« October 2012 | Main | December 2012 »

November 2012 Archives

November 1, 2012

Privacy and Civil Liberties Oversight Board Holds First Public Meeting

The Privacy and Civil Liberties Oversight Board held its initial meeting to take recommendations from the public regarding the issues the Board should pursue. The Implementing Recommendations of the 9/11 Commission Act of 2007 established the Board as an independent agency to "analyze and review actions the executive branch takes to protect the Nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties." In a prepared statement, EPIC urged the Board to investigate the program activities of the Department of Homeland Security and other federal agencies that have failed to comply with the Privacy Act of 1974. For more information, see EPIC: Spotlight on Surveillance, EPIC: The Privacy Act of 1974, EPIC: The 9/11 Commission Report, and EPIC: “Security and Liberty: Protecting Privacy, Preventing Terrorism” (Testimony Before the 9/11 Commission).

November 5, 2012

EPIC to Congress: Protect Privacy Against Drone Surveillance

EPIC participated in a Congressional Hearing on the Impact of Domestic Drone Use Technology on Privacy and Constitutional Rights of All Americans, held at Rice University in Houston, Texas. Congressman Ted Poe (R-TX), sponsor of H.R. 6449: Air Travelers' Bill of Rights Act of 2012, convened the hearing. Joining Congressman Poe were Representatives Michael McCaul (R-TX), Hank Johnson (D-GA), and Sandy Adams (R-FL). EPIC's Amie Stepanovich testified on the need for specific laws to limit drone surveillance in the United States. In a prepared statement, EPIC recommended a warrant requirement for drone surveillance by police as well as data use limitations, and transparency obligations for drone operators. In February, EPIC, joined by over 100 organizations, experts, and members of the public, petitioned the FAA to begin a rule making on the privacy impact of drone use. The Agency has not yet responded to the EPIC Petition. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

November 8, 2012

Lawmakers Gain "Partial Glimpse" into Data Brokers' Business Practices

Members of the Congressional Bi-Partisan Privacy Caucus released the responses of several data brokers to an inquiry into their business practices. Data brokers collect and sell the personal information of consumers to third parties, typically without the knowledge of the consumers themselves. The lawmakers reported that most of the companies did not consider themselves "data brokers," and that "[m]any questions about how these data brokers operate have been left unanswered, particularly how they analyze personal information to categorize and rate consumers." The Federal Trade Commission recently called for data-broke legislation in a report on consumer privacy. In 2005, EPIC brought a complaint against the data broker Choicepoint that produced a $10 million settlement, the largest in the FTC's history for a violation of federal privacy law. For more information, see EPIC: ChoicePoint and EPIC: Federal Trade Commission.

November 9, 2012

DHS Privacy Review Fails to Address DHS Monitoring of Online Dissent

The Department of Homeland Security released a Privacy Compliance Review which found that the DHS social media monitoring program complied the DHS's own privacy requirements. Documents obtained by EPIC through a FOIA lawsuit revealed that DHS is monitoring social networks and media organizations for criticism of the agency. Congress held a Hearing earlier this year to determine why DHS is tracking political statements on Twitter and social networks. EPIC's lawsuit against DHS is ongoing. For more information, see EPIC: EPIC v. Department of Homeland Security: Media Monitoring.

November 13, 2012

William Bryant Inn of Court

Amie Stepanovich,
EPIC Associate Litigation Counsel

U.S. District Courthouse
Washington, D.C.
November 13, 2012

Supreme Court to Review DNA Collection Law

The Supreme Court has agreed to hear Maryland v. King, a challenge to the constitutionality of the State's DNA Collection Act. The Act authorizes law enforcement to collect DNA samples from individuals arrested, but not convicted, for certain crimes. The lower court held that the Act was unconstitutional as applied to the defendant because the warrantless collection of DNA from a mere arrestee was an unlawful search and seizure under the Fourth Amendment. The Maryland court previously upheld the Act as applied to convicted felons in State v. Raines. EPIC filed an amicus brief in Raines and other cases involving compelled DNA collection in California, Louisiana, and the District of Columbia. EPIC has argued that the privacy implications of DNA collection are greater than fingerprint collection. A recent report from the President's Commission on Bioethics recommends limiting law enforcement access to DNA information. For more information, see EPIC: Genetic Privacy and EPIC: DNA Act.

