« June 2012 | Main | August 2012 »

July 2012 Archives

July 18, 2012

"The Great Privacy Debate"

Co-hosted by EPIC and TechFreedom

Declan McCullagh (moderator)
Marc Rotenberg, EPIC
Andrew Keen, Author
Berin Szoka, TechFreedom
Adam Thierer, Mercatus Center

National Press Club
Washington, DC
July 18, 2012

July 3, 2012

European Expert Group Affirms Privacy Rules for Cloud Service Providers

The Article 29 Working Party, representing the privacy agencies of European Union countries, has released a new Opinion in which it states that cloud service providers will be subject to the EU Data Protection Directive. The expert group also advises users of cloud-based services to conduct a comprehensive and thorough risk analysis of cloud services. In 2009, EPIC urged the US Federal Trade Commission to develop privacy standards for Cloud Computing services. See EPIC - Cloud Computing.

2011 Report: Wiretap Authorizations Decrease

According to the 2011 Wiretap Report, released by the Administrative Office of the US Courts, federal and state applications for wiretap orders dropped 14 percent in 2011, compared to the number reported in 2010. The reduction in wiretaps resulted primarily from a drop in applications for intercepts in narcotics offenses. In 2011, a total of 2,732 intercept applications were authorized by federal and state courts, with 792 applications by federal authorities and 1,940 by the states. In 2011, 98 percent, or 2,674, of all authorized wiretaps were designated as portable devices. The Wiretap Report does not include interceptions pursuant to the Foreign Intelligence Surveillance Act of 1978. For more information see: EPIC: Wiretapping and Administrative Office of the US Courts: Wiretap Reports.

Court Orders Twitter to Disclose User Records, Denies User's Ability to Challenge Order

A New York judge has ordered Twitter to turn over user data for an Occupy Wall Street protester. The user challenged the order under the Twitter terms of service, but the court ruled that the user had no standing. EPIC recently filed a "friend of the court" brief arguing that users of cell phone services have a reasonable expectation of privacy in their location records, which are subject to the same disclosure rules as Twitter data. For more information, see EPIC: In re Twitter Order Pursuant to 2703(d), EPIC: In re Historic Cell-Site Location Information.

July 6, 2012

Industry Association Publishes Guidelines for Drone Operators

The Association for Unmanned Vehicle Systems International, the organization representing drone manufacturers and operators, has released an Industry "Code of Conduct". Compliance with the guidelines is both voluntary and not enforceable. The association acknowledges that invasive drone surveillance technology poses a risk to the public, and specifically tasked users to "respect the privacy of individuals." In February, EPIC, joined by over 100 organizations, experts, and members of the public, submitted a petition to the FAA requesting a public rulemaking on the privacy impact of drone use in U.S. airspace. The Agency has not yet responded or addressed these concerns. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

July 9, 2012

Executive Order Grants Authority to Seize Private Communications Facilities

The White House has released a new Executive Order seeking to ensure the continuity of government communications during a national emergency. The Executive Order grants new powers to the Department of Homeland Security, including the ability to collect certain public communications information. Under the Executive Order the White House has also granted the Department the authority to seize private facilities when necessary, effectively shutting down or limiting civilian communications. In 2011, Congress considered similar provisions in cybersecurity legislation, which would have allowed the government to disconnect communications traffic in times of national security. Following public protest, congress abandoned the proposal. For more information, see EPIC: Cybersecurity Privacy Practical Implications.

Law Enforcement Requests to Wireless Carriers Topped 1.3 Million in 2011

In response to recent letters from Congressman Ed Markey (D-MA), nine mobile wireless carriers have provided detailed reports of law enforcement requests for user cell phone records. These requests come from agencies - across all levels of government - seeking text messages, caller locations, and other information in the course of investigations. The reports show that companies turn over thousands of records a day in response to subpoenas, court orders, police emergencies, and other requests. The volume of requests has increased as much as 16 percent for some companies over the last five years, and some carriers have rejected as many as 15 percent of all requests that they found legally questionable or unjustified. EPIC recently filed amicus briefs in the Fifth Circuit and New Jersey Supreme Court arguing that disclosure of historical and real-time cell phone location information violates a reasonable expectation of privacy and thus requires a warrant under the Fourth Amendment. For more information, see EPIC: In re Historic Cell-Site Location Information, EPIC: State v. Earls.

