« September 2011 | Main | November 2011 »

October 2011 Archives

October 14, 2011

Emerging Privacy Issues (Keynote)

Marc Rotenberg,
EPIC Executive Director

PIPA Conference
Vancouver, Canada
October 14, 2011

October 24, 2011

MIT Miller Lecture on Science and Ethics

Marc Rotenberg,
EPIC Executive Director

Cambridge, MA
October 24, 2011

October 3, 2011

EPIC Urges Supreme Court to Uphold Fourth Amendment in GPS Case

EPIC filed a "friend of the court" brief in the United States Supreme Court urging the Court to limit the scope of pervasive GPS surveillance by upholding robust Fourth Amendment protections. Along with 30 legal and technical experts, EPIC argued that 24-hour GPS surveillance by law enforcement constitutes a "search" under the Fourth Amendment. US v. Jones involves the government's use, without a judicial warrant, of a GPS device to track a person "24/7." The lower court held that "the use of the GPS device violated [Jones'] 'reasonable expectation of privacy,' and was therefore a search subject to the reasonableness requirement of the Fourth Amendment." Arguing in support of the earlier decision, EPIC said "it is critical that police access to GPS tracking be subject to a warrant requirement." For more information, see EPIC: US v. Jones, and EPIC: Locational Privacy.

Law Enforcement Access to Your Personal Data: A Roundtable Discussion with Ginger McCall from the Electronic Privacy Information Center (EPIC)

Law Enforcement Access to Your Personal Data: A Roundtable Discussion with Ginger McCall from the Electronic Privacy Information Center (EPIC)

Ginger McCall,
EPIC Open Government Counsel

Benjamin Cardozo School of Law
New York, NY
October 3, 2011

October 4, 2011

EPIC Urges Supreme Court to Affirm Privacy Act Remedies

EPIC filed a "friend of the court" brief in the United States Supreme Court urging the Court to enforce the rights granted under the Privacy Act, which regulates the use of personal information held by federal agencies. EPIC argued that the government should not be allowed to avoid liability by asserting that it caused only mental and emotional harm when it intentionally and willfully violated the federal statute. FAA v. Cooper involves the Social Security Administration's disclosure of a pilot’s HIV status. The lower court held that "the term 'actual damages'" in the Privacy Act "unequivocally encompasses nonpecuinary damages." EPIC urged affirmance of the decision, stating that the Privacy Act "provides compensation for harm suffered" and aims to "ensure compliance with statutory obligations." For more information, see EPIC: US v. Cooper, and EPIC: Privacy Act.

Appeals Court: Noncitizens Protected by Electronic Communications Privacy Act

A federal appeals court has ruled in Suzlon Energy v. Microsoft Corp. that foreign citizens are protected by the Electronic Communications Privacy Act. The decision is not that surprising as the Electronic Communications Privacy Act protects consumer data, without regard to nationality, by forbidding companies from disclosing communications data with third parties in most circumstances. Suzlon involved a civil suit in which Microsoft refused to disclose data from the Hotmail email account of Rajagopalan Sridhar, an Indian citizen. The court ruled that Sridhar was protected by the Electronic Communications Privacy Act and that Microsoft correctly refused to disclose communications from Sridhar's email account. For more information, see EPIC: Wiretapping.

October 7, 2011

Documents Obtained by EPIC Reveal Government's "Minority Report" Scanning Program

Through a Freedom of Information Act request, EPIC has obtained documents from the Department of Homeland Security about a secretive "pre-crime" detection program. The "Future Attribute Screening Technology" (FAST) Program gathers "physiological measurements" from subjects, including heart rate, breathing patterns, and thermal activity, to determine "malintent." According to the documents obtained by EPIC, the agency is considering the use of the device at conventions and sporting events, and has already conducted field testing. CNET first reported on the EPIC FOIA request. For more information, see: EPIC: Future Attribute Screening Technology Project.

October 11, 2011

"Protecting Consumer Privacy and Internet Regulation"

Lillie Coney,
EPIC Associate Director

National Press Club
Washington, DC
October 11, 2011

(CSPAN Webcast)

Congressional Watchdog: DHS Data Mining Programs Pose Risk to Privacy

The Government Accountability Office has performed a detailed evaluation of data mining practices at the Department of Homeland Security. According to the report, privacy protections and transparency are vital to data mining operation, however the Department's practices did not "adequately ensure the protection of privacy-related information." in 2009, EPIC called for an investigation of the Department's Privacy Office and said that the Chief Privacy Officer was not complying with the statutory requirements to protect privacy. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.

October 12, 2011

Federal Appeals Court Protects Employees from Covert Video Recording

The Third Circuit Court of Appeals ruled that a police deputy's privacy claims against her employer can proceed despite the government's objections. The case involves Jane Doe, who was secretly videotaped by a co-worker during a mandatory decontamination shower. The digital footage was uploaded onto a government computer and disclosed over the municipal network. The appeals court held that Ms. Doe had a reasonable expectation of privacy in remaining free from videotaping during the shower, and wrote "the potential harm of nonconsensual disclosure [of the video] is exacerbated by the existence of the Internet, where one can upload image and video files and irretrievably share them with the world in a matter of moments." EPIC filed a brief and presented oral argument in the case, stating that the case "presents novel privacy issues involving new technology" and that "the District Court failed to appreciate the unique damage caused by unlawful disclosures over computer networks." For more, see EPIC: Doe v. Luzerne.