Supreme Court Limits Remedies for Credit Card Privacy Violations

In U.S. v. Bormes, the U.S. Supreme Court held that the government could not be sued for violating the Fair Credit Reporting Act under an 1887 law that waived governmental immunity for certain claims "premised on other sources of law." The case arose after an attorney paid a federal-court filing fee with his credit card and noticed that the receipt included personal information in violation of the Fair Credit Reporting Act. He then sued the government under the Little Tucker Act, which waives sovereign immunity "for claims premised on other sources of law." Justice Scalia, writing for a unanimous Court, held that the attorney could not sue the government under the Little Tucker Act because the Fair Credit Reporting Act has its own detailed damages provision, and "[w]here . . . a statute contains its own self-executing remedial scheme, we look only to that statute to determine whether Congress intended to subject the United States to dam┬Čages liability." The Court sent the case back to the Seventh Circuit Court of Appeals to determine whether the government may be sued under the Fair Credit Reporting Act itself. For more information, see EPIC: Fair Credit Reporting Act.

November 14, 2012

Protecting Consumer Privacy in an Era of Rapid Change: A Discussion of the FTC's Privacy Framework

Lillie Coney,
EPIC Associate Director

AARP National Policy Council Roundtables
Washington, D.C.
November 14, 2012

Google Transparency Report Reveals Risks of Cloud-based Computing

According to a recent report from Google, the company received 20,938 requests for user data in the first half of 2012, up from 18,257 requests in the second half of 2011. The United States accounted for 7,969 requests in the 2012 report. And of these requests, Google provided user data to the US government in 90% of the cases. Over the last several years, Google has pursued an aggressive effort to promote computing services that store personal data on Google's servers even as the number of government requests has grown. And earlier this year, Google reduced safeguards for Gmail users, over the objections of many lawmakers and users, when it consolidated privacy policies across its various Internet services. In 2009, EPIC L3[urged] the Federal Trade Commission to look more closely at the privacy risks of cloud-based services. For more, see EPIC - "Cloud Computing".

EPIC Urges the Interior Department to Preserve Strong Open Government Rules

In comments the Department of the Interior, EPIC has urged the federal agency not to weaken the Freedom of Information Act (FOIA) as it has proposed. The Interior Department is considering regulations that would place new burdens on FOIA requesters by: (1) terminating FOIA requests, (2) denying FOIA requests without providing justifications as required by law, and (3) withholding the identity of agencies to which the Department refers FOIA requests. EPIC said that the Interior Department's proposal would undermine the open government law, is contrary to law, and the views expressed by the President and the Attorney General about the FOIA. EPIC routinely comments on agency proposals that impact the rights of FOIA requesters. In 2011, EPIC submitted extensive comments to the Department of Justice, warning the agency not to erect new obstacles for FOIA requesters. For more information, see EPIC: Open Government.

President Issues Secret Cybersecurity Directive, EPIC Seeks Public Release

Following a Washington Post report of a new cyber security directive, EPIC has filed a Freedom of Information Act request for the release of Presidential Policy Directive 20. The Directive is believed to expand cyber security authority for the National Security Agency. EPIC is pursuing several FOIA cases, including the release of NSPD-54, an earlier Directive that gave NSA authority to conduct surveillance within the United States. EPIC has also sought public release of the technical arrangement between the NSA and Google that was adopted in January 2010. Federal law prevents the National Security Agency, a component of the Department of Defense, from conducting operations within the United States. For more information, see EPIC: Cybersecurity Privacy Practical Implications, EPIC: EPIC v. NSA - Cybersecurity Authority, and EPIC v. NSA: Google / NSA Relationship.

Congress to Scrutinize TSA's "Scanner Shuffle"

The House Subcommittee on Transportation Security is holding an oversight hearing this week, "TSA's Recent Scanner Shuffle: Real Strategy or Wasteful Smokescreen?" The hearing announcement follows a decision by the TSA to remove the backscatter x-ray devices from major US airports. In a statement for the record, EPIC highlighted public concerns about the use of body scanners, including health and privacy risks, and the failure of the TSA to take public comments on the program. In July 2011, the federal appeals court in Washington, DC ruled that that the Department of Homeland Security must "act promptly" to receive public comments. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program), EPIC: Whole Body Imaging Technology and Body Scanners ("Backscatter" X-Ray and Millimeter Wave Screening) and EPIC: EPIC: Body Scanner FAQ.

