« March 2011 | Main | May 2011 »

April 2011 Archives

April 14, 2011

National Security since 9/11: New Norms for a New Decade?

National Security since 9/11: New Norms for a New Decade?

Ginger McCall,
EPIC Staff Counsel

Journal of National Security Law and Policy
Duke University
Durham, NC
April 14, 2011

April 8, 2011

Internet and the Law: Contentious Issues and Emerging Solutions

Ginger McCall,
EPIC Staff Counsel

Massachusetts Bar Association
Cambridge, MA
April 8, 2011

The Future of Privacy in the Age of Google

The Future of Privacy in the Age of Google

Lillie Coney,
EPIC Associate Director

National Conference for Media Reform
Boston, MA
April 8-10, 2011

April 11, 2011

Smart Grid Policy Summit

Smart Grid Policy Summit

Lillie Coney,
Associate Director

Utilities Telecom Council
Washington, DC
April 11-12, 2011

April 1, 2011

EPIC, Privacy Groups File Objection to Proposed Google Buzz Settlement

EPIC and a coalition of consumer and privacy organizations have filed an objection to the "cy pres" allocation proposed by the attorneys in the Google Buzz matter. "Cy pres" ("as near as possible") is a legal doctrine that allows courts to allocate funds to protect the interests of individuals when there is a class action settlement. In these cases, courts are often concerned about collusion between attorneys that produces quick settlements and does not protect the interests of the class members. EPIC, which filed the successful complaint with the Federal Trade Commission that led to the Google Buzz agreement, and the other groups say that the proposed settlement does not satisfy the "cy pres" requirement. They note that several of the organizations proposed by Google are currently funded by Google. Other parties in the case have also objected to the proposed settlement. The Court has already stated that "the final approval list of cy pres organizations may draw, but need not be drawn, entirely from the submission of nominations by Class Counsel." The Court also said, "The Court reserves the right to designate cy pres recipients who would reasonably benefit the Class through established Internet privacy education and policy programs on its own motion." For more information, see In re Google Buzz.

FTC Releases Annual Report, Highlights Consumer Protection

The Federal Trade Commission released the 2011 Annual Report, which emphasized the agency's actions in the consumer protection and anti-trust areas. The agency highlighted its work on privacy, data security, and technology and noted the settlement of several privacy cases, including Echometrix, Lifelock, Twitter, and U.S. Search. EPIC filed a complaint with the Commission concerning Echometrix, and still has complaints pending regarding changes in Facebook's privacy settings and Google cloud computing. For more information, see EPIC: Federal Trade Commission.

April 4, 2011

Anderson, Balkin, boyd, Crawford, Kahle, and Turkle Join EPIC Advisory Board

EPIC has announced the 2011 members of the EPIC Advisory Board.They are Ross Anderson, Professor of Security Engineering at Cambridge University, Jack Balkin, Knight Professor at Yale, danah boyd, Senior Researcher at Microsoft Research, Susan Crawford, professor at Cardozo Law School and a Visiting Research Collaborator at Princeton’s Center for Information Technology Policy, Brewster Kahle, director and co-founder of the Internet Archive, and Sherry Turkle, Abby Rockefeller Mauzé Professor at MIT. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Press Release. For more information, see EPIC: EPIC Advisory Board.

April 5, 2011

EPIC Launches "Fix Google Privacy" Campaign

In response to the recent announcement that Google has agreed to adopt a "Comprehensive Privacy Plan," EPIC has launched "Fix Google Privacy," a campaign to encourage Internet users to offer their suggestions to improve safeguards for Google's products and services. Submissions to EPIC will be forwarded to the Federal Trade Commission and considered by the agency as part of the final Privacy Plan. All comments must be sent before May 2, 2011. For more information, see EPIC - In Re Google Buzz and FTC - Analysis to Aid Public Comments.

Swiss Court Finds Google Street View Violates Privacy Rights

Switzerland's top Court ruled against Google's Street View mapping service, forcing Google to blur faces and license plate numbers before putting images on the Internet. The Swiss Court stated, "the interest of the public in having a visual record and the commercial interests of the defendants in no way outweighs the rights over one's own image." Other countries, including the U.K., France, and Spain, have found that Google broke privacy laws when Street View cars collected wi-fi data from private wireless networks. In the U.S., the Federal Communications Commission opened an investigation after EPIC filed a complaint asking the Commission to investigate violations of federal wiretap law and the U.S. Communications Act. For more information, see EPIC: Google Street View.

