« November 2012 | Main | January 2013 »

December 2012 Archives

December 6, 2012

Annual Computer Security Applications Conference (ACSAC) 2012

Annual Computer Security Applications Conference (ACSAC) 2012

Lillie Coney,
EPIC Associate Director

Applied Computer Security Associates
Orlando, FL
December 6, 2012

December 4, 2012

EPIC: Hearing on FTC Nominee Should Address FTC's Settlement Process for Privacy Violations

In a letter to the Senate Commerce Committee, EPIC has recommended that Congress require the Federal Trade Commission to consider more carefully the public's views on proposed privacy settlements. EPIC also recommended that the FTC require compliance with the Consumer Privacy Bill of Rights for companies that violate consumer privacy. The Committee is holding a hearing on the nomination of Joshua Wright to the FTC. The letter states that EPIC takes no position on the nomination of Dr. Wright, but encourages Congress to take the opportunity to explore the Commission's response to growing public concerns about privacy. EPIC routinely submits comments to the FTC on proposed consent orders, most recently on the Compete, Inc. settlement. EPIC has also recommended that the FTC promote the Consumer Privacy Bill of Rights in privacy settlements. For more information, see EPIC: Federal Trade Commission.

EPIC Urges Vote for EXISTING Facebook Documents

Facebook has proposed changes to its policies that would (1) end user voting, (2) remove spam blocking, and (3) share FB user data with affiliates without user consent. EPIC and others are urging Faceboook users to participate in the Facebook Governance Vote and to vote for EXISTING documents. Anyone with a Facebook account can VOTE HERE. #existingdocuments

December 6, 2012

Massachusetts High Court Allows Limited Warrantless Search of Cellphone Call Logs

The Supreme Judicial Court of Massachusetts has ruled that no search warrant is required to check the recent call list of a flip phone seized during a lawful arrest. However, the Court in Commonwealth v. Phifer emphasized that the ruling is narrow and fact-specific. Different facts, a more invasive search, or a more complex phone could result in a different outcome, said the Massachusetts high court. In the case, police witnessed a drug deal, arrested the dealer, and then checked the phone's call log for evidence of recent drug sales. The Massachusetts Court analogized searching the phone in these circumstances to searching a container that could contain contraband. The Supreme Judicial Court issued a similar ruling in a contemporaneous companion case, Commonwealth v. Berry. In a previous Massachusetts case in which EPIC filed a "friend of the court" brief, the Supreme Judicial Court ruled that sensitive data obtained from GPS tracking requires a search warrant. For more information, see EPIC: Locational Privacy and EPIC: Commonwealth v. Connolly.

EPIC to Department of Defense: Maintain Strong Open Government Rules

EPIC has submitted extensive comments to the Defense Logistics Agency, an agency component within the Department of Defense, opposing changes to the Freedom of Information Act (FOIA). The agency's proposals will substantially alter the Defense Logistics Agency FOIA Program, and modify key terms governing FOIA processing, general FOIA policy, exemptions under the FOIA, and fee waivers. EPIC said that several of the proposals are contrary to law, exceed the scope of the agency's authority, and should be withdrawn. EPIC further stated that the proposals contravene statements of the President and Attorney General concerning government transparency EPIC routinely submits comments on proposed changes to FOIA regulations, warning agencies not to erect new obstacles to those seeking information about government. The statement to the DLA was prepared with the assistance of students at the Georgetown University Law Center studying the law of open government. For more information, see EPIC: Open Government.

Senate Committee to Consider Location Privacy Bill

The Senate Judiciary Committee is set to consider S. 1223, the Location privacy Act of 2011, sponsored by Senator Al Franken. The bill would establish important privacy protections for cellphone users and require affirmative consent for the collection or disclosure of location data by service providers. EPIC previously recommended new protections for location data as part of the update of federal law. EPIC also filed comments with the Federal Communications Commission supporting guidelines for the protection of location data under the federal Communications Act. For more information, see EPIC: Locational Privacy and EPIC: Electronic Communications Privacy Act.

