« October 2009 | Main | December 2009 »

November 2009 Archives

November 2, 2009

Study Finds that Children’s Privacy has been Compromised

A Fordham Law School study found that state educational databases across the country ignore key privacy protections for the nation’s school children. The study reports that at least 32% of states warehouse children’s social security numbers; at least 22% of states record student pregnancies; and at least 46% of the states track mental health, illness, and jail sentences as part of the children’s educational records. Some states outsource the data processing without any restrictions on use or confidentiality for children’s information. Access to this information and the disclosure of personal data may occur for decades and follow children well into their adult lives. These findings come as Congress is considering the Student Aid and Financial Responsibility Act, which would expand and integrate the 43 existing state databases without taking into account the critical privacy failures in the states’ electronic warehouses of children’s information. For more information on children’s privacy issues see EPIC Children’s Online Privacy Protection Act and EPIC DOD Recruiting Database.

November 3, 2009

Public Voice Hosts Global Privacy Conference in Madrid

Almost two hundred privacy experts, advocates, and governments officials from around the world gathered in Madrid for the "Global Privacy Standards" conference, organized by the Public Voice. The event features panel discussions on “Privacy and Human Rights: The Year in Review,” "Privacy Activism: Major Campaigns," “Your Data in the Cloud: What if it Rains?,” "Transborder Data Flow: Bridges, Channels or Walls?," and "“Toward International Privacy Standards." Leading privacy officials from Spain, the European Union, the European Parliament, the OECD, and Canada are participating. The event is being held in conjunction with the annual meeting of the Privacy and Data Protection Commissioners, which is expected to draw more than 1,000 participants from over fifty countries. The Public Voice event will also be cybercast and tweeted. @thepublicvoice #globalprivacy.

Civil Society Groups and Privacy Experts Release Madrid Declaration, Reaffirm International Privacy Laws, Identify New Challenges and Call for Concrete Action to Safeguard Privacy

In a crisply worded declaration, over 100 civil society organizations and privacy experts from more than 40 countries have set out an expansive statement on the future of privacy. The Madrid Declaration affirms that privacy is a fundamental human right and reminds "all countries of their obligations to safeguard the civil rights of their citizens and residents." The Madrid Declaration warns that "privacy law and privacy institutions have failed to take full account of new surveillance practices." The Declaration urges countries "that have not yet established a comprehensive framework for privacy protection and an independent data protection authority to do so as expeditiously as possible." The civil society groups and experts recommend a "moratorium on the development or implementation of new systems of mass surveillance." Finally, the Declaration calls for the "establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions." The Madrid Declaration was released at the Public Voice conference in Madrid on Global Privacy Standards. Multiple translations of the Declaration are available.

November 4, 2009

EPIC Urges Court to Enforce Video Privacy Law

Today, EPIC filed a friend of the court brief with the Fifth Circuit Court of Appeals, urging the Court to enforce federal privacy protections for Facebook users who rented videos from Blockbuster, a Facebook business partner. The Video Privacy Protection Act prohibits companies from revealing consumers' video rental histories. EPIC wrote, "Congress established a private right of action to ensure that there would be a meaningful remedy when companies failed to safeguard the data they collected" and warned, "absent a private right of action, there would be no effective enforcement, no remedy for violations, and no way to ensure that companies complied with the intent of the Act." The lawsuit was filed by Cathryn Harris and other Facebook users after Blockbuster made public their private video rental information. Blockbuster, a participant in Facebook's Beacon program, claimed that consumers cannot sue the company and must submit to mandatory arbitration. EPIC's brief, which includes a detailed history of the video privacy law, urges the appeals court to uphold a lower court ruling, which held that the plaintiffs are allowed to pursue their claim that a federal law was violated. For more information, see EPIC Harris v. Blockbuster, EPIC The Video Privacy Protection Act, and EPIC Facebook Privacy.

