« August 2010 | Main | October 2010 »

September 2010 Archives

September 1, 2010

US Withdrawal from Iraq Raises Questions about Future of Biometric Database

President Obama's address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict. In 2007, EPIC, Privacy International, and Human Rights Watch wrote to Defense Department Secretary Robert Gates to express concern about the creation of secret profiles on hundreds of thousand of Iraqis, tied to unique biometric identifiers, including digital fingerprints, photographic images, iris scans, and even DNA. Citing misuses of secret files and personal data in other conflicts, the organizations warned that the identification practices "contravene international treaties and could lead to potentially devastating consequences." EPIC, PI, and HRW urged the Defense Department to "adopt clear guidelines that incorporate strong privacy safeguards to ensure that Iraqis are afforded basic human rights in their personal information." For more information, see EPIC - Iraqi Biometric Identification System.

September 2, 2010

EPIC Challenge to Airport Body Scanner Program Moves Forward in Federal Court

The United States Court of Appeals for the District of Columbia Circuit has set a briefing schedule for EPIC v. DHS, No. 10-1157, EPIC's challenge to the airport body scanner program. EPIC has alleged that that the Department of Homeland Security has violated three federal laws (the Administrative Procedures Act, the Privacy Act, and the Religious Freedom Restoration Act) and that the body scanner search itself is unconstitutional, given what the courts have said about the permissible scope of airport screening procedures. EPIC's initial brief will be due November 1, 2010. Subsequent briefs from DHS and EPIC will be due by December 15, 2010. In earlier open government litigation against DHS, EPIC obtained evidence that the devices are designed to store and record images. For more information, see EPIC - EPIC v. DHS (Suspension of Body Scanner Program).

September 7, 2010

Ralph Nader and EPIC Urge Senate Hearings on Airport Body Scanners

In letters to Senator Lieberman and Senator Collins, EPIC President Marc Rotenberg and consumer advocate Ralph Nader urged the Senate Committee on Homeland Security and Governmental Affairs to "convene a public hearing to review the government's deployment of whole-body scanners at passenger security checkpoints in US airports." The Nader/Rotenberg letter states that the Department of Homeland Security and the Transportation Security Administration have "disregarded serious questions concerning the devices' effectiveness, privacy safeguards, and potential health impacts." In a letter to the US Marshall Service, Senators Lieberman and Collins earlier expressed concern about the ability of these devices to store and retain images. The Committee on Civil Liberties, Justice and Home Affairs of the European Parliament has announced a hearing on the Body Scanner program for October 6, 2010. For more information, see EPIC v. DHS (Suspension of Body Scanner Program and EPIC - Airport Body Scanners

Google Settles Buzz Lawsuit, Allocates Funds for Internet Privacy Groups

Google has entered into a settlement agreement in a class action suit concerning the social network service Buzz. With Buzz, Google made private email contacts of Gmail susbcribers publicly available without consent. Gmail users filed a class action lawsuit. The plaintiffs alleged violations of federal privacy and consumer fraud laws. As part of the settlement agreement, Google will establish an $8.5 million settlement fund to pay the attorneys, compensate the lead plaintiffs, and establish a cy pres fund for "existing organizations focused on Internet privacy policy or privacy education." Earlier this year, EPIC raised similar concerns about Google Buzz in a formal complaint to the Federal Trade Commission. EPIC has also objected to a settlement in the Facebook Beacon case on the grounds that the settlement would allow Facebook, the defendant, to control the private foundation established by the settlement. The Google settlement would not establish a similar entity. For more information see EPIC: In re Google Buzz.

September 8, 2010

EPIC's Marc Rotenberg Named to ICANN Advisory Committee

The 2010 ICANN Nominating Commitee has named EPIC President Marc Rotenberg to serve as North America representative for the At-Large Advisory Committee of ICANN. The ALAC is responsible for "representing the interests of individual Internet users at ICANN." NomCom Chair Wolfgang Kleinwaechter said "We are proud to announce this year’s selectees to ICANN’s leadership. They include highly accomplished and experienced individuals from Albania, Argentina, Egypt, France, Germany, and the United States." Mr. Rotenberg previously served as Chair of the Public Interest Registry, which manages the .ORG domain. For more information, see The Public Voice.

