Focusing public attention on emerging privacy and civil liberties issues
Previous Top News: 2009
- President Announces Privacy Safeguards for Cybersecurity Initiative. Today, the President announced the Administration’s Cybersecurity Policy. President Obama stressed privacy protections in several aspects of the new initiative, including the selection of a privacy and civil liberties officer. Anticipating concerns that the Administration would establish new surveillance mandates, President Obama pledged that “our pursuit of cybersecurity will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans.” For more information, see EPIC’s web pages on critical infrastructure protection and the Computer Security Act of 1987. (May. 29, 2009)
- Euro-Iberoamerican Data Protection Meeting: The Protection of Children. Katitza RodrÃguez,
Director, EPIC International Privacy Program
Cartagena de Indias, Colombia
May 26-28, 2009 (May. 28, 2009)
- "Ending Surveillance". Marc Rotenberg,
EPIC Executive Director
Berkman Center
University of St. Gallen Rapperswil, Switzerland
May 21-23, 2009 (May. 28, 2009)
- White House Seeks User Comments on Government Transparency. The White House is seeking public comments on the open government proposal. President Obama's memorandum on Transparency and Open Government directed the Chief Technology Officer, the Office of Management and Budget, and the General Services Administration to develop these recommendations. The Open Government Directive will instruct executive departments and agencies on specific actions to implement transparency principles. The first phase of the initiative involves an online brainstorming session and comments are due by May 28, 2009. To learn more about transparency and open government, consider purchasing EPIC's FOIA litigation manual. (May. 21, 2009)
- FBI's Use of FISA Increasing. In a report to Congress, the Justice Department revealed a substantial increase in the use of National Security Letters to acquire information on American citizens without court order. In 2008, the FBI made 24,744 NSL requests pertaining to 7,225 persons compared to 16,804 requests pertaining to 4,327 persons in 2007. The report also detailed 2,082 applications by the FBI to the Foreign Intelligence Surveillance Court for authority to conduct surveillance and physical searches. An earlier audit had revealed that some "blanket-NSLs" did not document the relevance of the information sought to a national security investigation and the statistics were not reported to the Congress. For more information, see EPIC's Page on Foreign Intelligence Surveillance Act, National Security Letters, and Wiretapping. (May. 20, 2009)
- EPIC Launches Campaign to Suspend 'Whole Body Imaging' at Nation's Airports. EPIC announced a national campaign today to suspend the use of "Whole Body Imaging" -- devices that photograph American air travellers stripped naked in US airports. The campaign responds to a policy reversal by the TSA which would now make the the "virtual strip search" mandatory, instead of voluntary as originally announced. EPIC and others say that there are inadequate safeguards to prevent the misuse of the images. They are asking Homeland Security Secretary Janet Napolitano to suspend the program and to allow for public comment. For more information, see EPIC's Backscatter X-ray, Whole Body Imaging page. (May. 18, 2009)
- United Nations Internet Governance Forum Open Consultation and Multistakeholder Advisory Group Meeting. Katitza RodrÃguez,
Director, EPIC International Privacy Program
Geneva, Switzerland
May 13-15, 2009
Event website (May. 17, 2009)
- European Commission Sets Out RFID Privacy Guidelines. The European Commission has announced Recommendations and provided a Citizens Summary for the implementation of privacy and data protection safeguards for radio-frequency identification. RFID applications transfer personal data wirelessly between an embedded tag, typically in an ID card or product, and a reader. Many privacy concerns have been raised. The EC Recommendations reaffirm the privacy rights and obligations in the European Privacy Directives. The guidance directs organizations to perform privacy impact assessments, apply risk minimization techniques, and inform individuals about RFID. In the US, EPIC has urged strong consumer protections for RFID before the Alaska and New Hampshire state legislatures, the Federal Trade Commission and the DHS on the use of RFID embedded passports. For more information, see EPIC's page on Radio Frequency Identification (RFID) Systems. (May. 13, 2009)
- State Courts Split on Warrantless GPS Tracking. Today, the New York Court of Appeals ruled that police must obtain a warrant before installing GPS tracking devices on individuals' vehicles. The decision prohibits law enforcement from secretly using GPS trackers to compile comprehensive travel histories on citizens without a warrant. The case follows last week's Wisconsin Appeals Court decision authorizing warrantless GPS surveillance by police. Other states have split on the application of a warrant requirement. On April 20, 2009, EPIC filed a brief in Commonwealth v. Connolly, urging the Massachusetts Supreme Judicial Court to require a warrant before police track drivers using concealed surveillance technology. The EPIC brief warned that warrantless GPS tracking "raises the specter of mass, pervasive surveillance without any predicate act that would justify this activity." For more information see EPIC's Commonwealth v. Connolly page. (May. 12, 2009)
