Russian intelligence officers hacked the website of a political organization in 2016 and stole personal data on more than 500,000 voters, according to a new indictment from the Special Counsel's Office. The stolen data included "names, addresses, partial social security numbers, dates of birth and driver's license numbers." In January 2017, EPIC sued the FBI for information about the agency's failure to respond to foreign cyber attacks on the DNC and the RNC. EPIC eventually obtained the victim notification procedures that would have applied during the 2016 Presidential election, but which the FBI failed to follow. Almost 18 months have passed since the filing of EPIC v. FBI and the first criminal indictments.
EPIC has sent a letter to the Federal Trade Commission and the European Data Protection Board urging the suspension of a proposed study that will disclose user data to third parties without their consent. EPIC warned that the Social Science One project transfer likely violates the GDPR, as well as the FTC's 2011 Consent Order with Facebook, which bars Facebook from disclosing data to third parties without users' affirmative consent. The FTC announced in April that Facebook is under investigation over the transfer of personal data to Cambridge Analytica, a research organization affiliated with a prestigious university. In 2012, Facebook conducted a psychological experiment on its users by secretly manipulating their news feeds to examine the effects of social media on user emotions. The study was suspended after objections from EPIC, professional societies, and others. The Guardian reported that the "lack of 'informed consent' means that Facebook experiment on nearly 700,000 news feeds broke rules on tests on human subjects."
In a companion case to EPIC v. FAA, the D.C. Circuit ruled in Taylor v. FAA that the regulations for drones operated by hobbyists are within the agency's statutory authority. The D.C. Circuit previously ruled that EPIC lacked standing to compel the FAA to establish privacy rules for commercial drones. The D.C. Circuit declined to reach the merits of EPIC's challenge. The FAA is expected to issue rules later this year that will require drones to identify themselves with radio beacons, as EPIC had previously urged.