July 11, 2012

Symposium On Usable Privacy and Security

Symposium On Usable Privacy and Security

Lillie Coney,
EPIC Associate Director

Carnegie Mellon CyLab
Washington, D.C.
July 11-13, 2012

EPIC Urges Privacy Safeguards for Defense Department Cybersecurity Program

EPIC has submitted comments to the Department of Defense, urging the agency to protect individual privacy when it obtains detailed information about Internet users from the private sector. Under current Department regulations, companies are encouraged to provide information about Internet users that may relate to "cyber incidents" and cyber "threats."This is similar to a controversial provision in Cyber Intelligence Information Protection Act ("CISPA"). EPIC recommended that the agency revise the regulations for the "Cyber Security and Information Assurance" program so that: (1) the program remain voluntary, (2) "cyber incident" and "threat" are narrowly defined, (3) liability is imposed on private companies for disclosing excess user information, (4) the Attorney General conduct annual audits, and (5) the agency adheres to federal privacy laws. EPIC also warned the agency to fully comply with the Freedom of Information Act, which has provided the public with important information about network security. For more information, see EPIC: Cybersecurity and EPIC: EPIC v. NSA (FOIA for NSA Cybersecurity Authority), and EPIC: EPIC v. NSA (FOIA for Google/NSA Relationship).

EPIC Urges FTC to Develop Meaningful Privacy Protections for Mobile Services

EPIC has submitted comments to the Federal Trade Commission concerning "Advertising and Privacy Disclosures in a Digital World". The FTC is currently exploring ways businesses could improve privacy notices for mobile devices. EPIC pointed out that many of the techniques, such as privacy icons, suffer from the same problems as traditional privacy notices. EPIC recommended that the FTC focus instead on substantive privacy protections, such as those found in the federal Privacy Act, sectoral privacy laws, and the Consumer Privacy Bill of Rights, proposed by the White House. An earlier FTC report called for new privacy legislation and an FTC investigation documented privacy problems with mobile applications for children. For more information, see EPIC: Federal Trade Commission.

July 13, 2012

EPIC Objects to Facebook Settlement, Cites Failure to Benefit Class Members

EPIC has asked a federal judge to reject a pending class action settlement concerning Facebook, stating that it does not actually benefit Facebook users. In one letter to the court, EPIC explained that the settlement does not fix the problem with "Sponsored Stories." In a second letter, joined by consumer, privacy, and academic organizations, EPIC said that "cy pres" funds should be distributed according to objective criteria, as courts have done in other similar cases. (Cy pres allows courts to allocate funds in class action settlements.) In 2009, EPIC led a coalition of consumer and privacy organizations that was responsible for the FTC's privacy settlement with Facebook.] And EPIC has routinely represented the interests of Facbeook users. For more information, see EPIC: Facebook Privacy.

July 19, 2012

Airport Body-Scanning: Will TSA Follow the Law?

CATO Institute Briefing: Airport Body-Scanning: Will TSA Follow the Law?

Ginger McCall, Counsel
EPIC Open Government Project Director

2212 Rayburn House Office Building
Washington, DC
July 19, 2012
(lunch provided)

July 17, 2012

EPIC Calls on FCC to Require Mobile Phone Carriers to Protect Privacy

EPIC, joined by Consumer Watchdog, submitted comments to the Federal Communications Commission on the privacy and security of information stored on mobile phones. The comments discussed the various privacy risks created by the business practices of many carriers, and recommended that the FCC require mobile carriers to implement comprehensive privacy and security protections based on Fair Information Practices. EPIC previously wrote to the FCC in 2007 to call for increased protections for customers' Customer Proprietary Network Information, and in 2001 to urge the FCC to establish fair location information practices. For more information, see EPIC: Customer Proprietary Network Information and EPIC: Location Privacy.

EPIC Files Mandamus Petition to Compel Action on the Airport Body Scanner Program

EPIC has filed a mandamus petition with the Federal Court of Appeals in Washington, DC to require the beginning of a public comment process on the controversial airport body scanner program. One year has passed since the Court ordered the Department of Homeland Security to "act promptly" to undertake the action demanded by EPIC, but the agency has taken no action. In the petition, EPIC said that the agency's delay poses risks to travelers, defies the Court's authority, and is unlawful. EPIC asked the court to require that the federal agency receive public comments within 60 days or that it suspend the program. (Mandamus Appendix). For more information, see EPIC v. DHS (airport body scanners).

July 19, 2012

Using Unmanned Aerial Systems Within the Homeland: Security Game Changer?

Congressional Hearing: "Using Unmanned Aerial Systems Within the Homeland: Security Game Changer?"