"Mass. Supreme Judicial Court Cellphone Ruling"

"Mass. Supreme Judicial Court Cellphone Ruling"

Marc Rotenberg,
EPIC Executive Director

December 6, 2012
(EPIC Post)

December 7, 2012

Aviation Industry to FAA: "Ignore Privacy"

Aviation groups have asked the Federal Aviation Administration to ignore the privacy implications of increased drone use in the United States. The letter follows the FAA statement that domestic drones “raises privacy issues [that] will need to be addressed.” Earlier this year, EPIC warned Congress, "there are substantial legal and constitutional issues involved in the deployment of aerial drones by federal agencies." EPIC, joined by over 100 organizations, experts, and members of the public, has petitioned the FAA to to establish privacy safeguards. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

December 10, 2012

FTC Report Finds Privacy Problems for Children’s Mobile Apps

A report by the Federal Trade Commission found little progress on transparency for child-directed mobile applications. The FTC surveyed apps from Google Play and Apple App stores and concluded that "many apps included interactive features or shared kids' information with third parties without disclosing these practices to parents." The report commits the FTC to another review of the app marketplace and indicates that the agency has launched "multiple non-public" investigations to determine whether certain apps had engaged in unfair and deceptive trade practices or violated the Children’s Online Privacy Protection Act. The FTC recently proposed revisions to the COPPA Rule, which EPIC supported. For more information, see EPIC: Children’s Online Privacy and EPIC: Federal Trade Commission.

88% of Facebook Users Oppose Changes to Privacy Policy and Voting Rights, EPIC Urges FB to Withdraw Proposal

Preliminary results from the recent Facebook Site Governance Vote, indicate that 589,141 Facebook users voted to keep the existing Statement of Rights and Responsibilities and Privacy Policy. Only 79,731 voted for the proposed changes. In the largest vote in Facebook history, approximately 88% of users who voted favored the existing documents. EPIC and the Center for Digital Democracy earlier wrote FB CEO Mark Zuckerberg, recommending that the proposal be withdrawn. In 2009, Facebook withdrew proposed changes to the Terms of Service after 150,000 users formed a group "FB Users Against the New TOS." In 2007, FB backed off "Beacon," a controversial marketing technique, when 50,000 users signed a petition. Facebook is currently under a consent order with the US Federal Trade Commission. For more information, see EPIC: Facebook.

December 13, 2012

Federal Appeals Court Addresses Email Privacy, Notes EPIC's Amicus Brief

The Court of Appeals for the Fourth Circuit has affirmed the lower court judgement in United States v. Hamilton. At issue in the case was the privacy of workplace e-mails exchanged between a husband and wife. The government argued that Hamilton waived his right to email privacy because he failed to safeguard his email after a change in the computer use workplace policy. EPIC argued as amicus curiae brief, that it would be extremely difficult for employees to securely delete all confidential saved e-mails whenever a use policy changed, an issue the court explored during oral argument. The court wrote that "In an era in which email plays a ubiquitous role in daily communications, these arguments caution against lightly finding waiver of marital privilege by email usage," but determined that Hamilton did not take any steps to protect the email and therefore had waived the spousal privilege. For more information, see EPIC: United States v. Hamilton and EPIC: Workplace Privacy.

Facebook Updates Privacy Controls, Removes Profiles Safeguard

Facebook announced changes to its privacy controls and the privacy settings of its users. The changes include settings that allow users to choose which information apps can access and disclose, and a privacy shortcuts menu. But Facebook also removed an option that allowed users to hide themselves from strangers through Facebook’s search function. The changes follow an election conducted by Facebook in which 88 percent of voters opposed changing the privacy policy and voting rights of users. EPIC previously wrote to the Federal Trade Commission regarding the blanket disclosure features of certain apps and the proposal to end the voting part of the site governance process Facebook. Facebook is currently subject to a settlement with the FTC over privacy violations. For more information, see EPIC: Facebook and EPIC: In re Facebook.