- Justice Department Restores Antitrust Enforcement. Speaking at the Center for American Progress, Assistant Attorney General Christine Varney announced that the Antitrust Division will be "aggressively pursuing cases where monopolists try to use their dominance in the marketplace to stifle competition and harm consumers." Ms. Varney withdrew a 2008 Department report on monopolization offenses that generally allows monopoly practices to go unchallenged. In 2007, EPIC objected to the merger of Internet advertisers Google and Doubleclick, arguing that it was vital to impose privacy safeguards and to preserve a advertising options for web publishers. More information, see EPIC, "Privacy? Proposed Google/Doubleclick Deal." (May. 11, 2009)
- EPIC Testifies Before Congress on Data Breach Bill, Urges Changes to Strengthen Act. EPIC Director Marc Rotenberg testified before Congress on the Data Accountability and Trust Act, which would require security policies for consumer information, regulate the information broker industry, and establish a national breach notification law. Rotenberg said "companies need to know that they will be expected to protect the data they collect and that, when they fail to do so, there will be consequences." The EPIC Director opposed the preemption of stronger state laws, and recommended the use of text messages for breach notices, and suggested that personally identifiable information be broadly defined to include any information that "identifies or could identify a particular person." To learn more about Identity Theft, see EPIC's Identity Theft page. (May. 5, 2009)
- DHS Seeks Nominations to the Agency's Data Privacy and Integrity Advisory Committee. The Department of Homeland Security is seeking applications for appointments to the agency's Data Privacy and Integrity Advisory Committee. The committee provides advice at the request of the Secretary of DHS and the agency's Chief Privacy Officer on privacy related matters. The agency is seeking to fill two terms that would expire in January 2012, and January 2013. Applications for the positions must be received by the agency on or before June 8, 2009. For more information, see: EPIC's Web page Spotlight on Surveillance. (May. 5, 2009)
- For Identity Theft Law, Supreme Court Rules that the Government Must Prove Intent to Impersonate. In a critical case for the emerging field of identity management, the Supreme Court today reversed a lower court opinion and ruled unanimously in favor of the petitioner. The Court held that individuals who provide identification numbers that are not their own, but don’t intentionally impersonate others, cannot be subject to harsh criminal punishments under federal law. The case involved a mandatory 2-year prison term, added on to a prior conviction, for presenting a fake Social Security Number to an employer. EPIC filed an amicus brief in support of the petitioner, arguing that the "unknowing use of inaccurate credentials does not constitute identity theft." For more information, see EPIC, Flores-Figueroa v. United States. (May. 4, 2009)
- EPIC Seeks Government Agreements with Social Networking Companies. EPIC submitted a Freedom of Information Act request to the Government Services Administration seeking agency records concerning agreements the GSA negotiated between federal agencies and social networking services, including Flickr, YouTube, Vimeo, Blip.tv, and Facebook. In the FOIA request, EPIC is asking for the public release of the contracts and any legal opinions concerning the application of the Privacy Act of 1974 and Freedom of Information Act to the services that collect information on citizens. For more information see EPIC’s pages Social Networking, Facebook, and Cloud Computing. (Apr. 30, 2009)
- EPIC Urges Greater Accountability for Network Surveillance. Today, EPIC asked Senator Patrick Leahy to investigate the Department of Justice's failure to make public statistics detailing federal use of "pen registers" and "trap and trace" devices, which record "non-content" information about telephone calls, email and web traffic. In a letter to the Chairman of the Senate Judiciary Committee, EPIC observed that the Attorney General is required to provide to Congress detailed statistics concerning the use of these techniques. Yet, "the DOJ does not publicly disclose pen register reports as a matter of course." EPIC also raised questions regarding the agency's compliance with reporting requirements for the period 2004-2008. The lack of public accountability for these network monitoring techniques contrasts with the U.S. Courts' routine public reporting of federal wiretaps, EPIC said. The Courts released the most recent wiretap report on April 27, 2009. For more information, see EPIC's Wiretapping page. (Apr. 29, 2009)
