« January 2013 | Main | March 2013 »

February 2013 Archives

February 22, 2013

The New Frontier: Policy & Politics in the Age of the Internet

"The New Frontier: Policy & Politics in the Age of the Internet"

Marc Rotenberg,
EPIC Executive Director

Georgetown Public Policy Institute
US Congress
Washington, DC
February 22, 2013

February 23, 2013

IDP13 in OKC

Amie Stepanovich,
EPIC Associate Litigation Counsel

Oklahoma City, Oklahoma
February 23, 2013

February 1, 2013

FTC Reaches Settlement with Mobile App Path over Privacy Violations

The Federal Trade Commission announced a settlement with the social networking app Path over charges that the app secretly collected information from mobile users' address books without their consent. The FTC also fined the company $800,000 for violating the Children's Online Privacy Protection Act, which prohibits the collection of personal information from a children without obtaining parental consent. The consent order requires Path to implement a comprehensive privacy program and to submit to independent privacy assessments for the next 20 years. The FTC has released a series of reports documenting privacy problems with mobile apps that collect the personal information of children. Recently, EPIC submitted comments supporting the FTC’s proposed improvements to the children’s online privacy rule, which the agency ended up adopting. For more information, see EPIC: FTC and EPIC: Children's Online Privacy.

February 4, 2013

EPIC Urges Supreme Court to Protect Genetic Privacy

EPIC has filed a "friend of the court" brief in Maryland v. King, arguing that law enforcement's warrantless collection of DNA is unconstitutional. EPIC's brief describes the "dramatic and unpredictable" expansion of the government's DNA collection over the past decade. In the brief for the U.S. Supreme Court, EPIC said that the Fourth Amendment limits "the otherwise unbounded collection and use of the individual's DNA sample by government." The EPIC brief was joined by 26 technical experts and legal scholars.EPIC has previously filed amicus briefs in several DNA cases before federal and state courts. For more information, see EPIC: Maryland v. King and EPIC: Genetic Privacy.

February 5, 2013

US NGOs Urge US Government To Support EU Privacy Proposals

EPIC has joined a coalition of leading US consumer and civil liberties organizations who have expressed concern about the role of US officials in the development of European privacy law. In a letter to the US Secretaries of State, Justice, and Commerce, the groups wrote to seek a meeting to ensure that US lobbying efforts in Europe "are not averse to the views expressed by the president." The letter states that "without exception," members of the European Parliament reported that US governmental agencies and businesses were "mounting an unprecedented lobbying campaign to limit the protections that European law would provide." The letter, endorsed by 18 US NGOss, emphasizes the President's commitment to protecting privacy, set out in the Consumer Privacy Bill of Rights. Last fall, EPIC Executive Director Marc Rotenberg testified in support of a proposed EU privacy reform before the European Parliament, and a groups of transatlantic consumer organizations wrote a letter expressing their support for the EU effort to update and modernize privacy law. For more information, see EPIC: EU Data Protection Directive.

February 6, 2013

EPIC Urges Public Support for Driver Privacy Safeguards

The National Highway Traffic Safety Administration has proposed regulations for event data recorders (EDR) that will become mandatory in all cars and small trucks by 2014. Building on state privacy laws, EPIC has urged the federal agency to adopt comprehensive privacy safeguards for vehicle owners and operators, including driver ownership of data, limitations on disclosure, and better security for the data collected. EPIC has also launched a national campaign to encourage public comments to the federal agency. To support EPIC’s comments Tweet: "@EPICprivacy [Your Name] supports EPIC’s EDR Comments #EDRprivacy" or email EDRprivacy@epic.org with Your Name and the subject line "I support EPIC’s EDR Comments." The public can also submit comments directly to the agency. For more information, see EPIC: Event Data Recorders and Privacy.

February 7, 2013

Congress Challenges Justice Department Commitment to Open Government

In a letter to the director of the Office of Information Policy, a Congressional oversight committee has asked a series of question, challenging the government's compliance with the FOIA. The Office of Information Policy is tasked with "encouraging agency compliance with the Freedom of Information Act (FOIA) and for ensuring that the President's FOIA Memorandum and the Attorney General's FOIA Guidelines are fully implemented across the government." The letter from Chairman Issa (R-CA) and Ranking Member Cummings (D-MD) called on the Justice Department to address concerns about "outdated FOIA regulations, exorbitant and possibly illegal fee assessments, FOIA backlogs, the excessive use and abuse of exemptions, and dispute resolution services." EPIC makes frequent use of the FOIA to obtain information from the government about surveillance and privacy policy. EPIC has also raised concerns in comments to federal agencies and to the Office of Government Information Services about systemic problems with FOIA compliance. For more information, see EPIC: Open Government and EPIC: FOIA Litigation Docket.

