« September 2012 | Main | November 2012 »

October 2012 Archives

October 10, 2012

"Data Protection in a Global Context: Standards for Effective Protection"

Marc Rotenberg,
EPIC President

"The Reform of the EU Data Protection Framework"
European Parliament
Brussels, Belgium
October 10, 2012

October 23, 2012

"Entrusting the Fourth Amendment to the Dogs: Canine Evidence and the Constitution"

"Entrusting the Fourth Amendment to the Dogs: Canine Evidence and the Constitution"

Marc Rotenberg,
EPIC Executive Director

National Association of Criminal Defense Lawyers
National Press Club
Washington, DC
October 23, 2012

October 3, 2012

Pennsylvania Judge Blocks Voter ID Requirement

A Pennsylvania district court barred the state from enforcing voter identification requirements in the upcoming November elections. Following guidance from the state Supreme Court, Judge Robert Simpson issued a narrow preliminary injunction. He ordered that Pennsylvania may not require photo IDs to vote in November. Election officials may ask voters for identification, but those without ID may still cast regular ballots. Judge Simpson explained that the state Supreme Court identified "the essential offending activity as voter disenfranchisement, not a request to produce photo ID." EPIC has previously argued that voter ID requirements impermissibly burden the right to vote. For more information, see EPIC: Voter ID and Privacy and EPIC: Crawford v. Marion County.

International Consumer Coalition Selects EPIC's Lillie Coney to Co-chair Information Society Committee

The Trans-Atlantic Consumer Dialogue, a coalition of more than sixty consumer organizations in Europe and North America, has selected officers for 2012. EPIC's Lillie Coney joins NCC's Thomas Nortvedt as co-chair of the Information Society Policy Committee. Former US co-chair Susan Grant with Consumer Federation of America joined the TACD US Steering Committee. Other TACD committees include FoodPolicy, Intellectual Property, Financial Services, and Nanotechnology. The TACD presents joint consumer policy recommendations to the US government and the European Union to promote the consumer interest in EU and US policy making.

Senate Report Finds Fusion Centers "Wasteful," Likely Violate Federal Privacy Laws

A Senate Investigations Committee has released a new report on "State and Local Fusion Centers", government data warehouses that store an enormous amount of information on Americans. The Senate report found that Fusion Centers, operated by the Department of Homeland Security, "often produced irrelevant, useless or inappropriate intelligence" and stored records on U.S. persons, "possibly in violation of the Privacy Act." In 2007, EPIC's "Spotlight on Surveillance" warned that Fusion Centers would lead to "abuse and misuse." In subsequent FOIA cases, and comments to the DHS, EPIC helped document the many problems with the federal Fusion Center program, including lack of oversight and ineffective privacy safeguards. For more information, see EPIC: Information Fusion Centers and Privacy and EPIC: EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill.

October 6, 2012

Privacy, Law and Technology: What Happens Next?

"Privacy, Law and Technology: What Happens Next?"

Marc Rotenberg,
EPIC Executive Director

Stanford Law School
Palo Alto, CA
October 6, 2012

October 5, 2012

Supreme Court to Hear Challenge to Restrictive State FOI Law

The Supreme Court has agreed to hear a case, McBurney v. Young, challenging a Virginia state open government law that restricts access to residents and new media organizations operating within Virginia. Petitioners are out-of-state residents whose requests for state documents under the Virginia Freedom of Information Act were denied. The case presents the important issue of whether states can discriminate against non-residents by denying them access to state records. EPIC filed an amicus brief along with several open government organizations urging the Court to hear this case. For more information, see: EPIC: Open Government.

October 9, 2012

EPIC Urges Support for New European Privacy Framework

In testimony before the European Parliament, in Brussels, EPIC President Marc Rotenberg expressed support for the new Data Protection regulation of the European Union. "Efforts to update European Privacy law will provide benefits to Internet users all around the globe," Rotenberg said. US consumer organizations have also expressed support for the EU initiative. The Madrid Privacy Declaration, endorsed by more than 100 civil society organizations, calls for the "establishment of a new international framework for privacy protection, with the full participation of civil society, that is based on the rule of law, respect for fundamental human rights, and support for democratic institutions."

