« May 2010 | Main | July 2010 »

June 2010 Archives

June 1, 2010

TSA Responds to EPIC and Privacy Groups, Claims Body Scanners Ok

In a May 28, 2010 letter to a coalition of organizations, the Transportation Security Administration defended its use of full body scanner machines. The Agency claimed that the machines are safe, effective, and do not violate existing statutes or impermissibly infringe on Americans' Constitutional Rights. This letter is a response to an April 21, 2010 petition in which EPIC and 30 organizations urged the TSA to suspend the full body scanner program due to Constitutional, statutory, health, and effectiveness concerns. In 2009, the organizations petitioned the agency to undertake a formal request for public comments. The agency never acted on the request. For more information, see EPIC: Whole Body Imaging Technology and EPIC v. Department of Homeland Security

Congress Pursues Investigation of Google and Facebook's Business Practices

Following similar letters from other Congressional leaders, the head of the House Judiciary Committee has asked Google Inc. and Facebook to cooperate with government inquiries into privacy practices at both companies. Rep. Conyers (D-MI) noted that Google's collection of user data "may be the subject of federal and state investigations" and asked Google to retain the data until "such time as review of this matter is complete." Rep. Conyers also asked Facebook to provide a detailed explanation regarding its collection and sharing of user information. The House Judiciary Committee is expected to hold hearings on electronic privacy later this year. For more information, see EPIC: Facebook Privacy, EPIC: In re Facebook II, and EPIC: Search Engine Privacy.

June 2, 2010

FTC Delays Identity Theft Rule Yet Again

The Federal Trade Commission is delaying, for the fourth time, its enforcement of the "Red Flags Rule." This rule requires creditors and financial institutions to implement programs to identify, detect and respond to the warning signs, or “red flags,” that could indicate identity theft. The FTC has decided to delay enforcement through the end of the year in order to give Congress time to enact legislation that could clarify what kind of entities would be considered "creditors" under the rule. For more information, see EPIC: Identity Theft.

June 7, 2010

Privacy Issue Attracts Fire in California Attorney General Race

Facebook privacy has become a hot topic in the California race for Attorney General. In the Democratic primary, Kamala Harris has attacked former Facebook Chief Privacy Officer Chris Kelly over the company's privacy practices. But Kelley has recently criticized some of the Facebook changes and said that "instant personalization" should be opt-in. Kelly has also supported a Moveon Facebook campaign though some bloggers have doubts. During the last election cycle, EPIC launched PRIVACY08 to encourage candidates to debate privacy issues. Also see EPIC Facebook Privacy.

June 8, 2010

Faculty Privacy and Web-based Health Promotion Programs

Faculty Privacy and Web-based Health Promotion Programs

Lillie Coney,
EPIC Associate Director

Annual Conference on the State of Higher Education
Omni Shoreham Hotel
Washington, DC
June 9-12, 2010

Presentation Slides

Privacy, Libraries, and the Law

American Libraries Association National Conference

Lillie Coney,
EPIC Associate Director

Washington Convention Center
June 24-29, 2010

June 9, 2010

Cybersecurity Policy and the Role for .Orgs & E-Deceptive Campaign Practices

Cybersecurity Policy and the Role for .Orgs & E-Deceptive Campaign Practices

Lillie Coney,
EPIC Associate Director

Ginger McCall
EPIC Staff Counsel

Computers Freedom and Privacy 2010
San Jose State University
San Jose, CA
June 18, 2010

June 10, 2010

Election Assistance Commission Board of Advisors Meeting

Election Assistance Commission Board of Advisors Meeting

Lillie Coney,
EPIC Associate Director
EAC Board of Advisor

Election Assistance Commission
Washington, DC
June 16-17, 2010

June 11, 2010

Privacy International Charges Google with Criminal Intent in "Spy-Fi" Matter

International privacy watchdog Privacy International asserts that an audit of Google's Street View data collection shows that Google separated out and systematically stored network content obtained from private Wi-Fi devices. According to PI, this establishes that Google's Wi-Fi data collection was intentional, despite Google's assurances to the contrary. The audit follows an investigation which revealed that Google Street View vehicles were secretly capturing and recording private Wi-Fi data in addition to photographic images. Street View vehicles operated in 30 countries over a three-year period until Google was forced to suspend the program. In the US, EPIC has sent a letter to the Federal Communications Commission, urging the FCC open an investigation to determine whether Google violated US wiretap laws.