November 15, 2012

Senate Reauthorizes SAFE WEB Act

The Senate has approved a House bill to reauthorize the SAFE WEB Act. The SAFE WEB Act gives the Federal Trade Commission additional tools to combat cross-border fraud, spam, and spyware. EPIC previously testified before both the House Committee on Energy and Commerce and the Senate Committee on Commerce, Science and Transportation on the SAFE WEB Act. EPIC said that it supported legislation that safeguards privacy and ensures government oversight while enabling the FTC to work more closely with consumer protection agencies in other countries. For more information, see EPIC: Federal Trade Commission.

November 16, 2012

EPIC Argues for Privacy of Driver's Records in Supreme Court Case

In a "friend of the court" brief, EPIC has urged the U.S. Supreme Court to limit the disclosure of personal information covered by the Driver's Privacy Protection Act. At issue in Maracich v. Spears is a lower court's decision to allow disclosure of information stored in state departments of motor vehicles. EPIC's amicus brief details the staggering amount of personal information in driver's records, particularly as a consequence of the REAL ID regulations. In Reno v. Condon, the Supreme Court upheld the Constitutionality of the federal law. EPIC filed an amicus brief in that case and said "The Drivers Privacy Protection Act safeguards the personal information of licensed drivers from improper use or disclosure. It is a valid exercise of federal authority in that it seeks to protect a fundamental privacy interest." For more information, see EPIC: Maracich v. Spears and EPIC: The Driver's Privacy Protection Act.

November 20, 2012

EPIC Submits Comments to FTC on Consumer Tracking Settlement

EPIC submitted comments to the Federal Trade Commission on a recent settlement with Compete, Inc. The settlement arises from allegations that Compete failed to adopt reasonable data security practices and deceived consumers about the amount of personal information that its toolbar and survey panel would collect. The FTC also charged Compete with deceptive practices for falsely claiming that the data it kept was anonymous. The proposed settlement requires Compete to obtain consumers’ express consent before collecting any data through its software, to delete personal information already collected, and to provide directions for uninstalling its software. EPIC expressed support for the settlement, but recommended that the FTC also require the Compete to implement Fair Information Practices similar to the Consumer Privacy Bill of Rights, make the compliance reports publicly available, and develop a best practices guide to de-identification techniques, as anonymization has become more critical for online privacy. For more information, see EPIC: Federal Trade Commission and EPIC: Re-Identification.

FTC Releases 2012 Performance Report

The Federal Trade Commission has released its performance and accountability report for 2012. The report summarizes the agency’s activities, shows how the agency has managed its resources, and explains how it plans to address future changes. Regarding consumer privacy, the agency cites the release of a new privacy report, the adoption of a consent order with Facebook, and a $22.5 million fine against Google as its primary accomplishments . The Commission reported that it acted on 90.6% of all consumer complaints that it received, though it did not indicate how many of these actions concerned consumer privacy. The agency’s goals for the coming year include “promot[ing] stronger privacy protections through policy initiatives on a range of topics such as data brokers, mobile devices, and comprehensive online data collection.” Earlier this year, EPIC brought suit against the Federal Trade Commission for its failure to enforce a 2011 consent order. EPIC has also routinely urged the FTC to take account of public comments when the agencies sets out proposed settlements and asks for public comments. For more information, see EPIC: Federal Trade Commission and EPIC: EPIC v. FTC (Enforcement of Google Consent Order).

NSA Withholds Cybersecurity Directive, EPIC to Appeal

The National Security Agency has responded to a Freedom of Information Act Request from EPIC, seeking the public release of Presidential Policy Directive 20. The Directive, first reported by the Washington Post, is believed to expand the NSA's cybersecurity authority. In response to EPIC, the NSA argued that the Agency does not have to release the document because it is a confidential presidential communication and it is classified by the NSA. EPIC is litigating similar claims against the NSA, including the release of NSPD 54, a 2008 presidential directive setting out the NSA’s cybersecurity authority. In an official statement to Congress earlier this year, EPIC explained that the NSA was a “black hole for public information about cybersecurity.” EPIC plans to appeal the NSA's determination. For more information, see EPIC: Cybersecurity Privacy Practical Implications, EPIC: EPIC v. NSA - Cybersecurity Authority.

