court Permits Police Use of Phony Cell Phone Tower. A federal court in Arizona has denied a motion to suppress evidence gathered by "StingRay" surveillance technology. The court in United States v. Rigmaiden held that investigators did not violate the Fourth Amendment. The court also held that the government's use of a cell site simulator or StingRay device was supported by a "mobile tracking device" warrant. EPIC recently argued that users have a reasonable expectation of privacy in the location of their mobile devices, and has also received hundreds of pages of documents related to the FBI's use of StingRay technology. For more information, see EPIC v. FBI: StingRay and EPIC: State v. Earls. (May. 10, 2013)
- Coalition of Organizations Call for Greater Accountability for E-Verify. Numerous organizations across the political spectrum have urged Congress to reduce the error rate for the employment verification system "E-Verify". A bill now pending in Congress will mandate employer verification of an all employees’ eligibility to work in the United States. In testimony before Congress in 2007, EPIC warned of inaccurate employment determinations in the E-Verify system. EPIC also cautioned against straining the resources of the Social Security Administration and the aggregation of employment data into a central location. In June 2011, EPIC filed comments with the Department of Homeland Security in opposition of the proposed expansion of E-Verify. For more information, see EPIC: E-Verify and Privacy and EPIC: Spotlight on Surveillance - E-verify System. (May. 9, 2013)
- .
"Our Startlingly Limitless Surveillance State"
Marc Rotenberg,
EPIC Executive DirectorHuffPost Live
(May. 8, 2013)
May 8, 2013 - EU Citizens Launch "Naked Citizen Campaign" to Safeguard Privacy. Objecting to business efforts to block updates to European Union data protection laws, a coalition of European Internet rights, freedom and privacy organizations have launched the Naked Citizen campaign. The organizations stated, "The campaign is a response to the unprecedented lobbying from tech companies, the US Government and the advertising industry. They are all trying to weaken the Regulation and make it easier for companies to use personal information in opaque, unaccountable ways." The groups published a new report -- "Don't let corporation strip citizens of their right to privacy" -- which describes the need to adopt stronger data protection rights. US consumer organizations have expressed support for the effort to modernize European Union privacy law. EPIC also supports US ratification of the Council of Europe Privacy Convention. For more information, see EPIC - EU Data Protection Directive and EPIC - Council of Europe Privacy Convention. (May. 8, 2013)
- .
The Use of Robotic Aircraft in Law Enforcement
Amie Stepanovich,
(May. 15, 2013)
Director, EPIC Government Surveillance Program - Senate Confirms Chairman of Privacy and Civil Liberties Oversight Board. Today the Senate voted to confirm David Medine as the Chairman of the Privacy and Civil Liberties Oversight Board (PCLOB), an agency established to review executive branch actions and to protect privacy and civil liberties after 9/11. EPIC urged the creation of an independent privacy agency after 9/11. At the first meeting of the agency in 2012, EPIC set out several priorities for PCLOB, including (1) suspension of the fusion center program, (2) limitations on CCTV surveillance, (3) removal of airport body scanners, (4) establishing privacy regulation for drones, (5) updating data disclosure standards, and (6) ensuring Privacy Act adherence. For more information, see EPIC: The 9/11 Commission Report and EPIC: The Sui Generis Privacy Agency. (May. 7, 2013)
- FTC Rejects Industry Effort to Delay Children’s Privacy Rules. The Federal Trade Commission has rejected an effort by several trade groups to delay implementation of the Children’s Online Privacy Protection Act Rule, currently scheduled to take effect on July 1. In voting unanimously to retain the date, the FTC noted that it had given covered entities at least 6 months to prepare for the Rule and that industry had "not raised any concrete facts to demonstrate that a delay is necessary." The new Rule expands the definition of personal information to include geolocation information and persistent identifiers (or cookies), and prevents third-party advertisers from secretly collecting children's personal information without parental consent for behavioral advertising purposes. EPIC joined a coalition of consumer, privacy, and children's advocates in urging the FTC to keep the original implementation date. EPIC also commented in support of both the proposed rule, and a revised version introduced in August 2012. The revised rule follows a report by the FTC finding that many child-directed mobile apps did not disclose their data practices. For more information, see EPIC: FTC and EPIC: Children's Online Privacy. (May. 6, 2013)
- 2012 FISA Orders Up, National Security Letters Down, No Surveillance Request Denied. According to the 2012 Foreign Intelligence Surveillance Act (FISA) Report, the Department of Justice submitted 1,856 applications to the Foreign Intelligence Surveillance Court (FISC), a 6.4% increase over 2011. Of the 1,856 search applications, 1,789 sought authority to conduct electronic surveillance. The FISC did not deny any of the applications, although one was withdrawn by the Government. However, the FISC did make modifications to 40 of the applications, including one from the 2011 reporting period. In addition to the FISA orders, the FBI sent 15,229 National Security Letter requests for information concerning 6,223 different U.S. persons. This is a modest decrease from the 16,511 requests sent in 2011. Almost no information is available about FISA surveillance beyond the figures contained in the annual FISA letter, sent to the Senate each year by the Department of Justice, Office of Legislative Affairs. EPIC has recommended greater reporting of FISC applications and opinions, similar to what is disclosed in the Federal Wiretap Reports. For more information, see EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2012 and EPIC: Foreign Intelligence Surveillance Act. (May. 2, 2013)
- Supreme Court Upholds Residents-Only Provision in Virginia Open Records Law. The Supreme Court ruled today that Virginia's freedom of information law, which allows only Virginia residents to pursue open government requests, does not violate the U.S. Constitution. Petitioners argued that the law impermissibly burdened out-of-state residents ability to provide open records services to clients, to purchase and transfer Virginia property, to access Virginia court proceedings, and to access important public information. But the Court found in McBurney v. Young that the majority of state records were available to non-residents in some form and that there was no fundamental "right to access public information" at the time the Constitution was adopted. EPIC and other open government groups filed a amicus brief arguing that residents-only provisions limit public access to information necessary for political advocacy. In 2008, EPIC obtained documents from Virginia revealing an agreement to limit oversight of a state fusion center. For more information, see EPIC: McBurney v. Young and EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill. (Apr. 29, 2013)
- EPIC Pursues Public Release of Facebook and MySpace Privacy Reports. EPIC has submitted Freedom of Information Act requests for the release of the privacy assessments of Facebook and MySpace submitted to the Federal Trade Commission. As a result of privacy violations, both companies are required to implement comprehensive privacy programs and submit to independent, biennial evaluations for 20 years. Previously, EPIC obtained a copy of Google's initial privacy assessment that redacted information about the standards by which the assessment was completed, the test procedures used to assess the effectiveness of Google's privacy controls, the procedures Google uses to identify privacy risks, and the types of personal data Google collects from users. The FTC settlements with Facebook and Google arose from complaints brought by EPIC and other consumer organizations. In comments to the agency on the proposed settlements, EPIC recommended that the privacy assessments be publicly available. For more information, see EPIC: Federal Trade Commission and EPIC: Open Government. (Apr. 26, 2013)
- House Subcommittee Considers Geolocation Privacy. The House Subcommittee on Crime, Terrorism, Homeland Security, and Investigations today heard testimony today on proposed Geolocation Privacy safeguards for the collection and use of location data generated by cellphones and other devices. As EPIC recently noted in a letter to the House Judiciary committee, and testimony before the Maryland House of Delegates and Texas House of Representatives on similar bills, ECPA does not protect location records; courts are divided on whether such records are protected by the Fourth Amendment. For more information, see EPIC: Locational Privacy. (Apr. 26, 2013)
- Senate Committee Clears Update to Email Privacy Law. The Senate Judiciary Committee has approved a bill that would update the Electronic Communications Privacy Act, a 1986 law that provides privacy protections for email and digital communications. The update, sponsored by Senator Patrick Leahy (D-VT) and co-sponsored by Senator Mike Lee (R-UT), would extend protections to communications that are stored in the cloud. Earlier this year, the Supreme Court declined to review a decision by the South Carolina Supreme Court which held that ECPA does, protect emails stored on remote computer servers. EPIC, joined by 18 national organizations filed an amicus brief, urging the Supreme Court to clarify the scope of e-mail privacy protections. In March, EPIC sent a letter to the House Judiciary Committee, recommending a comprehensive review of the law. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Jennings v. Broome. (Apr. 26, 2013)
- EPIC Obtains News Information on TSA Body Scanner Program. The Transportation Security Administration was forced to disclose additional information regarding the Agency's controversial body scanner program after EPIC prevailed in a lawsuit against the Agency. In March 2013, Judge Royce Lamberth held that the Agency had unlawfully redacted certain information from records released to EPIC under the Freedom of Information Act containing details on software modifications made to the scanners. In response to a separate lawsuit filed against the Department of Homeland Security regarding the Agency's authority to deploy the devices, the TSA has initiated a process to allow the public to comment on the program. EPIC is recommending that the TSA adopt more effective screening procedures. For more information, see and EPIC v. DHS (Suspension of Body Scanner Program). (Apr. 10, 2013)
- DHS Releases Revises Privacy Impact Assessment on Internet Monitoring Program . The Department of Homeland Security has released a Privacy Impact Assessment for Einstein 3 - Accelerated. Einstein 3 is a government cybersecurity program that monitors Internet traffic. The monitoring includes scanning email destined for .gov networks for malicious attachments and URLs. According to DHS, the basis of the government’s authority to perform the monitoring is National Security Presidential Directive 54. EPIC is pursuing FOIA litigation to force the government to release the Directive to the public. For more information, see EPIC v. NSA - Cybersecurity Authority. (Apr. 24, 2013)
- EPIC FOIA Request Reveals Details About Government Cybersecurity Program. New documents obtained by EPIC in a Freedom of Information Act lawsuit reveal that the Department of Defense advised private industry on how to best circumvent federal wiretap law. The documents concern a collaboration between the Defense Department, the Department of Homeland Security, and private companies to allow government monitoring of private Internet networks. Though the program initially only applied to defense contractors, an Executive Order issued by the Obama administration earlier this year expanded it to include other "critical infrastructure" industries. The documents obtained by EPIC also cited NSPD 54 as one source of authority for the program. NSPD 54 is a presidential directive issued under President Bush that EPIC is pursuing in separate FOIA litigation. For more information, see EPIC: EPIC v. DHS (Defense Contractor Monitoring), and EPIC: EPIC v. NSA - Cybersecurity Authority. (Apr. 24, 2013)