October 10, 2012

FBI Exempts Massive Database from Privacy Act Protections

The Federal Bureau of Investigation has exempted the FBI Data Warehouse System, from important Privacy Act safeguards. The database ingests troves of personally identifiable information including race, birthdate, biometric information, social security numbers, and financial information from various government agencies. The database contains information on a surprisingly broad category of individuals, including "subjects, suspects, victims, witnesses, complainants, informants, sources, bystanders, law enforcement personnel, intelligence personnel, other responders, administrative personnel, consultants, relatives, and associates who may be relevant to the investigation or intelligence operation; individuals who are identified in open source information or commercial databases, or who are associated, related, or have a nexus to the FBI’s missions; individuals whose information is collected and maintained for information system user auditing and security purposes." The Federal Bureau of Investigation has exempted these records from the notification, access, and amendment provisions of the Privacy Act. Earlier this year, EPIC opposed the Automated Targeting System, another massive government database that the Department of Homeland Security exempted from Privacy Act provisions. For more information, see EPIC: The Privacy Act of 1974 and EPIC: Automated Targeting System.

October 15, 2012

Presidential Commission Urges Privacy Protections for DNA Data

Noting the rapid advances in the use of genetic data, the report of the Presidential Commission for the Study of Bioethical Issues recommended "a consistent floor of privacy protections covering whole genome sequence data regardless of how they were obtained. These policies should protect individual privacy by prohibiting unauthorized whole genome sequencing without the consent of the individual from whom the sample came." The Commission further said "Only in exceptional circumstances should entities such as law enforcement or defense and security have access to biospecimens or whole genome sequence data for non health-related purposes without consent." The Presidential Commission offered additional recommendations on "Ethical Principles," "Policy and Governance," and "Analysis and Recommendations." Earlier this year, EPIC provided comments to the Commission, and proposed new safeguards for genetic data and limit law enforcement access. EPIC also recommended that the Commission build upon existing genetic privacy and medical laws to enhance individual control over their genetic information. For more information, see EPIC: Genetic Privacy and EPIC: Medical Record Privacy.

GAO Recommends New Safeguards for Locational Data

"Additional Federal Actions Could Help Protect Consumer Privacy," a report from the Government Accountability Office, essentially says that users of mobile devices have no idea what information about them is collected or how it is used. The report explains that the privacy problems are getting worse as industry groups have failed to establish meaningful safeguards and the NTIA's "multistakeholder process" is going nowhere. Several members of Congress have introduced legislation to protect mobile data, much as communications information is routinely protected by law. Senator Al Franken is the sponsor of Location Privacy Protection Act of 2011, which would "close current loopholes in federal law by requiring any company that may obtain a customer's location information from his or her smartphone or other mobile device to get the customer's express consent before" collecting location data or sharing it with third parties. For more information, see EPIC: Locational Privacy and EPIC: Location Privacy: Apple iPhone/iPad.

Federal Court Panel Blocks South Carolina Voter ID Requirement

A special panel of federal judges in Washington, DC has barred the state of South Carolina from enforcing new voter identification requirements in the upcoming November elections. The court was "unable to conclude" that South Carolina could implement its voter identification law in a way that would "suffice under the Voting Rights Act" before the upcoming elections. The court did grant preclearance to implement the law after the November elections citing the "extremely broad interpretation of the reasonable impediment provision," which allows South Carolina voters to still vote if they complete an affidavit affirming their identity and state the reason for not having obtained photo identification. EPIC has previously argued that voter ID requirements impermissibly burden the right to vote. For more information, see EPIC: Voter ID and Privacy and EPIC: Crawford v. Marion County.

