« April 2012 | Main | June 2012 »

May 2012 Archives

May 1, 2012

FOIA "Ombudsman" Releases Open Government Report

In response to several demands from Congress, the Office of Government Information Services (OGIS) has released a long-delayed report with recommendations to improve the administration of the Freedom of Information Act. The report addresses several FOIA processing issues, but doesn't examine the significant issue of delays in FOIA processing and efforts by agencies - such as the Department of Justice - to create new obstacles for FOIA requestors. And OGIS did not address EPIC's pending request to determine whether DHS's practice of vetting FOIA requests by political appointees is permissible. For more information, see EPIC: Open Government.

Following Maryland, Congress and California Consider Bills Banning Employers From Asking for Facebook Passwords

Reps. Eliot Engel (D-NY) and Jan Schakowsky (D-IL) introduced the Social Networking Online Protection Act, a bill that would prohibit employers, colleges, universities, and K-12 schools from seeking usernames or passwords for the social media accounts of employees or students. Similar legislation was introduced in California. Maryland became the first state to ban employers from asking employees or applicants for social networking passwords. Senators Blumenthal and Schumer have asked the Equal Employment Opportunity Commission and the U.S. Department of Justice to investigate the practice. For more information, see EPIC: Workplace Privacy and EPIC: Facebook Privacy.

May 4, 2012

Classified Report Finds Vulnerabilities in Body Scanner Program

The Department of Homeland Security Office of Inspector General has completed an investigation into the effectiveness of the body scanner program as deployed in airports as a primary passenger screening system. The unclassified summary of the report notes that several vulnerabilities were found in the program, which has already cost more than $87 million. The full report consists of "Sensitive Security Information" (SSI) and will not be released to the public, according to the Inspector General. EPIC has challenged the SSI designation, arguing that it is an improper standard for classification. The Government Accountability Office, technical experts, Members of Congress, and bloggers have also questioned the effectiveness of the devices. In a federal lawsuit, EPIC challenged the body scanner program, calling it "invasive, unlawful, and ineffective." For more information, see EPIC v. DHS (Suspension of body scanners).

2011 FISA Orders Up, National Security Letters Down, No Surveillance Request Denied

According to the 2011 Foreign Intelligence Surveillance Act (FISA) Report the Justice Department submitted 1,745 applications to the Foreign Intelligence Surveillance Court, a 10.5% increase over 2010. Of the 1,745 FISA search applications, 1,676 concerned electronic surveillance. The FISA court did not deny any applications, though it did modify 30 applications. Also in 2011, the FBI made 16,511 National Security Letter requests for information pertaining to 7,201 different U.S. persons. This is a substantial decrease from the 24,287 national security letter requests concerning 14,212 U.S. persons in 2010. The annual report on FISA, released by the Department of Justice, is far less extensive than the annual wiretap report, produced by the Administrative Office of the US Courts. EPIC has recommended greater accountability for the FISA Court. For more information, see: EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2011 and EPIC: Foreign Intelligence Surveillance Act.

May 8, 2012

Myspace Settles With FTC Over Deceptive Practices Complaint

The Federal Trade Commission has reached a settlement with the social networking service Myspace over charges that Myspace allowed advertisers to access personally-identifying information after promising to keep such information private. Advertisers were able to access the unique "Friend ID" of users and link this identifier to other personal information. The settlement requires Myspace to implement a comprehensive privacy program, submit to independent audits, and refrain from privacy misrepresentations. For more information, see EPIC: Federal Trade Commission and EPIC: Social Networking Privacy.

May 9, 2012

EPIC Stresses Need For Privacy Evaluation in Drone Testing

In comments to the Federal Aviation Administration (FAA), EPIC emphasized the need for transparency and accountability in drone operations, and recommended the development of privacy protections before drones are more widely deployed in the US. The FAA Notice of Proposed Rulemaking set out proposed criteria for drone testing. Congress has tasked the FAA with facilitating the use of drones in the domestic airspace. February, EPIC, joined by a coalition of more than 100 organizations, experts, and members of the public, petitioned the FAA to conduct a rulemaking on the privacy implications of domestic drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