New Cybersecurity Legislation Introduced

Senators Lieberman, Collins, and Carper of the Senate Homeland Security & Governmental Affairs Committee have introduced the Protecting Cyberspace as a National Asset Act of 2010. The bill would establish a White House Office of Cyberspace Policy and a National Center for Cybersecurity and Communications. The bill would  allow the President to declare a "national cyber emergency" and implement emergency measures, although it would not allow these measures to set aside requirements of the Wiretap Act, the Electronic Communications Privacy Act, or the Foreign Intelligence Surveillance Act.  The bill would also make certain changes to the Federal Information Security Management Act. The Committee released a summary of the bill. EPIC is currently seeking to make public the NSA's authority for cyber security.  For more information, see EPIC Cybersecurity and Privacy.

Pew/Elon Study: Cloud Computing Will Expand, Security and Privacy Issues Must be Addressed

According a recent Pew Internet and Elon University survey , most technology experts believe that the next decade will bring increased reliance on internet-based applications and cloud computing. The experts and social analysts surveyed also predicted greater use of mobile devices, with an accompanying reduction in general purpose computing. The survey found that the cloud computing brings considerable privacy and security risks. EPIC has a complaint pending before the Federal Trade Commission on Cloud Computing and Privacy. For more information, see EPIC Cloud Computing.

Federal Judge Limits Suspicionless Laptop Searches at Borders

A federal judge has ruled against the Department of Homeland Security's Customs and Border Protection claim that agents could not only search the electronic devices of cross-border travelers without a warrant or even reasonable suspicion, they could also seize the devices indefinitely for more invasive searches. In United States v. Hanson, U.S. District Judge Jeffrey White ruled that "[g]iven the passage of time between the January and February searches and the fact that the February search was not conduct[ed] at the border, or its functional equivalent, the court concludes that the February search . . . must be justified by reasonable suspicion." Last October, EPIC and 20 other organizations sent a letter to the House Committee on Homeland Security objecting to this practice and other privacy violations. For more information, see EPIC: DHS Privacy Office.

June 14, 2010

Investigation of Google "Spy-Fi" Expands, Congress to Hold Hearings

In the expanding probe of the "Spy-Fi" matter, Google admitted in a letter to the House Energy and Commerce Committee that Street View cars were purposefully downloading and capturing Wi-Fi data. Google claimed that the practice was legal, though it also said it "would stop Street View cars from collecting WiFi data entirely." The response comes two weeks after House members Henry Waxman (D-CA), Joe Barton (R-TX), and Edward Markey (D-MA) wrote to CEO Eric Schmidt demanding answers about Google's Street View vehicles. Google's responses to lawmakers have raised new questions, most notably why didn't Google reveal the full scope of its Street View activities? Representative Barton said, “this matter warrants a hearing, at minimum" and commented that Google's conduct is "ironic in view of the fact that Google is lobbying the government to regulate Internet service providers, but not Google." Representative Markey said, "We will continue to actively and aggressively monitor developments in this area."

FCC Consumer Bureau Chief Says Google Street View "Clearly Infringes on Consumer Privacy," Charges Company with "Cyber Snooping"

The Chief of the Consumer and Governmental Affairs Bureau for the Federal Communications Commission warned consumers that Google's "behavior" raises important privacy concerns and said that the collection of Wi-Fi data, "whether intentional or not . . . clearly infringes on consumer privacy." Mr. Gurin further stated that the FCC Public Safety and Homeland Security Bureau is "now addressing cyber security as a high priority." EPIC recently wrote to the FCC Chairman Jules Genachowski and urged the Commission to open an investigation of Google Street View. EPIC said, "The Commission plays a critical role in safeguarding the integrity of communications networks and the privacy of American consumers."

Canada's Privacy Commissioner Awards $500,000 to 13 Projects to Advance Frontiers of Privacy Research

Canadian Privacy Commissioner Jennifer Stoddart announced the recipients of her Office’s 2010-11 Contributions Program, which funds privacy research and public education initiatives. This year’s projects involve research initiatives that focus on the Office’s four key privacy priority areas: national security, identity integrity and protection, information technology, and genetic privacy. Created in 2004 to support non-profit research on privacy, public policy, and the protection of personal information, the Contributions Program is highly regarded and considered one of the foremost privacy research funding programs in the world. To date, the program has allocated over $2 million to more than 60 initiatives in Canada. EPIC recently acknowledged the work of the Rose Foundation, which funds similar projects in the United States.

EPIC Recommends Consumer Privacy Protections for California Smart Grid

In formal comments to the California Public Utility Commission, EPIC said that utility customers should control the use of personal information generated by Smart Grid services. EPIC warned that companies will otherwise use the data for purposes not related to electricity delivery, consumption management, or payment. EPIC urged the California Commission to include a requirement that limits the use of personal data  by third party providers offering energy management services. The Commission acknowledged EPIC's March 2010 comments and EPIC's April 2010 comments in the proposed California Smart Grid plan. For more information, see EPIC Smart Grid.