October 16, 2012

Appeals Court Hears Arguments in Open Government Case

The DC Circuit Court of appeals today considered arguments in Citizens for Responsibility and Ethics in Washington v. Federal Election Commission, concerning an agency's failure to comply with statutory obligations to process a Freedom of Information Act request. EPIC joined with Public Citizen and several other prominent open government organizations in an amicus brief supporting CREW's appeal. The open governments group argued that the FEC's practice conflicts with the plain language of the Freedom of Information of Act and would wreak havoc on open government. For more information, see EPIC, Open Government.

European Data Protection Agencies Order Google to Improve Privacy Practices

The French Data Protection Commissioner, acting on behalf of the European Union, has ordered (Appendix) Google to endorse key privacy principles, comply with data protection laws, and give users greater control over their personal information. The decision follows an investigation triggered by the collapse of the Google privacy policy in March 2012, which allowed the company to combine user data across 60 Internet services to create detailed and secret profiles on Internet users. The Commissioner determined that the change violated European data protection laws because Google "does not collect unambiguous consent of the user," and listed 12 steps that Google should implement in order to ensure compliance with the law. Earlier this year, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google that would have Google's changes in business practices. Google's consolidation also prompted objections from state attorneys general, members of Congress, IT managers in the government and private sectors, and consumer organizations in the United States and Europe. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order.

October 24, 2012

34th Annual International Conference on Data Protection Privacy in the Balance

34th Annual International Conference on Data Protection Privacy in the Balance

Lillie Coney,
EPIC Associate Director

Biometrics Panel
Punta del Este, Uruguay
October 24, 2012

October 30, 2012

Trustworthy Cyber Infrastructure for the Power Grid Annual Workshop

Trustworthy Cyber Infrastructure for the Power Grid Annual Workshop

Lillie Coney,
EPIC Associate Director

Panel: Consumer Acceptance of the Smart Grid
Champaign, Illinois
October 30-31, 2012

October 17, 2012

National Do Not Call Registry Tops 217 Million Phone Numbers

According to the 2012 "National Do Not Call Registry Data Book", the number of actively registered phone numbers is up, but so too are the number of consumer complaints about unwanted telemarketing calls. The FTC has continued to receive large numbers of consumer complaints about robocalls even though most telemarketing robocalls have been illegal since September 2009. EPIC supported establishment of the Do Not Call Registry, and recommended to Congress in 2010 that an effective Do Not Track initiative would need to ensure that a consumer's decision is "enforceable, persistent, transparent, and simple." For more information, see EPIC: Telemarketing and the Telephone Consumer Protection Act and EPIC: Online Tracking and Behavioral Profiling.

October 18, 2012

FTC Holds "Robocall Summit"

A Federal Trade Commission workshop on automated telephone calls focused on the legal and technical aspects of robocalls, including the current state of telephonic technology, call authentication technology, and call blocking technology. The Federal Communications Commission recently established new penalties for Caller ID "spoofing," the practice of faking caller ID information. In comments to the FCC and testimony before Congress, EPIC recommended, and Congress and the FCC agreed, that intent to do harm is necessary in order to trigger the penalties, because spoofing can also be used to maintain anonymity, and to protect, for example, victims of domestic violence. For more information, see EPIC: FTC and EPIC: Caller ID.

EPIC FOIA Cases Move Forward in Federal Court

Federal judges have recently issued orders compelling government agencies to produce documents in two open government cases pursued by EPIC. In EPIC v. Office of Director of National Intelligence, 12-1282, EPIC is seeking information about a plan to integrate databases across the federal government, without the legal safeguards typically in place for personal data held by government agencies. (EPIC press release). In response to the EPIC FOIA lawsuit, a federal judge has ordered the agency to disclose the procedures it has established to safeguard privacy rights. In EPIC v. DHS, 12-333, EPIC is L6[seeking documents] about the monitoring of the Internet that some Justice Department officials believe may "run afoul of privacy laws forbidding government surveillance of private Internet traffic." The government sought a 16 month extension. The court has ordered the agency to start producing documents in the next month. For more information, see EPIC - Open Government.