- Public Opposes TSA Nude Body Scanners. Following a court mandate that the Transportation Security Administration receive public comment on airport body scanners, the public overwhelmingly opposes invasive nude body scanners. The court mandate was in response to EPIC's lawsuit in EPIC v. DHS, where EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. The TSA will accept comments until June 24, 2013. The public has submitted almost 2,000 comments noting various problems with the scanners, including privacy violations, potential health risks, and the machine's inability to accurately detect threats. EPIC has recently filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanner radiation risks and threat detection software. For more information, see EPIC: Comment on the TSA Nude Body Scanner Proposal, EPIC: Radiation Risks lawsuit, and EPIC: ATR lawsuit. (Apr. 23, 2013)
- EPIC to FAA: Establish Privacy Standards for Drone Use. EPIC has submitted comments to the Federal Aviation Administration, urging the agency to mandate minimum privacy standards for drone operators. In 2012, Congress told the Agency to implement a comprehensive plan to integrate drones into the National Airspace. Shortly after, EPIC, joined by over 100 other organizations, experts, and members of the public, petitioned the agency to address privacy in the integration process. EPIC's petition noted, "drones greatly increase the capacity for domestic surveillance." In February 2013, the Agency responded to EPIC's petition, announcing it would "address [privacy issues] through engagement and collaboration with the public." As a result, the FAA published a Notice with proposed privacy requirements for drone operators. EPIC recommended that the FAA mandate the proposed privacy standards, which are based on Fair Information Practices, and maintain a public database of all drone operators. For more information, see EPIC: Domestic Unmanned Aerial Vehicles and Drones. (Apr. 23, 2013)
- Polls Show Little Support for Expanding Government Surveillance. Polls conducted by Fox News and the Washington Post following the bombing in Boston last week show little support for changes in the scope of government surveillance. According to Fox News, when asked "Would you be willing to give up some of your personal freedom in order to reduce the threat of terrorism?" for the first time since before 9/11, more said they would not (45%) as compared with those who said they would (43%). A Washington Post poll indicated that the public was more concerned (48%) that the government would go too far to investigate terrorism than that it would not go far enough (41%). A Rassmusen Poll conducted of likely voters found that more than half of the respondents — 54 percent — said economic threats were a greater danger to the country than terrorism. According to 538, that is "almost unchanged from a Rasmussen survey conducted in late January, more than two months before the bombs were detonated in Boston near the marathon finish line." For more information, see EPIC, Public Opinion on Privacy. (Apr. 23, 2013)
- Froomkin, Kaplan, "Spaf," and Wu Join EPIC Advisory Board. EPIC has announced the 2013 members of the EPIC Advisory Board. They are Michael Froomkin, Distinguished Professor of Law at the University of Miami School of Law; Sheila Kaplan, student privacy advocate and founder of Education New York; Eugene Spafford, a/k/a/ "Spaf," professor of Computer Science at Purdue University; and Tim Wu, professor at Columbia Law School and author of "The Master Switch." The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Joining the EPIC Board of Directors in 2013 are current Advisory Board members David Farber, Joi Ito, and Jeff Jonas. For more information, see EPIC: EPIC Advisory Board. (Apr. 23, 2013)
- EPIC Files Amicus Brief, Urges Disclosure of Secret Legal Memos. EPIC, joined by seven open government organizations, has filed a "friend of the court" brief urging a federal appeals court to order the government to disclose the legal authority for drone strikes. The case, New York Times v. Department of Justice, asks whether the administration is required, under the Freedom of Information Act, to disclose legally binding opinions from the DOJ's Office of Legal Counsel. EPIC's brief argues that these opinions cannot be withheld under the FOIA. "By withholding these legal opinions, which direct the actions of the government and impact private parties, the Department is establishing secret law that is antithetical to democratic governance." For more information, see EPIC: New York Times v. DOJ and EPIC: Open Government. (Apr. 23, 2013)
- Consumer Groups Oppose Delay for New Children’s Privacy Rules. A group of consumer, privacy, and children's advocates wrote to the Federal Trade Commission to oppose an industry effort to delay implementation of the new Children's Online Privacy Protection Act rule. The groups noted that two-and-a-half years have passed since the Commission proposed the updates to COPPA. They said there was no "compelling reason for giving the industry more time to comply with the law." The new Rule expands the definition of personal information to include geolocation information and persistent identifiers (or cookies), and prevents third-party advertisers from secretly collecting children's personal information without parental consent for advertising purposes. EPIC previously commented in support of the proposed rule and a revised version. The new safeguards follow a report by the FTC finding that many child-directed mobile apps conceal their data collection practices. For more information, see EPIC: FTC and EPIC: Children’s Online Privacy. (Apr. 23, 2013)
- White House Releases Unclassified Summary of Presidential Cybersecurity Directive. The White House has released an unclassified summary of Presidential Policy Directive 20. The Policy Directive sets out the cybersecurity authority of the National Security Agency in the United States and has raised concerns about government surveillance of the Internet. The existence of the Directive was detailed in a story in the Washington Post in 2012, and EPIC immediately pursued the public release of the document. According to the White House, PPD-20 "established principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools." EPIC is still pursuing the release of the full document. For more information see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (NSPD 54). (Apr. 19, 2013)
- EPIC Appeals FOIA Decisions Concerning Body Scanner Information. EPIC has filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanners from the Department of Homeland Security and the Transportation Security Administration. EPIC filed FOIA requests with the agencies seeking records related to radiation risks from body scanners and the threat detection software the machines use. The TSA is currently developing formal rules for the use of body scanners in response to a court order in one of EPIC's previous cases. Body scanners allow routine digital strip searches of individuals who are not suspected of any crime. For more information, see EPIC: Radiation Risks lawsuit and EPIC: ATR lawsuit, and EPIC: Suspension of Body Scanner Program. (Apr. 16, 2013)
- White House Threatens to Veto CISPA Unless Privacy Protections Improved. In a Statement of Administration Policy, the White House threaten to veto the controversial Cyber Intelligence Sharing and Protection Act (CISPA) unless more robust privacy and civil liberties protections are added and newly authorized information sharing goes through a civilian agency. EPIC joined a letter signed by a coalition of privacy and civil liberty organizations to urge the House Permanent Select Committee on Intelligence to open the markup process for CISPA. The markup for CISPA remained closed, and currently as drafted, CISPA would allow companies to disclose vast amounts of customer and client information to other companies and the government, including the National Security Agency, for "cybersecurity purposes." EPIC favors government transparency and is currently pursuing a lawsuit against the NSA stemming from a FOIA request for National Security Presidential Directive 54, which grants the NSA broad authority over computer networks in the United States. For more information, see EPIC: EPIC v. NSA - Cybersecurity Authority. (Apr. 16, 2013)
- DHS Reveals More Information on Covert Social Media Monitoring Program. The Department of Homeland Security has issued a Privacy Impact Assessment, updating information on its controversial social media monitoring program. As part of the program, DHS scours social media sites, including Twitter, Facebook, and Youtube, for public posts that contain words such as "cops," "police," "airport," "hacktivist," and "zombie." DHS then disseminates social media information it has collected to "federal, state, local, and foreign government and private sector partners." Although the Privacy Impact Assessment states DHS should only collect "relevant" social media information, the document also states that "any information posted publicly can be used by [DHS] in providing situational awareness and establishing a common operating picture." Recently, EPIC obtained a court order and an opinion in a Freedom of Information Act lawsuit against DHS, requiring the agency to turn over more documents about the monitoring of social media and Internet media organizations. For more information, see: EPIC: EPIC v. Department of Homeland Security: Media Monitoring. (Apr. 16, 2013)
- European Privacy Agencies Issue Report on Privacy and Big Data. Responding to growing interest in privacy and "big data," representatives of the data protection agencies in Europe have issued an opinion on the purpose limitation principles in the context of big data. The Article 29 Working Party recommends that personal data should be collected for "specified, explicit and legitimate purposes" and that personal data not be "further processed in a way incompatible with those purposes." The group also recommended that the proposed EU data protection regulation incorporate a list of factors to aid in determining compatible uses. Last fall, EPIC Executive Director Marc Rotenberg testified in support of the proposed reform before the European Parliament, and a group of transatlantic consumer organizations wrote a letter expressing their support. For more information, see EPIC: EU Data Protection Directive. (Apr. 16, 2013)
- EPIC's Rotenberg Urges State Attorneys General to Safeguard Consumer Privacy. Speaking at the annual conference of the National Association of Attorneys General, EPIC President Marc Rotenberg said that the state AG's cannot sit on the sidelines as consumers face increasing risks of identity theft, security breaches, and secretive profiling. Rotenberg said the onus shouldn’t be on consumers to keep up with every-changing policy practices. “There is no reason that a customer should have to go back and check their privacy settings when a company changes its business practice." The Attorneys General recently fined Google $7 m for violating state consumer protection laws when the companies vehicles, loaded with Internet packet sniffers, intercepted private residential communications. EPIC has also launched a promotional video "Good to Really Know" with information for consumers about online privacy. For more information, see EPIC: Consumer Privacy Bill of Rights and EPIC: Consumer Privacy. (Apr. 16, 2013)
- FTC Releases 2013 Report. The Federal Trade Commission has released its annual report for the period from April 2012-2013. The report begins with a description of the FTC’s accomplishments on consumer privacy, and lists the data-breach lawsuit against Wyndham, Google’s $22.5 million fine for tracking Safari users, settlements with the data brokers Equifax and Spokeo, and a survey of the credit reporting industry. EPIC has previously recommended that the FTC enforce its consent orders with Google and Facebook, require adoption of the Consumer Privacy Bill of Rights, and modify proposed settlements in response to public comment. For more information, see EPIC: Federal Trade Commission. (Apr. 16, 2013)
- FCBA Young Lawyers Committee - Apps: The Legal and Business Landscape.
FCBA Young Lawyers Committee - Apps: The Legal and Business Landscape
Alan Butler,
EPIC Appellate Advocacy CounselHogan Lovells US
(Apr. 16, 2013)
Washington, D.C.