States Move to Limit Drone Surveillance

Oregon became the most recent state to consider limits on the deployment of drones in the United States. A new bill sets out licensing requirements for drone use in Oregon and would fine those who use unlicensed drone to conduct surveillance. New limitations are also proposed for federal evidence collected by drone use in a state court. Florida, North Dakota, and Missouri are among the other states that are also considering laws that limit drone use within their jurisdiction. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.

February 8, 2013

Tracking Privacy and Ownership in an Online World

"Tracking Privacy and Ownership in an Online World"

Khaliah Barnes,
EPIC Administrative Law Counsel

Science Friday
National Public Radio
February 8, 2013
(Listen Now)

February 12, 2013

EPIC Obtains New Documents About FBI Cellphone Tracking Technology

In the fifth interim release of documents in EPIC v. FBI, a Freedom of Information Act lawsuit, the agency has turned over nearly 300 pages about the surveillance technique directed toward users of mobile phones. The documents obtained by EPIC reveal that agents have been using "cell site simulator" technologies, also known as "StingRay," "Triggerfish," or "Digital Analyzers" to monitor cell phones since 1995. Internal FBI e-mails, also obtained by EPIC, reveal that agents went through extensive training on these devices in 2007. In addition, a presentation from the agency's Wireless Intercept and Tracking Team argues that cell site simulators qualify for a low legal standard as a "pen register device," an interpretation that was recently rejected by a federal court in Texas. For more information, see EPIC v. FBI (StingRay).

EPIC, Coalition Seek Privacy Safeguards for Car Data

EPIC, joined by a coalition of privacy, consumer rights, and civil rights organizations, and members of the public, urged the National Highway Traffic Safety Administration to protect driver privacy and establish privacy safeguards for "event data recorders." The agency has proposed mandatory installation of "black boxes" in all cars and small trucks by 2014. Thirteen states have passed laws that limit the use of EDRs. EPIC recommended that the agency: (1) restrict the amount of data that EDRs collect; (2) conduct a comprehensive privacy impact assessment; (3) uphold Privacy Act protections; (4) require security standards for EDR data; and (5) establish best practices to fully protect the privacy rights of vehicle owners and operators. EPIC argued that it is contrary to reasoned decisionmaking for the agency to mandate massive data collection and not fully amend its current regulations to protect individual privacy. For more information, see EPIC: Event Data Recorders and Privacy and EPIC: The Drivers Privacy Protection Act (DPPA) and the Privacy of Your State Motor Vehicle Record.

February 13, 2013

Obama Talks Cybersecurity at 2013 State of the Union

At the 2013 State of the Union, President Obama announced an Executive Order that grants new authority to federal agencies to share information with private companies. President Obama further urged Congress to act to "pass legislation to give our government a greater capacity to secure our networks and deter attacks." A new Presidential Directive was also published today, directing the Secretary of the Department of Homeland Security to take specific, discrete actions regarding cybersecurity practices. EPIC is currently pursuing a Freedom of Information Act request with the National Security Agency for Presidential Policy Directive 20, a prior directive that grants additional, secret cybersecurity authority to the National Security Agency. For more information, see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority).

White House Issues New Executive Order, Presidential Directive on Cybersecurity

In conjunction with the 2013 State of the Union, President Obama has signed a public Executive Order on cybersecurity and "critical infrastructure." The Order grants new powers to federal agencies to share cybersecurity information with private companies. Affected federal agencies will "conduct regular assessments of privacy and civil liberties impacts." The President also issued Presidential Policy Directive 21, which directs the Secretary of the Department of Homeland Security to take specific, discrete actions regarding cybersecurity practices. EPIC is currently pursuing a Freedom of Information Act request with the National Security Agency for Presidential Policy Directive 20, a secret directive that grants cybersecurity authority to the National Security Agency. For more information, see EPIC: Cybersecurity Privacy Practical Implications and EPIC: EPIC v. NSA (Cybersecurity Authority).