October 19, 2012

TSA Unplugs, Boxes Up Airport Body Scanner X-ray Devices

Earlier this year, the TSA indicated that it would no longer purchase backscatter x-ray devices for deployment in US airports. A news story this week confirms that the TSA has ceased buying the "Whole Body Imaging" devices and is actively replacing them with millimeter wave scanners, a less intrusive but also controversial scanning technology. EPIC sued the Department of Homeland Security to force disclosure of technical documents about the body scanner program. In a subsequent lawsuit, EPIC v. DHS, the DC Circuit Court of Appeals determined that air travellers have a right to opt-out of the body scanner screening and that the TSA must undertake a notice and comment rulemaking. In the most recent decision, the Court has ordered the agency to begin the public comment process by March 2013. For more information, see EPIC: Whole Body Imaging Technology and Body Scanners and EPIC; EPIC v. DHS (suspension of airport body scanners).

October 22, 2012

Verizon Begins Invasive Marketing Program

Verizon has begun selling the personal information of Verizon users, including location information and web browsing activity. The collection of content information implicates federal wiretapping law, although some have suggested that Verizon escapes liability by allowing users to opt-out. EPIC previously filed a complaint with the Federal Trade Commission regarding Verizon’s business practices, which EPIC described as “unfair and deceptive, contrary to the privacy and security interests of Verizon Wireless customers, and actionable by the Federal Trade Commission.” For more information, see EPIC: Federal Trade Commission, and EPIC: Electronic Communications Privacy Act.

Public Voice Conference Underway in Uruguay

Civil society groups, privacy advocates, tech experts, and others are gathering today in Punta del Este, Uruguay for "Privacy Rights are a Global Challenge." The conference will examine Enforcement of Consumer Privacy Rights Enforcement, Privacy Laws in Latin America, Emerging Trends, and the Implementation of the Madrid Declaration. The Public Voice conference is held in conjunction with the annual meeting of the Privacy and Data Protection Commissioners. Follow at #tpv12. You can also view the meeting webcast.

New Jersey Supreme Court Considers Cellphone Tracking Case

In State v. Earls, the New Jersey Supreme Court is today hearing arguments on whether the police may use cellphone tracking techniques without court approval. Earlier this year, the US Supreme Court ruled that the police must obtain a court order if they attach a GPS tracking device to a vehicle. EPIC filed a "friend of the court" brief in Earls, urging the New Jersey court to uphold Fourth Amendment protections. The cell phone tracking techniques at issue in the New Jersey case, EPIC argued, "is more invasive than the GPS tracking in Jones." Princeton attorney Grayson Barber is arguing for EPIC as amicus before the New Jersey court.

Federal Trade Commission Proposes "Best Practices" for Facial Recognition Technology

The Federal Trade Commission has released a report recommending practices that businesses using facial recognition technology should follow in order to protect the privacy and security of consumers. The report noted that facial recognition techniques range from simple face detection to the identification of previously anonymous individuals. The FTC recommended several practices for all businesses, such as privacy by design, data deletion, and security standards. In services involving facial recognition to identify individuals, the FTC recommended that companies obtain the affirmative express consent of consumers, and in certain sensitive locations, such as health care facilities, the FTC said that the technology should not be used at all. In earlier comments to the Commission, EPIC recommended a moratorium on the use of facial recognition until adequate privacy safeguards are developed. A similar recommendation is found in the Madrid Privacy Declaration, which is endorsed by more than 100 civil society organizations worldwide. Facebook has ended the use of facial recognition in the European Union and suspended use in the United States. For more information, see EPIC: Face Recognition and EPIC: Federal Trade Commission.