May 11, 2012

Federal Appeals Courts Sides with NSA, Rejects EPIC's Arguments that Agency Should Provide Information About Collaboration with Google

The DC Circuit Court of Appeals ruled today the National Security Agency need neither "confirm nor deny" the existence of any records about the agency's relationship with Google, even after such a collaboration was widely reported in the national media. EPIC filed a Freedom of Information Act (FOIA) request with the NSA following a cyber attack in January 2010 that led Google to contact the NSA. The NSA refused to either confirm or deny the existence of responsive records, claiming that such information is exempt from disclosure under the NSA Act. EPIC challenged this "Glomar" response and argued that the agency had a responsibility to locate records that could be disclosed, but a lower court ruled in favor of the NSA and the appellate court affirmed. EPIC has several other pending FOIA matters concerning the NSA, including "Perfect Citizen," Internet wiretapping, and even the NSA's own legal authority which the agency has refused to release to the public. For more information, see EPIC v. NSA: Google / NSA Relationship.

On Google Spy-Fi, Senator Durbin Calls for Update to Wiretap Law, FCC Chair Agrees Law Should Protect Unencrypted Communications

In a hearing with Federal Communications Commission Chairman Julius Genachowski, Senator Dick Durbin (D. IL.) criticized the agency's decision to issue a mere $25,000 fine against Google following the investigation of Street View data collection. (Hearing video beginning at 64:20) Senator Durbin said that Google's interception and collection of private wi-fi communication was a clear violation of privacy. Chairman Genachowski defended the agency's decision but agreed with the committee chairman that "the law should protect people even if they have unencrypted wi-fi." Senator Durbin said that he would consider changes to the law if that is necessary. Senator Durbin also asked the FCC to provide the legal memoranda supporting the FCC's decision not to find Google guilty of violating the Communications Act. EPIC has a similar FOIA request pending with the agency. For more information, see EPIC: FCC Investigation of Google Street View and EPIC: Electronic Communications Privacy Act.

EPIC Calls on FTC to Develop Substantive Privacy Protections at Workshop on Mobile Advertising

EPIC submitted comments to the Federal Trade Commission for the May 30 workshop on mobile advertising disclosures. EPIC recommended that the agency focus on the development of substantive privacy protections, such as the Consumer Privacy Bill of Rights announced by the President earlier this year, for mobile services. EPIC also recommended that the workshop address a series of problems with the "notice and consent" approach, as well as the merits of innovative, nonverbal approaches proposed by privacy scholars. The workshop follows an FTC report calling for privacy legislation and an investigation that documented privacy problems with mobile applications for children. For more information, see EPIC: Federal Trade Commission.

May 14, 2012

EPIC Proposes Update to Privacy Act to Address Recent Supreme Court Decision

Following the recent decision of the Supreme Court in FAA v. Cooper, EPIC has set out proposed changes to the Privacy Act that would compensate individuals for provable nonpecuniary harms caused by willful violations of the Privacy Act. In Cooper, the Supreme Court held that the Privacy Act "does not unequivocally authorize" compensatory damages for mental or emotional distress. Justice Sotomayor, joined by Justices Ginsburg and Breyer, wrote in dissent that "the primary, and often only, damages sustained as a result of an invasion of privacy are . . . mental or emotional distress." EPIC recommended that the Privacy Act explicitly define "actual damages" to include provable mental and emotional distress. EPIC's letter follows an earlier request from Senator Daniel Akaka (D-HI) for comment on S.1732, the Privacy Act Modernization for the Information Age Act of 2011. For more information, see, EPIC: FAA v. Cooper and EPIC: The Privacy Act of 1974.