February 14, 2013

EPIC Petitions FAA on Drone Privacy, Agency Responds

In response to an extensive petition submitted by EPIC, the Federal Aviation Administration (FAA) has announced it will begin a public rulemaking on the privacy impact of aerial drones. The EPIC petition, joined by over 100 organizations, experts, and members of the public, urged the FAA to develop privacy standards for drone operators. In a letter to EPIC President Marc Rotenberg, the FAA Chief Counsel stated, "the FAA recognizes that increasing the use of [drones] raises privacy concerns. The agency intends to address these issues through engagement and collaboration with the public." The FAA's announcement comes exactly one year after President Obama signed the FAA Modernization and Reform Act of 2012, which directed the FAA to loosen restrictions on government and commercial drone flights in the United States. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.

February 15, 2013

New Legislation Aimed At Protecting Privacy From Domestic Drones

Congressman Poe (R-TX) and Congresswoman Zoe Lofgren (D-CA) have introduced the "Preserving American Privacy Act of 2013," targeted at providing individual privacy protections in regard to drone surveillance. The bill would require all drone operators to submit a public data collection statement that includes a description of the drone's purpose and intended operations. The bill also would require a warrant in order for drone surveillance information to be received as evidence and includes a ban on equipping drones with firearms. EPIC has twice (1, 2) asked Congress to protect individual privacy against increased use of domestic drones. EPIC, joined by over 100 organizations, experts, and members of the public, petitioned the FAA to establish privacy safeguards. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones.

EPIC Obtains Documents Detailing Data Collection on US Citizens for Counterterrorism Center

As a result of a Freedom of Information Act lawsuit, EPIC has obtained previously secret training slides from the Office of the Director of National Intelligence detailing the agency's guidelines for collection, dissemination, and retention of information about United States citizens. EPIC had sued the agency after it failed to respond to several FOIAt requests about the agency’s plan to increase data collection on Americans. The documents just obtained by EPIC as a result of the lawsuit outline policies for collecting data and shed light on the legal standard to retain data indefinitely. The guidelines allow for unlimited retention of information about U.S. persons if there is a "reasonable and articulable suspicion" that the information is terrorism information. The agency concedes that "there is no requirement that the analyst's wisdom be rock solid or infallible" and allows retention "even if the facts individually appear innocent in nature." EPIC is still seeking documents about the agency's information sharing agreements, privacy protections, and mechanisms to correct errors in databases. For more information, see EPIC v. ODNI.

EPIC Obtains DHS Body Scanner Training Manuals, New Questions About Absence of Privacy Safeguards

In response to an EPIC FOIA request, the Department of Homeland Security has released documents about the use of body scanners by the US Secret Service. EPIC sought information about the types of images that body scanners capture, the length of time the images can be stored, and safeguards for maintaining the integrity and security of the captured images. EPIC also asked about radiation body scanner radiation risks. EPIC received the contract of sale between the Government and Rapiscan, the body scanner manufacturer; and the Secret Service’s training manuals for instructing new recruits on the operation of body scanners. The training materials make no mention of data privacy. For more information, see EPIC: EPIC v. DHS and EPIC: Body Scanners.

February 19, 2013

EPIC Challenges Secret Statute in Open Government Case

EPIC has opposed the Department of Justice's reliance on secret legal authority in a Freedom of Information Act lawsuit. In EPIC v. DOJ et. al, EPIC is seeking information about government surveillance of individuals who have exercised their First Amendment rights and expressed interest in WikiLeaks, an Internet-based media organization. The Department of Justice has withheld from disclosure certain information responsive to the EPIC request but will not reveal the legal basis for its decision. In opposing the government filing, EPIC said that secret law "poses unique concerns to democratic governance and undermines the purpose of the FOIA." For more information, see EPIC: EPIC v. DOJ (Wikileaks) and EPIC: Open Government.

Europe Prepares Action Against Google

The French Data Protection Commissioner, acting on behalf of the European Union, announced it will take action against Google after the company failed to reply to questions about its handling of user information. In October 2012, officials representing 24 countries in Europe sent a letter requiring Google to comply with European data protection laws, and give users greater control over their personal information. The action followed an investigation triggered by the collapse of the Google privacy policy in March 2012, which allowed the company to combine user data across 60 Internet services. Last year, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google. Google’s policy consolidation also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order.