April 7, 2011

Epsilon Data Breach Threatens E-mail Privacy of Millions

Epsilon, a large marketing firm, has lost the names and e-mail addresses of customers of Walgreens, JP Morgan Chase, Capitol One, Tivo, and other large companies. The firm announced the data breaches late last week. Data service providers, such as Epsilon, are not well known by consumers and are not typically regulated. Epsilon provides data analytics, targeting, profiling of customers, as well as e-mail tracking services. Previously, EPIC provided comments to the Federal Trade Commission and testimony to the United States Congress on the need for comprehensive privacy protection for customer data. For more information, see EPIC: Identity Theft.

April 8, 2011

Department of Education Plans to Disclose Confidential Student Data

The Department of Education has proposed new regulations to transfer student data from schools to state agencies. The regulations will revise key provisions of the Federal Educational Rights and Privacy Act, which was enacted to protect privacy, security, and confidentiality of student data. The proposal is part of a new federal program that requires schools to disclose student data, including enrollment information, degree of success transitioning from secondary to post-secondary institutions, and demographic data, to states to receive federal funding. The student information will be compiled into large databases and used to track and analyze student's progress through the education system. The Department is accepting comments on the proposed regulations. Deadline for comment is May 23, 2011. For More Information, see EPIC: Student Privacy.

April 12, 2011

Faster FOIA Act Moves Forward in Senate

The Senate Judiciary Committee has approved bipartisan legislation, cosponsored by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX), to improve the Freedom of Information Act (FOIA) processing. The Faster FOIA Act will create an advisory panel to examine agency backlogs and provide recommendations to Congress. EPIC recently testified before the House Oversight Committee about FOIA delays and politicized processing within the Department of Homeland Security. For more information see: EPIC: Open Government and EPIC: Litigation Under the Federal Open Government Laws.

Senators Kerry and McCain introduce Internet Privacy Legislation

Senators John Kerry (D-MA) and John McCain (R-AZ) have introduced the "Commercial Privacy Bill of Rights Act of 2011," aimed at protecting consumers' privacy both online and offline. The Bill endorses several "Fair Information Practices," gives consumers the ability to opt-out of data disclosures to third-parties, and restricts the sharing of sensitive information. But the Bill does not allow for a private right of action, preempts better state privacy laws, and includes a "Safe Harbor" arrangement that exempts companies from significant privacy requirements. EPIC has supported privacy laws that provide meaningful enforcement, limit the ability of companies' to exploit loopholes for behavioral targeting, and ensure that the Federal Trade Commission can investigate and prosecute unfair and deceptive trade practices, as it did with Google Buzz. For more information, see EPIC: Online Tracking and Behavioral Profiling and EPIC: Federal Trade Commission.

April 14, 2011

EPIC Champions Constitutional Right to Informational Privacy Before Third Circuit

EPIC has filed an amicus brief in the Third Circuit Court of Appeals in support of a Jane Doe police deputy, who is suing to recover monetary damages for privacy violations. A coworker captured semi-nude video footage without her consent during a mandatory decontamination shower at a local hospital. The footage was uploaded onto a government computer. EPIC argued in support of Doe that the case implicates "freedom, intimacy, autonomy, and human dignity," and urged the Federal appeals court to hold that the Sheriff's Department violated the Constitutional right to informational privacy. EPIC has filed similar briefs in other cases, including NASA v. Nelson, decided by the Supreme Court earlier this year. For more information, see EPIC: Doe v. Luzerne.

April 15, 2011

In Court Filing, EPIC Argues Residential Wi-Fi Routers are Not Exempted Under Federal Wiretap Laws

EPIC filed an amicus brief in federal court arguing that users of private residential routers are entitled to privacy protection. The EPIC brief is in response to a series of questions asked by a federal judge as to whether private WiFi communications are covered under the Federal Wiretap Act. EPIC explained that a "Wireless Local Area Network (WLAN)" provides functionality for those within the home who take advantage of shared services, such as printers and Internet access. In contrast, WiMAX, WWAN, and WiLD are wireless devices that broadcast over a long distance and are intended for public access. EPIC also pointed out that users of residential WLANS can configure their devices to operate as "Hot Spots," but few choose to do so. EPIC said that Congress established "a presumption in favor of confidentiality except in those circumstances where the user has knowingly chosen to broadcast communications to the general public." For more information, see EPIC: Google Street View.

Privacy Watchdog Receives Broad Protection for Publishing Public Records

A federal judge has issued a final order in favor of privacy advocate Betty Ostergren, who challenged a state law designed to prosecute her for drawing attention to the state's poor security practices. Ostegren had posted public records on her website that included Social Security Numbers made available by the state of Virginia. A district court held that Virginia may not prosecute her for re-publishing the Social Security Numbers of state officials. On appeal, a federal appeals court ruled that the court’s holding was too limited, and on remand the court said that Ostergren can re-publish any publicly available documents. EPIC filed a "friend of the court" brief in support of Ostergen, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC: Ostergren v. McDonnell, EPIC: Social Security Numbers, and EPIC: Identity Theft.