April 16, 2013 - Supreme Court Will Not Review E-mail Privacy Case. In an order today, the U.S. Supreme Court has declined to review a decision concerning e-mail privacy. In Jennings v. Broome, the South Carolina Supreme Court held that the federal Electronic Communications Privacy Act (ECPA) does not protect emails stored on remote computer servers. As a result of this case, users in South Carolina have lesser privacy protections than those in California where a federal court reached the opposite conclusion. EPIC, joined by 18 national organization filed an amicus brief, urging the US Supreme Court to clarify the scope of e-mail privacy protections. For more information, see EPIC: Jennings v. Broome and EPIC: Electronic Communications Privacy Act. (Apr. 15, 2013)
- EPIC Comments on Federal Cybersecurity Framework. In response to a request for comments, EPIC submitted comments on the National Institute of Standards and Technology’s review to develop a cybersecurity framework. Pursuant to Executive Order 13636, the agency is charged with defining a cybersecurity framework for the federal government. EPIC supports civilian control of cybersecurity and privacy protections based on the Fair Information Practices. In the comments to NIST, EPIC emphasized the need for all federal agencies to comply with the Privacy Act and the Freedom of Information Act. For more information, see EPIC: Cybersecurity Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority). (Apr. 12, 2013)
- EPIC Sues FBI to Obtain Details of Massive Biometric ID Database. EPIC has filed a Freedom of Information Act lawsuit against the FBI to obtain documents about "Next Generation Identification", a massive database with biometric identifiers on millions of Americans. The EPIC lawsuit follows the FBI's failure to respond to EPIC's earlier FOIA requests for technical specifications and contracts. According to EPIC's complaint, "When completed, the NGI system will be the largest biometric database in the world." NGI aggregates fingerprints, DNA profiles, iris scans, palm prints, voice identification profiles, photographs, and other identifying information. The FBI will use facial recognition to match images in the database against facial images obtained from CCTV and elsewhere. For more information, see EPIC v. FBI - Next Generation Identification, EPIC: Biometric Identifiers and EPIC: Face Recognition. (Apr. 8, 2013)
- EPIC Supports Public Mark Up for Controversial Cyber Security Bill. EPIC joined a letter signed by a coalition of privacy and civil liberty organizations to urge the House Permanent Select Committee on Intelligence to open the markup process of the Cyber Intelligence Sharing and Protection Act (CISPA) to the public. CISPA suspends privacy safeguards so that companies can disclose vast amounts of customer and client information to the government, including the National Security Agency, for "cybersecurity purposes." Some in Congress believe that the proposal should be adopted in a secret committee meeting. EPIC favors government transparency and is currently pursuing a lawsuit against the NSA stemming from a FOIA request for National Security Presidential Directive 54, which grants the NSA broad authority over computer networks in the United States. For more information, see EPIC: EPIC v. NSA - Cybersecurity Authority. (Apr. 4, 2013)
- EPIC Comments on FTC's FOIA Procedures. EPIC has submitted comments to the Federal Trade Commission, supporting several of the agency's changes to its FOIA regulations. EPIC applauded the agency for reducing fees for requesters. EPIC also urged the Committee to: (1) update its definition for news media representative; (2) clarify which documents are public information and ensure that hyperlinks to those records work properly; (3) disclose private sector contract rates for FOIA processing; (4) refrain from prematurely closing FOIA requests; and (5) adopt alternative dispute resolution or arbitration when resolving delinquent FOIA fees. EPIC routinely comments on agency proposals that impact the rights of FOIA requesters. Last year, EPIC submitted extensive comments to theDepartment of Defense, warning the agency not to erect new obstacles for FOIA requesters. For more information, see EPIC: Open Government. (Apr. 4, 2013)
- Federal Appeals Court Rules that Government Agencies Must Make an Actual "Determination" in Response to FOIA Requests. The D.C. Circuit Court reversed a lower court decision and sided with the Citizens for Responsibility and Ethics in Washington in a case concerning an agency's obligation to respond to a Freedom of Information Act request. CREW argued that the Federal Election Commission's response to its FOIA request did not meet the statutory obligations of a "determination" under the Act. The federal appeals court held that an agency must make and communicate its determination whether to comply with a FOIA request, and which exemptions if any it will claim with respect to any withheld documents, within 20 working days of receiving the request, or within 30 days in exceptional circumstances. EPIC joined five other prominent open government groups in a "friend of the court" brief in support of CREW. For more information, see EPIC: Open Government. (Apr. 4, 2013)
- Spring 2013 Trustees Meeting: Building Trust in a Digital Age.
Spring 2013 Trustees Meeting: Building Trust in a Digital Age
Khaliah Barnes,
EPIC Administrative Law CounselMarketing Science Institute
(Apr. 11, 2013)
Boston, MA
April 11, 2013 - EU Takes Action Against Google for Privacy Policy Meltdown. Data protection agencies in six European countries have announced enforcement actions against Google. The agencies acted after Google ignored recommendations to comply with European data protection law. "It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," the French data protection authority said. The enforcement action follows from Google's March 2012 decision to combine user data across 60 Internet services to create detailed profiles on Internet users. Last year, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google that would have prohibited Google's changes in business practices. Google's revised privacy policies also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order. (Apr. 2, 2013)
- Court Rules for EPIC, Denies FBI Request for Delay in StingRay Case. A federal judge in Washington, DC today issued an Opinion denying the FBI's motion to delay the release of records sought under the Freedom of Information Act. The decision follows from a lawsuit filed by EPIC against the FBI for records about the agency's use of cell-site simulator technology, commonly referred to as "StingRay." These devices track cell phones and collect a vast amount of data from telephone customers. The Court found that the FBI was not facing the "exceptional circumstances" necessary to justify its proposed two-year delay. The Court ordered the agency to produce all records, except those subject to classification review, by August 1, 2013. For more information, see EPIC v. FBI - StingRay. (Mar. 28, 2013)
- EPIC Testifies in Austin on Texas Location Privacy Bill. EPIC's Appellate Advocacy Counsel Alan Butler testified before the Texas State Assembly on a privacy bill for telephone location data. The House bill, would establish a warrant requirement for location data and a comprehensive reporting requirement, similar to the federal wiretap reports. Mr. Butler discussed the need for clear rules governing location surveillance that satisfy Fourth Amendment standards, as well as the importance of public reporting and accountability. He also testified at a Senate Committee hearing on the proposal. EPIC recently submitted amicus briefs in State v. Earls and In re U.S. (5th Cir.) regarding location privacy. For more information, see EPIC: Locational Privacy. (Mar. 28, 2013)
- "Data Collection, Data Mining, Data Brokers and Consumer Privacy".
Marc Rotenberg
EPIC Executive Director"Privacy in the Digital Age"
(Apr. 14, 2013)
National Association of Attorneys General
Annual conference
National Harbor, MD
April 14, 2013 - Supreme Court Holds Dog Sniff at Doorway is a Search. The Supreme Court ruled today in Florida v. Jardines that the use of a drug-sniffing dog to investigate the front door of a home was a “search” within the meaning of the Fourth Amendment. “That the officers learned what they learned only by physically intruding on Jardines’ property to gather evidence is enough to establish that a search occurred,” Justice Scalia concluded. Justice Kagan, joined by Justices Ginsburg and Sotomayor, wrote a concurrence that explained that the case could have also been resolved by examining Jardines’ privacy interests. In Justice Kagan’s view, the use of device “not in general public use” to “explore the details of the home” violates a reasonable expectation of privacy and is therefore a search. EPIC filed an amicus brief in a related Supreme Court case, decide earlier this year. For more information, see EPIC: Florida v. Jardines and EPIC: Florida v. Harris. (Mar. 26, 2013)
- ASAP 6th Annual National Training Conference.
ASAP 6th Annual National Training Conference
Ginger McCall,
Director, EPIC Open Government ProgramASAP
(May. 15, 2013)
Arlington, VA
May 15, 2013 - Travel Surveillance, Traveler Intrusion.
"Travel Surveillance, Traveler Intrusion"
Ginger McCall,
Director, EPIC Open Government ProgramCATO Institute
(Apr. 2, 2013)
Washington, D.C.
April 2, 2013 - The National Security Law Brief's Fourth Annual Symposium.
The National Security Law Brief's Fourth Annual Symposium
Lillie Coney
EPIC Associate DirectorAmerican University Washington College of Law
(Mar. 28, 2013)
Washington, D.C.
March 28, 2013 - TSA Begins Court Ordered Rulemaking on Body Scanner Program, EPIC Urges Public Comment. The TSA announced today that it will begin a public comment process on its airport screening procedures. The action follows from a 2011 court order in EPIC v. DHS. In that case, the Federal Appeals Court for the DC Circuit found that the agency unlawfully deployed body scanners in US airports. In a proposed two-sentence change to the agency's extensive regulations, the TSA seeks to grant itself authority to continue to deploy Nude Body Scanners ("NBS") without establishing privacy safeguards. EPIC, which brought the successful challenging to the TSA program, is urging public comment on the agency proposal. EPIC is recommending that the TSA adopt more effective screening procedures. If the TSA continues with Nude Body Scanner program, EPIC said the agency should make clear the right of individuals to opt-out as well as require privacy filters for all devices. For more information, see EPIC v. DHS (Suspension of Body Scanner Program). (Mar. 26, 2013)
- Online Privacy: Consenting to Your Future.