June 16, 2010

Report from European Commission Raises New Questions About Airport Body Scanners 

A report prepared for the European Parliament and the European Council on the controversial proposal to deploy body scanners at European airports warns of "a serious risk of fragmenting fundamental rights of EU citizens, impeding their rights of free movement, and escalating their health concerns related to new security technologies." The report recommends common European standards to ensure the protection of fundamental rights and to address health concerns. The report also recommends security scanners that are less intrusive and pose fewer health risks than those currently deployed in US airports. Earlier this year, EPIC and Ralph Nader urged President Obama to suspend the airport body scanner program until "a comprehensive evaluation of the devices' effectiveness, health impacts, and privacy safeguards is completed by an independent board of review." For more information, see EPIC: Whole Body Imaging.

Senate Committee Holds Hearing on Cybersecurity Bill

The Senate Homeland Security Committee held a first hearing on the recently introduced cybersecurity bill, the Protecting Cyberspace as a National Asset Act of 2010. The hearing (video) featured testimony from Philip Reitinger at the Department of Homeland Security, as well as several industry representatives. Many of the committee's questions focused on whether authority over civilian cybersecurity should be concentrated in the Department of Homeland Security or in the Department of Defense, a question on which EPIC has repeatedly sought information. For more information, see EPIC Cybersecurity and Privacy.

EPIC, Privacy Groups Recommend Further Changes for Facebook

EPIC has joined a letter, organized by the ACLU of Northern California, calling for Facebook to fix ongoing privacy problems with the social network service. The letter, signed by several privacy organizations, recommends that Facebook make "Instant Personalization" opt-in, limit data retention, give users greater control over their information, and allow users to export their content from Facebook. EPIC has a complaint currently pending at the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices. For more information, see EPIC Facebook Privacy.

Privacy International Launches System to Shed Light on Controversial Technologies

International watchdog Privacy International has announced the launch of a new website for bringing transparency to "technical mysteries" behind controversial systems. Cracking the Black Box identifies key questions regarding mysterious technologies and asks experts, whistleblowers, and other concerned parties to "help crack the box" by anonymously contributing ideas and input. The organization responsible for the technology in question is then invited to provide an official response. The first two issues addressed on the PI site are the Google Wi-Fi controversy and the EU proposal to retain search data.

June 17, 2010

Mobile Phones and Personal Data Collection: Avoiding and Resisting Surveillance

Mobile Phones and Personal Data Collection: Avoiding and Resisting Surveillance

Ginger McCall
EPIC Staff Counsel

Computers Freedom and Privacy 2010
San Jose State University
San Jose, CA
June 17, 2010

Supreme Court Rules Against Text Message Privacy, Permits Search of Public Employee's Pager

The Supreme Court has issued a ruling in City of Ontario v. Quon, a case concerning the reasonablenees of a search of a public employee's pager. EPIC filed a "friend of the court" brief in the case, arguing that data minimization practices should be followed for electronic searches, and that the search, which uncovered personal texts unrelated to the purpose of the search, was therefore unreasonable. EPIC urged the Supreme Court to apply the approach set out in Comprehensive Drug Testing v. United States, which allows a government agency to undertake appropriate searches without unnecessarily violating privacy interests. The Court ruled that the search was reasonable, reversing the Ninth Circuit's decision that such a search be conducted through the least intrusive means possible. For more information, see EPIC: City of Ontario v. Quon.

June 18, 2010

EPIC's Coney Leads Cybersecurity Panel at Computers, Freedom, Privacy Conference

EPIC Associate Director Lillie Coney leads a panel discussion today on "Cybersecurity Policy and the Role of .Orgs" at the annual conference on Computers, Freedom, and Privacy. The panel features top government decision makers and leading experts in cybersecurity. The panel will be cybercast June 18 at 2 pm ET. The discussion builds on a letter to White House Cyber Security Director Howard Schmidt, organized by EPIC and endorsed by 30 organizations, which states that US cybersecurity policy "must incorporate protections of our basic freedoms and constitutional rights." Ms. Coney will co-chair the 2011 CFP Conference, which will be held in Washington DC. For more information, see EPIC-Cybersecurity Privacy Practical Implications.