Surveillance Court Seeks Public Comments on Proposed Rules

The Foreign Intelligence Surveillance Act (FISA) authorizes a special court the Foreign Intelligence Surveillance Court (FISC) to undertake electronic surveillance in the United States for foreign intelligence information. The FISC is now seeking public comments concerning its procedures. Comments must received by Monday, October 4, 2010. EPIC previously submitted an amicus brief regarding FISA authority and national security. EPIC will be submitting comments to the FISC and endorse changes that improve accountability and transparency for FISA orders. See EPIC - Foreign Intelligence Surveillance Act (FISA) and EPIC - Foreign Intelligence Surveillance Act Orders 1979-2010

September 10, 2010

New Jersey Supreme Court to Hear Arguments in Expungement Case

The New Jersey Supreme Court will hear oral arguments on September 14, 2010 in the case of G.D. v. Kenny. In G.D. v. Kenny a lower court dismissed a privacy claim involving publication of information about a prior criminal act, even though the state had issued an expungement order. EPIC has filed a "friend of the court" brief, urging the New Jersey Supreme Court to preserve the right of expungement and allow the privacy case to go forward. EPIC's brief points to the increasing risk that private firms will make available inaccurate, incomplete, and out--of-date information if expungement orders are not enforced. EPIC further argues that courts do not treat truth as a defense in cases involving privacy tort claims. EPIC Advisory Board member Grayson Barber will be arguing on EPIC's behalf at the hearing. For more information, see EPIC: Expungement and EPIC: G.D. v. Kenny.

September 13, 2010

Ensuring Data Privacy

Lillie Coney,
EPIC Associate Director

Gridwise Global Forum
Ronald Reagan Building and International Trade Center
Washington, D.C.
September 22, 2010

EPIC Files Suit For Documents Regarding Google/NSA Partnership

Today, EPIC filed a Freedom of Information Act lawsuit against the National Security Agency in the United States District Court in the District of Columbia. The agency failed to respond to EPIC's FOIA request for documents about an "Information Assurance" partnership with Google. EPIC previously appealed to the agency to comply with its legal duty to produce the documents, but he agency failed to respond. EPIC is also seeking the Presidential Directive that grants the NSA authority to conduct electronic surveillance in the United States. For more information, see EPIC: Open Government.

September 14, 2010

Google Street View Blocked Again

The Czech Office for Personal Data Protection turned down Google's application to collect personal data for its Street View service. Street View is controversial mapping tool that has allowed Google to capture Wi-Fi signals in addition to street level imagery in thirty countries over a three-year period. Google obtained Wi-Fi data, including email passwords and content, from receivers that were concealed in the Street View vehicles. Many countries and several US states are currently investigating Google Street View. In May, EPIC urged the Federal Communications Commission to open an investigation into Street View, as Google’s practices appear to violate U.S. federal wiretap laws as well as the U.S. Communications Act. For more information, see EPIC: Google Street View.

EPIC Submits Comments to Council of Europe on Profiling

EPIC has expressed support for a proposed appendix to the Council of Europe Convention on Privacy that would apply privacy safeguards specifically to data profiling. In comments to the expert Committee, EPIC said that profiling is an issue of "increasing public importance." Previously, EPIC urged Secretary of State Hilary Clinton to begin the process of US ratification of the Council of Europe Convention. For more information, see EPIC: Council of Europe Privacy Convention and International Privacy Day (Facebook).

September 15, 2010

Ninth Circuit Strips Search Guidelines from Fourth Amendment Opinion

A new opinion from the United States Court of Appeals for the Ninth Circuit raises many questions about procedures to be followed in electronic searches. Last year in United States v. Comprehensive Drug Testing, Inc., the court set out guidelines for electronic searches and seizures so that the "plain view" doctrine did not allow electronic fishing expeditions. The guidelines followed an approach that is routinely used for electronic surveillance. However, on rehearing the case following objections from government prosecutors, the court's new opinion removed the guidelines though it still concluded that the search at issue was impermissible. EPIC had argued in an amicus brief for the Supreme Court that the guidelines in Comprehensive Drug Testing should be broadly applied to searches of electronic media. For more information, see EPIC: City of Ontario v. Quon.

"Internet at Liberty 2010"

"Internet at Liberty 2010"

Marc Rotenberg,
EPIC Executive Director

Central European University
Budapest, Hungary
20-22 September 2010

Privacy in the Internet Era: Does DC Have a Role to Play?

Lillie Coney,
EPIC Associate Director

Activism Media and Politics (AMP) Summit
Washington, D.C.
September 24, 2010

Public Interest Groups Urge Supreme Court to Curtail Government Secrecy

Public Citizen filed a "friend of the court" brief in Milner v. Navy, a Freedom of Information Act case that will be heard by the Supreme Court. Seven groups signed the brief, which urges the Court to abolish the "High 2 Exemption" - a legal claim used by federal agencies to prevent disclosure of public records. The case will determine whether federal agencies can continue to assert "High 2" to block disclosure of records that could otherwise be made available to the public. EPIC is currently challenging the Department of Homeland Security's use of "High 2" in EPIC v. DHS, a FOIA lawsuit concerning airport body scanners. For more, see EPIC: Open Government and EPIC: Milner v. Navy.