October 13, 2011

Supreme Court Hears Oral Argument in Strip Search Case

The United States Supreme Court heard oral arguments on Wednesday in Florence v. Board of Chosen Freeholders of the County of Burlington. At issue in the case is whether the Fourth Amendment permits a jail to conduct a suspicionless strip search of every suspect, even those arrested for minor traffic offenses. The Petitioner Albert Florence was arrested based on an inaccurate police record of his previously resolved traffic fine. Florence was held for six days and subject to multiple strip searches before he was eventually brought before a judge and released. EPIC successfully argued before the Third Circuit in Doe v. Luzerne that an individual has a reasonable expectation of privacy in remaining free from the government’s recording of nude images. EPIC also filed a “Friend of the Court” brief in Herring v. US, involving a Fourth Amendment challenge to an arrest and search based on incorrect information in a government database. For more information, see EPIC: Herring v. US.

October 17, 2011

Constitutional Constraints on State Health Care & Privacy Regulation After Sorrell v. IMS Health Symposium

Constitutional Constraints on State Health Care & Privacy Regulation After Sorrell v. IMS Health Symposium

John Verdi,
EPIC Senior Counsel

University of New Hampshire Law School
Concord, NH
October 14, 2011

"Transatlantic Cooperation for Growth and Security: Protecting Critical Technology and Infrastructure"

Marc Rotenberg,
EPIC Executive Board

House Cannon Office Building
Washington, DC
October 17, 2011

EPIC Urges Supreme Court to Affirm Congress' Power to Pass Effective Privacy Laws

EPIC filed a "friend of the court" brief in the United States Supreme Court urging the Court to affirm Congress' power to enact strong statutes that protect consumer privacy. First American v. Edwards presents the question of whether a person can sue to enforce a provision of the Real Estate Settlement Procedures Act (RESPA), which gives individuals a right to untainted real estate referral services, and enforces this right by specifying an amount of damages for which violators are liable. Surprisingly, Facebook, Linkedin, Yahoo, and Zynga filed a brief in support of the bank First American and arguing against enforcement of privacy statutes in certain circumstances. EPIC then filed a brief in support of the consumer Edwards and argued that if the Court did not uphold statutory damage provisions, "it would become virtually impossible to enforce privacy safeguards in the United States." Statutory damage provisions help ensure compliance with Fair Information Practices, the foundation of modern privacy law. For more information, see EPIC: First American v. Edwards, and EPIC: Privacy Act.

October 20, 2011

Sen. Rockefeller Requests FTC Report on Facial Recognition Technology

Senator John D. Rockefeller (D-WV) sent a letter requesting that the Federal Trade Commission assess the use of facial recognition technology and recommend legislation to protect privacy. Facial recognition technology is being used by technology firms and also police agencies, which has raised civil liberties concerns. The letter cited mobile applications such as SceneTap, which "tracks the male/female ratio and age mix of the crowd [in bars]" and digital advertising at the Venetian Resort in Las Vegas that tailors ads to the person standing in front of the display based on recognition of that person’s age and gender. The FTC will hold a workshop on facial recognition technology on December 8, 2011. EPIC's complaint regarding Facebook's facial recognition is still pending before the FTC. For more information, see EPIC: In re Facebook, and EPIC: Facial Recognition.

American Travelers to TSA: Body Scanners are Unsafe and Unacceptable

EPIC has uncovered more complaints from travelers about the TSA airport body scanners. In response to a FOIA request, the federal agency turned over 241 pages of passenger complaints about body scanners to EPIC. The documents reveal that travelers are angry and frustrated about TSA screening procedures. Travelers expressed concern about radiation risks to children, the elderly, and those with special needs. Other travelers wrote the fact that the machines could capture naked images as unacceptable. One traveler said, "using [the full body scanners] is an extreme invasion of privacy." EPIC previously obtained hundreds of pages of complaints (sample) after filing a Freedom of Information Act lawsuit against the Agency. Earlier this year, in EPIC v. DHS, EPIC also obtained a judgment from the federal appeals court in Washington, requiring the TSA to conduct a public rulemaking on the program and ensuring that passengers have a right to opt-out. For more information see EPIC: Whole Body Imaging Technology.

