« January 2009 | Main | March 2009 »

February 2009 Archives

February 4, 2009

National Academies Report Calls for New Approach to Medical Privacy

As the Congress considers establishing a national network for electronic health records, a report from the Institute of Medicine recommends a new approach to medical record privacy. "Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research" finds that the current medical privacy regulations do not protect privacy and unnecessarily impede health research. The expert panel recommends revising research guidance, enhancing security for personally identifiable information, establishing trusted third parties for clearly defined research purposes, and developing new techniques that enable deidentification. The report also said it was vital to "Apply privacy, security, transparency, and accountability obligations to all health records used in research." EPIC Director Marc Rotenberg participated in the study project. More information, see EPIC Medical Privacy page.

February 5, 2009

Report: Google Latitude Poses Significant Privacy Risks

Privacy International has identified a major security flaw in Google's new phone locational tracking service. According to the London-based organization, the tracking feature in Google Latitude can be easily enabled by anyone with access to the phone. Moreover, there is no simple way for a user to determine the tracking status of their phone. Question have also been raised about Google's plan to use cell phone data location records for advertising purposes. For more information, see EPIC's page on Personal Surveillance.

February 12, 2009

Trade Commission Issues Voluntary Guidelines for Online Tracking, Targeting, and Advertising

Today, the Federal Trade Commission released voluntary guidelines for Internet advertising and behavioral targeting. The guidelines set out four principles: "1) transparency and consumer control; 2) reasonable security and limited data retention for consumer data; 3) affirmative express consent for material retroactive changes to privacy promises; and 4) affirmative express consent to (or prohibition against) use of sensitive data." There is no means to enforce the guidelines, and Commissioners Jon Leibowitz and warned that they are insufficient to ensure consumers' privacy. Commissioner Harbour cautioned that the guidelines "focus too narrowly" and urged rulemakers to "take a more comprehensive approach to privacy." The guidelines are in part a response to EPIC's 2007 Complaint regarding the Google-Doubleclick merger raising concerns about the profiling of Internet users and the need to establish clear privacy safeguards as a condition of the merger. For more information, see EPIC's Complaint regarding the Google/DoubleClick merger and page Privacy? Proposed Google/DoubleClick Deal.

February 18, 2009

American Recovery Act Includes Strong Medical Information Safeguards

President Obama signed the American Recovery & Reinvestment Act, which includes comprehensive safeguards for medical information. The Act prohibits the unauthorized sale of medical records and provides exceptions for research, public health and treatment. The Act also limits marketing, requires covered entities and business associates to keep an audit trail of personnel having access to the information, mandates policies setting standards for technology systems to restrict sensitive information, use data encryption and directs breach notifications. The new law prescribes monetary penalties for violations and requires monitoring of contracts and reporting on compliance. Patient Privacy Rights led the campaign for strong medical privacy protection. For more information, see EPIC's page on Medical Privacy.

On Eve of EPIC Trade Commission Complaint, Facebook Backs Down on Revised Terms of Service

Hours before EPIC planned to file a complaint with the Federal Trade Commission regarding changes to Facebook's Terms of Service, the social network service announced that it will restore the original policy. The new Terms of Service were announced on Feb. 4, were widely criticized, and were to be the subject of the EPIC complaint. Facebook users observed that, under the revised policies, Facebook asserted broad, permanent, and retroactive rights to users' personal information - even after they deleted their accounts. The EPIC complaint was supported by more than a dozen consumer and privacy organizations. Previous EPIC Complaints at the FTC have concerned Choicepoint, Microsoft Passport, and the Google-Doubleclick merger. For more, see EPIC's "Social Networking Privacy" page. Support EPIC's efforts to maintain your privacy in the social networking world.

February 23, 2009

Supreme Court to Hear Argument in "Identity Theft" Case, EPIC Urges Justices to Protect Privacy Enhancing Technologies

On Wednesday, the Supreme Court will hear arguments in a case that will determine whether individuals who include identification numbers that are not theirs, but don't intentionally impersonate others, can be subject to harsh criminal punishments under federal law. In Flores-Figueroa v. United States, the petitioner challenged his conviction for "aggravated identity theft." EPIC filed a "friend of the court" brief, on behalf of 17 legal scholars and technical experts, urging the Justices to protect techniques that allow individuals to safeguard privacy. EPIC explained that the crime of "identity theft" should require an intent to impersonate another. The EPIC brief urges the Court to avoid "a precedent that might inadvertently render the use of privacy enhancing pseudonyms, anonymizers, and other techniques for identity management unlawful." For more, see EPIC's Flores-Figueroa v. United States page.

February 26, 2009

Facebook Announces Governing Principles, Statement of Rights and Responsibilities

Today, Facebook proposed guidelines and a statement of rights and responsibilities governing its relationship with users. The social networking service called for user comment on the principles, which include "Ownership and Control of Information" and "Transparent Process." Facebook further committed to "open up Facebook so that users can participate meaningfully in our policies and our future." Facebook's announcement follows last week's abandonment of changes to its Terms of Service on the eve of an EPIC complaint to federal regulators. For more and see the efforts of People Against the New Terms of Service, and EPIC's "Social Networking Privacy" page.

February 27, 2009

Homeland Security Secretary Proposes Increase in Spending for Domestic Surveillance Programs

Homeland Security Secretary Janet Napolitano testified before the House Committees on Homeland Security, and said that DHS plans to connect governmental databases containing personal information, expand the government's employment tracking system, promote passenger screening, use e-passports, employ watchlists and utilize contactless identity verification cards. EPIC has opposed Fusion Centers, the E-Verify program and the use of Backscatter X-Ray devices. EPIC has also objected to the use of RFIDs in passports, in Air Travel and in driver's licences.

About February 2009

This page contains all entries posted to epic.org in February 2009. They are listed from oldest to newest.

January 2009 is the previous archive.

March 2009 is the next archive.

Many more can be found on the main index page or by looking through the archives.