Amie Stepanovich,
EPIC Associate Litigation Counsel

House Committee on Homeland Security
311 Cannon Building
Washington, DC
July 19, 2012

July 18, 2012

EPIC Recommends Protections for Use of Commercial Facial Recognition Technology

In a statement for the record, EPIC called on the Senate Subcommittee on Privacy, Technology, and the Law to protect the ability of individuals to control the disclosure of their identity. The hearing on "What Facial Recognition Technology Means for Privacy and Civil Liberties" will feature witnesses from the government, private companies, and academia. EPIC recommended that Fair Information Practices ("FIP") be enforced against companies that collect facial recognition data. These legal obligations would include limitations on collection, use, and retention of the data, informed consent, security, accessibility, and accountability. "In the absence of guidelines and legal standards, EPIC recommends a moratorium on the commercial deployment of facial recognition techniques." For more information, see EPIC: Facial Recognition.

July 19, 2012

EPIC Asks Congress to Adopt Privacy Safeguards for Drones

Today's House Homeland Security Oversight Subcommittee hearing, "Using Unmanned Aerial Systems Within the Homeland: Security Game Changer?” examined federal use of drones in the United States. University of Texas Professor Todd Humphreys testified about how he gained full flight control of a drone operated by someone else. On the second panel, EPIC's Amie Stepanovich testified on the privacy implications of domestic drone use, alongside Gerald Dillingham and Chief Deputy William McDaniel. In February, EPIC, joined by over 100 organizations, experts, and members of the public, petitioned FAA to begin a rulemaking on the privacy impact of drone use. The Agency has not yet responded the EPIC Petition or addressed privacy concerns. EPIC recommended that the FAA develop privacy rules, that DHS conduct a privacy assessment, and that Congress establish new privacy safeguards. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

EPIC Demands Evidence of TSA Body Scanner Rulemaking

EPIC has submitted a Freedom of Information Act request to the TSA, seeking documents about whether the agency actually intends to give the public the opportunity to comment on the controversial body scanner program. One year has passed since the D.C. Circuit Court of Appeals ordered the agency to "act promptly" and undertake a public notice-and-comment rulemaking. The agency has not done so but claims to be working on it. In a separate Petition for Mandamus EPIC asked the Court to require the agency to issue a proposed rule within 60 days or suspend the program. For more information, see EPIC v. DHS (airport body scanners).

July 20, 2012

Emerging Privacy and Civil Liberties Issues

"Emerging Privacy and Civil Liberties Issues"

Marc Rotenberg,
EPIC Executive Director

National Association of Appellate Court Attorneys
Annual Conference
Washington, DC
July 20, 2012

FISA Reform Proposal Moves Forward in Senate

The Senate Judiciary Committee has approved a bill that would established new safeguards for the Foreign Intelligence Surveillance Amendments Act. The Act provides for court approval of 'programs of surveillance' that allow for the collection of communications of US citizens. The bill, sponsored by Senator Patrick Leahy (D-VT), would renew the Act but also establish new reporting requirements to improve government accountability. In May 2012, EPIC Executive Director Marc Rotenberg testified before the House Judiciary Committee, and recommended increased oversight and reporting. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: Clapper v. Amnesty International USA.

July 23, 2012

Second Wisconsin Judge Strikes Down State Voter ID Law

In a second challenge to Wisconsin's voter ID requirement, Judge David Flanagan has held that the ID law imposes an unconstitutional burden on the right to vote. The law "tells more than 300,000 Wisconsin voters who do not now have an acceptable form of photo identification that they cannot vote unless they first obtain a photo ID card," wrote Judge Flanagan. The opinion follows a similar ruling earlier this year by Wisconsin judge Richard Niees. For more information EPIC: Voter Photo ID and Privacy and EPIC: Crawford v. Marion County.

White House TSA Petition Passes 15,000

A petition posted at the White House website "We the People" urging the Transportation Security Agency to "Follow the Law!" has received more than 15,000 signatures. If 25,000 people sign the petition before August 9, 2012, the White House will respond. The petition asks President Obama to force the TSA to begin the public comment process on the controversial airport body scanner program, as the agency was ordered to do by a federal court more than a year ago. For more information see EPIC v. DHS (suspension of airport body scanners).

July 24, 2012

Voters Wary of Individually-Tailored Political Ads

A report by the Annenberg School for Communication at the University of Pennsylvania found that 86 percent of voters did not want political campaigns to tailor advertisements based on their interests. This percentage is higher than the percentage of respondents who reject other tailored advertisements (61%) or tailored news (56%). Significantly, a majority of respondents also reported that they would be less likely to vote for candidates that targeted them with tailored ads. For more information, see EPIC: Voter Privacy and EPIC: Public Opinion and Privacy.

Next Challenge - How to Handle Big Data in the Cloud

Lillie Coney,
EPIC Associate Director

Internet Governance Forum USA
Georgetown Law Center
Washington, DC
July 26, 2012

July 26, 2012

Opening Plenary Session: "Governments or Governance?"