September 16, 2010

"Smile, You're on Camera! Privacy Implications of the Google Street View Model"

Sharon Goott Nissim,
Consumer Protection Fellow

International Association of Privacy Professionals (IAPP) Privacy Academy
Baltimore, MD
October 1, 2010

September 17, 2010

Echometrix to Pay $100,000 Fine and Stop Unfair Practices in Settlement with NY AG

The New York Attorney General announced a settlement in a case against Echometrix, a software company that sold “Parental control software” that collected data on kids using the Internet for marketing purposes. EPIC filed a complaint with the FTC in 2009 alleging that Echometrix had engaged in unfair and deceptive trade practices and violated the Children's Online Privacy Protection Act. EPIC's complaint highlighted several aspects of Echometrix products that threatened consumer privacy. Documents obtained by EPIC, pursuant to a Freedom of Information Act request, revealed that the Defense Department canceled a contract with Echometrix following the EPIC FTC complaint. Under the settlement with the New York Attorney General's Office, Echometrix will pay a $100,000 penalty to the state of New York, and has agreed not to "analyze or share with third parties any private communications, information, or online activity to which they have access." For more information, see EPIC - Echometrix.

Tests in Italy Raise New Questions About Airport Body Scanners

Following field tests at international airports in Rome, Milan, Palermo, and Venice, the Italian civil aviation authority, has concluded that airport body scanners are inaccurate and inconvenient. Earlier this year the European Commission stated that body scanners have “raised several serious fundamental rights and health concerns,” and recommending less intrusive measures. The European Parliament Committee on Civil Liberties, Justice and Home Affairs has announced a hearing on the Body Scanner program for October 6, 2010. For more information, see EPIC v. DHS (Suspension of Body Scanner Program) and EPIC - Airport Body Scanners.

Virginia Court of Appeals Authorizes Warrantless GPS Tracking

In Foltz v. Virginia, the Virginia Court of Appeals held that law enforcement may place a GPS tracking device on a vehicle without violating the Fourth Amendment. The Court found that the defendant did not have an expectation of privacy, and therefore attaching the tracking device to the bumper did not require a warrant. The court distinguished its ruling from Commonwealth v. Connolly, a recent Massachusetts case, which held that police must obtain a warrant before using GPS devices to monitor vehicles. The Virginia court explained that Connolly was unpersuasive because the Virginia Constitution is co-extensive with the federal Fourth Amendment while the Massachusetts Constitution is more expansive. EPIC filed an amicus brief in Connolly, urging the court to adopt a warrant requirement. For more information, see EPIC: Commonwealth v Connolly.

NIST Publishes Smart Grid Privacy Guidelines

Guidelines for Smart Grid Cyber Security: Privacy and the Smart Grid is now available from the National Institute of Standards and Technology. The NIST Smart Grid Guidelines address privacy concerns that arise from the "many new data collection, communication, and information sharing capabilities related to energy usage." EPIC coordinated extensive comments for the agency from a group of  23 NGOs, legal, and technology experts. EPIC also worked closely with the NIST Cyber Security Working Group's subcommittee on Privacy on the project. For more information, see EPIC's The Smart Grid an Privacy.

September 21, 2010

Smart Life Styles

Lillie Coney,
EPIC Associate Director

Smart ICTs and Green Growth
OECD Conference Center
Paris, France
September 29, 2010

September 24, 2010

Google Adds Two-Factor Authentication to Google Apps

Google announced today that it is adding two-factor verification for Google Applications. This will allow users to set up a one-time code delivered to a mobile phone, in addition to a regular password. Currently this option is only available for paid Google apps, although it will be available to all users in the coming months. If an administrator of a paid Google Apps account enables two-factor verification, then all users will be required to submit their mobile phone number. Google Apps operate by using cloud computing. In March 2009, EPIC filed a complaint with the Federal Trade Commission over Google's lack of adequate safeguards for its Cloud Computing Services. For more information, see EPIC: Cloud Computing.

DHS Privacy Office Releases 2010 Annual Report

The Department of Homeland Security has released the Privacy Office 2010 Annual Report. The Agency's Chief Privacy Officer must prepare an annual report to Congress that details activities of the Department that affect privacy, including complaints of privacy violations, and DHS compliance with the Privacy Act of 1974. This year’s report details the establishment of privacy officers within each component of the Agency. The report also provides updates on Fusion Centers, Cybersecurity, and Cloud Computing activities of the agency. For more information, see EPIC: DHS Privacy Office.

Senate Holds Hearing on Data Security and Breach Notification Bill

The Senate Commerce Committee held a hearing on S. 3742, The Data Security and Breach Notification Act of 2010. This bill requires security policies for consumer information, regulates the information broker industry, and establishes a national breach notification law. EPIC director Marc Rotenberg testified on a similar bill in the House recommending support but also urging lawmakers to strengthen the proposed law by adopting a broader definition of "personally identifiable information" and permitting stronger state laws to remain. The Senate thus far has not addressed these concerns. For more information, see EPIC: Identity Theft.