French Privacy Officials Find that Google Captured Email Passwords, Private Email Content

The French National Commission on Computing and Liberty (CNIL) has released preliminary results (French) (English) of the Google Street View investigation in France. According to the CNIL, Google "saved passwords for access to mailboxes" and obtained content of electronic messages. The CNIL is pursuing the investigation to determine whether Google engaged in "unfair and unlawful collection of data" as well as "invasion of privacy and individual liberties." Investigations are now underway in at least 18  countries and five states in the US. EPIC has prepared a preliminary survey of Investigations of Google Street View.

Several States Launch Investigations of Google Street View, Connecticut Attorney General Calls Activity "Pernicious Invasion of Privacy"

Several state attorneys general have opened investigations of Google, following disclosures that the company captured and stored Wi-Fi data in addition to digital images. These states include Connecticut, Illinois, Massachusetts, Michigan, and Missouri. Maryland and New York are also reported to be pursuing investigations. Connecticut AG Richard Blumenthal described the "driveby data sweeps" of WiFi networks as "deeply disturbing, a potentially impermissible, pernicious invasion of privacy." In a subsequent statement, the Connecticut Attorney General said he will determine the legality of Google's WiFi collection practices. Earlier, EPIC sent a letter to the Federal Communications Commission urging the FCC to determine whether Google may have violated the Wiretap Act and the Communications Act. Google has since grounded its entire Street View fleet and ceased all WiFi data collection. For more information, see EPIC - Investigations of Google Street View.

June 23, 2010

Privacy Conference Attendees Set Out Social Networking Bill of Rights

Participants at the 2010 Conference on Computers, Freedom, and Privacy have prepared a Social Network Users' Bill of Rights. The Bill of Rights sets out principles for providers of  social network services, including clarity of policies, empowerment of users, freedom of speech, data minimization, and user control. For more information, follow #billofrights and see EPIC: Social Networking Privacy and EPIC: Facebook Privacy.

FOIA Update - EPIC Forces Disclosure of Report on Obama Passport Breach 

EPIC's Freedom of Information Act lawsuit against the State Department, EPIC v. State, has produced a report detailing security breaches of passport data for several Presidential candidates. Federal investigators prepared the report in the wake of March 2008 breaches that exposed Barack Obama, Hillary Clinton, and John McCain's personal information. Previously secret sections state "the Department was ineffective at detecting possible incidents of unauthorized access," and criticized the agency's failure to "provide adequate control or oversight." Portions of the report remain secret - the agency hasn't fully implemented investigators' recommendations. EPIC testified before the Senate in 2008 concerning the security breaches, urging lawmakers to limit employee and contractor access to personal data. For more, see EPIC Passport Privacy and EPIC Open Government.

Scotland Yard Commences Probe of Google Street View

In the midst of a flood of investigations worldwide into Google's collection of private Wi-Fi data, London's Metropolitan Police Service is reviewing a criminal complaint filed against Google. The Police Service estimates that it will spend eight to ten days conducting an initial inquiry, during which time it will determine basic facts. If it determines that Google has broken any laws, the case will be referred to a specialist team working at the national level. The complaint was brought by London-based Privacy International under two UK laws: the Regulation of Investigatory Powers Act and the Wireless Telegraphy Act. The filing of a criminal complaint in London echoes similar actions undertaken in Spain, where criminal complaints have been filed against Google in two courts. For more information, see EPIC - Investigations of Google Street View.

EPIC Urges Congress to Reform ECPA, Safeguard Locational Data

EPIC has filed a statement for the record in a hearing on the Electronic Communications Privacy Act, (ECPA) "ECPA Reform and the Revolution in Location Based Technologies and Services" before the House Committee on the Judiciary. EPIC recommends that Congress consider the need to protect locational data for users of new communications services.  The statement calls attention to several recent developments, including Apple's iOS 4.  EPIC had previously recommended that the FCC establish guidelines for the protection of users' locational privacy. For more information, see EPIC: CPNI.

June 24, 2010

Supreme Court Permits Disclosure of Petitioner Signatures

The Supreme Court has held in Doe v. Reed that, as a general matter, the state's interest in ensuring election integrity outweighs the First Amendment interest of petitioner signatories. Chief Justice Roberts writing for the Court, said that disclosure of signatures under a state open records law "would not violate the First Amendment with respect to referendum petitions in general." However, the Court left open the possibility that the disclosure of names for a particular referendum could violate the First Amendment. Justice Thomas, writing in dissent, said that it was not necessary for the state to publish the names of those who sign petitions to ensure valid elections. He noted techniques that could protect privacy and safeguard election integrity. In a concurrence, Justice Alito warned that the state could obtain vast powers to collect and disclose personal information about those who engage in the petition process. Justices Breyer, Scalia, Sotomayor, and Stevens also filed concurrences. EPIC submitted an amicus brief in the case, arguing that "the privacy of petitioner signatories safeguards First Amendment interests and helps to ensure meaningful participation in the political process without fear of retribution." For more information see, EPIC - Doe v. Reed.