November 5, 2009

"Biometrics and the Law"

"Biometrics and the Law"

Marc Rotenberg,
EPIC Executive Director

Georgetown University Law Center
Washington, DC
November 10, 2009

November 9, 2009

AARP National Policy Council Roundtables Meeting

AARP National Policy Council Roundtables Meeting: Intelligent Transportation Systems

Lillie Coney
EPIC, Associate Director

Washington, DC
November 13, 2009

EPIC Sues Homeland Security for Information About Digital Strip Search Devices

EPIC filed a Freedom of Information Act lawsuit challenging the Department of Homeland Security's failure to make public details about the agency's Whole Body Imaging program. The devices capture detailed naked images of air travelers in the United States. After the agency announced that the body scanners would become the primary screening device in US airports, EPIC demanded that the agency disclose records that describe the scanners' capacity to save and transmit images. In June, EPIC sent a letter to the Secretary of Homeland Security Janet Napolitano urging her to suspend the digital strip searches. For more, see EPIC Backscatter X-ray, Whole Body Imaging and EPIC Air Travel Privacy.

IGF 2009: Privacy and Security Implications of Cloud Computing

Privacy and Security Implications of Cloud Computing

Online Advertising and User Privacy

Marc Rotenberg,
EPIC Executive Director

Katitza Rodriguez,
Public Voice Coordinator

Internet Governance Forum
Sharm El Sheikh, Egypt
November 15-18, 2009

November 10, 2009

Privacy Legislation Moves Forward in Senate

The Senate Judiciary Committee approved bipartisan legislation aimed at improving cybersecurity. The Personal Data Privacy and Security Act would establish a national standard for data breach notification and would require companies with databases containing sensitive personal information to establish data privacy and security programs. The bill was drafted in response to the growing number of Internet crimes in recent years. According to Senator Leahy (D-VT), who authored the bill, this legislation “strikes the right balance to protect privacy, promote commerce, and successfully combat identity theft.” The bill has been sent to the Senate for consideration.

EPIC Urges Government to Protect Privacy in the Smart Grid

Today, EPIC filed comments with the National Institute of Standards and Technology (NIST), urging it to implement robust privacy protections in the Smart Grid. The Smart Grid refers to a host of technologies that will allow unprecedented communication between American energy providers and energy consumers. However, it will also dramatically transform the ability of providers of power services in the United States to track the activities of consumers. For that reason, EPIC urged NIST to establish comprehensive privacy regulations that limit the collection and use of consumer data. For more information, see EPIC Smart Grid and Privacy.

November 12, 2009

Congressional Committee Investigating Privacy Office at Homeland Security, Acknowledges Privacy Coalition Letter

House Homeland Security Committee Chairman Bennie Thompson has responded to the Privacy Coalition letter regarding the Chief Privacy Officer of the Department of Homeland Security. Chairman Thompson said that "the Committee is in the process of reviewing the programs outlined" in the letter, and thanked the Coalition for bringing the issues to the attention of the committee. He further stated that the Committee "will continue to examine the Department's programs and policies and vigorously address privacy concerns and issues." For more information, see EPIC DHS Privacy Office and Privacy Coalition.

November 17, 2009

Cross Border Data Flows, Data Protection and Privacy

Cross Border Data Flows, Data Protection and Privacy

Marc Rotenberg,
EPIC Executive Director

Department of Commerce
Washington, DC
November 18, 2009

Revised Google Books Settlement Announced, Privacy Problems Remain

The parties in the Google Books Settlement have filed an amended settlement. The Department of Justice, authors, EPIC and other privacy advocates criticized the original settlement. The revised settlement attempts to address price fixing and concerns about orphan works. However, the revised settlement does little to address privacy. Professor Pamela Samuelson stated “There are dozens of provisions in the settlement agreement that call for monitoring of what users do with books and essentially no privacy protections built into the settlement agreement.” For more information, see EPIC Google Books Settlement and Privacy, EPIC Google Books Litigation, and EPIC Google Books: Policy Without Privacy.

President Obama Nominates Brill and Ramirez for Federal Trade Commission

President Obama nominated Julie Brill and Edith Ramirez to be commissioners of the Federal Trade Commission. Brill, North Carolina’s top consumer advocate, serves as the senior deputy attorney general and chief of consumer protection and antitrust for the North Carolina Department of Justice. Ramirez, who specializes in intellectual property and complex litigation matters, is a partner in a Los Angeles, California law firm and has experience representing companies such as Mattel, Inc. and Northrop Grumman Corp. In a press release, President Obama stated, “These individuals bring a depth of experience to their respective roles, and I am confident they will serve my administration and the American people well. I look forward to working with them in the months and years ahead.”

