« August 2012 | Main | October 2012 »

September 2012 Archives

September 12, 2012

Datacenter Dynamics Converged

Datacenter Dynamics Converged

Lillie Coney,
EPIC Associate Director

Datacenter Dynamics
Washington, DC
September 12, 2012

September 4, 2012

2012 Democrat Platform Endorses Internet Privacy

The 2012 Democratic National Platform supports the administration’s Internet Privacy Bill of Rights to protect consumer privacy. Separate provisions in the platform call for privacy protections for broadband deployment, intellectual property enforcement, and cybersecurity laws; the Democratic platform opposes voter identification laws. However, the platform is silent on the Fourth Amendment, and retreats from the 2008 Democratic platform that opposed surveillance of individuals that were not suspected of a crime. In 2008, Candidate Obama promised to "strengthen the privacy protections for the digital age and to harness the power of technology to hold government and business accountable for violations of personal privacy.” The 2012 Republican Platform was released last week. The Libertarian and Green Party platforms are also available. For more information, see EPIC: Privacy and Consumer Profiling, EPIC: Voter Photo ID and Privacy, EPIC: National Security Letters, and EPIC: Cybersecurity Privacy Practical Implications.

September 5, 2012

U.S. Consumer Groups Endorse Proposed European Privacy Law

In a letter to members of the European Parliament, over twenty U.S. consumer organizations expressed support for the new European data protection law. The coalition, including Consumers Union, Consumer Federation of America, and Public Citizen, said that the proposed regulation "provides important new protections for the privacy and security of consumers." The groups also explained that the European effort will raise privacy standards for consumers in other parts of the world. The European Union privacy regulation is a comprehensive update of the 1995 EU Data Protection Directive and adopts innovative new approaches to privacy protection, such as "Privacy by Design." BEUC, the association of European consumer groups, has also expressed support for the new law. For more information, see EPIC: EU Data Protection Directive.

Pew Survey Finds Most Mobile Users Avoid Apps Due to Privacy Concerns

A survey by the Pew Research Center found that the majority of mobile phone users have uninstalled or avoided apps due to privacy concerns. According to the report, 54% of mobile users have decided to not install an app after discovering the amount of information it collect, and 30% of mobile users uninstalled an app after discovering that it was collecting personal information that they didn’t wish to share. Owners of Android and iPhone devices are also equally likely to delete (or avoid entirely) cell phone apps due to concerns over their personal information. Younger cellphone users were also twice as likely as older users to report that "someone has accessed phone in a way that felt like privacy invasion." This poll follows another survey by Pew that found that users were becoming more active in managing their social media accounts. For more information, see EPIC: Public Opinion on Privacy.

September 6, 2012

Privacy and Technology Symposium

Khaliah Barnes,
EPIC Open Government Counsel

William & Mary Law School
Williamsburg, VA
September 6, 2012

September 11, 2012

2012 Operations & Technology Conference: "Information Sharing and Privacy: Getting it Right"

2012 Operations & Technology Conference: "Information Sharing and Privacy: Getting it Right"

Khaliah Barnes,
EPIC Open Government Counsel

Equipment Leasing and Finance Association
L'Enfant Plaza Hotel
Washington, DC
September 11, 2012

September 27, 2012

"The Development of Privacy Law from Brandeis to Today"

"The Development of Privacy Law from Brandeis to Today"

Marc Rotenberg,
EPIC Executive Director

Braun Memorial Symposium John Marshall Law School
Chicago, IL
September 27, 2012

September 7, 2012

CPDP 2013 Calls for Papers in Advance of January Conference

The 6th Annual Computers, Privacy and Data Protection Conference has announced a Call for Papers. The conference will take place January 23-25, 2013, in Brussels. Both experienced and junior researchers, as well as Ph.D. candidates, are invited to submit work. The theme of the 2013 CPDP conference is “Reloading Data Protection.” Organizers are particularly interested in papers focusing on technology’s relationship to privacy, data protection, non-discrimination and surveillance. Deadline for submissions is October 19, 2012. EPIC is a participant in CPDP conferences and presents the ”EPIC International Champion of Freedom Awards” at CPDP. For more information, see EPIC Champion of Freedom Press Release, EPIC: EU Law, EPIC: Privacy.

