« July 2010 | Main | September 2010 »

August 2010 Archives

August 3, 2010

Next Generation Privacy Challenges and Opportunities

The Public Voice Civil Society Meeting: "Next Generation Privacy Challenges and Opportunities"

The Public Voice
October 25, 2010

August 4, 2010

EPIC FOIA - Feds Save Thousands of Body Scan Images

In an open government lawsuit against the United States Marshals Service, EPIC has obtained more than one hundred images of undressed individuals entering federal courthouses. The images, which are routinely captured by the federal agency, prove that body scanning devices store and record images of individuals stripped naked. The 100 images are a small sample of more than 35,000 at issue in the EPIC lawsuit. EPIC has pursued a similar FOIA lawsuit against the Dept. of Homeland Security but the DHS refuses to release the images it has obtained. EPIC has also filed suit to stop the deployment of the machines in US airports. For more information, see EPIC Body Scanners, EPIC - EPIC v. DOJ (Marshall Service FOIA), and EPIC Press Release.

August 9, 2010

Federal Appeals Court Upholds Maine Prescription Privacy Law

The First Circuit Court of Appeals has upheld a Maine law that bans the sale of prescriber-identifiable prescription drug data for marketing purposes. Data mining companies had challenged the law, claiming that the privacy measure violated their free speech rights, an argument that the court rejected because "the statute regulates conduct, not speech, and even if it regulates commercial speech, that regulation satisfies constitutional standards." The decision in IMS Health v. Mills followed a decision by a panel of the same court in IMS Health v. Ayotte, upholding a similar law in New Hampshire. In that case, as well as in a similar case regarding a Vermont law, EPIC and several privacy and technology experts filed "friend of the court" briefs arguing that there is a substantial state interest in privacy protection and that the data miners' de-identification practices do not, in fact, protect patient privacy. A decision in the Vermont case is expected soon. For more information, see IMS Health v. Ayotte, IMS Health v. Sorrell.

August 6, 2010

Federal Appeals Court Requires Warrant for GPS Tracking

The D.C. Circuit Court ruled that police must obtain a warrant before using GPS devices to monitor vehicles. GPS tracking constitutes a seizure under the U.S. Constitution because "prolonged GPS monitoring reveals an intimate picture of the subject‘s life that he expects no one to have," the Court held. In a related case, the Massachusetts Supreme Court recently held that a warrant is required for the use of a GPS tracking device. EPIC filed an amicus brief in that case. For more information, see EPIC Commonwealth v. Connolly.

August 9, 2010

EPIC Urges Supreme Court to Protect NASA Scientists' Privacy

EPIC filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of scientists working at NASA's Jet Propulsion Laboratory. Twenty-seven legal and technical experts signed the brief. In NASA v. Nelson, the Court has been asked to determine whether the scientists' right to "informational privacy" prohibits NASA from collecting information concerning the individuals' medical records as a condition of employment. The agency admits that the scientists perform unclassified, non-sensitive work. EPIC's brief argues that compelled disclosure would risk exposing sensitive, personal health information that is insufficiently protected by NASA. For more information, see EPIC NASA v. Nelson.

August 17, 2010

"Technology and Governance 2.0"

Marc Rotenberg,
EPIC Executive Director

Harvard Kennedy School
Cambridge, MA
September 22-23, 2010

August 18, 2010

Senators Question Safety of Airport Body Scanners, Object to Program Expansion

Three U.S. Senators have objected to the Department of Homeland Security's expansion of the airport body scanner program. In a letter to DHS Secretary Janet Napolitano, Senators Collins (R-ME), Burr (R-NC), and Coburn (R-OK) have asked "why the Department continues to purchase this technology when legitimate concerns about its safety appear to remain unanswered." The Senators noted that "the issue of radiation associated with the backscatter x-ray AIT machines has not been adequately addressed by TSA." They urged the agency's Chief Medical Officer, working with independent experts, to conduct a review of the health effects on travelers and airport personnel. EPIC recently submitted a FOIA request to the DHS for all records of tests conducted by the agency regarding radiation impacts. EPIC has also filed an emergency motion in federal court to suspend the program, pending an thorough review of the airport body scanner program. For more information, see EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program).