Online Privacy: Consenting to Your Future
Ginger McCall,
Director, EPIC Open Government ProgramEuropean Commission
(Mar. 20, 2013)
Malta
March 20, 2013 - EPIC Petitions Government to Suspend Drone Surveillance Program. EPIC, joined by thirty organizations and more than a thousand individuals, has petitioned the Bureau of Customs and Border Protection to suspend the domestic drone surveillance program, pending the establishment of concrete privacy regulations. The petition states that "the use of drones for border surveillance presents substantial privacy and civil liberties concerns for millions of Americans across the country." The petition follows the revelation that the drones deployed by the federal agency are equipped with technology for signals interception and human identification. For more inform at ion, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Mar. 22, 2013)
- EPIC Petitions Government to Suspend Drone Surveillance Program. EPIC, joined by thirty organizations and more than a thousand individuals, has petitioned the Bureau of Customs and Border Protection to suspend the domestic drone surveillance program, pending the establishment of concrete privacy regulations. The petition states that "the use of drones for border surveillance presents substantial privacy and civil liberties concerns for millions of Americans across the country." The petition follows the revelation that the drones deployed by the federal agency are equipped with technology for signals interception and human identification. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Mar. 22, 2013)
- EPIC to Senate: Privacy Laws Needed for Drones in the US. At a Senate Judiciary Committee hearing on "the Future of Drones in America," EPIC Domestic Surveillance Project Director Amie Stepanovich testified in support of new privacy safeguards prior to the deployment of drones in the United States. Also testifying at the hearing were Professor Ryan Calo, and representatives of law enforcement and the drone industry. The hearing was well attended and Senators across the committee expressed support for the development of new privacy legislation. Documents obtained by EPIC under the Freedom of Information Act indicate that the federal government has deployed domestic drones with the ability to intercept electronic communication and to identity human targets. In response to the revelations, EPIC has petitioned the Bureau of Customs and Border Protection, demanding the suspension of the drone program pending the development of privacy regulations. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Mar. 21, 2013)
- Congressman Markey Introduces Drone Privacy Legislation. Congressman Markey has introduced the "Drone Aircraft Privacy and Transparency Act of 2013." The Bill sets out comprehensive transparency requirements for drone operators to protect privacy from unregulated drone surveillance. Under the terms of the bill, drone operators would be required to submit a detailed data collection and data minimization statement prior to obtaining a license to operate drones in the United States. The bill also states that surveillance by law enforcement agencies will require a warrant or extreme exigent circumstances.Congressman Markey said that privacy legislation is necessary to "prevent flying robots from becoming spying robots." For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Mar. 19, 2013)
- EPIC, Consumer Privacy Groups Call on FTC Chair to Appoint Consumer Advocate for Key Office. Over thirty privacy and consumer groups wrote to the FTC Chair Edith Ramirez, urging her to appoint a Director of the Bureau of Consumer Protection who is "independent of industry" and has a "well-established consumer rights and public interest background." The letter comes after the departure of former director David Vladeck. EPIC has also urged the Commission to require compliance with the Consumer Privacy Bill of Rights for companies that violate consumer privacy. For more information, see EPIC: Federal Trade Commission. (Mar. 19, 2013)
- EPIC Highlights Need for Broad Reform of Federal Privacy Law. In response to a request from the House Judiciary Committee, EPIC has recommended a comprehensive review of the federal communications privacy law. Congress will begin hearings this week on ECPA Part 1: Lawful Access to Stored Content. EPIC's letter to the Committee noted the recent settlement by the state Attorneys General with Google in the Street View matter and the reluctance of federal officials to pursue a similar investigation. EPIC also noted growing confusion in the lower courts about the application of the federal privacy law. Finally, EPIC pointed out that the current law provides inadequate protection for private location records. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Locational Privacy. (Mar. 18, 2013)
- EPIC to Testify at Senate Hearing on Drones and Domestic Surveillance. Amie Stepanovich, the Director of EPIC's Domestic Surveillance Project, will testify this week before the Senate Judiciary Committee on "the Future of Drones in America." The hearing will feature expert testimony from EPIC Advisory Board member Professor Ryan Calo. Documents recently obtained by EPIC under the Freedom of Information Act indicate that the Bureau of Customs and Border Protection has deployed drones in the United States with the ability to intercept electronic communication and to identity human targets. As a consequence, EPIC has launched a petition urging the agency to suspend the drone program pending the establishment of comprehensive privacy regulations. Following a similar petition from EPIC, the FAA recently agreed to establish privacy rules for drone deployment. For more information, see EPIC: Domestic Unmanned Aerial Vehicles and Drones. (Mar. 18, 2013)
- EPIC Sues Education Department, Seeks Documents about Debt Collectors and Student Privacy. EPIC has filed a Freedom of Information Act lawsuit against the Education Department, following the agency's failure to release documents about private debt collection and compliance with federal privacy law. The Department has contracts with at least twenty-three private debt collectors who obtain sensitive personal information, including contact information, loan status, income, Social Security number, and credit history. The Department is expected to publish a procedures manual that instructs debt collectors on privacy safeguards. The Department is also supposed to require debt collectors to submit compliance reports to the agency. EPIC's sought release of the procedures manual and compliance reports for the last three years. After the Department failed to disclose any records in response to the FOIA request, EPIC sued. For more information, see EPIC: Open Government and EPIC: Student Privacy. (Mar. 18, 2013)
- The Future of Drones in America: Law Enforcement and Privacy Considerations.
"The Future of Drones in America: Law Enforcement and Privacy Considerations"
Amie Stepanovich,
Director, EPIC Domestic Surveillance ProjectSenate Judiciary Committee
(Mar. 20, 2013)
Washington, D.C.
March 20, 2013 - Social Security Administration Considers Stronger Privacy Safeguards for SSNs of Children. The Social Security Administration seeks public comment on a proposal to assign new Social Security numbers to children age 13 and under. Currently, the agency may assign new SSNs only if it has evidence that "a third party has improperly used an adult's or child's SSN, the number holder was not at fault, and the number holders was recently disadvantaged by the misuse." Under the proposed policy, the agency would issue a new SSN to a child if: (1) the child's Social Security card is stolen in transit from the agency to the child's address; (2) the SSA erroneously discloses a child's SSN through the SSA's Death Master File; or (3) a third party misuses the child's SSN. The agency would no longer require evidence that the child was disadvantaged due to misuse in any of these situations. EPIC favors the proposed rule change. Public comments on the proposal are due April 12, 2013. EPIC has previously warned Congress about SSN fraud and the growing problem of identity theft. For more information, see EPIC: Social Security Numbers. (Mar. 18, 2013)
- Current FOIA Litigation --a survey of high-visibility current FOIA litigation cases and what can be learned from them.
Ginger McCall,
Director, EPIC Open Government ProjectThe Collaboration on Government Secrecy
(Mar. 18, 2013)
Washington, D.C.
March 18, 2013 - Federal Appeals Court Rejects "Neither Confirm Nor Deny" Defense for Government Secrecy. The Court of Appeals for the DC Circuit has ruled that the CIA must respond to an ACLU open government request for records pertaining to drone strikes. The CIA had said it could “neither confirm nor deny that it had responsive documents." The appeals court found that the agency itself had acknowledged it had such document. In EPIC v. NSA, a similar challenge to the "Glomar" response , the federal appeals court found that the agency had not acknowledged existence of documents responsive to a FOIA request even tough there were widespread news reports of a partnership between Google and the NSA. For more information, see EPIC: EPIC v. NSA: Google/NSA Relationship. (Mar. 15, 2013)
- Florida State University ACLU Lecture on Privacy and Government Surveillance.
Amie Stepanovich,
Director, EPIC Domestic Surveillance ProjectFlorida State University College of Law
(Apr. 1, 2013)
Tallahasee, FL
April 1, 2013 - The Government and Your Personal Information - Balancing Privacy, National Security and the Public Interest.
Amie Stepanovich,
EPIC Associate Litigation CounselFederal Communications Bar Association
(Mar. 20, 2013)
Washington, D.C.
March 20, 2013 - "TSA Profiling of Airline Passengers".
Marc Rotenberg,
EPIC Executive DirectorOn Point with Tom Ashbrook
(Mar. 13, 2013)
NPR
March 13, 2013 - States Fine Google for Street View Privacy Violations. Attorneys general for 38 states and the District of Columbia today reached a "$7 Million Settlement" with Google over consumer protection and privacy claims. The company engaged in the unauthorized collection of data from wireless networks, including private WiFi networks of residential Internet users. A detailed Assurance of Voluntary Compliance, setting out the terms of the settlement, is now available. In 2010, EPIC urged the Federal Communication Commission to investigate the Google Street View program after it became clear that Google had intercepted the private communications of millions of users of wi-fi networks in the United States. EPIC subsequently pursued FOIA requests regarding the FCC and the Department of Justice investigations. Federal wiretap claims concerning Street View are still pending in federal court. For more information, see EPIC: Investigations of Google Street View and EPIC: Joffe v. Google. (Mar. 12, 2013)
- EPIC Publishes 2013 FOIA Gallery, Highlights Documents Obtained Under Open Government Law. In celebration of Sunshine Week, EPIC has published the 2013 EPIC FOIA Gallery. The gallery highlights key documents obtained by EPIC in the past year, such as previously secret documents about cell phone traffic monitoring, domestic drones that identify human targets and intercept electronic communications, Google's interception of WiFi transmissions, DHS monitoring of Twitter, technology that can scan crowds at a molecular level, and the government's use of license plate datas. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of government documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more information, see EPIC: Open Government and EPIC Bookstore: FOIA. (Mar. 12, 2013)
- E-verify, Privacy Rights and Racial Profiling.
E-verify, Privacy Rights and Racial Profiling
Lillie Coney,
EPIC Associate DirectorRights Working Group
(Mar. 12, 2013)
Teleconference
March 12, 2013 - EPIC Prevails in Two FOIA Cases, Obtains Further Details on Body Scanners. A federal judge has granted EPIC victories in two Freedom of Information Act cases involving the controversial airport body scanners. Judge Royce Lamberth in Washington, DC held that the Department of Homeland Security must turn over two safety reports detailing radiation output by the scanners and a set of power point slides containing details on automated target recognition software. The agency previously claimed it was not required to release the documents to EPIC. EPIC has pursued several related Freedom of Information Act cases as a challenge to the deployment of the devices. In 2011, the DC Circuit of Appeals ruled in EPIC v. DHS that the agency must receive public comments on the decision to deploy body scanners for primary screening. For more information see: EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program). (Mar. 8, 2013)
- "Differential Privacy: Law and Policy".
Marc Rotenberg,
EPIC Executive DirectorCardozo Law School
(Mar. 7, 2013)
New York City
Marc 7, 2013 - Open Government in the Second Term.