May 15, 2012

FAA Revises Drone License Procedures, Privacy Petition Still Pending

The Federal Aviation Administration has announced new procedures for government agencies that operate drones in the United States. The procedures will streamline the process through which government agencies, including local law enforcement, receive drone licenses. However, the FAA has so far failed to establish privacy safeguards for drone use. On February 24, 2012, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in US airspace. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

May 16, 2012

"Privacy And Security: An Evening Conversation With Leading Experts"

Marc Rotenberg,
EPIC Executive Director

Stanford Law School and Microsoft Innovation & Policy Center
Washington, D.C.
May 16, 2012

EPIC Supports Geolocation Privacy Act, Suggests Improvement

In a Statement for the Record, EPIC has expressed support for H.R. 2168, the "Geolocational Privacy and Surveillance Act," which prohibits the interception of location information by private parties and government agents acting without a search warrant. The bill will be considered at a hearing before the House Subcommittee on Crime, Terrorism, and Homeland Security. EPIC said "as communications technologies evolve, new forms of personal information are generated that require new legal safeguards." EPIC also recommended that Congress adopt purpose-specification and data limitation requirements for data stored by private companies, require affirmative consent prior to the collection of location data, and clarify an exception that permits the interception of location data made available through publicly accessible systems. For more information, see EPIC: Location Privacy.

May 17, 2012

Privacy Board Approved by Judiciary Committee, Vote Moves to Senate

The Senate Committee on the Judiciary has approved President Obama's five nominees for the Privacy and Civil Liberties Oversight Board. The Board is an independent entity charged with ensuring that fundamental rights are protected in the implementation of government programs, including cybersecurity. Originally convened in 2004, the five seats on the Board have remained vacant for the past five years. Senator Leahy, the Chairman of the Judiciary Committee, said, "When we worked to create this board, we did so to ensure that our fundamental rights and liberties would be preserved…The Senate should move quickly to confirm the nominees to the board so that they can get to their important work." For more information, see EPIC: 9/11 Commission Report and "The Sui Generis Privacy Agency: How the United States Institutionalized Privacy Oversight After 9-11."

House Approves Amendment to Defense Spending Bill to Limit Defense Drones Surveillance

The House of Representatives has approved an amendment, introduced by Congressman Landry (R-LA), to the National Defense Authorization Act to prohibit information collected by Department of Defense drones without a warrant from being used as evidence in court. New legislation requires the Federal Aviation Administration to develop rules governing the operation of drones in the U.S. National Airspace. Shortly after passage, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in US airspace. The petition is still pending with the agency. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

May 18, 2012

Federal Appeals Court Backs Justice Department in Voting Rights Dispute

The Court of Appeals for the District of Columbia Circuit issued an opinion rejecting Shelby County, Alabama's constitutional challenge to the preclearance requirements of the Voting Rights Act of 1965. The Court held that Section 5 of the Act, which requires "covered jurisdictions" to show that new voting procedures, such as Voter ID requirements, are nondiscriminatory before those changes can be put into effect, is constitutional. Shelby County challenged the preclearance requirements after Congress reauthorized Section 5 in 2006. The Department of Justice recently blocked Voter ID laws in South Carolina and Texas through the Section 5 preclearance process. EPIC has argued that unreasonable voter ID requirements are an impermissible burden on the right to vote. For more information, see EPIC: Voter Photo ID and Privacy and EPIC: Crawford v. Marion County.

May 21, 2012

EPIC Urges the Drug Enforcement Administration to Uphold Privacy Act Protections

In response to a notice of proposed rulemaking, EPIC has submitted comments to the Drug Enforcement Administration of the Department of Justice, urging the agency to uphold Privacy Act protections, and to not claim broad exemptions from the Privacy Act. The proposed rule would exempt the agency from complying with crucial Privacy Act provisions, including the rights of record access and correction, and the duty to only collect relevant and necessary personal information. The proposed rule would even excuse the agency from any civil liability arising from willful Privacy Act violations. Following the Supreme Court decision in FAA v. Cooper, EPIC has set out proposed changes to the Privacy Act that would compensate individuals for provable nonpecuniary harms caused by willful violations of the Privacy Act. For more information, see EPIC: FAA v. Cooper and EPIC: The Privacy Act of 1974.

Supreme Court Set to Review Wiretap Case

The Supreme Court has agreed to hear Clapper v. Amnesty International USA, a challenge to the FISA Amendments Act of 2008. The Act expanded the Government's authority to engage in warrantless surveillance, and followed news of the Bush administration's program to wiretap international communications. A group of lawyers, journalists, and public interest organizations, who regularly engage in international communications, challenged the new law saying they feared that their private communications would be intercepted. The US Court of Appeals for the Second Circuit ruled that the case could proceed even though the plaintiffs had not established that they were subject to surveillance. The Government filed a petition for the Supreme Court to hear the case, which was granted today. EPIC recently filed an amicus brief in a Supreme Court case, First American v. Edwards, raising similar Article III standing issues in the context of a consumer protection statute. EPIC also filed an amicus brief along with the Stanford Constitutional Law Center and other interested groups, in Hepting v. AT&T, a case challenging AT&T's involvement in the FISA warrantless wiretapping program. For more information, see EPIC: Foreign Intelligence Surveillance Act (FISA).