New CRS Report Finds Few Protections For Drone Surveillance

"Drones in Domestic Surveillance Operations," a new report from the the Congressional Research Service, examines current law, the Fourth Amendment, and recently introduced legislation. The CRS finds that "the prospect of drone use inside the United States raises far-reaching issues concerning the extent of government surveillance authority, the value of privacy in the digital age, and the role of Congress in reconciling these issues." In testimony before a House Subcommittee earlier this year, EPIC's Amie Stepanovich stated, "there are substantial legal and constitutional issues involved in the deployment of aerial drones by federal agencies that need to be addressed." EPIC recommended that the FAA develop privacy rules, that DHS conduct a privacy assessment, and that Congress establish new privacy safeguards. EPIC, joined by over 100 organizations, experts, and members of the public, has also petitioned the FAA to begin a rulemaking on the privacy impact of drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

September 14, 2012

Privacy, Piracy, and Patents: Computer Law 2012

Privacy, Piracy, and Patents: Computer Law 2012

Lillie Coney,
EPIC Associate Director

Oregon State Bar Computer and Internet Law Section
OSB Center in Tigard, Oregon
September 14, 2012

September 11, 2012

New Congressional Report Recommends TSA Address Privacy and Health Concerns with Airport Bodyscanners

"Rebuilding TSA into a Smarter, Leaner Organization," a new House Report critiques the Transportation Security Administration for "failing to meet taxpayers' expectations." The report, prepared by the House Committee on Homeland Security, recommends that the TSA sponsor "an independent analysis" of the health risks of body scanners and install privacy filters on all devices. The Report cites the decision in EPIC v. DHS, pointing out that the TSA has failed to abide by the ruling of a federal appeals court to "act promptly" to receive public comments. For more information, see EPIC v. Department of Homeland Security - Full Body Scanner Radiation Risks and EPIC v. TSA - Body Scanner Modifications (ATR).

FTC Finalizes Settlement with Myspace

The Federal Trade Commission has finalized the terms of a settlement with Myspace. The settlement follows from allegations that Myspace allowed advertisers to access personally-identifying information after promising to keep such information private. The settlement requires Myspace to implement a comprehensive privacy program, submit to independent audits, and refrain from privacy misrepresentations. EPIC commented on the settlement, recommending that the FTC make the settlement at least as protective as a previous settlement with Facebook. Additionally, EPIC said, the FTC should require Myspace to implement practices consistent with the White House’s Consumer Privacy Bill of Rights. In response to EPIC’s comments, the FTC decided to accept the proposed settlement without modification but said that “the privacy program mandated under the consent order will require Myspace to address many of the consumer protections discussed in your comment.” For more information, see EPIC: Federal Trade Commission and EPIC: Social Networking Privacy.

September 12, 2012

Rep. Markey Introduces Mobile Privacy Act

Representative Edward Markey (D-MA) introduced "The Mobile Device Privacy Act," a bill that would require companies disclose the existence of monitoring software to consumers and obtain consent before using this software to collect personal information. The bill, H.R. 6337, would also direct the Federal Trade Commission and the Federal Communications Commission to develop rules implementing the act’s provisions. Recently, EPIC filed comments with the FCC urging the Commission to require mobile carriers to implement comprehensive fair information practices. For more information, see EPIC: Customer Proprietary Network Information and EPIC: Location Privacy.

EPIC Pursues Body Scanner Case, Files Reply Brief

EPIC has filed a reply brief with the U.S. Court of Appeals for the D.C. Circuit in the airport body scanner case. The case arises from EPIC's Mandamus Petition, seeking to enforce the Court's July 2011 order requiring the DHS to "promptly" begin notice-and-comment rulemaking. EPIC has argued that the agency's ongoing delay is "unreasonable" and that the Court should require the Secretary to begin the rule making or suspend the program. For more information, see: EPIC v. DHS (Suspension of Body Scanner Program) and EPIC: Whole Body Imaging Technology.

House Renews Foreign Intelligence Surveillance Powers

The House has voted to reauthorize the FISA Amendments Act (301-118). The Act authorizes programs of surveillance intended to target foreign agents, but allows collection of private communications of United States citizens without individualized suspicion. In May 2012, EPIC Executive Director Marc Rotenberg testified before the House Judiciary Committee on the legislation and recommended new oversight procedures. The Senate has yet to consider the measure. Senator Ron Wyden (D-OR) and others have expressed concern about renewal of the Act. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: Clapper v. Amnesty International USA.

September 16, 2012

EPIC Prevails in Mobile Body Scanner FOIA Case

A federal district court has awarded EPIC attorneys fees and costs in EPIC v. DHS, No, 11-945, a Freedom of Information Act lawsuit that resulted in the disclosure of information about the agency's plan to deploy body scanners at bus stations, train stations, and elsewhere. The court found that EPIC had "substantially prevailed" in the FOIA lawsuit and that "EPIC has demonstrated a public benefit arising from the disclosed records." EPIC has several related FOIA lawsuits concerning new systems of mass surveillance. For more information, see EPIC v. DHS (Mobile Body Scanners FOIA Lawsuit).