"Sniff up to snuff," says Supreme Court in Drug-detecting Dog Case

The Supreme Court ruled today in Florida v. Harris that the police may use drug detection dogs to conduct searches without a warrant even when the dog finds drugs they are not trained to detect. The Florida Supreme Court had ruled that the search was unlawful because the State failed to provide field performance records to establish the dog's reliability. The U.S. Supreme Court unanimously reversed in an opinion written by Justice Elena Kagan, rejecting the Florida court's "inflexible checklist" of necessary evidence in favor of a more flexible, "common-sensical standard." EPIC filed an amicus curiae brief in the case, arguing that "investigative techniques should be used based on research, testing, and data indicating reliability." EPIC cited a recent National Academy of Sciences report highlighting the lack of reliable standards for investigative techniques. Late last week, the Department of Justice announced a new initiative to improve forensics reliability. For more information, see EPIC: Florida v. Harris.

February 25, 2013

NAAG 2013 Winter/Spring Meeting

NAAG 2013 Winter/Spring Meeting

Ginger McCall.
EPIC Open Government Project Director

National Association of Attorneys General
February 25-27
Washington, D.C.

February 20, 2013

Debate Over The Use Of Domestic Drones

"Debate Over The Use Of Domestic Drones"

Marc Rotenberg,
EPIC Executive Director

The Diane Rehm Show
February 20, 2013

EPIC Thanks Congress for FOIA Oversight, Calls for Renewed Attention to Transparency

EPIC, along with more than 40 transparency organizations, thanked the House Committee on Oversight for sending a letter to the Department of Justice about the importance of the Freedom of Information Act. The open government organizations said "outdated FOIA regulations, excessive fee assessments, growing FOIA backlogs, and the misuse of exemptions are issues that continually frustrate FOIA requesters" and expressed hope that the Committee would share the Department of Justice's responses with the public. EPIC also joined more than two dozen transparency groups in a letter to President Obama, asking him to renew his commitment to transparency and FOIA. The President issued a memorandum on Transparency and Open Government in 2009.For more information see: EPIC: Open Government.

February 21, 2013

CLHE Webinar: The Legal Challenge to the Latest FERPA Regulations: EPIC v. United States Department of Education

CLHE Webinar: The Legal Challenge to the Latest FERPA Regulations: EPIC v. United States Department of Education

Khaliah Barnes,
EPIC Administrative Law Counsel

Council on Law in Higher Education Webinar
February 21, 2013

DHS Working Group to Consider Privacy Impact of Drones

The Department of Homeland Security has released a previously internal memo regarding the establishment of a working group to "Safeguard Privacy, Civil Rights, and Civil Liberties in the Department's Use and Support of Unmanned Aerial Systems" (drones). The memo states, "[t]he overarching goal of the working group is to determine what policies and procedures are needed to ensure that protections for privacy, civil rights, and civil liberties are designed into DHS and DHS-funded [drone] programs." DHS has developed a program to explore the expansive use of small drones for law enforcement. Customs and Border Protection currently operates 10 Predator B drones in the United States. In testimony before Congress in July 2012, EPIC said that federal agencies operating drones should adopt privacy regulations. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.

February 22, 2013

ACLU Youth Open Mike on Internet Privacy

ACLU Youth Open Mike on Internet Privacy

Khaliah Barnes,
EPIC Administrative Law Counsel

ACLU of the Nation's Capital
Washington, DC
February 22, 2013

February 26, 2013

Supreme Court to Hear Arguments On Warrantless DNA Collection

Today the U.S. Supreme Court will arguments on whether the Fourth Amendment allows warrantless, suspicion less DNA collection from anyone arrested, but not convicted, of a "serious crime." In Maryland v. King, Maryland will argue that states should be permitted to use DNA to investigate cold cases even when the arrestee is not a suspect. King will explain that the Fourth Amendment requires a probable cause warrant for routine law enforcement investigations. EPIC filed a "friend of the court" brief, joined by the 27 technical experts and legal scholars, that describes how DNA collection and use "has grown dramatically and unpredictably over time." EPIC has asked the U.S. Supreme Court to affirm the decision of the Maryland Supreme Court, which held that a warrant is required for the collection of a DNA sample. For more information, see EPIC: Maryland v. King and EPIC: Genetic Privacy.

FTC Approves Final Settlement over Consumer Tracking, Fails to Enforce FIPs or Suggest Best Practices for Anonymization

The Federal Trade Commission adopted a proposed settlement with Compete, Inc., over allegations that Compete failed to adopt reasonable data security practices and deceived consumers about the amount of personal information that its toolbar and survey panel would collect. The FTC also charged Compete with deceptive practices for falsely claiming that the data it kept was anonymous. The settlement requires Compete to obtain consumers' express consent before collecting any data through its software, to delete personal information already collected, and to provide directions for uninstalling its software. In comments to the agency, EPIC recommended that the FTC also require the Compete to implement Fair Information Practices similar to those contained in the Consumer Privacy Bill of Rights, and develop a best practices guide to de-identification techniques. The FTC declined to adopt EPIC’s recommendations, stating that it "does not provide specific technical guidance in areas like [anonymization], which are constantly changing," and "may not impose additional obligations that are not reasonably related to such conduct or preventing its recurrence." For more information, see EPIC: Federal Trade Commission and EPIC: Re-Identification.