"Open Government in the Second Term"
Ginger McCall,
EPIC Open Government DirectorEPIC and the Center for Effective Government
(Mar. 12, 2013)
Washington, DC
March 12, 2013 - EPIC Launches Petition to Suspend Government Drone Program. EPIC has published a petition to the Bureau of Customs and Border Protection, demanding the suspension of the drone program pending the development of privacy regulations for the use of drones in US airspace. Documents recently obtained by EPIC under the Freedom of Information Act indicate that the drones are equipped with technology for signals interception and human identification. The agency currently operates ten Predator B drones along the border region, an area that encompasses more than two-thirds of the U.S. population. EPIC is urging individuals and organizations to Sign the Petition before March 18. Under federal law, the agency is required to respond to public petitions. For more information see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones and EPIC: Drone Petition to Customs and Border Protection. (Mar. 4, 2013)
- EPIC Prevails in Social Media Monitoring FOIA Suit. EPIC has obtained a court order and an opinion in a Freedom of Information Act lawsuit against the Department of Homeland Security, requiring the agency to turn over more documents about the monitoring of social media and Internet media organizations. EPIC had previously obtained several hundred pages of documents, revealing that the agency monitors the internet for reports that “reflect adversely” on the agency or the federal government. EPIC also obtained a list of very broad search terms used by the agency to monitor social media. As a result of EPIC’s findings, Congress held a hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy." For more information see: EPIC: EPIC v. Department of Homeland Security: Media Monitoring. (Mar. 4, 2013)
- EPIC Testifies Before Maryland Legislature on Location Privacy. EPIC Appellate Advocacy Counsel Alan Butler testified before the Maryland House Judiciary Committee on H.B. 887, a location privacy bill that will establish a search warrant requirement for the collection of private location information. Mr. Butler discussed the current state of location tracking and privacy under the state and federal constitutions. The Maryland bill will require a warrant for location tracking and an annual report on electronic surveillance reports, similar to the federal wiretap reports. EPIC recently submitted amicus briefs in State v. Earls and In re US regarding location privacy. For more information, see EPIC: Locational Privacy and EPIC: State v. Earls. (Feb. 28, 2013)
- EPIC Sues DHS for Information about "Internet Kill Switch". EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security, following the agency's failure to produce any documents about the "Emergency Wireless Protocols," (Standard Operating Procedure 303 or "SOP 303"). SOP 303 describes the process that DHS would follow in order to execute a communications shutdown in the event of a national crisis. DHS has stated publicly under SOP 303 an agency component "will function as the focal point for coordinating any actions leading up to and following the termination of private wireless network connections, both within a localized area, such as a tunnel or bridge, and within an entire metropolitan area." But in response to EPIC's FOIA request, DHS wrote that it was "unable to locate or identify any responsive records." For more information, see EPIC: Open Government. (Feb. 28, 2013)
- EPIC FOIA - US Drones Intercept Electronic Communications and Identify Human Targets. New records obtained by EPIC under the Freedom of Information Act indicate that the Bureau of Customs and Border Protection is operating drones in the United States capable of intercepting electronic communications. The records also suggest that the ten Predator B drones operated by the agency have the capacity to recognize and identify a person on the ground. Approximately, 2/3 of the US population is subject to surveillance by the CBP drones. The documents were provided in response to a request from EPIC for information about the Bureau's use of drones across the country. The agency has made the Predator drones available to other federal, state, and local agencies. The records obtained by EPIC raise questions abut the agency's compliance with federal privacy laws and the scope of domestic surveillance. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Feb. 28, 2013)
- Court Denies Appeal in Cy Pres Matter Over Objection that Settlement Fails to Provide Relief to Class Members. The Ninth Circuit has refused to hear an appeal in a case involving a class-action lawsuit over Facebook’s Beacon program, which disclosed personal information without user consent. "Cy pres" ("as near as possible") is a legal doctrine that allows courts to allocate funds to protect the interests of individuals when there is a class action settlement. Courts typically provide cy pres awards that reflect the reason for the litigation and are aligned with the interests of class members. In the Facebook case the court chose instead to provide the funds to a new foundation created by Facebook, which was appealed. Six judges dissented from the denial, writing that "the majority in this case creates a significant loophole in our case law that will confuse litigants and judges, while endorsing cy pres settlements that in no way benefit class members." EPIC previously highlighted the dangers of improper cy pres distributions in settlements. For more information, see EPIC: Fraley v. Facebook, EPIC: Lane v. Facebook, and EPIC: In re: Google Buzz. (Feb. 28, 2013)
- Supreme Court Blocks Challenge to FISA Surveillance. The Supreme Court ruled today in Clapper v. Amnesty Int'l USA that a constitutional challenge to the Foreign Intelligence Surveillance Act (FISA) cannot go forward. A group of attorneys and journalists alleged that the U.S. government could be intercepting their communications with their foreign contacts, in violation of the Fourth Amendment. In a divided 5-4 decision, Justice Alito wrote that the group's alleged injuries were too speculative to be considered. Justice Breyer, joined by Justices Ginsburg, Kagan, and Sotomayor, dissented and said that the Court's "certainly impending" standard was inconsistent with prior decisions. Justice Breyer also cited EPIC's "friend of the court" brief which described the extraordinary capacity of the NSA to capture private communications. For more information, see EPIC: Clapper v. Amnesty Int'l USA and EPIC: FISA. (Feb. 27, 2013)
- FTC Approves Final Settlement over Consumer Tracking, Fails to Enforce FIPs or Suggest Best Practices for Anonymization. The Federal Trade Commission adopted a proposed settlement with Compete, Inc., over allegations that Compete failed to adopt reasonable data security practices and deceived consumers about the amount of personal information that its toolbar and survey panel would collect. The FTC also charged Compete with deceptive practices for falsely claiming that the data it kept was anonymous. The settlement requires Compete to obtain consumers' express consent before collecting any data through its software, to delete personal information already collected, and to provide directions for uninstalling its software. In comments to the agency, EPIC recommended that the FTC also require the Compete to implement Fair Information Practices similar to those contained in the Consumer Privacy Bill of Rights, and develop a best practices guide to de-identification techniques. The FTC declined to adopt EPIC’s recommendations, stating that it "does not provide specific technical guidance in areas like [anonymization], which are constantly changing," and "may not impose additional obligations that are not reasonably related to such conduct or preventing its recurrence." For more information, see EPIC: Federal Trade Commission and EPIC: Re-Identification. (Feb. 26, 2013)
- Supreme Court to Hear Arguments On Warrantless DNA Collection. Today the U.S. Supreme Court will arguments on whether the Fourth Amendment allows warrantless, suspicion less DNA collection from anyone arrested, but not convicted, of a "serious crime." In Maryland v. King, Maryland will argue that states should be permitted to use DNA to investigate cold cases even when the arrestee is not a suspect. King will explain that the Fourth Amendment requires a probable cause warrant for routine law enforcement investigations. EPIC filed a "friend of the court" brief, joined by the 27 technical experts and legal scholars, that describes how DNA collection and use "has grown dramatically and unpredictably over time." EPIC has asked the U.S. Supreme Court to affirm the decision of the Maryland Supreme Court, which held that a warrant is required for the collection of a DNA sample. For more information, see EPIC: Maryland v. King and EPIC: Genetic Privacy. (Feb. 26, 2013)
- ACLU Youth Open Mike on Internet Privacy.
ACLU Youth Open Mike on Internet Privacy
Khaliah Barnes,
EPIC Administrative Law CounselACLU of the Nation's Capital
(Feb. 22, 2013)
Washington, DC
February 22, 2013 - DHS Working Group to Consider Privacy Impact of Drones. The Department of Homeland Security has released a previously internal memo regarding the establishment of a working group to "Safeguard Privacy, Civil Rights, and Civil Liberties in the Department's Use and Support of Unmanned Aerial Systems" (drones). The memo states, "[t]he overarching goal of the working group is to determine what policies and procedures are needed to ensure that protections for privacy, civil rights, and civil liberties are designed into DHS and DHS-funded [drone] programs." DHS has developed a program to explore the expansive use of small drones for law enforcement. Customs and Border Protection currently operates 10 Predator B drones in the United States. In testimony before Congress in July 2012, EPIC said that federal agencies operating drones should adopt privacy regulations. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Feb. 21, 2013)
- CLHE Webinar: The Legal Challenge to the Latest FERPA Regulations: EPIC v. United States Department of Education.
Khaliah Barnes,
EPIC Administrative Law CounselCouncil on Law in Higher Education Webinar
(Feb. 21, 2013)
February 21, 2013 - EPIC Thanks Congress for FOIA Oversight, Calls for Renewed Attention to Transparency. EPIC, along with more than 40 transparency organizations, thanked the House Committee on Oversight for sending a letter to the Department of Justice about the importance of the Freedom of Information Act. The open government organizations said "outdated FOIA regulations, excessive fee assessments, growing FOIA backlogs, and the misuse of exemptions are issues that continually frustrate FOIA requesters" and expressed hope that the Committee would share the Department of Justice's responses with the public. EPIC also joined more than two dozen transparency groups in a letter to President Obama, asking him to renew his commitment to transparency and FOIA. The President issued a memorandum on Transparency and Open Government in 2009.For more information see: EPIC: Open Government. (Feb. 20, 2013)
- Debate Over The Use Of Domestic Drones.
"Debate Over The Use Of Domestic Drones"
Marc Rotenberg,
EPIC Executive DirectorThe Diane Rehm Show
(Feb. 20, 2013)
NPR / WAMU
February 20, 2013 - NAAG 2013 Winter/Spring Meeting.
NAAG 2013 Winter/Spring Meeting
Ginger McCall.
EPIC Open Government Project DirectorNational Association of Attorneys General
(Feb. 25, 2013)
February 25-27
Washington, D.C. - "Sniff up to snuff," says Supreme Court in Drug-detecting Dog Case. The Supreme Court ruled today in Florida v. Harris that the police may use drug detection dogs to conduct searches without a warrant even when the dog finds drugs they are not trained to detect. The Florida Supreme Court had ruled that the search was unlawful because the State failed to provide field performance records to establish the dog's reliability. The U.S. Supreme Court unanimously reversed in an opinion written by Justice Elena Kagan, rejecting the Florida court's "inflexible checklist" of necessary evidence in favor of a more flexible, "common-sensical standard." EPIC filed an amicus curiae brief in the case, arguing that "investigative techniques should be used based on research, testing, and data indicating reliability." EPIC cited a recent National Academy of Sciences report highlighting the lack of reliable standards for investigative techniques. Late last week, the Department of Justice announced a new initiative to improve forensics reliability. For more information, see EPIC: Florida v. Harris. (Feb. 19, 2013)
- Cellular phones and mobile privacy: Direct government surveillance (Stingrays).
