In response to EPIC's Freedom of Information Act lawsuit, the FTC has released agency emails about the 2011 Facebook Consent Order. Following a detailed complaint by EPIC and other consumer privacy organizations, the FTC issued an order in 2011 that required biennial audits of Facebook's privacy practices. EPIC pursued public release of these reports and related emails to understand why the FTC failed to bring an enforcement action action against the company. Today the FTC released to EPIC 89 emails between the FTC and Facebook from the years 2011, 2012, 2013, 2014, 2015, 2016, 2017, and 2018. In March 2018, following the Cambridge Analytica data breach, the FTC announced it was reopening the Facebook investigation. To date, there is still no announcement, no report, and no fine.
EPIC has filed an amicus brief with the U.S. Court of Appeals for the Sixth Circuit in United States v. Miller, arguing that the Government must prove the reliability of Google email screening technique. The lower court held that law enforcement could search any images that Google's algorithm had flagged as apparent child pornography. EPIC explained that a search is unreasonable when the government cannot establish the reliability of the technique. EPIC also warned that the government could use this technique "to determine if files contain religious viewpoints, political opinions, or banned books." EPIC has promoted algorithmic transparency for many years. EPIC routinely submits amicus briefs on the application of the Fourth Amendment to investigative techniques. EPIC previously urged the government to prove the reliability of investigative techniques in Florida v. Harris.
EPIC has obtained records concerning "Media Monitoring Services," a controversial DHS project to track journalists, news outlets, and social media accounts. The records, released in EPIC's FOIA lawsuit against the federal agency, reveal that the DHS bypassed the agency's own privacy officials and ignored the privacy and First Amendment implications of monitoring the coverage by particular journalists of a federal agency. As a result of EPIC's lawsuit, the agency previously admitted that it did not conduct a Privacy Impact Assessment for the program, as required by law. EPIC has successfully obtained several Privacy Impact Assessments, including for a related media tracking system (EPIC v. DHS) and for facial recognition technology (EPIC v. FBI). In EPIC v. Presidential Election Commission, EPIC challenged the Commission's failure to publish a Privacy Impact Assessment prior to the collection of state voter data.
