In comments to the Department of Defense on the proposed expansion of the "Insider Threat" Database, EPIC recommended the Department withdraw unlawful and unnecessary routine use disclosures, significantly narrow the Privacy Act exemptions, and adopt the Universal Guidelines for Artificial Intelligence. The DoD plans to collect detailed, personal information, including health data, ethnicity and race, biometric data, travel records, and social media information, on federal employees, their friends, and family members. EPIC noted widespread computer security problems at the DoD, and warned, "this system of records—despite a documented inability to protect personal data—invites the very threats the program seeks to prevent." EPIC previously commented on the creation of the system.
As part of an effort to promote uniformity in privacy regulations, the Department of Defense has finalized a regulation regarding the Personnel Vetting Records System. EPIC submitted detailed comments to the agency "criticizing the breadth of exemptions and expressing concerns about accountability for DoD's information collection activities." The Department of Defense responded in detail to EPIC stating, "The Department appreciates these concerns....Notwithstanding the potential availability of exemptions that DoD may need to assert for certain records in the system when circumstances warrant, exemption rules do not require the assertion of exemptions in every instance. In fact, DoD anticipates asserting exemptions in limited circumstances on a case-by-case basis....With respect to access rights in particular, the DoD anticipates generally providing access rights and exercising exemptions as the exception rather than the norm." EPIC routinely comments on the obligations of federal agencies to comply with the federal Privacy Act. EPIC recently commented on the privacy issues raised by the Department's "Insider Threat" Program, noting that the extensive collection of personal data could create new vulnerabilities.
The U.S. Supreme Court will hear arguments this week in a case challenging the addition of the citizenship question to the 2020 Census. EPIC filed an amicus brief in Department of Commerce v. New York, urging the Court to uphold a New York federal judge's decision to remove the question. EPIC warned that the "extraordinary reach of the Bureau into the private lives of Americans brings extraordinary risks to privacy." In a related matter, EPIC's lawsuit to block the citizenship question, EPIC v. Commerce, is currently before the D.C. Circuit with an argument scheduled for May 8. EPIC has charged that the Census Bureau failed to complete required Privacy Impact Assessments prior to the decisions to collect personal data about citizenship. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC told the D.C. Circuit, "Key deadlines are fast approaching, and major privacy risks have not been addressed by the agency."