White House Releases Plan for Internet Identities

The White House has published the National Strategy for Trusted Identities in Cyberspace (NSTIC), which provides guidance for an Internet identity system to be designed and built by the private sector. The plan comes nearly two years after the White House first released its Cyberspace Policy Review, which set forth a national plan for Internet identities. In 2010, the White House released the draft NSTIC, and accepted public comments via an online forum. EPIC responded with comments that emphasized the need for strong privacy safeguards for Internet users. "The President endorsed 'Privacy Enhancing Technologies' for online credentials. That is historic," said EPIC Executive Director Marc Rotenberg today. "But online identity is complex problem and the risk of 'cyber-identity theft' with consolidated identity systems is very real. The US will need to do more to protect online privacy." In a press release, the White House emphasized that NSTIC should be privacy-enhancing and voluntary, interoperable, and cost-effective. For more information, see EPIC: National Strategy for Trusted Identities in Cyberspace.

April 18, 2011

Solicitor General to Supreme Court: Review GPS Tracking Cases

The Solicitor General filed a petition with the Supreme Court about the growing dispute in the federal courts over warrantless locational tracking. There is a split among the appellate court about GPS tracking by police agencies. The petition appeals a decision from the DC Circuit which held that the warrantless tracking of a motor vehicle violates the Constitutional right against unlawful searches. Earlier, EPIC filed an amicus brief in the Massachusetts Supreme Judicial Court case that also held that a warrant is required for the use of a GPS tracking device. For more information, see EPIC - Commonwealth v. Connolly and EPIC - Locational Privacy.

April 21, 2011

iPhones, iPads Collect and Store User Location Data

Security researchers have found that Apple records detailed location data of iPhone and iPad users. The information, which includes latitude/longitude and a time stamp, is captured by the devices and then transferred to a user's computer where it is stored unencrypted. It is not clear whether Apple is able to access the file directly. Senator Al Franken (D-MN) and Rep. Ed Markey (D-MA) have asked Apple CEO Steve Jobs to explain why the company is storing information on its users in a secret file. Apple may have violated Section 222 of the Communications Act, which requires companies to obtain customer consent before location data is used or disclosed for commercial purposes. A recent Nielsen poll finds that US smartphone users are concerned with privacy when it comes to location. For more information, see EPIC: iPhone and Privacy, EPIC: Locational Privacy and EPIC: Consumer Proprietary Network Information.

April 25, 2011

Supreme Court to Hear Arguments in Medical Record Data-mining Case

Oral argument for IMS Health, Inc. v. Sorrell will take place in the Supreme Court on Tuesday, April 26, 2011. The case concerns a state privacy law that seeks to regulate data-mining of prescription records for commercial purposes. EPIC filed an amicus brief on behalf of 27 technical experts and legal scholars, as well as nine consumer and privacy groups, arguing that the privacy interest in safeguarding medical records is substantial and that the "de-identification" techniques adopted by data-mining firms do not protect patient privacy. For more information, see EPIC: IMS Health v. Sorrell.

Federal Appeals Court Affirms Civil Penalties in Privacy Act Case

A federal appeals court held that the Privacy Act provides monetary damages for harms stemming from inaccurate government records. The case arose in 2006 when Julia Shearson and her four-year-old daughter, both U.S. citizens, reentered the country over the Canadian border. A customs database incorrectly identified Shearson as "ARMED AND DANGEROUS," after which she was handcuffed, questioned for several hours, and then released without explanation. Shearson sued under the Privacy Act and sought damages from the Department of Homeland Security for the agency's failure to ensure the accuracy of its computer records. DHS argued that the Privacy Act permitted the agency to exempt itself from monetary damages provision of the law. The Sixth Circuit disagreed and held that Congress specifically intended that the Privacy Act provide civil remedies for government failures to comply with the Act's mandatory duties. EPIC routinely files comments on the obligation of federal agencies to comply with the Privacy Act and EPIC has also filed a Supreme Court brief in support of damage awards in Privacy Act cases. For more information, see EPIC: Doe v. Chao (US 2004).

April 26, 2011

The Smart Grid: A Look at Consumer Privacy & Who Pays

The Smart Grid: A Look at Consumer Privacy & Who Pays

Lillie Coney,
Associate Director

April 26, 2011
1-2:30 pm

April 28, 2011

"Debt Collection 2.0"

"Debt Collection 2.0"

Conor Kennedy,
EPIC Appellate Advocacy Fellow

Federal Trade Commission
Washington, D.C.
April 28, 2011

April 27, 2011

Apple Modifies iOS4, Reduces Storage of Location Data

In response to growing public concern about the collection of location data, Apple announced today four changes to iOS4. Apple said it will (1) limit the storage of locational data to one week; (2) stop transferring locational data from the device to the user's computers, (3) allow users to delete all locational data collection on the device; and (4) encrypt the locational data stored on the device. The update should be available in the next few weeks. The recent change was sparked by a research paper which revealed that Apple was routinely storing tracking data on Apple iPhones and iPads in a secret file "consolidated.db." Congressman Markey and others wrote to Apple to express concern. Apple pledged that the company "has no plans to ever" track iPhone users. EPIC has commended Apple for moving quickly to address this problem. For more information, see EPIC: iPhone and Privacy and EPIC: Locational Privacy.

