« May 2014 | Main | July 2014 »

June 2014 Archives

June 16, 2014

"Toward an Internet Bill of Rights"

"Toward an Internet Bill of Rights"

Marc Rotenberg,
EPIC President

Italian Parliament
Rome, Italy
June 16, 204

June 20, 2014

"Internet Policy and Governance"

"Internet Policy and Governance"

Marc Rotenberg,
EPIC President

OECD
Paris, France
June 20, 2014

June 5, 2014

Seventh Annual Privacy Law Scholars Conference

Seventh Annual Privacy Law Scholars Conference

Khaliah Barnes,
Director, EPIC Student Privacy Project
EPIC Administrative Law Counsel

George Washington School of Law
Washington, D.C.
June 5-6, 2014

EPIC Celebrates 20 Years, Gives Awards to Anita Allen, Justin Amash, The Guardian, and Edward Snowden

On June 2, 2014, EPIC celebrated 20 years of privacy advocacy with an awards dinner in Washington, DC. EPIC gave the 2014 EPIC Champions of Freedom Awards to Congressman Justin Amash, The Guardian, and Edward Snowden Anita Allen received the EPIC Lifetime Achievement Award. Bruce Schneier hosted the event. EPIC President Marc Rotenberg delivered remarks. For more information, see Announcement of EPIC creation in 1994.

June 6, 2014

EPIC, Partners Draft Model FOIA Regulations

EPIC, together with Citizens for Responsibility and Ethics in Government, the National Security Archive, and Openthegovernment.org, has drafted model Freedom of Information Act regulations. Under the National Action Plan, the Department of Justice has been tasked with creating a uniform set of FOIA regulations that would apply across the government. EPIC’s model FOIA regulations are designed to make it easier for FOIA requesters to obtain agency documents, favorable fee status, and expedited processing. They would also create a balancing test that agencies would need to satisfy before asserting Exemption 5 for internal agency memos. The model FOIA regulations have received the endorsement of more than 25 transparency and accountability groups. For more information, see ModelFOIAregs.org and EPIC: Open Government.

EPIC Open Government Director Appointed to FOIA Advisory Committee

EPIC Open Government Project Director Ginger McCall has been appointed to the federal government's Freedom of Information Act (FOIA) Modernization Committee. The Committee's goal is to advise on ways to improve the administration of FOIA. It will have 20 members - 10 from within government and 10 from outside of government - and will chaired by Office of Government Information Services director Miriam Nisbet. The first meeting of the Committee will be held at the National Archives and Records Administration in Washington, DC on June 24, from 10:00AM to 1:00PM. For more information see: NARA: Modernizing FOIA and EPIC: FOIA Cases.

EPIC Urges Extended Relief for Driver Privacy Claims

EPIC has filed a "friend of the court" brief in McDonough v. Anoka County, a case involving the Driver's Privacy Protection Act. That law protects the privacy of driver record information held by state Department of Motor Vehicles. EPIC argued that a court was wrong to dismiss legal claims before people knew that their information was improperly disclosed by the DMVs. EPIC said that courts should follow the "discovery rule" so that victims can bring cases after they learn their personal information has been impermissibly accessed. EPIC has frequently defended this important federal privacy law. For more information, see EPIC - Reno v. Condon, EPIC - DPPA, EPIC - Maracich v. Spears, and EPIC - Gordon v. Softech Int'l.

EPIC v. NSA: EPIC Obtains Presidential Directive for Cybersecurity

After almost five years, EPIC has obtained National Security Presidential Directive 54. The previously classified Presidential Directive contains the full text of the Comprehensive National Cybersecurity Initiative and "establishes United States policy, strategy, guidelines, and implementation actions to secure cyberspace." This Directive, which is the foundational legal document for all cybersecurity policies in the United States, evidences government efforts to enlist private sector companies, more broadly monitor Internet activity, and develop offensive cybersecurity capability. EPIC first sought public release of NSPD-54 with a Freedom of Information Act request, submitted to NSA in June 2009. After the agency failed to disclose the document, EPIC filed suit. When a federal district court ruled in 2013 that the Presidential Directive was not subject to the Freedom of Information Act, EPIC then filed an appeal with the DC Circuit Court of Appeals. The document has now been disclosed to EPIC. The case is EPIC v. NSA, a Freedom of Information Act lawsuit in D.C. Circuit Court. EPIC has several related FOIA cases with the NSA pending in federal court. For more information see EPIC - EPIC v. NSA (Cybersecurity Authority).