August 19, 2010

Facebook "Places" Embeds Privacy Risks, Complicated and Ephemeral Opt-Out Unfair to Users

The recently announced Facebook service Places makes user location data routinely available to others, including Facebook business partners, regardless of whether users wish to disclose their location. There is no single opt-out to avoid location tracking; users must change several different privacy settings to restore their privacy status quo. For users who do not want location information revealed to others, EPIC recommends that Facebook users: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited." EPIC, joined by many consumer and privacy organizations, has two complaints pending at the Federal Trade Commission concerning Facebook's unfair and deceptive trade practices, which are frequently associated with new product announcements. For more information, see EPIC In Re Facebook, EPIC In Re Facebook II, and EPIC Facebook Privacy.

August 20, 2010

Following EPIC FOIA Lawsuit, US Senators Raise Questions About Retention of Body Scanner Images

The Chairman and Ranking Member of the Homeland Security Committee, along with four other Senators, have sent a letter to the head of the US Marshal Service to ask why the federal agency stored more than 35,000 images from whole body imaging scans taken at the Orlando federal courthouse. The letter follows a Freedom of Information Act lawsuit, filed by EPIC, in which the Marshal Service was forced to disclose the fact that it had stored body scanner images. EPIC has also filed an emergency motion in federal court to suspend the program, pending a thorough review of the airport body scanner program. For more information, see EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program).

August 25, 2010

Facebook Uses RFID to Track Users' Locations for Advertising Promotion

At the Coca-Cola Village Amusement Park in Israel, visitors were recently issued bracelets with RFID chips that linked to their Facebook accounts, according to Adland. RFID readers scattered throughout the park updated the users' Facebook pages when the bracelets were scanned. On-site photographers also posted photos that were automatically tagged with the users' identities. Facebook had previously tested the use of RFID for location tracking at the f8 Developer Conference in April. Facebook has also just launched Places, which is designed to make users' location information widely available. For more information, see EPIC Facebook Privacy, EPIC Facebook Places.

"Online privacy: This House believes that governments must do far more to protect online privacy"

Marc Rotenberg,
EPIC Executive Director

The Economist
Online Debate
August 25 - September 3, 2010

"Medical Privacy"

Marc Rotenberg,
EPIC Executive Director

C-SPAN Washington Journal
August 26, 2010

Agency Reconsiders Medical Breach Notification Rule

The Department of Health and Human Services has withdrawn its previously issued interim medical privacy rule after facing substantial criticism from privacy advocates. The old rules required that health-care providers and insurers report privacy breaches to patients only if the provider or insurer felt that there was a "significant risk" of harm. Privacy advocates criticized this language on the basis that it granted too much discretion to the firms responsible for safeguarding patient data. In previous comments to the FTC, EPIC recommended that notification of health data breaches be enhanced, that additional breach notification through means such as text messages and social networking sites be developed, and that companies obtain verification of receipt of notifications. EPIC has also testified in Congress that the "significant harm" standard, favored by the HHS for breach notification, is unfair to consumers. For more information, see EPIC: Medical Record Privacy.

August 30, 2010

EPIC Presses for Release of Government Documents on Health Risks of Airport Body Scanners

EPIC has filed an appeal with the Transportation Security Administration, challenging the agency's denial of expedited processing and fee waivers for an EPIC Freedom of Information Act request. EPIC's is seeking documents from the TSA concerning full body scanner radiation risks and testing. EPIC challenged the TSA's denial of expedited processing, arguing that by delaying to release of the records, the agency was risking the health of travelers and its own employees. EPIC also argued that the record request was particularly timely, as three US Senators recently wrote to the Department of Homeland Security about the safety of the airport body scanners and the risk to air travelers. Separately, EPIC has urged a federal court to suspend the program, pending an independent review of the health risks and privacy impact. For more information, see EPIC: Body Scanners and EPIC v. DHS (suspension of program).

About August 2010

This page contains all entries posted to epic.org in August 2010. They are listed from oldest to newest.

July 2010 is the previous archive.

September 2010 is the next archive.

Many more can be found on the main index page or by looking through the archives.