November 21, 2012

Pew Survey Finds Most Parents Concerned About Children's Online Privacy

A new report from the Pew Research Center and the Berkman Center for Internet & Society finds that 81% of parents are concerned about how much information advertisers can learn about their child's online behavior. Also, 69% of parents of online teens are concerned about how their child’s online activity might affect their future academic or employment opportunities. And 63% of parents of teens ages 12-13 say they are "very" concerned about their child's interactions with people they do not know online. Many parents reported taking steps to address these risks, such as talking to their children or helping them configure privacy settings. The Federal Trade Commission is considering new privacy rules to strengthen the Children’s Online Privacy Protection Act. EPIC strongly supports the proposed changes. For more information, see EPIC: Children's Online Privacy and EPIC: Federal Trade Commission.

November 26, 2012

Privacy Groups Ask Facebook to Withdraw Proposed Changes

EPIC, along with the Center for Digital Democracy, has asked Facebook to withdraw proposed changes that will impact the privacy of users and their ability to participate in site governance. Facebook recently proposed to end the voting part of the site governance process, restrict users' ability to prevent unwanted messages, and combine personal information from Facebook with Instagram. In the letter, the groups say "[b]ecause these proposed changes raise privacy risks for users, may be contrary to law, and violate your previous commitments to users about site governance, we urge you to withdraw the proposed changes." Facebook users may also comment directly on the proposed changes. Facebook is subject to the terms of a recent settlement with the Federal Trade Commission that prohibits the company from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. For more information, see EPIC: Facebook.

November 27, 2012

UPDATED: EPIC Appeals NSA's Withholding of Cybersecurity Directive

EPIC has appealed a decision by the National Security Agency to deny EPIC's Freedom of Information Act Request for the public release of Presidential Policy Directive 20. The Policy Directive expands the NSA's cybersecurity authority and has raised concerns about government surveillance of the Internet. EPIC's FOIA appeal points to numerous substantive and procedural defects in the NSA's response, and highlights the importance of public discussion of cyber security authority. The NSA has ten days to respond to EPIC's appeal. For more information, see EPIC: Cybersecurity Privacy Practical Implications, EPIC: EPIC v. NSA - Cybersecurity Authority.

NASA Suffers More Data Breaches

NASA has announced that the theft of an unencrypted laptop has compromised the personal information of a "large number" of NASA employees and contractors. A similar theft earlier this year exposed the data of thousands of Kennedy Space Center employees. The federal agency said that by the end of the year all NASA laptops must have full-disk encryption. The recent developments follow a 2010 United States Supreme Court case, NASA v. Nelson, in which a federal contractor challenged NASA's overly broad collection of personal information. EPIC filed an amicus curiae brief in support of the contractor Robert Nelson, arguing that there were insufficient legal protections and that NASA's systems are vulnerable to data breaches. Robert Nelson is among the employees and contractors who this week received a notice from NASA about the data breach. For more information, see EPIC: NASA v. Nelson and EPIC: Privacy Act.

November 29, 2012

Senate Committee Updates ECPA, Modifies Video Privacy Law

The Senate Judiciary Committee approved a bill that updates the Electronic Privacy Communications Act and modifies the Video Privacy Protection Act. The bill generally requires law enforcement to obtain a warrant before accessing email or other electronic communications and allows for blanket consent of video viewing information. An amendment by Senator Feinstein, adopted by the Committee, limited the opt-in to two years or till whenever the user withdraws consent. EPIC previously testified against a proposal that would weaken the consent provision of the Video Privacy Protection Act. EPIC has also favored more extensive updates for ECPA, including coverage of locational information. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Video Privacy Protection Act.

EPIC Urges Congress to Suspend Funding for Body Scanner Program

In a letter to Representatives Mike Rogers and Shelia Jackson-Lee, EPIC has asked Congress to suspend funding for the airport body scanner program until the TSA has completed a court-ordered public rulemaking. The letter follows a House oversight hearing where members of Congress learned that the TSA had shipped millions of dollars worth of backscatter X-ray devices to warehouses. Earlier the TSA stated that it was moving the devices to smaller airports for efficiency reasons. Backscatter X-ray devices are currently prohibited in Europe. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program), EPIC: Whole Body Imaging Technology and Body Scanners ("Backscatter" X-Ray and Millimeter Wave Screening) and EPIC: EPIC: Body Scanner FAQ.

About November 2012

This page contains all entries posted to epic.org in November 2012. They are listed from oldest to newest.

October 2012 is the previous archive.

December 2012 is the next archive.

Many more can be found on the main index page or by looking through the archives.