Cellular phones and mobile privacy: Direct government surveillance (Stingrays)
Alan Butler,
EPIC Appellate Advocacy CounselYale Law School
(Mar. 3, 2013)
New Haven, CT
March 3, 2013 - Europe Prepares Action Against Google. The French Data Protection Commissioner, acting on behalf of the European Union, announced it will take action against Google after the company failed to reply to questions about its handling of user information. In October 2012, officials representing 24 countries in Europe sent a letter requiring Google to comply with European data protection laws, and give users greater control over their personal information. The action followed an investigation triggered by the collapse of the Google privacy policy in March 2012, which allowed the company to combine user data across 60 Internet services. Last year, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google. Google’s policy consolidation also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order. (Feb. 19, 2013)
- EPIC Challenges Secret Statute in Open Government Case. EPIC has opposed the Department of Justice's reliance on secret legal authority in a Freedom of Information Act lawsuit. In EPIC v. DOJ et. al, EPIC is seeking information about government surveillance of individuals who have exercised their First Amendment rights and expressed interest in WikiLeaks, an Internet-based media organization. The Department of Justice has withheld from disclosure certain information responsive to the EPIC request but will not reveal the legal basis for its decision. In opposing the government filing, EPIC said that secret law "poses unique concerns to democratic governance and undermines the purpose of the FOIA." For more information, see EPIC: EPIC v. DOJ (Wikileaks) and EPIC: Open Government. (Feb. 19, 2013)
- EPIC Obtains DHS Body Scanner Training Manuals, New Questions About Absence of Privacy Safeguards. In response to an EPIC FOIA request, the Department of Homeland Security has released documents about the use of body scanners by the US Secret Service. EPIC sought information about the types of images that body scanners capture, the length of time the images can be stored, and safeguards for maintaining the integrity and security of the captured images. EPIC also asked about radiation body scanner radiation risks. EPIC received the contract of sale between the Government and Rapiscan, the body scanner manufacturer; and the Secret Service’s training manuals for instructing new recruits on the operation of body scanners. The training materials make no mention of data privacy. For more information, see EPIC: EPIC v. DHS and EPIC: Body Scanners. (Feb. 15, 2013)
- EPIC Obtains Documents Detailing Data Collection on US Citizens for Counterterrorism Center. As a result of a Freedom of Information Act lawsuit, EPIC has obtained previously secret training slides from the Office of the Director of National Intelligence detailing the agency's guidelines for collection, dissemination, and retention of information about United States citizens. EPIC had sued the agency after it failed to respond to several FOIAt requests about the agency’s plan to increase data collection on Americans. The documents just obtained by EPIC as a result of the lawsuit outline policies for collecting data and shed light on the legal standard to retain data indefinitely. The guidelines allow for unlimited retention of information about U.S. persons if there is a "reasonable and articulable suspicion" that the information is terrorism information. The agency concedes that "there is no requirement that the analyst's wisdom be rock solid or infallible" and allows retention "even if the facts individually appear innocent in nature." EPIC is still seeking documents about the agency's information sharing agreements, privacy protections, and mechanisms to correct errors in databases. For more information, see EPIC v. ODNI. (Feb. 15, 2013)
- New Legislation Aimed At Protecting Privacy From Domestic Drones. Congressman Poe (R-TX) and Congresswoman Zoe Lofgren (D-CA) have introduced the "Preserving American Privacy Act of 2013," targeted at providing individual privacy protections in regard to drone surveillance. The bill would require all drone operators to submit a public data collection statement that includes a description of the drone's purpose and intended operations. The bill also would require a warrant in order for drone surveillance information to be received as evidence and includes a ban on equipping drones with firearms. EPIC has twice (1, 2) asked Congress to protect individual privacy against increased use of domestic drones. EPIC, joined by over 100 organizations, experts, and members of the public, petitioned the FAA to establish privacy safeguards. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (Feb. 15, 2013)
- EPIC Petitions FAA on Drone Privacy, Agency Responds. In response to an extensive petition submitted by EPIC, the Federal Aviation Administration (FAA) has announced it will begin a public rulemaking on the privacy impact of aerial drones. The EPIC petition, joined by over 100 organizations, experts, and members of the public, urged the FAA to develop privacy standards for drone operators. In a letter to EPIC President Marc Rotenberg, the FAA Chief Counsel stated, "the FAA recognizes that increasing the use of [drones] raises privacy concerns. The agency intends to address these issues through engagement and collaboration with the public." The FAA's announcement comes exactly one year after President Obama signed the FAA Modernization and Reform Act of 2012, which directed the FAA to loosen restrictions on government and commercial drone flights in the United States. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Feb. 14, 2013)
- White House Issues New Executive Order, Presidential Directive on Cybersecurity . In conjunction with the 2013 State of the Union, President Obama has signed a public Executive Order on cybersecurity and "critical infrastructure." The Order grants new powers to federal agencies to share cybersecurity information with private companies. Affected federal agencies will "conduct regular assessments of privacy and civil liberties impacts." The President also issued Presidential Policy Directive 21, which directs the Secretary of the Department of Homeland Security to take specific, discrete actions regarding cybersecurity practices. EPIC is currently pursuing a Freedom of Information Act request with the National Security Agency for Presidential Policy Directive 20, a secret directive that grants cybersecurity authority to the National Security Agency. For more information, see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority). (Feb. 13, 2013)
- Obama Talks Cybersecurity at 2013 State of the Union. At the 2013 State of the Union, President Obama announced an Executive Order that grants new authority to federal agencies to share information with private companies. President Obama further urged Congress to act to "pass legislation to give our government a greater capacity to secure our networks and deter attacks." A new Presidential Directive was also published today, directing the Secretary of the Department of Homeland Security to take specific, discrete actions regarding cybersecurity practices. EPIC is currently pursuing a Freedom of Information Act request with the National Security Agency for Presidential Policy Directive 20, a prior directive that grants additional, secret cybersecurity authority to the National Security Agency. For more information, see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority). (Feb. 13, 2013)
- EPIC, Coalition Seek Privacy Safeguards for Car Data. EPIC, joined by a coalition of privacy, consumer rights, and civil rights organizations, and members of the public, urged the National Highway Traffic Safety Administration to protect driver privacy and establish privacy safeguards for "event data recorders." The agency has proposed mandatory installation of "black boxes" in all cars and small trucks by 2014. Thirteen states have passed laws that limit the use of EDRs. EPIC recommended that the agency: (1) restrict the amount of data that EDRs collect; (2) conduct a comprehensive privacy impact assessment; (3) uphold Privacy Act protections; (4) require security standards for EDR data; and (5) establish best practices to fully protect the privacy rights of vehicle owners and operators. EPIC argued that it is contrary to reasoned decisionmaking for the agency to mandate massive data collection and not fully amend its current regulations to protect individual privacy. For more information, see EPIC: Event Data Recorders and Privacy and EPIC: The Drivers Privacy Protection Act (DPPA) and the Privacy of Your State Motor Vehicle Record. (Feb. 12, 2013)
- EPIC Obtains New Documents About FBI Cellphone Tracking Technology. In the fifth interim release of documents in EPIC v. FBI, a Freedom of Information Act lawsuit, the agency has turned over nearly 300 pages about the surveillance technique directed toward users of mobile phones. The documents obtained by EPIC reveal that agents have been using "cell site simulator" technologies, also known as "StingRay," "Triggerfish," or "Digital Analyzers" to monitor cell phones since 1995. Internal FBI e-mails, also obtained by EPIC, reveal that agents went through extensive training on these devices in 2007. In addition, a presentation from the agency's Wireless Intercept and Tracking Team argues that cell site simulators qualify for a low legal standard as a "pen register device," an interpretation that was recently rejected by a federal court in Texas. For more information, see EPIC v. FBI (StingRay). (Feb. 12, 2013)
- Tracking Privacy and Ownership in an Online World.
"Tracking Privacy and Ownership in an Online World"
Khaliah Barnes,
EPIC Administrative Law CounselScience Friday
(Feb. 8, 2013)
National Public Radio
February 8, 2013
(Listen Now) - States Move to Limit Drone Surveillance. Oregon became the most recent state to consider limits on the deployment of drones in the United States. A new bill sets out licensing requirements for drone use in Oregon and would fine those who use unlicensed drone to conduct surveillance. New limitations are also proposed for federal evidence collected by drone use in a state court. Florida, North Dakota, and Missouri are among the other states that are also considering laws that limit drone use within their jurisdiction. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Feb. 7, 2013)
- Congress Challenges Justice Department Commitment to Open Government. In a letter to the director of the Office of Information Policy, a Congressional oversight committee has asked a series of question, challenging the government's compliance with the FOIA. The Office of Information Policy is tasked with "encouraging agency compliance with the Freedom of Information Act (FOIA) and for ensuring that the President's FOIA Memorandum and the Attorney General's FOIA Guidelines are fully implemented across the government." The letter from Chairman Issa (R-CA) and Ranking Member Cummings (D-MD) called on the Justice Department to address concerns about "outdated FOIA regulations, exorbitant and possibly illegal fee assessments, FOIA backlogs, the excessive use and abuse of exemptions, and dispute resolution services." EPIC makes frequent use of the FOIA to obtain information from the government about surveillance and privacy policy. EPIC has also raised concerns in comments to federal agencies and to the Office of Government Information Services about systemic problems with FOIA compliance. For more information, see EPIC: Open Government and EPIC: FOIA Litigation Docket. (Feb. 7, 2013)
- EPIC Urges Public Support for Driver Privacy Safeguards. The National Highway Traffic Safety Administration has proposed regulations for event data recorders (EDR) that will become mandatory in all cars and small trucks by 2014. Building on state privacy laws, EPIC has urged the federal agency to adopt comprehensive privacy safeguards for vehicle owners and operators, including driver ownership of data, limitations on disclosure, and better security for the data collected. EPIC has also launched a national campaign to encourage public comments to the federal agency. To support EPIC’s comments Tweet: "@EPICprivacy [Your Name] supports EPIC’s EDR Comments #EDRprivacy" or email EDRprivacy@epic.org with Your Name and the subject line "I support EPIC’s EDR Comments." The public can also submit comments directly to the agency. For more information, see EPIC: Event Data Recorders and Privacy. (Feb. 6, 2013)
- US NGOs Urge US Government To Support EU Privacy Proposals. EPIC has joined a coalition of leading US consumer and civil liberties organizations who have expressed concern about the role of US officials in the development of European privacy law. In a letter to the US Secretaries of State, Justice, and Commerce, the groups wrote to seek a meeting to ensure that US lobbying efforts in Europe "are not averse to the views expressed by the president." The letter states that "without exception," members of the European Parliament reported that US governmental agencies and businesses were "mounting an unprecedented lobbying campaign to limit the protections that European law would provide." The letter, endorsed by 18 US NGOss, emphasizes the President's commitment to protecting privacy, set out in the Consumer Privacy Bill of Rights. Last fall, EPIC Executive Director Marc Rotenberg testified in support of a proposed EU privacy reform before the European Parliament, and a groups of transatlantic consumer organizations wrote a letter expressing their support for the EU effort to update and modernize privacy law. For more information, see EPIC: EU Data Protection Directive. (Feb. 5, 2013)
- EPIC Urges Supreme Court to Protect Genetic Privacy. EPIC has filed a "friend of the court" brief in Maryland v. King, arguing that law enforcement's warrantless collection of DNA is unconstitutional. EPIC's brief describes the "dramatic and unpredictable" expansion of the government's DNA collection over the past decade. In the brief for the U.S. Supreme Court, EPIC said that the Fourth Amendment limits "the otherwise unbounded collection and use of the individual's DNA sample by government." The EPIC brief was joined by 26 technical experts and legal scholars.EPIC has previously filed amicus briefs in several DNA cases before federal and state courts. For more information, see EPIC: Maryland v. King and EPIC: Genetic Privacy. (Feb. 4, 2013)
- FTC Reaches Settlement with Mobile App Path over Privacy Violations. The Federal Trade Commission announced a settlement with the social networking app Path over charges that the app secretly collected information from mobile users' address books without their consent. The FTC also fined the company $800,000 for violating the Children's Online Privacy Protection Act, which prohibits the collection of personal information from a children without obtaining parental consent. The consent order requires Path to implement a comprehensive privacy program and to submit to independent privacy assessments for the next 20 years. The FTC has released a series of reports documenting privacy problems with mobile apps that collect the personal information of children. Recently, EPIC submitted comments supporting the FTC’s proposed improvements to the children’s online privacy rule, which the agency ended up adopting. For more information, see EPIC: FTC and EPIC: Children's Online Privacy. (Feb. 1, 2013)
- IDP13 in OKC.