September 20, 2012

Senate Considers Amendment to Weaken Internet Privacy Law

A senate committee is today considering changes to the Video Privacy Protection Act, a law which safeguards the video viewing records of Internet users. The amendment would allow companies to obtain blanket consent for the use of customer information in the future, whether or not users knew who would receive the information or why it was being disclosed. In testimony before the Senate in January, EPIC strongly opposed the amendment and recommended instead changes that would update the law to provide greater safeguards for Internet users. A federal court recently held that the video law protects the privacy of Hulu subscribers. As the court explained, "Congress was concerned with protecting the confidentiality of private information about viewing preferences regardless of the business model or media format involved." The amendment is backed by Netflix and various industry lobbyists. For information, see EPIC, Video Privacy Protection Act.

Department of Homeland Security Releases 2012 Privacy Report

The Department of Homeland Security released the 2012 Privacy Office Annual Report to Congress. The report describes a social media monitoring policy, and privacy training for fusion centers personnel. According to the report, the TSA has still failed to adopt privacy safeguards for whole body image devices. The report is silent on several new DHS-funded initiatives, including the Future Attribute Screening Technology, a Minority-Report like proposal for "pre-crime" detection. The report also notes the expansion of the National Counterterrorism Center's five-year retention policy for records on U.S. Persons that do not contain terrorism information. The Chief Privacy Officer of the DHS is required by law to ensure that new agency programs do not diminish privacy in the United States. For more information, see EPIC: Privacy Report Held Hostage.

September 21, 2012

Pennsylvania to Reconsider Voter ID Law

The Pennsylvania Supreme Court has ruled that a lower court must determine whether the State's strict voter ID can lawfully be implemented before the national election on November 6. The Supreme Court said that the "disconnect between what the law prescribes and how it is being implemented" raises questions. EPIC has previously argued that voter ID requirements are an impermissible burden on the right to vote. EPIC: Voter Photo ID and Privacy and EPIC: Crawford v. Marion County.

Facebook Ceases Facial Recognition in European Union

The Irish Data Protection Commissioner issued a report finding that Facebook has implemented many of the Commissioner’s recommendations, such as halting the automatic use of facial recognition through "tag suggestions." Facebook has agreed to give users the choice over the use of facial recognition, to grant users access to their facial recognition template, and to delete the facial recognition data of EU citizens by October 15. The report also found that Facebook had implemented recommendations for improving transparency, enhancing the ability for users to delete data, and allowing users to access their data. On recommendations concerning user education, data deletion, and as targeting based on sensitive terms, the report found that "full implementation has not yet been achieved but is planned to be achieved by a specific deadline." The Federal Trade Commission recently adopted a proposed settlement with Facebook that prohibits Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. In November 2011, EPIC recommended that the FTC prevent Facebook from creating facial recognition profiles without users' consent. In February 2012. EPIC recommended "the suspension of facial recognition technology deployment until adequate safeguards and privacy standards are established." For more information, see EPIC: Federal Trade Commission and EPIC: Facebook and Facial Recognition.

September 24, 2012

New Government Report Highlights Privacy Risks

A new report from the Government Accountability Office outlines the risks of increased domestic drone use -- "Unmanned Aircraft Systems" -- following adoption of a recent law. The GAO report -- "Measuring Progress and Addressing Potential Privacy Concerns Would Facilitate Integration into the National Airspace System" -- notes widespread concern about privacy. The GAO report found that privacy "concerns include the potential for increased amounts of government surveillance using technologies placed on UAS, the collection and use of such data, and potential violations of constitutional Fourth Amendment protections against unreasonable search and seizures." The report also notes that "non-military unmanned aircraft system GPS signals are unencrypted, risking potential interruption of command and control . . .." Earlier this year, EPIC warned Congress that "there are substantial legal and constitutional issues involved in the deployment of aerial drones by federal agencies." EPIC, joined by over 100 organizations, experts, and members of the public, has petitioned the FAA to begin a rule making to establish privacy safeguards. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

EPIC Urges Supreme Court to Uphold Review of Wiretapping Programs

Today EPIC filed an amicus brief with the US Supreme Court in Clapper v. Amnesty International USA, a case challenging the interception of communications of US persons under foreign intelligence surveillance laws. This case presents the issue of constitutional "standing," whether the journalists and human rights organizations who brought he lawsuit can establish an imminent threat or reasonable fear that their communications will be collected. The federal appeals court found in their favor. In urging affirmance, EPIC argued that the capacity of National Security Agency to intercept private communications combined with the failure to establish meaningful oversight underscores the concern that the interception of private communications would occur. The EPIC brief is supported by 32 legal scholars and technical experts, and six organizations devoted to privacy and open government. For more information, see EPIC: Clapper v. Amnesty, EPIC: Foreign Intelligence Surveillance Act (FISA).