September 28, 2010

Senator Collins Responds to EPIC's Request for Hearings on Airport Body Scanners

Senator Susan Collins has sent a letter to EPIC Director Marc Rotenberg and consumer advocate Ralph Nader regarding airport body scanners. Senator Collins stated in the letter "I agree wholeheartedly that TSA must ensure that this new security technology is proven effective and comes with sufficient protections to the health and privacy of all persons." Mr. Rotenberg and Mr. Nader had sent Senator Collins a request for a public hearing about the security agency's body scanner program. The US Senate has not yet scheduled such a hearing, but leaders in the European Parliament will examine the issue of body scanners on October 6. EPIC will be participating in that hearing. For more information, see EPIC v. DHS (Suspension of Body Scanner Program) and EPIC - Airport Body Scanners.

National Academies Releases New Report on Biometrics

The National Academy of Sciences has released a report entitled "Biometric Recognition: Challenges and Opportunities." The report concluded that biometric recognition technologies are inherently probabilistic and inherently fallible. Sources of uncertainty in biometric systems include variation within persons, sensors, feature extraction and matching algorithms, and data integrity. The report recommends a more comprehensive systems level approach to the contexts, design, and use of biometric technologies as well as peer-reviewed testing and evaluation of the technologies. EPIC has urged the Department of Defense to establish privacy safeguards for the biometric database the US established of Iraqis. See EPIC - Biometric Identifiers and EPIC - Iraqi Biometric Identification System.

Five Billion Have Right to Information

Human rights organization Article 19 reported that over 90 countries have adopted laws, constitutional amendments or regulations protecting the right to freedom of information. Additionally, over 50 countries are considering proposals to adopt laws that will protect citizens’ right to know. Article 19 commends the World Bank for its transparency policy, the United Nation’s Environmental Programme for enhanced access to environmental information, and the efforts of the U.S. and UK governments to launch open data sites. See EPIC - Open Government.

US Government Seeks to Monitor All Money Transfers

The Financial Crimes Enforcement Network is proposing new regulations that would require banks to report all international electronic money transfers. The regulation would significantly expand the transfer of bank record information to the US Treasury Department and law enforcement agencies. The proposed regulations are available online and open for public comment. For more information, see EPIC: International Privacy Standards.

"Online Freedom vs. National Security"

Marc Rotenberg,
EPIC Executive Director

Voice of America
Washington, D.C.
October 5, 2010

September 29, 2010

The Invisible Man: Detection & Recognition Technologies

"The Invisible Man: Detection & Recognition Technologies"

Marc Rotenberg,
EPIC President

Privacy Platform
European Parliament
Brussels, Belgium
October 6, 2010

Supreme Court Will Decide If Corporations Have Personal Privacy Rights

The Supreme Court has agreed to review AT&T v. FCC, a case in which the Third Circuit Court of Appeals held that corporations have personal privacy rights. In that case, AT&T prevented the public disclosure of records held by a government agency, arguing that the corporation's privacy rights would be violated. The case hinges on the interpretation of the "personal privacy" exemption in the Freedom of Information Act. EPIC, which both advocates for privacy and supports open government, is likely to file an amicus brief. For more information, see EPIC: FCC v. AT&T and EPIC: Open Government.

Federal Appeals Court Protects Innocent Targets of Government Surveillance

A federal appeals court in New York overruled a lower court order that would have disclosed thousands of wiretapped conversations, to the Security and Exchange Commission. The appeals court called the disclosure a "clear and indisputable" abuse of discretion. In SEC v. Galleon, the SEC sought 18,150 private conversations, obtained by the FBI, before any determination of whether the interceptions were relevant or lawful.The court issued the order which was then appealed. EPIC filed an amicus brief and urged the appellate court to protect "the privacy rights of hundreds of individuals" who had no involvement in the case. The court agreed and found that "ordering discovery of the wiretap materials before any determination of the legality of the surveillance involved exceeded the district court’s discretion." For more information, see EPIC: SEC v. Galleon and EPIC: Wiretapping.

EPIC Seeks Details on New Government Crypto Regulations

EPIC has sent Freedom of Information Act (FOIA) requests to the Department of Justice, the Federal Bureau of Investigation, and the National Security Agency for information about a proposal to expand Internet surveillance and deploy weakened security standards. The proposal would require Internet companies to develop network services to enable government access to private communications, including those on peer-to-peer networks. In 1996, the National Resource Council concluded that such technical standards make network communications more vulnerable to cyber attack. For more information, see EPIC: Cryptography Policy.

About September 2010

This page contains all entries posted to epic.org in September 2010. They are listed from oldest to newest.

August 2010 is the previous archive.

October 2010 is the next archive.

Many more can be found on the main index page or by looking through the archives.