- Applications for Court Approved Wiretaps Down in 2008. According to the 2008 Wiretap report, federal and state courts issued 1,891 orders for the interception of wire, oral or electronic communications in 2008, down from 2,208 in 2007. (Dept. of Justice Press release.) As in the last three years, no applications for wiretap authorizations were denied by either state or federal courts. The total number of authorized wiretaps had grown in each of the six past calendar years, beginning in 2003. The 2008 Wiretap Report does not include interceptions regulated by the Foreign Intelligence Surveillance Act or interceptions approvedby the President outside the exclusive authority of the federal wiretap law and the FISA. See EPIC Wiretapping page and EPIC Title III Orders. (Apr. 28, 2009)
- Privacy and Consumer Groups Seek New FTC Commissioner. EPIC joined other privacy and consumer organizations on a letter to President Obama urging the appointment of a pro-consumer Commissioner to the Federal Trade Commission (FTC). The groups called for the appointment of someone with a “distinguished record of achievement in consumer affairs, with a demonstrated commitment to protecting the public.” The Commission has been one person short of its full membership since former Chair Deborah Platt Majoras left the agency last year. The President appointed Jon Leibowitz to serve as the current chair of the FTC. For more information, see EPIC’s page on the Federal Trade Commission. (Apr. 27, 2009)
- Congressman Seeks Ban on Whole-Body Imaging at Airports. Congressman Jason Chaffetz has introduced legislation seeking a ban on Whole-Body Imaging machines installed by the Transportation Security Administration in various airports across America. Describing the method as unnecessary to securing an airplane, Congressman Chaffetz stated that the new law was to "balance the dual virtues of safety and privacy." The TSA recently announced plans to make the scanners, which capture a detailed picture of travelers stripped naked, the default screening device at all airport security checkpoints. For more information, see EPIC's Whole Body Imaging page. (Apr. 24, 2009)
- Facebook Gets Ready to Adopt Terms of Service. Facebook has announced the results of the vote on site governance. The initial outcome indicates that approximately 75 percent of users voted for the new terms of service which includes the new Facebook Principles and Statement of Rights and Responsibilities. Under the new Principles, Facebook users will "own and control their information." Facebook also took steps to improve account deletion, to limit sublicenses, and to reduce data exchanges with application developers. EPIC supports the adoption of the new terms. For more information, see EPIC's page on Social Networking Privacy. (Apr. 24, 2009)
- EPIC Urges Congress to Act on Internet Privacy. In testimony before a Congressional Committee, EPIC Director Marc Rotenberg urged lawmakers to address the growing threat to online privacy of new tracking techniques. Mr. Rotenberg said, "From the user perspective, the threats to privacy online are increasing. Unregulated data collection continues. Privacy policies are opaque and ineffective. Users are unable to exercise any meaningful control over the personal information that is obtained by firms when they visit sites, purchase online, or participate in the rapidly growing world of social networking." EPIC warned that these practices also pose a threat to technical standards that are necessary to protect network integrity, as well as the revenue of web publishers. For more information, see EPIC's page on Deep Packet Inspection and NCTA v. FCC. (Apr. 23, 2009)
- Supreme Court Hears Case on Strip-Search of Young Student by Schools Officials Looking for Advil. The Supreme Court heard a case involving a traumatic strip-search of a thirteen-year-old girl by school officials looking for an ibuprofen tablet. The search was conducted based on allegation by another student, who had been caught with drugs. A federal appelate court held that the search of the student was unreasonable and that a school official could be liable for violating the girl's Fourth Amendment rights. The school appealed to the Supreme Court and argued that the search was reasonable and the school official had qualified immunity. The respondent student replied that the search was highly invasive and the official should be held responsible. See also EPIC's page on Student Privacy. (Apr. 21, 2009)
- Facebook Seeks Vote on Site Governance. In February, Facebook announced that it was opening its site governance to user voting after the new Terms of Service were widely criticized, and were to be the subject of an EPIC complaint to the Federal Trade Commission. Facebook restored the old terms and sought user feedback on the new Facebook Principles and the Statement of Rights and Responsibilities. These governing documents have now been updated to reflect feedback from users and experts. The voting to adopt the new terms or to maintain the previous terms is now open till April 23, 11:59 a.m. PDT. For more, see the efforts of People Against the New Terms of Service, and EPIC's Social Networking Privacy page. (Apr. 20, 2009)