October 25, 2012

Congressional Field Forum on Drones

Congressional Field Forum on Drones

Amie Stepanovich,
EPIC Associate Litigation Counsel

House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security
Houston, TX
October 25, 2012

October 24, 2012

FOIA Ombudsman Sides with EPIC, DHS to Revise Fee Procedures

Following a detailed complaint from EPIC, which stated that the DHS "is throwing up roadblocks" by withholding fee waivers that should be granted, the FOIA Ombudsman has announced significant changes that will assist all DHS Freedom of Information Act requesters. Beginning October 1, 2012, the DHS will conditionally grant fee waivers if the request is likely to qualify for fee waiver. EPIC had objected that previously the agency did not grant waivers even when it knew the requester was likely to qualify. Second, DHS will inform non-commercial requesters that they are entitled to two free hours of search time and 100 free pages of duplication. Previously, the agency did not inform requesters of this legal right. Third, when fees are imposed, the agency will now provide requesters a detailed breakdown of costs. EPIC President Marc Rotenberg praised the work of the FOIA Ombudsman and acknowledged the changes at DHS. "Congress made clear that the fee waiver provision promotes access to public information. These changes are consistent with that important purpose," said Mr. Rotenberg. For more information, see EPIC - Open Government.

October 26, 2012

EPIC Comments on FTC Rent-to-Own Computer Spying Settlement

EPIC has submitted comments on a series of settlements between the Federal Trade Commission and companies that offered computers on a rent-to-own basis, typically to low-income consumers. The companies installed surveillance technology that secretly recorded keystrokes, location information, screenshots, and even took webcam photos. The settlements prohibit the companies from deceptively collecting information from consumers or collecting location information without consent, and require them to destroy the illegally-gathered data. EPIC expressed support for the settlements, and also recommended that the FTC also require the companies to implement Fair Information Practices similar to the Consumer Privacy Bill of Rights; make the compliance reports publicly available, and hold a workshop on privacy and inequality. EPIC routinely comments on the FTC's proposed settlements concerning consumer privacy. For more information, see EPIC: Federal Trade Commission.

October 30, 2012

Appeals Court Hears Arguments in E-mail Privacy Case

The Fourth Circuit heard oral arguments this week in United States v. Hamilton, a criminal case involving personal e-mails to a spouse sent from a workplace computer. The court focused on the scope of the marital privilege, the privacy of workplace e-mail, and whether failing to delete e-mail after a change in an email "use policy" can constitute a waiver of privilege. EPIC argued in an amicus brief that the retroactive application of a use policy as well as "a duty to delete" would be unfair to users. For more information, see EPIC: United States v. Hamilton and EPIC: Workplace Privacy.

October 29, 2012

Justices Hear Arguments in Surveillance Standing Case

The Supreme Court heard oral arguments in Clapper v. Amnesty International, a case concerning the right to challenge illegal surveillance. A federal appeals court ruled in favor of a group of plaintiffs, including human rights advocates, journalists and attorneys, and held that their costs incurred to avoid surveillance were sufficient to establish a live controversy under the Constitution. Solicitor General Donald Verilli, arguing on behalf of the United States and the Director of National Intelligence, claimed that plaintiffs could not establish a sufficiently concrete injury because they do not know if they had been subject to surveillance. The Justices, including Justice Kennedy, seemed concerned about the possibility of government surveillance of privileged attorney-client communications. EPIC filed an amicus brief, joined by thirty-two legal scholars and technical experts, and six privacy and open government organizations, arguing that the plaintiffs concerns were well founded considering the surveillance capabilities of the NSA and the failure to establish sufficient public reporting requirements for lawful surveillance. For more information, see: EPIC: Clapper v. Amnesty Int'l USA and EPIC: Foreign Intelligence Surveillance Act.

About October 2012

This page contains all entries posted to epic.org in October 2012. They are listed from oldest to newest.

September 2012 is the previous archive.

November 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.