Federal Trade Commission Takes Action Against Twitter, Social Network Service Settles Charges It Deceived Consumers

The FTC announced a significant enforcement action today. The Commission's complaint against Twitter charged that "serious lapses in the company's data security allowed hackers to obtain administrative control of Twitter." The FTC found that the lax practices allowed access to nonpublic tweets even though the company assured users in its privacy policy that it was "very concerned about safeguarding the confidentiality of your personally identifiable information." Under the terms of the settlement, "Twitter will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information." EPIC has two complaints currently pending at the FTC concerning similar practices by Facebook, another social networking service. For more information, see EPIC - Facebook Privacy, EPIC - In re Facebook I, and EPIC - In re Facebook II.

June 25, 2010

European Privacy Officials Publish Opinion on Online Advertising

The European Union's data protection authorities have released an opinion declaring that online advertisers must obtain “informed” consent before tracking consumers' web browsing to target ads at consumers. The Opinion states that "although online behavioural advertising may bring advantages to online business and users alike, its implications for personal data protection and privacy are significant.” The opinion of the Article 29 Working Party clarifies how the Article 5(3) of the ePrivacy Directive and Directive 95/46/EC apply to online behavioral advertising, stressing that companies engaging in online behavioral advertising using cookies are bound by the new EU rules on electronic privacy that require “informed” consent from consumers. For more information, see EPIC - International Privacy Standards.

Cybersecurity Legislation Moves Forward in Congress

The Senate Homeland Security Committee voted unanimously to report favorably the Protecting Cyberspace as a National Asset Act of 2010 to the Senate at a markup session (video) on June 24th. An earlier version of the bill was introduced on June 10th and a hearing (video) was held on June 15th. The bill would establish a National Center for Cybersecurity and Communications at the Department of Homeland Security. Critics' had said that the bill would also give the President an "internet kill switch" to take over private networks. Before committee passage, the bill was amended to include limitations on the proposed Presidential powers to declare a "cybersecurity emergency" and to better define what parts of critical infrastructure are covered by the bill. For more information, see EPIC Cybersecurity and Privacy.

June 28, 2010

EPIC Urges Senate to Explore Kagan's Views on Privacy

In a letter to the Senate Judiciary Committee, EPIC has asked Senators to examine the views of the Supreme Court nominee on privacy and related issues. Noting that the Court increasingly confronts cases concerning the Fourth Amendment and privacy, EPIC said it is "important and necessary" to explore the nominee's views on these topics. The hearings are expected to continue through this week. See EPIC - Elena Kagan and Privacy and EPIC - Doe v. Reed and EPIC - City of Ontario v. Quon.

White House Adopts Weird Opt-Out Privacy Policy for Public Access to Government Web Sites

The White House has announced a new "Clear Notice and Personal Choice" policy for the use of Web Measurement and Customization Technologies for government web sites. The policy is remarkable in that there does not appear to be any legal basis to allow federal agencies to routinely disclose personal information of citizens to private companies. The policy is accompanied by new Guidance for Agency Use of Third-Party Websites and Applications. The White House also announced a National Strategy for Trusted Identities in Cyberspace. EPIC had urged the White House to uphold Privacy Act obligations in use of web 2.0 services. For more information, see EPIC - Privacy and Government Contracts with Social Media Companies.

Supreme Court to Review Freedom of Information Act Case Exempting Agency Documents from Public Disclosure

Today, the Supreme Court agreed to hear Milner v. Department of the Navy a case in which a federal appeals court allowed the Navy to withhold records sought under the Freedom of Information Act. At issue in the case is the scope of Exemption 2 of the FOIA, which permits agencies, in some circumstances, to withhold information requested pursuant to FOIA. The exemption at issue exempts information “related solely to the internal personnel rules and practices of an agency.” Writing in dissent, Judge Fletcher said that the FOIA exemptions "must be narrowly construed." For more information see EPIC: Open Government; EPIC FOIA Manual.

June 29, 2010

"Google Wi-Fi and Privacy"

Marc Rotenberg,
EPIC Executive Director

Radio Boston
June 29, 2010

"Nomination of Elena Kagan to the US Supreme Court"

Marc Rotenberg,
EPIC Executive Director

The Week in Law (TWiL 67)
July 2, 2010

About June 2010

This page contains all entries posted to epic.org in June 2010. They are listed from oldest to newest.

May 2010 is the previous archive.

July 2010 is the next archive.

Many more can be found on the main index page or by looking through the archives.