- EPIC Urges Massachusetts High Court to Protect Drivers From Warrantless Tracking by Law Enforcement, Warns of "Pervasive Mass Surveillance". Today, EPIC filed a "friend of the court" brief in the Massachusetts Supreme Judicial Court, urging the Justices to require a warrant before police covertly track drivers using concealed surveillance technology. In Commonwealth v. Connolly, the Court will determine whether the police must obtain a search warrant before covertly installing location tracking devices on individuals' cars. The systems record a vehicle's location and speed around the clock, and transmit the data to police. EPIC said the profileferation of police tracking devices "creates a large, and largely unregulated, repository containing detailed travel profiles of American citizens." The EPIC brief warned that "law enforcement access to such information raises the specter of mass, pervasive surveillance without any predicate act that would justify this activity." For more, see EPIC's Commonwealth v. Connolly page. (Apr. 20, 2009)
- Senate to Investigate NSA "Overcollection". Senator Dianne Feinstein has announced that the Senate Intelligence Committee will hold a hearing on the National Security Agency's interception of phone calls and private e-mail messages of Americans. Recently, the New York Times reported that the NSA's activities went beyond the legal limits established by the Congress last year. EPIC has a related lawsuit asking a federal court to force the release of memos on the legal authority for domestic surveillance of American citizens. For more information, see EPIC's page on Freedom of Information Act Work on the National Security Agency's Warrantless Surveillance Program. (Apr. 17, 2009)
- European Commission Seeks to Protect Internet Privacy. Following complaints about Phorm's Deep Packet Inspection Technology with UK internet service providers, the European Commission has opened a formal investigation. The EU e-Privacy and Data Protection Directives protect the confidentiality of communications by prohibiting interception and surveillance without the user's consent. Deep Packet Inspection allows internet service providers to intercept virtually all customers' Internet activity, including web surfing data and other Internet related activities. The Commission charges that the UK government could not permit this activity under European Union privacy law. In the US, Congressional leaders also objected to Deep Packet Inspection. For more information, see EPIC's page on Deep Packet Inspection and Privacy and Human Rights Report. (Apr. 14, 2009)
- EPIC Demands Disclosure of Documents Detailing "Virtual Strip Search" Airport Scanners. Today, EPIC filed a Freedom of Information Act request demanding disclosure of records detailing airport scanners that take naked pictures of American travelers. Security experts describe the "whole body imaging" scanners as virtual strip searches. The Transportation Security Administration plans to make the scans mandatory at all airport security checkpoints, despite prior assurances that whole body imaging would be optional. EPIC's request seeks documents concerning the agency's ability to store and transmit detailed images of naked U.S. citizens. For more information, see EPIC's Whole Body Imaging page and EPIC's FOIA Litigation Manual.
(Apr. 14, 2009)
- FCC Proposes Nationwide Broadband Expansion, Seeks Public Comments on Privacy Safeguards. Today, the Federal Communications Commission announced that it will develop a plan to expand broadband access. The plan will attempt to "ensure that every American has access to broadband capability," and will be submitted to Congress in February 2010. The Commission seeks comments from the public concerning how to best safeguard consumers' privacy in the face of technologies such as deep packet inspection and behavioral advertising. Chairman Michael J. Copps identified priorities for the broadband expansion, including "avoiding invasions of people’s privacy." EPIC previously advocated for the FCC to require strong privacy safeguards for telephone customers' personal information, and protect wireless subscribers from telemarketing. For more information, see EPIC's pages on deep packet inspection. (Apr. 8, 2009)
- Five Country Study Finds Diminished Protection for Anonymity. A new study by leading scholars from the USA, Canada, UK, Netherlands and Italy has revealed that laws are reinforcing technology's ability to undermine the anonymity of citizens. The law reveals a preference for legislation requiring people to submit to identification and an increasing encroachment of rules into areas where there were previously no regulations prohibiting anonymity. EPIC was a partner in the project. Consider purchasing the Lessons from the Identity Trail. For more information, see EPIC's page on Free Speech and Internet Anonymity. (Apr. 7, 2009)
- European Parliament Adopts Report on Fundamental Freedoms and the Internet. The European Parliament adopted with 481 votes a report on Security and Fundamental Freedoms on the Internet. Expressing strong support for privacy, data protection, security and freedom of speech, the report called on Member States to make use of existing law, exchange best practices and draw up a series of regulations to protect privacy. The Parliament also urged Member States to update legislation to protect children using the Internet and called on the Council and Commission to develop a comprehensive strategy to combat cybercrime, identity theft and fraud. A draft of the report was released in January. See also EPIC's report on Privacy & Human Rights 2006.