Apple Faces Increased Pressure on Locational Tracking

As details continue to emerge following the revelation that Apple’s iPhone and 3G iPad are collecting and recording locational data of users and storing it on the device, a class action lawsuit has been filed alleging violations of the Computer Fraud and Abuse Act, as well as state claims of unfair and deceptive trade practices. Illinois Attorney General Lisa Madigan has asked for a meeting with Apple. Apple has still not made a statement about the security vulnerability, which came to light at an April 20, 2011 locational conference. For more information, see EPIC: iPhone and Privacy and EPIC: Locational Privacy.

In Data Mining Case, Supreme Court Explores Privacy

A spirited dialogue about the right of privacy dominated oral argument in a Supreme Court case on medical record data mining. Justice Breyer implied that the Federal Trade Commission could prevent existing commercial uses of private medical data by deeming the practices to be unfair and deceptive. Justices Sotomayor and Kennedy both pressured the data mining companies to focus on the constitutionality of preventing the spread of sensitive medical information. Justice Scalia even challenged the Vermont Medical Privacy Statute under review as insufficiently dedicated to protecting prescriber privacy. EPIC filed an amicus brief on behalf of 27 technical experts and legal scholars, as well as nine consumer and privacy groups, arguing that the privacy interest in safeguarding medical records is substantial and that the de-identification techniques adopted by data mining firms do not protect patient privacy. For more information, see EPIC: IMS Health v. Sorrell.

New Voter Photo ID Laws Under Consideration

More than 30 states are considering new laws that would require voters to obtain government-issued photo identification. Voter photo identification laws have been routinely challenged in federal court, and many have been set aside or altered. Currently eight states have photo identification requirements. Prior to the Help America Vote Act, most states allowed several forms of identification to establish residence. In 2007, EPIC filed an amicus brief in the Supreme Court, joining a challenge to an Indiana voter ID law. The Court upheld the law 6-3. Justice Souter wrote in dissent, "this statute imposes a disproportionate burden upon those without" government-issued photo IDs. For more information, see EPIC Voter Photo ID and Privacy and EPIC - Crawford v. Marion County.

April 28, 2011

EPIC Requests Clarifications on New Passport Application

EPIC has filed comments with the State Department regarding Form DS-5513, a new passport application that requires unusually detailed information about the background of some passport applicants. For example, applicants are asked to provide their mother's place of employment at the time of their birth. The agency claims that such information is necessary "when the applicant submits citizenship or identity evidence that is insufficient to meet his/her burden of proving citizenship or identity." EPIC wrote that the State Department needs to provide more information about the purposes of the data collection for the public to meaningfully assess the impact. For more information, see EPIC National ID and REAL ID.

April 29, 2011

Congressmen Not Satisfied with Response from Wireless Carriers on Location Privacy

Representatives Ed Markey (D-MA) and Joe Barton (R-TX) announced they had received responses from the four major U.S. wireless carriers about privacy and location data -- At&T; Verizon; Sprint; and T-Mobile. The wireless carriers say that third-party applications are the biggest privacy threat to users of mobile services. Reps. Markey and Barton sent a letter to the companies after security researchers revealed that Apple was recording the location data of iPhone and iPad users.  For more information, see EPIC: iPhone and Privacy and EPIC - Locational Privacy.

Senator Blumenthal Asks Justice Department to Investigate PlayStation Breach

Senator Richard Blumenthal (D-CT) wrote to Attorney General Eric Holder asking that the Department of Justice open an investigation into the Sony PlayStation security breach. Sony recently informed PlayStation Network customers that an "unauthorized user" had obtained the personal and financial information of 70 million gamers, including minors. Blumenthal wrote that whomever hacked into the PlayStation Network violated the Computer Fraud and Abuse Act. He also expressed concern about Sony's week-long delay in notifying users about the breach. In 2009, EPIC testified before Congress about the need to strengthen data breach notification laws, noting "in the absence of security obligations and breach notification requirements, it is too easy for firms to continue bad practices." For more information, see EPIC: Identity Theft.

About April 2011

This page contains all entries posted to epic.org in April 2011. They are listed from oldest to newest.

March 2011 is the previous archive.

May 2011 is the next archive.

Many more can be found on the main index page or by looking through the archives.