Through a Freedom of Information request, EPIC has obtained records concerning Utah’s "Healthy Together” COVID-19 app. The documents include a presentation from Twenty Holdings, Inc., the company that developed the app, and include details of its development. The records reveal that “[o]nce the economy resumes normalcy, the App will continue to provide the mechanism to monitor any emerging risks.” It has been reported that Twenty hopes to sell the app and app back end to other states and private companies. The developers of the app plan to integrate the Apple/Google API when it is available. The app current methodology relies on collated location data from all users, rather than decentralized proximity tracking. The Utah Governor’s Office of Management and Budget found no records of any audits or independent privacy assessments of the contact tracing app. EPIC has called on Congress to ensure that government agencies and private companies establish privacy safeguards for digital contact tracing. But without audits and independent privacy assessments, contact tracing apps like Healthy Together cannot be "robust, scalable, and provable."
The National Security Commission on Artificial Intelligence is seeking public comments on federal AI policy—a step that EPIC has repeatedly urged the Commission to take. The Commission is charged with developing recommendations on the use of AI in national security and defense contexts. But the Commission has conducted much of its work in secret and without public input, leading EPIC to file an open government lawsuit against the Commission. EPIC won a court ruling that the AI Commission is subject to the Freedom of Information Act, and the Commission has begun disclosing its records. EPIC is also litigating to enforce the Commission's obligation to hold open meetings. Public comments to the AI Commission are due by September 30, 2020.
Members of Congress have introduced two bills to restrict the microtargeting of online political advertisements. EPIC supports both bills. The Banning Microtargeted Political Ads Act, sponsored by Rep. Anna Eshoo (CA-18), would prohibit online platforms from targeting ads at users on the basis of their personal data. "This is an important step forward in protecting Americans’ privacy and in protecting our democratic institutions," said Caitriona Fitzgerald, EPIC Interim Associate Director and Policy Director. The Protecting Democracy from Disinformation Act would restrict microtargeting of political ads based on demographic characteristics and personal data collected online. "This bill will help ensure that the democratic process isn't distorted by privacy-invasive and discriminatory targeting of political ads," said John Davisson, EPIC Counsel. The bill is sponsored by Rep. David Cicilline (RI-1) and co-sponsored by Reps. Sean Casten (IL-6), Alcee Hastings (FL-20), Jahana Hayes (CT-5), Henry Johnson (GA-4), and Stephen Lynch (MA-8). Both bills would allow consumers to sue platforms that engage in illegal microtargeting. EPIC’s report Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a modern privacy law.