(Mar. 26, 2009)
- Federal Trade Commission to Review EPIC Cloud Computing Complaint. The Federal Trade Commission will review EPIC's March 17, 2009 complaint, which describes Google's unfair and deceptive business practices concerning the firm's Cloud Computing Services. EPIC's complaint describes numerous data breaches involving user-generated information stored by Google, including the recently reported breach of Google Docs. EPIC's complaint "raises a number of concerns about the privacy and security of information collected from consumers online," federal regulators said. EPIC urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines. For more information, see EPIC's complaint to the FTC. EPIC's Cloud Computing Page. (Mar. 19, 2009)
- Senators Introduce Open Government Bill, Celebrate Sunshine Week. Senators Patrick Leahy (D-Vermont) and John Cornyn (R-Texas) introduced legislation to improve government transparency and strengthen the Freedom of Information Act. The proposal comes during Sunshine Week, an annual celebration of open government. The OPEN FOIA Act of 2009 would reduce government secrecy by limiting the circumstances in which government records can be exempted from disclosure. "Excessive government secrecy is a constant temptation and the enemy of a vibrant democracy," Senator Leahy said. In 2007, Senators Leahy and Cornyn co-sponsored the OPEN Government Act, a law that imposed meaningful deadlines on federal agencies, created a FOIA Ombudsman, and provided "news media" standing for freelance journalists and bloggers. For more information, see EPIC's Litigation Under the Federal Open Government Laws. (Mar. 19, 2009)
- Attorney General Issues New FOIA Guidelines. The Attorney General today set out new Freedom of Information guidelines pursuant to President Obama's memorandum directing all executive branch departments and agencies to maintain a presumption of openness in releasing information requested from them. In the memorandum, the Attorney General strongly encouraged agencies to make discretionary disclosures of information to the fullest extent possible. Rescinding the FOIA Memorandum of October 12, 2001, the Attorney General stated that the Justice Department will defend a FOIA request only if the disclosure would harm an interest protected by a statutory exemption or its disclosure is prohibited by law. The memorandum also directs that each agency is fully accountable for its administration of FOIA and should be mindful of their obligation to work "in a spirit of cooperation." For more information, see EPIC's Open Government page. (Mar. 19, 2009)
- EPIC Petitions FTC to Investigate Google, Cloud Computing Services. EPIC has formally asked the Federal Trade Commission to open an investigation into Google's Cloud Computing Services -- including Gmail, Google Docs, and Picasa -- to determine "the adequacy of the privacy and security safeguards." The petition follows the recent report of a breach of Google Docs. EPIC cited the growing dependence of American consumers, businesses, and federal agencies on cloud computing services, and urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines. (Mar. 17, 2009)
- EPIC Celebrates Sunshine Week. Open government and media organizations throughout the country are celebrating Sunshine Week by highlighting the importance of government transparency. EPIC publishes the most comprehensive up-to-date manual on federal open government law. EPIC is pursuing Freedom of Information Act litigation to obtain government memos describing the legal basis for the warrantless wiretapping of American citizens by the Bush Administration. To learn more about your right to access government information, see EPIC's Open Government page and Litigation Under the Federal Open Government Laws 2008. (Mar. 17, 2009)
- Cybersecurity Czar Steps Down, Warns of Growing NSA Influence. Rod Beckstrom, Director of the National Cybersecurity Center, has resigned. In a letter to Homeland Security Secretary Janet Napolitano, Beckstrom warned of the increasing role of the National Security Agency in domestic security. The "intelligence culture is very different than a network operation or security culture... the threats to our democratic processes are significant if all top government network and monitoring are handled by any one organization... we have been unwilling to subjugate the NSCS under the NSA," wrote the former NCSC Director. The announcement follows Congressional testimony from the new Director of National Intelligence that the NSA should be responsible for network security. EPIC has long maintained that the NSA, though it plays a vital role in gathering foreign intelligence, should not be the lead agency for domestic network security because it also engages in extensive and unregulated spying. See EPIC Computer Security Act of 1987. (Mar. 9, 2009)
- EPIC v. DOJ - EPIC Urges Court to Require Disclosure of Warrantless Wiretap Memos. EPIC, the ACLU, and the National Security Archive asked a federal court in Washington, DC to order the immediate disclosure of government memos describing the legal basis for the warrantless wiretapping of American citizens by the Bush Administration. The court is currently reviewing the documents, prepared by the Office of Legal Counsel, as part of an EPIC Freedom of Information Act lawsuit. This week, the Attorney General released several related memos, which previously were secret. The new release follows President Obama's recent statement on government transparency. "The Freedom of Information Act should be administered with a clear presumption: In the face of doubt, openness prevails," the President said. For more information, see EPIC v. DOJ. (Mar. 6, 2009)