Amie Stepanovich,
EPIC Associate Litigation CounselOklahoma City, Oklahoma
(Feb. 23, 2013)
February 23, 2013 - The New Frontier: Policy & Politics in the Age of the Internet.
"The New Frontier: Policy & Politics in the Age of the Internet"
Marc Rotenberg,
EPIC Executive DirectorGeorgetown Public Policy Institute
(Feb. 22, 2013)
US Congress
Washington, DC
February 22, 2013 - Report for Congress on Domestic Drone Use Highlights Privacy Concerns. A new report[ from the Congressional Research Service -- "Integration of Drones into Domestic Airspace: Selected Legal Issues" -- states that "perhaps the most contentious issue concerning the introduction of drones into U.S. airspace is the threat that this technology will be used to spy on American citizens." Last year, EPIC warned Congress that "there are substantial legal and constitutional issues involved in the deployment of aerial drones by federal agencies." EPIC, joined by over 100 organizations, experts, and members of the public, has petitioned the Federal Aviation Administration to begin a rule making to establish privacy safeguards. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (Jan. 31, 2013)
- EPIC to Argue for Location Privacy in NJ Supreme Court. The New Jersey Supreme Court will hear arguments on Tuesday in State v. Earls, an important case regarding the privacy of cell phone location information. At issue is whether real-time location data should be disclosed by a cell phone provider without a warrant or a court order. EPIC Appellate Advocacy Counsel Alan Butler will present oral argument along with counsel for the Defendant and amici ACLU-NJ. In response to the Court's request for supplemental briefing, EPIC's brief outlined the current state of location tracking technology and argued that cell phone users have a reasonable expectation of privacy under both the Federal and State constitutions. For more information, see EPIC: State of NJ v. Earls and EPIC: In re Historical CSLI. (Jan. 28, 2013)
- Intelligence Office Describes Privacy Protections for Government Database. The Office of the Director of National Intelligence released an information paper describing the civil liberties and privacy protections incorporated into the National Counterterrorism Center Guidelines. The ODNI is the top intelligence agency in the United States, coordinating the activities of the CIA, the FBI, the DHS, and other federal agencies. An updated version of the Guidelines was approved by Attorney General Holder in March of 2012 and allows the Center to copy databases across the federal government for retention for up to five years. EPIC filed a FOIA lawsuit to uncover, among other things, any data accuracy and security safeguard documentation that covered the updated Guidelines. The Information Paper comes about six months after EPIC filed suit for more details about the program. The Paper details various provisions, including the requirement that a "reasonable belief" that a dataset contains terrorism information is needed to copy a database, the implementation of accuracy and error correction measures, and a prohibition on monitoring U.S. persons purely for engaging in First Amendment protected activities. The ODNI is expected to make its final production of documents to EPIC in the FOIA case on February 12, 2013. For more information, see EPIC: EPIC v. ODNI. (Jan. 28, 2013)
- Survey Names Top 10 Most Trusted Companies for Privacy. The Ponemon Institute has released the 2012 version of a report listing the companies that consumers trust the most with respect to the handling of their personal data. Out of 217 organizations rated, American Express ranked as the most trusted. In general, consumers rated companies in the healthcare and banking industries higher than social media companies and charities. The report also found that “the importance of privacy has steadily trended upward over seven years.” The rankings were generated from a final sample of 6,704 respondents. For more information, see EPIC: Public Opinion on Privacy. (Jan. 28, 2013)
- Senator Leahy Supports International Privacy Day. Senator Patrick Leahy, Chairman of the Senate Judiciary Committee, today issued a statement in commemoration of January 28, International Data Privacy Day. International privacy day marks the adoption of the Council of Europe Privacy Convention, the first global framework for privacy protection. Senator Leahy said, "In the Digital Age, Americans face new threats to their digital privacy and security as consumers and businesses alike collect, share and store more and more information in cyberspace. Data Privacy Day is an important reminder about the need to improve data privacy as we reap the many benefits of new technologies." EPIC has urged the United States to ratify the Privacy Convention. For more information, see EPIC: Electronic Communications Privacy Act, EPIC: International Privacy Day, and EPIC - Facebook, International Privacy Day. (Jan. 28, 2013)
- Drones.edu: Hands on the Future in the Classroom.
Amie Stepanovich,
EPIC Associate Litigation CounselSXSW
Austin, TX
March 6, 2013 (Mar. 6, 2013) - "Instagram: Photography, Privacy, and the Internet".
"Instagram: Photography, Privacy, and the Internet"
Marc Rotenberg,
EPIC Executive DirectorNational Press Club
(Jan. 30, 2013)
Photography Committee
Washington, DC
January 30, 2013 - EPIC Gives 2013 Privacy Champion Award to Austrian Privacy Advocate. EPIC has given the 2013 International Privacy Champion Award to Max Schrems, the organizer of Europe v. Facebook. (Support). EPIC called Max "an innovative and effective spokesperson for the right to privacy." EPIC cited his work to obtain his personal information collected by Facebook, which has inspired more than 40,000 users around the world to make similar access requests, helping to ensure greater transparency of Internet companies. Previous award recipients include Canadian Privacy Commissioner Jennifer Stoddart, European Parliamentarian Sophie In't Veld, Australian Jurist Michael Kirby, and Constitutional Law Scholar Stefano Rodotà. The award is given by EPIC annually in recognition of January 28, International Privacy Day. (Jan. 24, 2013)
- In Federal Court EPIC Defends Student Privacy. In documents filed with a federal court in Washington, DC, EPIC is challenging changes to the Family Educational Rights and Privacy Act (FERPA). The revised regulations, issued by the Education Department, allow the release of student records for non-academic purposes and undercut parental consent provisions. The rule change also promotes the public use of student IDs that enable access to private educational records. In 2011, EPIC submitted extensive comments to the agency, opposing the changes and arguing for the need to safeguard privacy. After the Education Department failed to make necessary changes, EPIC filed a lawsuit and argued that the agency exceeded its authority with the changes, and also that the revised regulations are not in accordance with the 1974 privacy law. EPIC is joined in the lawsuit by members of the EPIC Board of Directors and Advisory Board Grayson Barber, Pablo Garcia Molina, Peter Neumann, and Deborah Peel. For more information, see EPIC: EPIC v. The U.S. Department of Education and EPIC: Student Privacy. (Jan. 22, 2013)
- Cyber-security/Privacy.