September 27, 2012

An Evening with a Hacker

"An Evening with a Hacker"

Amie Stepanovich,
EPIC Associate Litigation Counsel

Federal Communications Bar Association
Washington, D.C.
September 27, 2012

September 25, 2012

Supreme Court to Hear Drivers' Records Privacy Case

The US Supreme Court has decided to review Marachich v. Spears, a case concerning the Drivers' Privacy Protection Act. The federal privacy law prohibits the disclosure of personal information in state motor vehicle records, except under certain narrow circumstances. In 2000, several states challenged the law. EPIC argued in an amicus brief that "the Drivers Privacy Protection Act safeguards the personal information of licensed drivers from improper use or disclosure. It is a valid exercise of federal authority in that it seeks to protect a fundamental privacy interest." The Supreme Court upheld the law. More recently, EPIC has argued that resellers of driver records should be strictly liable for violations of the law. At issue in the Marachich case is whether records can be disclosed to facilitate attorney solicitations. The Court of Appeals for the Fourth Circuit ruled that the law permits solicitations under the "litigation" exception. For more information, see EPIC: The Drivers' Privacy Protection Act and EPIC: Gordon v. Softech.

Court Responds to EPIC Petition, Expects Body Scanner Rule by March 2013

The Court of Appeals for the DC Circuit has issued a ruling on EPIC's recent petition regarding the controversial body scanner program. EPIC had urged the court to require the Secretary of Homeland Security to begin a public comment process or suspend the program. The agency said it might "finalize documents" by February 2013. The court said it expected the agency to begin the process before the end of March 2013. In July 2011 the court ordered the agency to "promptly" begin the process. For more information, see: EPIC v. DHS (Suspension of Body Scanner Program).

September 27, 2012

EPIC Supports New Children’s Privacy Rule

EPIC submitted comments on the Federal Trade Commission's revisions to the proposed Children’s Online Privacy Protection Act Rule. EPIC said that it supported the new definitions of "operator" and "website or online service directed to children," which hold child-directed websites and third-party services responsible for the collection of children’s personal information, but asked the FTC to monitor age-screening and to clarify the scope of a provision on using persistent identifiers, such as "cookies." EPIC supported the original FTC rule in September 2011, noting that the proposed revisions take "account of the increased use of mobile devices by users and new data collection practices by businesses." For more information, see EPIC: Children's Online Privacy Protection Act and EPIC: Federal Trade Commission.

Consumer Groups Ask FTC to Investigate Facebook-Datalogix Data-Matching Arrangement

EPIC, joined by the Center for Digital Democracy, has asked the Federal Trade Commission to investigate whether Facebook's data-matching arrangement with Datalogix violates a settlement between the FTC and Facebook. Facebook is matching the personal information of users with personal information held by Datalogix. The settlement, adopted in August, prohibits Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users’ personal information. EPIC had previously asked the FTC to determine whether "Timeline," which made archived user data widely available, or biometric tagging of user photos violated the terms of the consent order. The FTC has not made a determination on the EPIC Timeline request, and Facebook has suspended facial recognition in the US. For more information, see EPIC: Federal Trade Commission and EPIC: Facebook and Datalogix.

September 28, 2012

EPIC FOIA Uncovers Google’s Privacy Assessment

Through a Freedom of Information Act request to the Federal Trade Commission, EPIC has obtained Google's initial privacy assessment. The assessment was required by a settlement between Google and the FTC that followed from a 2010 complaint filed by EPIC over Google Buzz. The FTC has withheld from public disclosure information about the audit process, procedures to assess privacy controls, techniques to identify privacy risks, and the types of personal data Google collects from users. EPIC intends to challenge the agency withholdings. For more information, see EPIC: Federal Trade Commission, EPIC: Google Buzz, and EPIC: Open Government.

About September 2012

This page contains all entries posted to epic.org in September 2012. They are listed from oldest to newest.

August 2012 is the previous archive.

October 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.