- Justice Department Releases Domestic Surveillance Memos and Opinions. Attorney General Eric Holder announced that the Department of Justice will make public memos and opinions concerning warrantless surveillance, and other controversial claims of Presidential authority, that were prepared in the wake of 9/11. The documents describe the legal basis for President Bush's domestic surveillance program. After learning of the warrantless wiretap program, EPIC sued the Department of Justice under the Freedom of Information Act to compel disclosure of legal memos concerning the program. Government lawyers subsequently disavowed the justifications for the warrantless surveillance. For more, see EPIC's "National Security Agency's Warrantless Surveillance Program" page. (Mar. 3, 2009)
- Responding to Privacy Concerns, Whitehouse Drops YouTube for Broadcasting Presidential Speeches. Following protests that YouTube was creating persistent cookies for people who visited the White House web site, the latest Weekly Address of President Obama no longer secretly tracks Whitehouse visitors. Federal policy restricts the use of tracking cookies by federal agencies. Privacy concerns remain for media content delivered by Congressional offices. For more information, see EPIC's Cookies Page. (Mar. 2, 2009)
- Facebook Announces Governing Principles, Statement of Rights and Responsibilities. Today, Facebook proposed guidelines and a statement of rights and responsibilities governing its relationship with users. The social networking service called for user comment on the principles, which include "Ownership and Control of Information" and "Transparent Process." Facebook further committed to "open up Facebook so that users can participate meaningfully in our policies and our future." Facebook's announcement follows last week's abandonment of changes to its Terms of Service on the eve of an EPIC complaint to federal regulators. For more and see the efforts of People Against the New Terms of Service, and EPIC's "Social Networking Privacy" page. (Feb. 26, 2009)
- Supreme Court to Hear Argument in "Identity Theft" Case, EPIC Urges Justices to Protect Privacy Enhancing Technologies. On Wednesday, the Supreme Court will hear arguments in a case that will determine whether individuals who include identification numbers that are not theirs, but don't intentionally impersonate others, can be subject to harsh criminal punishments under federal law. In Flores-Figueroa v. United States, the petitioner challenged his conviction for "aggravated identity theft." EPIC filed a "friend of the court" brief, on behalf of 17 legal scholars and technical experts, urging the Justices to protect techniques that allow individuals to safeguard privacy. EPIC explained that the crime of "identity theft" should require an intent to impersonate another. The EPIC brief urges the Court to avoid "a precedent that might inadvertently render the use of privacy enhancing pseudonyms, anonymizers, and other techniques for identity management unlawful." For more, see EPIC's Flores-Figueroa v. United States page. (Feb. 23, 2009)
- On Eve of EPIC Trade Commission Complaint, Facebook Backs Down on Revised Terms of Service. Hours before EPIC planned to file a complaint with the Federal Trade Commission regarding changes to Facebook's Terms of Service, the social network service announced that it will restore the original policy. The new Terms of Service were announced on Feb. 4, were widely criticized, and were to be the subject of the EPIC complaint. Facebook users observed that, under the revised policies, Facebook asserted broad, permanent, and retroactive rights to users' personal information - even after they deleted their accounts. The EPIC complaint was supported by more than a dozen consumer and privacy organizations. Previous EPIC Complaints at the FTC have concerned Choicepoint, Microsoft Passport, and the Google-Doubleclick merger. For more, see EPIC's "Social Networking Privacy" page. Support EPIC's efforts to maintain your privacy in the social networking world. (Feb. 18, 2009)
- American Recovery Act Includes Strong Medical Information Safeguards. President Obama signed the American Recovery & Reinvestment Act, which includes comprehensive safeguards for medical information. The Act prohibits the unauthorized sale of medical records and provides exceptions for research, public health and treatment. The Act also limits marketing, requires covered entities and business associates to keep an audit trail of personnel having access to the information, mandates policies setting standards for technology systems to restrict sensitive information, use data encryption and directs breach notifications. The new law prescribes monetary penalties for violations and requires monitoring of contracts and reporting on compliance. Patient Privacy Rights led the campaign for strong medical privacy protection. For more information, see EPIC's page on Medical Privacy. (Feb. 18, 2009)
- Trade Commission Issues Voluntary Guidelines for Online Tracking, Targeting, and Advertising. Today, the Federal Trade Commission released voluntary guidelines for Internet advertising and behavioral targeting. The guidelines set out four principles: "1) transparency and consumer control; 2) reasonable security and limited data retention for consumer data; 3) affirmative express consent for material retroactive changes to privacy promises; and 4) affirmative express consent to (or prohibition against) use of sensitive data." There is no means to enforce the guidelines, and Commissioners Jon Leibowitz and warned that they are insufficient to ensure consumers' privacy. Commissioner Harbour cautioned that the guidelines "focus too narrowly" and urged rulemakers to "take a more comprehensive approach to privacy." The guidelines are in part a response to EPIC's 2007 Complaint regarding the Google-Doubleclick merger raising concerns about the profiling of Internet users and the need to establish clear privacy safeguards as a condition of the merger. For more information, see EPIC's Complaint regarding the Google/DoubleClick merger and page Privacy? Proposed Google/DoubleClick Deal. (Feb. 12, 2009)