Lillie Coney,
EPIC Associate DirectorDialogue on Diversity 2013
(Jan. 29, 2013)
Washington, DC
January 29, 2013 - FTC Denies White House Involvement in Decision to Close Google Investigation. In response to a FOIA request filed by EPIC, the Federal Trade Commission has stated that there are no records of "communications . . . between the White House and the FTC regarding the Commission's antitrust inquiry into Google." In a closely watched proceeding, the Federal Trade Commission announced in early January that it had closed an antitrust inquiry into Google's business practices. EPIC has previously expressed concern about anticompetitive practices by Internet firms. In 2000, EPIC filed a complaint with the Federal TradeCommission regarding the proposed merger of Doubleclick, an Internet advertising company and Abacus, a catalog database firm. In 2007, EPIC opposed Google's acquisition of DoubleClick, which was approved by the FTC over the objection of former FTC Commissioner Pamela Harbor. In 2011, EPIC wrote to the FTC about Google's use of YouTube search rankings to give preferential treatment to its proprietary content over non-Google content. EPIC has also testified before the Senate Judiciary Committee regarding growing market concentration of essential Internet services. For more information, see EPIC: Open Government and EPIC: Federal Trade Commission. (Jan. 18, 2013)
- TSA to Pull Naked Body Scanners Out of US Airports. The US Transportation Security Administration will end the contract for backscatter x-ray devices. As a consequence, all devices that produce a detailed naked image of air travelers will be removed from US airports. Beginning in 2005, EPIC and then a coalition of privacy advocates, scientists, legal experts and lawmakers urged the TSA not to deploy the devices. The groups petitioned DHS Secretary Napolitano to suspend the program pending a thorough review. The agency went forward and EPIC sued. In EPIC v. DHS, the DC Circuit held that the devices could be used as long as passengers were able to opt-out. The federal appeals court also ordered the agency to "promptly" begin a public rulemaking. That process will likely begin in March 2013. For more information, see EPIC: EPIC v. DHS and EPIC: Body Scanners. (Jan. 18, 2013)
- New Study Finds Limits in Deidentification of DNA Samples. A recent paper published in Science reveals that deidentified DNA sequences collected for research purposes can be used to identify the subjects under certain circumstances. According to the article, the information posted by the 1,000 Genomes Project - age, state of residence, and full DNA sequence - used in combination with publicly available genealogy data was enough to narrow the search to a few likely individuals. A Science Policy Forum article concludes that this "reveals the need to re-examine the current paradigms for managing the potential identifiability of genomic and other 'omic'-type data." The President's Commission for the Study of Bioethical Issues recently reviewed the ethical and privacy implications of the use and collection of genetic data. And the Supreme Court is set to hear a case next month involving the warrantless collection and use of genetic information by law enforcement agencies. For more information, see EPIC: Maryland v. King and EPIC: Genetic Privacy. (Jan. 17, 2013)
- Senator Leahy Sets Out Judiciary Committee Agenda for New Congress. On January 16, 2013, Georgetown University Law School hosted Senator Patrick Leahy (D-VT), the chairman of the Senate Judiciary Committee. Leahy set out the agenda of the Judiciary Committee in the 113th Congress, vowing to commit the Committee to addressing "out most fundamental rights, and our most basic freedoms." Updates to key legislation, including laws on e-mail privacy and cybersecurity, are included in the Committee's agenda. The Chairman explained that the Committee would also address the need for oversight of US counterterrorism programs as well as privacy issues involved with the growing use of domestic surveillance drones. Furthermore, Senator Leahy emphasized the importance of open government as an American value, promising to "continue to fight for transparency that keeps the government accountable to the people." For more information, see EPIC: Electronic Communications Privacy Act, EPIC: Open Government, and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Jan. 17, 2013)
- TSA Resurrects Use of Commercial Data for Passenger Screening. The TSA is considering the use of commercial data to screen passengers, a controversial practice that was previously blocked in Washington. In 2005 Congress suspended funding for Secure Flight, a program that relied on the use of commercial data, after EPIC, the General Accounting Office, and others identified security and privacy vulnerabilities. TSA's current effort also comes as the Federal Trade Commission is studying the practices of the data broker industry. For more information, see EPIC: Secure Flight and EPIC: Passenger Profiling. (Jan. 17, 2013)
- EPIC Hosts Event on Drones and Surveillance at National Press Club. On January 15, 2013 EPIC hosted "Drones and Domestic Surveillance," at the National Press Club in Washington, DC. The symposium brought together experts in law, technology, and public policy to discuss the expanding use of unmanned vehicles in the United States. The event featured Representative Ted Poe (R-TX) as the keynote speaker and was moderated by EPIC's Executive Director, Marc Rotenberg. Congressman Poe announced his plans to introduce a bill in 2013, co-sponsored by Congresswoman Zoe Lofgren (D-CA) to protect privacy against increased drone use. Panelists at the event included technologist Bruce Schneier, privacy scholars Laura Donohue and Orin Kerr, CATO fellow Julian Sanchez, EPIC's Amie Stepanovich, and Gretchen West of AUVSI. EPIC, and a coalition of experts and organizations, have petitioned the Federal Aviation Administration to develop privacy regulations for drone use. For more information, see EPIC: Drones and Domestic Surveillance and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Jan. 15, 2013)
- Advancing Our Media Justice Agenda Under a New Administration.
Advancing Our Media Justice Agenda Under a New Administration
Lillie Coney,
EPIC Associate DirectorMedia Grass Roots Network
(Jan. 30, 2013)
Washington, DC
January 30, 2013 - Building the Digital Fortress: A Toolkit for Cyber Security.
Building the Digital Fortress: A Toolkit for Cyber Security
Lillie Coney,
EPIC Associate DirectorCPDP 2013
(Jan. 23, 2013)
Brussels, Belgium
January 23, 2013 - California Attorney General Releases Mobile App Privacy Guidelines. California Attorney General Kamala Harris has issued a report describing best practices for mobile application privacy. The report, "Privacy on the Go," recommends that app developers implement safeguards such as privacy-by-design and notice, but stops short of setting forth a comprehensive set of Fair Information Practices. The report follows a law that requires all service providers doing business in California, such as mobile app developers, to have a privacy policy available to consumers. The report also occurs while the White House's privacy multistakeholder process is attempting to develop a voluntary code of conduct for mobile app transparency. For more information, see EPIC: Mobile and Location Privacy. (Jan. 10, 2013)
- EPIC Succeeds in Fight Against Protective Order in FOIA Case. A federal judge has vacated provisions in a prior order that would have limited the ability of FOIA requesters to disseminate information to the public. EPIC filed a Freedom of Information Act lawsuit against the Department of Homeland Security after the agency failed to respond to a request for documents about a plan to monitor internet traffic. In arguments before the court, the Department of Justice contended that EPIC should agree to a protective order that would prevent EPIC from disclosing documents obtained in the case. EPIC challenged this argument, stating that it was contrary to FOIA law and that the use of protective orders in FOIA cases would make it more difficult for the public to obtain information about government activities. Judge Kessler agreed with EPIC and discarded the protective order requirement. She also chastised the agency for its repeated delays in processing EPIC's FOIA request. The case is EPIC v. DHS, 12-333. For more information see: EPIC v. DHS - Defense Contractor Monitoring. (Jan. 9, 2013)
- Supreme Court to Consider Law that Protects Privacy of Drivers' Records. The Supreme Court is set to hear arguments in Maracich v. Spears, a case involving the Drivers' Privacy Protection Act. The Court agreed to hear the case after a lower could ruled that impermissible uses of personal data held by DMVs were "inextricably intertwined" with permissible uses. The Supreme Court previously said that the law "establishes a regulatory scheme that restricts the States' ability to disclose a driver's personal information without the driver's consent." EPIC filed an amicus curiae brief in support of the Petitioners, urging that the Court overturn the lower court's judgment. EPIC's brief details the staggering amount of personal information contained in driver records, particularly as a consequence of the REAL ID regulations. EPIC argues that "changes in technology have increased the risk of the underlying harm that Congress sought to address. Therefore, the Court should narrowly construe the statutory exceptions." The EPIC amicus brief is joined by twenty-seven technical experts and legal scholars. For more information, see EPIC: Maracich v. Spears, EPIC: The Driver's Privacy Protection Act, and EPIC: National ID and REAL ID. (Jan. 8, 2013)
- European Parliament Moves Forward on Privacy Update. The European Parliament has indicated strong support for a proposal put forward by the European Commission to update European Union privacy law. In reports on the the New Directive and New Regulation, the Parliament recommends greater power for data protection agencies and new rights for data subjects. The comprehensive update of the 1995 EU Data Protection Directive simplifies compliance procedures and also creates new incentives for anonymized and psuedonymized data to help protect privacy. Last fall, EPIC President Marc Rotenberg testified before the European Parliament in support of the proposed reform. More than 20 US consumer organizations have expressed support for the European privacy initiative. For more information, see EPIC: EU Data Protection Directive. (Jan. 8, 2013)
- "Bridging the EU-US Privacy Divide".
Marc Rotenberg,
EPIC PresidentCPDP 2013
(Jan. 23, 2013)
Brussels, Belgium
January 23, 2013 - Health Care, the Cloud, and Privacy.
"Health Care, the Cloud, and Privacy"
Lillie Coney,
EPIC Associate DirectorPatient Privacy Rights
(Jan. 3, 2013)
Washington, D.C.
January 7, 2013 - FTC Closes Investigation into Google Search Bias. The Federal Trade Commission announced that it had concluded its investigation into allegedly anticompetitive practices by Google. The Commission reached a settlement with Google that would give competitors access to patents necessary to make smart phones, laptops, and other devices, and Google voluntarily agreed to stop borrowing others' content for use in its own services. On the issue of search bias, however, the Commission decided to close the investigation without taking action. Despite finding some evidence that changes to the company's search algorithm harmed competitors, the Commission said that these changes "could be plausibly justified as innovations that improved Google's product and the experience of its users." In 2011, EPIC wrote to the Commission about Google's use of Youtube search rankings to give preferential treatment to its own video content over non-Google content. EPIC had also opposed Google's acquisition of online advertiser Doubleclick, which was approved by the FTC over the objection of former FTC Commissioner Pamela Harbor. EPIC later testified before the Antitrust committee on Google's growing dominance of essential Internet services. For more information, see EPIC: Federal Trade Commission and EPIC: Google/DoubleClick. (Jan. 3, 2013)
- Interior Department Issues Revised FOIA Regulations, Addresses Some Open Government Concerns. The Interior Department has issued a final rule amending its FOIA regulations. In November 2012, EPIC submitted comments regarding the agency's proposed amendments, urging the Interior Department not to weaken the FOIA as it had proposed. The final rule incorporates several of EPIC's recommendations. For example, the Interior Department will provide examples of how FOIA requesters can reasonably describe the records they seek, and notify requesters in advance before charging them direct costs of converting records to a requested format. Additionally, the Interior Department clarified ambiguous language that would negatively impact FOIA requesters' rights. EPIC routinely comments on agency proposals that impact the rights of FOIA requesters. EPIC recently submitted extensive comments to the Defense Logistics Agency of the Department of Defense, warning the agency not to erect new obstacles for FOIA requesters. For more information, see EPIC: Open Government. (Jan. 3, 2013)
- EPIC - Drones and Domestic Surveillance.
"EPIC - Drones and Domestic Surveillance"
National Press Club
(Jan. 15, 2013)
Washington, D.C.
9-11 a.m.
Jan. 15, 2013 - EPIC Obtains Documents on NSA's "Perfect Citizen" Program. The NSA has turned over documents on the controversial "Perfect Citizen" program to EPIC in response to a FOIA request. "Perfect Citizen" is an NSA program that monitors private networks in the United States. The redacted documents obtained from the federal agency by EPIC state that "[t]he prevention of a loss due to a cyber or physical attack [on Sensitive Control Systems, like large-scale utilities], or recovery of operational capability after such an event, is crucial to the continuity of the [Department of Defense] , the [Intelligence Community], and the operation of SIGNIT systems." The NSA claims that Perfect Citizen is merely a research and development program. The documents obtained by EPIC suggest that the program is operational. For more information, see EPIC: Perfect Citizen. (Jan. 2, 2013)