February 27, 2013

Supreme Court Blocks Challenge to FISA Surveillance

The Supreme Court ruled today in Clapper v. Amnesty Int'l USA that a constitutional challenge to the Foreign Intelligence Surveillance Act (FISA) cannot go forward. A group of attorneys and journalists alleged that the U.S. government could be intercepting their communications with their foreign contacts, in violation of the Fourth Amendment. In a divided 5-4 decision, Justice Alito wrote that the group's alleged injuries were too speculative to be considered. Justice Breyer, joined by Justices Ginsburg, Kagan, and Sotomayor, dissented and said that the Court's "certainly impending" standard was inconsistent with prior decisions. Justice Breyer also cited EPIC's "friend of the court" brief which described the extraordinary capacity of the NSA to capture private communications. For more information, see EPIC: Clapper v. Amnesty Int'l USA and EPIC: FISA.

February 28, 2013

Court Denies Appeal in Cy Pres Matter Over Objection that Settlement Fails to Provide Relief to Class Members

The Ninth Circuit has refused to hear an appeal in a case involving a class-action lawsuit over Facebook’s Beacon program, which disclosed personal information without user consent. "Cy pres" ("as near as possible") is a legal doctrine that allows courts to allocate funds to protect the interests of individuals when there is a class action settlement. Courts typically provide cy pres awards that reflect the reason for the litigation and are aligned with the interests of class members. In the Facebook case the court chose instead to provide the funds to a new foundation created by Facebook, which was appealed. Six judges dissented from the denial, writing that "the majority in this case creates a significant loophole in our case law that will confuse litigants and judges, while endorsing cy pres settlements that in no way benefit class members." EPIC previously highlighted the dangers of improper cy pres distributions in settlements. For more information, see EPIC: Fraley v. Facebook, EPIC: Lane v. Facebook, and EPIC: In re: Google Buzz.

EPIC FOIA - US Drones Intercept Electronic Communications and Identify Human Targets

New records obtained by EPIC under the Freedom of Information Act indicate that the Bureau of Customs and Border Protection is operating drones in the United States capable of intercepting electronic communications. The records also suggest that the ten Predator B drones operated by the agency have the capacity to recognize and identify a person on the ground. Approximately, 2/3 of the US population is subject to surveillance by the CBP drones. The documents were provided in response to a request from EPIC for information about the Bureau's use of drones across the country. The agency has made the Predator drones available to other federal, state, and local agencies. The records obtained by EPIC raise questions abut the agency's compliance with federal privacy laws and the scope of domestic surveillance. For more information, see EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.

EPIC Sues DHS for Information about "Internet Kill Switch"

EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security, following the agency's failure to produce any documents about the "Emergency Wireless Protocols," (Standard Operating Procedure 303 or "SOP 303"). SOP 303 describes the process that DHS would follow in order to execute a communications shutdown in the event of a national crisis. DHS has stated publicly under SOP 303 an agency component "will function as the focal point for coordinating any actions leading up to and following the termination of private wireless network connections, both within a localized area, such as a tunnel or bridge, and within an entire metropolitan area." But in response to EPIC's FOIA request, DHS wrote that it was "unable to locate or identify any responsive records." For more information, see EPIC: Open Government.

EPIC Testifies Before Maryland Legislature on Location Privacy

EPIC Appellate Advocacy Counsel Alan Butler testified before the Maryland House Judiciary Committee on H.B. 887, a location privacy bill that will establish a search warrant requirement for the collection of private location information. Mr. Butler discussed the current state of location tracking and privacy under the state and federal constitutions. The Maryland bill will require a warrant for location tracking and an annual report on electronic surveillance reports, similar to the federal wiretap reports. EPIC recently submitted amicus briefs in State v. Earls and In re US regarding location privacy. For more information, see EPIC: Locational Privacy and EPIC: State v. Earls.

About February 2013

This page contains all entries posted to epic.org in February 2013. They are listed from oldest to newest.

January 2013 is the previous archive.

March 2013 is the next archive.

Many more can be found on the main index page or by looking through the archives.