- Report: Google Latitude Poses Significant Privacy Risks . Privacy International has identified a major security flaw in Google's new phone locational tracking service. According to the London-based organization, the tracking feature in Google Latitude can be easily enabled by anyone with access to the phone. Moreover, there is no simple way for a user to determine the tracking status of their phone. Question have also been raised about Google's plan to use cell phone data location records for advertising purposes. For more information, see EPIC's page on Personal Surveillance. (Feb. 5, 2009)
- National Academies Report Calls for New Approach to Medical Privacy . As the Congress considers establishing a national network for electronic health records, a report from the Institute of Medicine recommends a new approach to medical record privacy. "Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research" finds that the current medical privacy regulations do not protect privacy and unnecessarily impede health research. The expert panel recommends revising research guidance, enhancing security for personally identifiable information, establishing trusted third parties for clearly defined research purposes, and developing new techniques that enable deidentification. The report also said it was vital to "Apply privacy, security, transparency, and accountability obligations to all health records used in research." EPIC Director Marc Rotenberg participated in the study project. More information, see EPIC Medical Privacy page. (Feb. 4, 2009)
- EPIC, Freedom of Information Advocates Endorse President . EPIC joined Freedom of Information advocates from around the world in an Open Letter welcoming "President Obama's Initiative on Transparency." The organizations also supported the President's call for a "clear presumption in favor of disclosure of information." They called on "governments around the world to take similar action to promote transparency and respect for the right of access to information." For more information about open government, see EPIC's Open Government manual. (Jan. 29, 2009)
- House Economic Recovery Bill Includes Privacy Safeguards for Medical Information . The American Recovery and Reinvestment Act of 2009, adopted by the House this week, includes strong privacy provisions ("Subtitle D - Privacy") for the proposed medical health network. Among the key provisions: a ban on the sale of health information, audit trails, encryption, rights of access, improved enforcement mechanisms, and support for advocacy groups to participate in the regulatory process. Patient Privacy Rights has expressed support for the legislation. A similar bill, S. 336, is pending in the Senate. Senator Leahy has called for strong safeguards to protect America's health privacy. For more information, see EPIC's page on Medical Privacy. (Jan. 29, 2009)
- EPIC Honors Stefano Rodotà. On the occasion of International Privacy Day, EPIC has given the "International Privacy Champion" Award to Stefano Rodotà, an eminent Italian jurist, who has profoundly influenced the public's understanding of human rights in the age of the Internet. The award from EPIC describes Professor Rodotà as "a powerful advocate for the rights of the citizen." Previous recipients of the EPIC Champion of Freedom Award include Senator Patrick Leahy and Professor Pamela Samuelson. Facebook users can Fan Stefano Rodotà. (Jan. 28, 2009)
- Civil Society Launches Campaign for Privacy Convention. A coalition organized by the Public Voice is urging support for the Council of Europe Privacy Convention. At present, forty-one countries have ratified the Convention. The coalition is pushing for ratification in the countries that have not adopted the convention. In the United States, the Privacy Coalition has proposed a resolution for the U.S. Senate. According to one source, the "Convention has withstood the test of time by being adaptive and fairly rigorous. Today the principles of this agreement are being examined for their applicability to the collection and processing of biometric data." For more information, sign-up for the International Privacy Day and see the EPIC report "Privacy and Human Rights". (Jan. 27, 2009)
- Privacy Problems Plague New White House Web Site. While the public responded very favorably to the announcements this week from President Barack Obama, problems with the privacy practices of the new White House web site where the President's statements are posted emerged. One columnist noted a tracking feature associated with YouTube that violated a long-standing rule to limit the use of persistent cookies in the federal government. A second columnist, who noted a similar problem with YouTube and Congressional offices, said that subsequent changes to the White House privacy policy failed to resolve the problem. In posts to the Interesting People list, several other experts identified privacy related problems with the White House site. For general information about cookies and tracking, see EPIC's Cookies page. (Jan. 24, 2009)
- Medical Privacy Legislation Moves Forward in Congress. On Thursday, the House Committee on Energy and Commerce approved Economic Recovery legislation that includes provisions for the adoption of health information technology and establishes standards for interoperability and privacy. Patient Privacy Rights is leading a coalition effort to establish strong privacy safeguards for American consumers. A hearing is scheduled for next Tuesday in the Senate Judiciary Committee. (Jan. 23, 2009)