EPIC to Justice Department: Maintain Strong Open Government Regulations

In extensive comments to the Department of Justice, EPIC has urged the federal agency not to weaken the Freedom of Information Act (FOIA) as it has proposed. The Justice Department is considering regulations that would place new burdens on FOIA requesters, make it more difficult to qualify for educational and news media fee status, and allow agencies to terminate FOIA requests, and even make misrepresentations about the existence of documents and destroy records subject to a FOIA request. EPIC said that the Justice Department proposal would undermine the FOIA, is contrary to law as well as the views expressed by the President and the Attorney General. EPIC has an extensive FOIA practice and has recently uncovered documents regarding the FBI's Watchlist and the Department of Homeland Security's "Minority Report" Pre-crime Detection Program. The Justice Department must now decide whether to adopt the changes it has proposed, withdraw the rule, or make modifications. For more information, see EPIC: Open Government.

October 25, 2011

FTC Finalizes Google Buzz Settlement but Fails to Adopt Any Recommended Safeguards Following Public Comment Process

The Federal Trade Commission has finalized the settlement with Google regarding Buzz, the social network service launched in early 2010. The Commission action follows a complaint filed by EPIC on behalf of Gmail subscribers and other Internet users. The FTC agreement with Google is far-reaching and bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years. However, the Commission failed to adopt any of the recommendations submitted during the public comment process." In a letter to EPIC and to others who submitted suggestions, the FTC wrote "the Commission has determined that the public interest would best be served by issuing the Decision and Order in final form without any modifications." For more information, see EPIC - In re Google Buzz and Fix Google Privacy.

October 27, 2011

Prof. Sweeney, EPIC, 50 Tech Experts Urge Government to Strengthen "Common Rule," Encourage Research on Techniques for Deidentification

In extensive comments to the Department of Health and Human Services, Professor Latanya Sweeney of the Data Privacy Lab, EPIC, Patient Privacy Rights, and 50 data privacy researchers, warned the federal agency that medical privacy standards for deidentification are "gravely inadequate" and that proposed changes to the Common Rule would deprive the public and policymakers information about the risks of reidentification. The group urged support for stronger techniques for deidentificaiton, based on recent advances in theoretical computer science. Earlier this year, EPIC filed an amicus brief in a Supreme Court case IMS Health v. Sorrell, warning that the deidentification technique adopted by dataminers was not sufficient to protect patient privacy. For more information, see EPIC: Privacy and the Common Rule and EPIC: Medical Record Privacy.

October 28, 2011

EPIC Files Papers to End DHS Delay in Seeking Public Input on Airport Body Scanners

EPIC filed papers in federal court today seeking to enforce an order that requires the Department of Homeland Security to detail the agency's controversial airport body scanner program. As a result of the EPIC lawsuit, the DC Circuit Court of Appeals ruled that the agency violated federal law when it installed body scanners in airports for primary screening without first soliciting public comment. In July, the Court ordered Homeland Security to "promptly" seek public comment, but the agency has failed to respond. EPIC, and a coalition of privacy and civil liberties organizations, first petitioned DHS to undertake a public rulemaking in 2009. EPIC's subsequent lawsuit alleged that airport body scanners are "invasive, unlawful, and ineffective." For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology.

October 31, 2011

Advocates, Academics, and Privacy Officials Gather in Mexico City for Public Voice Conference

Privacy experts from around the world convened at the Privacy is Freedom civil society conference, held in conjunction with the annual meeting of the data protection and privacy commissioners. More than 200 participants from 25 countries are attending the event which includes discussions on The Madrid Declaration, the Right to be Forgotten, and Cultures of Privacy Around the World. The Public Voice conference is sponsored by EPIC and the Federal Institute for Access to Information and Data Protection (IFAI). The Georgetown University Law Center is webcasting the event. The hashtag is #tpv11.

EPIC Files Complaint, Urges FTC to Investigate Verizon's Recent Changes to Privacy Practices

EPIC filed a complaint with the Federal Trade Commission charging that Verizon Wireless has engaged in unfair and deceptive trade practices in violation of consumer protection law. After consumers entered into long-term contracts with Verizon Wireless, the company changed its business practices, and revealed detailed personal information of its customers, including location data, web browsing and search histories, and demographic data, to other companies EPIC also charges that Verizon Wireless has failed to establish adequate techniques to deidentify its customers. "Such practices are unfair and deceptive, contrary to the privacy and security interests of Verizon Wireless customers, and actionable by the Federal Trade Commission," the complaint states. EPIC's complaint regarding Facebook's facial recognition is still pending before the FTC.

Congress, #KWTK Presses Facebook to Disclose Secret Profiles

Lawmakers in Washington have sent a letter to Mark Zuckerberg, Facebook's CEO, asking questions about the company's data retention practices, following a news report that a single European Facebook user obtained more than 1,200 pages of his own personal data from the company, including information that he had previously deleted. Following an effort of privacy advocates in Europe, EPIC has launched the KWTK (Know What They Know) campaign and is urging Facebook users to obtain their complete "data dossier" from the company. For more information, see EPIC: Facebook Privacy and EPIC:#kwtk.

About October 2011

This page contains all entries posted to epic.org in October 2011. They are listed from oldest to newest.

September 2011 is the previous archive.

November 2011 is the next archive.

Many more can be found on the main index page or by looking through the archives.