December 14, 2012

Appeals Court Upholds Non-Harmful Phone Spoofing

A federal appeals court has ruled that a state law prohibiting all caller ID spoofing is preempted by the federal Truth in Caller ID Act of 2009. Under the federal law, it is only unlawful to transmit misleading caller information with the intent to defraud or cause harm. EPIC urged the Senate in 2007 and House of Representatives in 2006 and 2007 to establish this intent requirement to protect the use of Privacy Enhancing Technologies, which limit the disclosure of actual identity. The appeals court's ruling upholds this important privacy protection. For more information, see EPIC: Illegal Sale of Phone Records and EPIC: Comments to FCC on TCIA Rules.

Senate Judiciary Committee Approves Location Privacy Bill

The Location Privacy Act of 2011, sponsored by Senator Al Franken has been reported favorably by the Senate Judiciary Committee. The bill requires affirmative consent for the collection and disclosure of location information, an important protection for cell phone users and users of location-based services. EPIC previously recommended similar protections for location data and filed comments with the Federal Communications Commission advocating location privacy safeguards under the Communications Act. For more information, see EPIC: Locational Privacy and EPIC: Electronic Communications Privacy Act.

Federal Agency Proposes "Black Box" Mandate for Cars

The National Highway Traffic Safety Administration has proposed that, beginning September 1, 2014, all new cars will be required to have Event Data Recorders. The devices record detailed information about drivers, which can be made available to insurance companies, the police, and others. Currently, there are minimal privacy protections in the draft regulation. The public will have until February 11, 2013 to provide comments to the agency. EPIC recommends that commentators urge the agency to "Strengthen privacy safeguards." For more information see EPIC - Event Data Recorders and Privacy and EPIC - Driver Privacy Protection Act.

December 18, 2012

Instagram Privacy Change Raises Legal Questions

Instagram recently announced several changes to the terms of service that will allow the company to use pictures in advertisements without notifying or compensating users, and to disclose user data to Facebook and to advertisers. Instagram also proposed that the parents of minors implicitly consent to the use of their childrens' images for advertising purposes. The changes The changes will take effect January 16, 2013, and will not apply to pictures uploaded before that date. Instagram’s parent company, Facebook, is under a 2011 consent order with the Federal Trade Commission that that prohibits the company from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users’ personal information. Using an individual’s name or likeness for commercial purposes without consent is also prohibited in most states. EPIC had recently urged Facebook users to vote for "Existing Documents," warning that under the changed terms of service, Facebook would loosen privacy controls and that would impact Instagram. For more information, see EPIC: Facebook and EPIC: FTC.

Representative Markey Introduces Privacy Legislation for Aerial Drones

Representative Ed Markey (D-MA) has introduced the Drone Aircraft Privacy and Transparency Act. The bill calls for the Federal Aviation Administration to complete a report on the privacy implications of domestic drone use. In addition, the bill will require drone operators to submit a data collection and data minimization statement concerning the collection of personally identifiable information. EPIC has twice (1, 2) asked Congress to protect individual privacy against increased use of domestic drones. EPIC, joined by over 100 organizations, experts, and members of the public, petitioned the FAA to establish privacy safeguards. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

December 19, 2012

National Academy of Sciences to Undertake Independent Assessment of Airport Body Scanners

After years of pressure from political leaders, civil liberties and health advocates, including EPIC, there will be an independent review of the health risks posed by backscatter x-ray devices. A National Academy of Sciences committee will assess “whether exposures comply with applicable health and safety standards” for passengers and airport employees. The study is limited to radiation and safety testing, and will not examine the privacy implications or effectiveness of the x-ray machines. In 2012, both the House and the Senate introduced legislation calling for an independent assessment of the controversial devices. Europe has also effectively banned the use of backscatter X-ray devices. EPIC has a FOIA lawsuit against DHS concerning body scanner radiation risks. In response to another EPIC lawsuit, the agency will begin a public comment process on the airport screening program in March 2013. For more information see: EPIC: Whole Body Imaging Technology and Body Scanners.

FTC Pursues Investigation of Data Brokers

The Federal Trade Commission has issued orders requiring nine data brokerage companies to provide the agency with information about how they collect and use data about consumers. The agency said it will use the information to study privacy practices in the data broker industry. In 2009, EPIC testified in support of new legislation to regulate the data broker industry. In 2005, EPIC brought a complaint to the FTC against the data broker Choicepoint that produced a $10 million settlement, then the largest in the FTC's history for a violation of federal privacy law. For more information, see EPIC: ChoicePoint and EPIC: Federal Trade Commission.