- President Obama Issues New Orders on FOIA. In his first 24 hours in Office, President Obama issued a series of Executive Orders. One of the Orders dealt with the Freedom of Information Act (FOIA) activity of federal government agencies. He stated that prior FOIA rules were governed by a "defensible argument" for not disclosing information to the public. The President said that, "Starting today, every agency and department should know that his administration stands on the side, not of those who seek to withhold information, but with those who seek to make it known." In other initiatives President Obama issued a suspension of legal proceedings against detainees being held in Guantanamo Bay. For more information, see EPIC's page on Former Secrets. (Jan. 21, 2009)
- Supreme Court Refuses to Hear Internet Censorship Appeal. The Supreme Court denied the last appeal of the Government from an Appeals Court decision that turned down the enforcement of the Child Online Protection Act (COPA). COPA establishes criminal penalties for any online commercial distribution of material harmful to minors. The Appeals Court held COPA unconstitutional on the ground that COPA made every web communication provider abide by the most restrictive community's standards." EPIC had challenged the implementation of COPA over ten years ago and had been fighting the case along with the ACLU and the EFF. EPIC argued that COPA violated the First Amendment as well as privacy of the individual on the internet. For more information, see EPIC's page on ACLU v. Mukasey. (Jan. 21, 2009)
- Federal Intelligence Court Rules Warrantless Wiretapping Legal. The Foreign Intelligence Surveillance Court of Review has ordered the release of a redacted opinion. The federal intelligence court ruled in August, 2008 that warrantless wiretapping of international phone calls and the interception of e-mail messages were permissible. Giving support to the Protect America Act, the Court found that "foreign intelligence surveillance possesses characteristics that qualify" for an exception in the interest of "national security". For more information, see EPIC's page on Foreign Intelligence Surveillance Act. (Jan. 15, 2009)
- Supreme Court Permits Arrest Based on Police Database Error, EPIC Amicus Brief Cited in Dissent. In a 5-4 opinion, the Supreme Court has held that the police may use false information contained in a police database as the evidence for an arrest. Chief Justice Roberts held that, "when police mistakes are the result of negligence such as that described here, rather than systemic error or reckless disregard of constitutional requirements, any marginal deterrence does not 'pay its way.'" Justice Ginsburg, writing for four of the Justices in dissent, said that "negligent recordkeeping errors by law enforcement threaten individual liberty, are susceptible to deterrence by the exclusionary rule, and cannot be remedied effectively through other means." EPIC filed a friend of the court brief urging the Justices to ensure the accuracy of police databases, on behalf of 27 legal scholars and technical experts and 13 privacy and civil liberty groups. The EPIC brief was cited by the Justices in dissent. See EPIC Herring v. US ("Concerning a Faulty Arrest Based on Incorrect Information in a Government Database"). (Jan. 14, 2009)
- EPIC, Patient Advocates Urge Congress to "ACT" on Privacy . EPIC and more than 25 members of the Coalition for Patient Privacy at a news conference today in Washington, DC urged Congress to include critical privacy safeguards for the medical record network that may be included in the economic stimulus plan. The Coalition partners are recommending that lawmakers "ACT" on privacy and provide Accountability for access to health records, Control of personal information, and Transparency to protect medical consumers from abuse. For more information, see Patient Privacy Rights and EPIC's page on Medical Privacy. (Jan. 14, 2009)
- Consumer Groups Urge Trade Commission to Investigate Mobile Marketing. The Center for Digital Democracy and the U.S. Public Interest Research Group filed a complaint with the Federal Trade Commission to investigate the growing threat to consumer privacy in the mobile advertising world. Certain services track, analyze, and target the public and build secret profiles. Users are targeted based on their online behavior and their location. The complaint urges the Commission to define and clarify practices, review self-regulation, require notice and disclosure and also protect the public. Earlier, thirty Privacy Coalition members sent a letter to President-elect Barack Obama highlighting the importance of protecting consumer privacy in new network services. For more information, see EPIC's page on Privacy and Consumer Profiling. (Jan. 13, 2009)
- FCC Backs Off Net Filtering Plan. FCC Chairman Kevin Martin has said that he will not pursue a government-mandated content filter as part of a proposal for a nationwide free wireless broadband network. EPIC had opposed the provision and said that it would create a dangerous precedent that would encourage governments to limit access to unpopular or controversial speech. For more information on content filters, see the EPIC publication "Filters and Freedom" available at Powell's and Amazon
. (Jan. 6, 2009)
- Data Breaches on the Rise in the US. A new report from the Identity Theft Resource Center found a 47 percent increase in data breaches in the United States over 2007. Noting 656 reported breaches at the end of 2008, the report identified the company, the category of breach and the number of records exposed. The Center concluded that most breached data was unprotected by either encryption or even passwords. According to the FTC, data breaches are the leading cause of identity theft. For more information, see EPIC's page on Identity Theft. (Jan. 6, 2009)