Marc Rotenberg,
EPIC President

Internet Governance Forum USA

Georgetown Law Center
Washington, DC
July 26, 2012

July 27, 2012

In UK, Google Admits It Retains Street View Data

In a letter to the UK Information Commissioner, Google has admitted it retained payload data improperly collected by Street View vehicles. Google had promised earlier it would delete the data. The UK privacy agency has now demanded that Google turn over the payload data for examination and forensic analysis. EPIC recently filed an amicus brief in a US federal appeals court, arguing that Google Street View violated federal wiretap law. For more information, see EPIC: Investigations of Google Street View and EPIC: Joffe v. Google.

London Olympics Underway, Privacy Issues Loom

Olympic organizers have stepped up the use of surveillance and identification technologies at the London 2012 games. Body scanners have been installed at entrances to Hyde Park and Victortia Park. IOC members, VIPS guests an staff will carry RFID-enabled identity documents. One commentator has noted that even the Olympic Mascot has "A Huge Camera Eye That 'Records Everything.'" For more information, see EPIC, Privacy and the 2008 Olympic Summer Games and London 2012, Privacy Policy.

July 30, 2012

US Pushes Forward Flawed International Privacy Framework

The United States is the lone signatory for the Asia-Pacific Economic Cooperation’s Cross Border Privacy Rules. The APEC Cross Border Privacy Rules set out a self-regulatory framework for the transfer of personal data across national borders. APEC is an inter-governmental organization with 21 member economies that promotes business and trade in the Asia-Pacific region. APEC established a Privacy Framework in 2004 that is generally considered among the weakest privacy frameworks in the world. In 2006, EPIC and a coalition of consumer groups submitted comments to the Department of Commerce detailing the shortcomings of the APEC framework and recommending stronger safeguards for consumers. For more information, see EPIC: International Privacy Standards and EPIC: APEC Privacy Framework.

Franken Amendment Seeks to Protect Cybersecurity Privacy

The Senate is expected to consider the Cybersecurity Act of 2012 prior to the August recess. Unlike the Secure IT Act, the Cybersecurity Act would avoid the NSA takeover of the Internet. However, privacy concerns remain about the broad authority of Internet companies to monitoring Internet users and turn information to the government. An amendment sponsored by Senator Al Franken (D-Minn) would limit this surveillance. A provision that limits the disclosure of cybersecurity threat information remains in the Act. Earlier this year, EPIC recommended to the Senate that the Freedom of Information Act limitation be removed. For more information, see EPIC: Cybersecurity Privacy Practical Implications.

Senate Amendment Would Weaken Video Privacy Act

The Senate is considering an amendment that would weaken the consent provision of the Video Privacy Protection Act by allowing companies such as Netflix to obtain blanket consent to routinely disclose a consumer’s video viewing records EPIC previously testified before the Senate Judiciary Committee and recommended that Congress strengthen the consumer privacy law by giving users access to the information collected about them, by extending the scope of coverage, and by increasing the penalties for violations of the law. For more information, see EPIC: Video Privacy Protection.

July 31, 2012

EPIC Urges Education Department to Protect Student Privacy

EPIC has submitted comments to the Education Department, recommending the agency collect only "relevant and necessary" student information when it undertakes educational studies. The agency's Institute of Education Sciences has proposed a "Study of Promising Features of Teacher Preparation Programs" to help assess teacher effectiveness. The new database will contain records on "approximately 5,000 students and 360 teachers." EPIC urged the agency to only collect student data germane to teacher effectiveness, such as test scores, and opposed the agency's collection of detailed student information such as actual name and "disciplinary incidences." Earlier this year, EPIC sued the Education Department for issuing regulations that failed to safeguard student privacy. For more information, see EPIC: EPIC v. The U.S. Department of Education and EPIC: Student Privacy.

Senate Committee Considers Updates to Federal Privacy Act

The Senate Oversight of Government Management Subcommittee held a hearing today on "The State of Federal Privacy and Data Security Law: Lagging Behind the Times?" The hearing focused on S.1732, the Privacy Act Modernization for the Information Age Act of 2011, and S.3414, an amendment to the Cybersecurity Act of 2012, introduced by Senator Daniel Akaka (D-HI). Both measures would strengthen privacy protections for personal information collected by government agencies. Senate witnesses agreed that after the Supreme Court decision in FAA v. Cooper, the Privacy Act should be amended to compensate individuals for provable, nonpecuniary harms. EPIC has made several recommendations to update the federal privacy law and also warned about the deployment of new agency profiling systems. For more information, see EPIC: The Privacy Act of 1974 and EPIC: Automated Targeting System.

About July 2012

This page contains all entries posted to epic.org in July 2012. They are listed from oldest to newest.

June 2012 is the previous archive.

August 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.