EU and US Officials Examine Safe Harbor, Cross Border Data Flow and Privacy

Officials from the United States and the European Union are meeting in Washington this week to review "Safe Harbor," a framework that allows the processing of data on EU citizens by US firms without traditional legal protections. Safe Harbor has been challenged by the European Parliament and questioned by academic experts. The Federal Trade Commission recently took action against US firms that incorrectly claimed current Safe Harbor certification, but the only penalty imposed was that the companies may not in the future misrepresent membership in any privacy, security, or other compliance program.

November 19, 2009

DHS Announces "Global Entry" Biometric Identification System for U.S. Airports

Today, the Department of Homeland Security proposed to make permanent Global Entry, a program the agency says will “streamline the international arrivals and admission process at airports for trusted travelers through biometric identification.” Under the proposed system, pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. The DHS announcement follows the recent news that Clear, a Registered Traveler program, had entered bankruptcy, raising questions about the possible sale of the biometric database that was created. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for Registered Traveler programs would jeopardize air traveler privacy and security. The agency is taking comments on the proposal. For more information, see EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging.

November 20, 2009

The Innovation Economy

The Innovation Economy

Marc Rotenberg,
EPIC Executive Director

Aspen Institute
Reagan Conference Center
Washington, DC
Nov 30 - Dec 1, 2009

FTC Privacy Roundtable: Exploring Existing Regulatory Frameworks

FTC Privacy Roundtable: Exploring Existing Regulatory Frameworks

Marc Rotenberg,
EPIC Executive Director

FTC Conference Center
Washington, DC
December 7, 2009

4th Annual Judicial Symposium on Civil Justice Issues

4th Annual Judicial Symposium on Civil Justice Issues
Law in Cyberspace:  Legal Blogging & the Courts

John Verdi,
EPIC Senior Counsel

Northwestern School of Law
Searle Center on Law, Regulation, and Economic Growth
Chicago, IL
December 7, 2009

Reconceptualizing the FTC's Understanding of Privacy

"Reconceptualizing the FTC's Understanding of Privacy"

Marc Rotenberg,
EPIC Executive Director

IAPP Confernce
Willard Hotel
Washington, DC
December 8, 2009

November 24, 2009

EPIC Files Appeal for NSA Policy on Network Surveillance

Today, EPIC filed a Freedom of Information Act appeal, seeking disclosure of NPSD 54, the classified Directive that describes a National Security Agency program to monitor American computer networks. EPIC submitted the original request to shed light on the extent of the federal government's surveillance of civilian computer systems, but the agency refused to disclose the document. EPIC's appeal warns that the NSA’s improper withholding of the Directive "flatly contravenes" the President's policy on open government and "explicit FOIA guidance promulgated by the Attorney General." EPIC further stated, without public disclosure of the Directive, "the government cannot meaningfully make assurances about the adequacy of privacy and civil liberties safeguards." For more information, see EPIC Open Government.

November 25, 2009

ENISA Report Examines Cloud Computing and Privacy

The European Network and Information Security Agency has released a new report on Cloud Computing. The ENISA report recommends that European officials determine the application of data protection laws to cloud computing services. The report also considers whether personal data may be transferred to countries lacking adequate privacy protection, whether customers should be notified of data breaches, and rules concerning law enforcement access to private data. Earlier this year, EPIC filed a complaint with the Federal Trade Commission, urging the Commission to examine the adequacy of privacy safeguards for cloud computing services. A subsequent letter by computer researchers, addressed to Google CEO Eric Schmidt, raised similar concerns. See EPIC Cloud Computing.

November 30, 2009

European Countries Approve Sweeping Communications, Privacy Reforms

On November 24, the European Parliament established new Internet policies, including a right to Internet access, net neutrality obligations, and strengthened consumer protections. Under the ePrivacy directive, communications service providers will also be required to notify consumers of security breaches, persistent identifiers ("cookies") will become opt-in, there will be enhanced penalties for spammers, and national data protection agencies will receive new enforcement powers. The amended directive takes effect with publication on December 18 in the EU Official Journal. Member states then have 18 months to transpose the Directive into national law. See EPIC Privacy Law Sourcebook.

About November 2009

This page contains all entries posted to epic.org in November 2009. They are listed from oldest to newest.

October 2009 is the previous archive.

December 2009 is the next archive.

Many more can be found on the main index page or by looking through the archives.