FTC Releases Updated Children’s Online Privacy Rule

The Federal Trade Commission has updated the Children's Online Privacy Protection Act. The new Rule expands the definition of personal information to include geolocation information and persistent identifiers (or "cookies)", and prevents third-party advertisers from secretly collecting children’s personal information without parental consent for behavioral advertising purposes. EPIC supported the changes and responded to criticisms from industry groups. In 2010, EPIC testified before the United States Senate that the 1998 law was critical to protect the privacy of children but that updates were also essential in light of new business practices, the emergence of social networks, smartphone apps. A subsequent FTC report found that many child-directed mobile apps lack adequate privacy safeguards. For more information, see EPIC: FTC and EPIC: Children's Online Privacy.

December 20, 2012

EPIC Comments on Federal Cybersecurity Plan

In response to a request for comments, EPIC submitted comments on the Federal Cybersecurity Research and Development Strategic Plan. The cybersecurity strategic plan calls for a coordinated research strategy across federal agencies including the Department of Homeland Security and the National Security Agency. EPIC supported the call for privacy safeguards and anonymous web access, and recommended the further integration of genuine privacy-enhancing techniques. EPIC also emphasized the need for all federal agencies to comply with the Privacy Act and the Freedom of Information Act as the plan progresses. EPIC previously submitted comments to the Department of Defense regarding Cyber Security and Information Assurance Activities. For more information, see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA - Cybersecurity Authority.

December 21, 2012

Instagram Retreats on Changes to Terms of Service, Cites User Opposition

Instagram announced that it would withdraw proposed changes to its terms of service announced earlier this week. Instagram backed off a plan to use the names, images, and photos of users for advertising purposes, pleading instead to "complete our plans, and then come back to our users and explain how we would like for our advertising business to work." Instagram's parent company, Facebook, is bound by the terms of a settlement with the Federal Trade Commission, initiated in 2009 by EPIC and other consumer privacy organizations, that prohibits the company from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. A recent letter to Facebook CEO Mark Zuckerberg from EPIC and the Center for Digital Democracy warned that Facebook's proposed changes would adversely affect Instagram users. For more information, see EPIC: Facebook, EPIC: In re Facebook, and EPIC: FTC.

EPIC Sues CIA for Details of NYPD Spying

EPIC has filed a Freedom of Information Act lawsuit against the Central Intelligence Agency for details of the agency’s involvement in a New York Police Department surveillance program that targeted Muslims and persons of Arab descent. In August 2011, the New York Police Commissioner acknowledged that the CIA participated in the domestic surveillance. Following an investigation by the CIA Inspector General, the CIA announced that there is "no evidence that any part of the agency's support to the NYPD constituted 'domestic spying.'" In early 2012 EPIC sought the public release of the report prepared by the CIA Inspector General. As the agency failed to comply with statutory deadlines established by the Freedom of Information of Act, EPIC has now filed suit for release of the document. For more information see: EPIC: EPIC v. CIA - Domestic Surveillance and EPIC: Open Government.

December 26, 2012

Senate to Debate Privacy Amendments for Surveillance Law

The Senate is scheduled to debate several proposals that would establish new safeguards for the FISA Amendments Act, a controversial law that allows surveillance of the phone and email communications of US citizens without a warrant. Earlier this year, EPIC testified before the House Judiciary Committee, and recommended increased transparency and new public reporting of the Government's surveillance activities. Currently, the FISA letter to Congress provides little information about Government conduct. "Congress should not reauthorize the FISA Amendments Act until adequate oversight procedures are in place," EPIC Executive Director Marc Rotenberg said at the May hearing. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: Clapper v. Amnesty International.

About December 2012

This page contains all entries posted to epic.org in December 2012. They are listed from oldest to newest.

November 2012 is the previous archive.

January 2013 is the next archive.

Many more can be found on the main index page or by looking through the archives.