May 22, 2012

Facebook Users Force Vote on Privacy Changes

Facebook users have registered enough comments on Facebook's proposed privacy changes to force a vote on the issue. A provision in Facebook’s Statement of Rights and Responsibilities states that Facebook will allow users to vote on proposed alternatives if more than 7,000 users comment on a proposed change. The vote is binding if "more than 30 percent of all active registered users as of the date of the notice vote." Facebook's Data Use Policy accumulated 10,500 comments in English. The group Europe v. Facebook generated 30,000 comments on the German version of the page. The FTC recently issued a proposed settlement with Facebook that follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement.

May 24, 2012

Senate Approves FDA Transparency Amendment

The Senate has approved a pro-transparency amendment sponsored by Senator Patrick Leahy (D-VT) to the Food and Drug Administration Safety and Innovation Act. Senator Leahy's amendment will preserve public access to information in the agency's possession related to drugs and pharmaceuticals. The Act originally would have allowed the agency to deny public access to information relating to drugs obtained from a federal, state, local, or foreign government agency if that agency had requested that the information be kept confidential. Many members of the government transparency and accountability community objected in a letter to Congress, highlighting the importance of transparency regarding drug information and the potential health and safety risks created by the original language. For more information, see Openthegovernment.org and EPIC: Open Government.

May 25, 2012

French Data Protection Authority Sends New Questions to Google

The CNIL, the French data protection authority, has sent Google new questions regarding its privacy practices after finding the company's previous response was “often incomplete or approximate." The French agency is acting on behalf of governments across Europe that have raised questions about recent changes in Google's business practices. "The fact that Google's position on personal data processings is still unclear on many points after an in-depth exchange with the CNIL raises additional concerns about Google's adequate information of its users," the letter says. Google executives met with the CNIL on Wednesday, but the data protection authority said that many of its concerns had still not been addressed. Google’s decision to consolidate user data from over 60 products and services has also been criticized in the US by Members of Congress, state Attorneys General, and IT managers in government and the private sector. EPIC brought an enforcement action to block the March 1, 2012 changes. For more information, see EPIC: Enforcement of Google Consent Order.

EPIC to Testify on Foreign Intelligence Surveillance Act

EPIC Executive Director Marc Rotenberg is scheduled to testify before the House Judiciary Committee at a hearing on May 31, 2012 regarding the FISA Amendments Act of 2008. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: Foreign Intelligence Surveillance Court.

May 29, 2012

EPIC Calls for Genetic Privacy Protections

EPIC submitted comments to the Presidential Commission for the Study of Bioethical Issues, urging the advisory panel to protect genetic privacy in large-scale human genome sequence data. The Commission requested comments pertaining to the "privacy of individuals, research subjects, patients, and their families" as the government moves closer to large-scale human genome sequencing. EPIC Advisory Board member, Professor Anita L. Allen serves as a Commissioner for the Presidential advisory panel. EPIC recommended that the Commission build upon genetic privacy and medical laws such as the Genetic Information Nondiscrimination Act("GINA") and the Health Insurance Portability and Accountability Act Privacy Rule to protect genetic data. EPIC also recommended that individuals should be given property rights over their genetic data. For more information, see EPIC: Genetic Privacy and EPIC: Medical Record Privacy.

May 30, 2012

Congressional Hearing: The FISA Amendments Act of 2008

Congressional Hearing: The FISA Amendments Act of 2008

Marc Rotenberg,
EPIC Executive Director

House Judiciary Committee
Washington, D.C.
June 31, 2012

About May 2012

This page contains all entries posted to epic.org in May 2012. They are listed from oldest to newest.

April 2012 is the previous archive.

June 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.