Senate Holds Hearing on Consumer Location Privacy Protection

The Senate recently held a hearing on the Location Privacy Protection Act of 2014 authored by Senator Franken. In an opening statement, Senator Franken said his "bill makes sure that if a company wants to get your location...they need to get your permission first." FTC Director, Jessica Rich, testified that location data is "sensitive information" that "raises privacy concerns." The FTC recently signed a 20-year consent order with Snapchat after finding the app was collecting location information in contradiction to its stated privacy policy. The FTC investigated Snapchat after EPIC filed a complaint with the agency detailing the companies deceptive practices. EPIC also filed an amicus brief in a location privacy case in which the New Jersey Supreme Court case announced a landmark decision, holding that individuals have an expectation of privacy in their cell phone data.For more information, see EPIC: Location Privacy.

June 9, 2014

EU Progress on Data Protection

Speaking in Luxembourg this week, EU Commissioner Viviane Reding said that the EU Council moved forward two key data protection goals in 2014. First, there is "agreement on the rules that govern data transfers to third countries." Second, "Ministers agreed on the territorial scope of the data protection regulation. In simple words: EU data protection law will apply to non-European companies if they do business on our territory." Ms. Reding said the EU is on track to ensure "the completion of the Digital Single Market by 2015. For more information, see EPIC - EU Data Protection Directive, EPIC - Council of Europe Privacy Convention and EPIC - "23 US NGOs Support EU Data Protection Regulation."

June 17, 2014

Fifteenth Annual Institute on Privacy and Data Security Law

Fifteenth Annual Institute on Privacy and Data Security Law

Alan Butler,
EPIC Appellate Advocacy Counsel

Practising Law Institute
New York, NY
June 17, 2014

June 10, 2014

EPIC Urges FTC to Protect Snapchat Users' Privacy

EPIC has submitted comments to the Federal Trade Commission, urging the agency to require Snapchat to safeguard consumer privacy. Following a 2013 EPIC complaint, the FTC signed a consent order with Snapchat, the publisher of a mobile app that encourages users to share intimate photos and videos. Snapchat claimed that pictures and videos would "disappear forever," but that was false. As EPIC explained, "Snapchat photos and videos remain available to others even after users are informed that the photos and videos have been deleted." EPIC expressed support for the findings in the proposed FTC Settlement with Snapchat. But EPIC recommended that the FTC require Snapchat to implement the Consumer Privacy Bill of Rights and make Snapchat's independent privacy assessments publicly available. EPIC pursued similar claims involving false promises about data deletion with AskEraser. EPIC has also made similar recommendation for other proposed FTC consumer privacy settlements. For more information, see EPIC: In re Google, EPIC: In re Facebook, and EPIC: FTC.

Apple Announces New Privacy-Enhancing Techniques in iOS 8

Apple has announced new privacy-enhancing techniques that will limit the ability of third parties to track Apple mobile devicesi. Specifically, iOS8 will use "random, locally administered MAC addresses," instead of unique device IDs, to connect to the Internet. Mobile phones can now be tracked by law enforcement and private companies because of the unique MAC address associated with the device. In 2004 when the adoption of IPv6 raised privacy concerns, EPIC recommended that MAC addresses be randomized to avoid tracking. The change in the Apple iOS implements this proposal. For more information, see EPIC: Practical Privacy Tools and EPIC: Location Privacy.

Senate to Hold Homeland Security Oversight Hearing

The Senate Judiciary Committee will hold an oversight hearing for the Department of Homeland Security. Secretary Jeh Johnson will testify. EPIC has objected to many of the agency's mass surveillance practices, including the secret profiling of American air travelers, the use of drones for aerial surveillance, the amassing of information on Americans into "fusion centers", and the collection of biometric identifiers. EPIC has also warned that the DHS Chief Privacy Officer has failed to safeguard privacy, a legal obligation for that office. According to the DHS, the number of privacy complaints increased in 2013. EPIC has several Freedom of Information Act case pending against the DHS. In an earlier case, EPIC determined the DHS was monitoring social media and news organizations for criticisms of the agency. Another EPIC case led to the removal of the x-ray backscatter devices from US airports. For more information, see EPIC v. DHS - Social Media Monitoring and EPIC v. DHS (Suspension of Body Scanner Program).

Won't Someone Please Think of the Children? Kids and Privacy in the Modern World

Won't Someone Please Think of the Children? Kids and Privacy in the Modern World

Khaliah Barnes,
Director, EPIC Student Privacy Project

Computers, Freedom, and Privacy Conference 2014
Warrenton, VA
June 10, 2014

June 12, 2014

Facebook to Profile User Browsing, May Violate FTC Consent Order

Facebook has announced that it will collect detailed browser history on users for advertising purposes. Users who object were told to opt-out. The plan may violate a Federal Trade Commission order, prohibiting Facebook from changing its business practices without users’ express consent. The FTC order follows from complaints filed by EPIC and other consumer privacy organizations in 2009 and 2010. In issuing the order, the FTC found that Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public." A recent Consumer Reports poll found that consumers overwhelmingly object to having their online activities tracked for advertising purposes. For more information, see EPIC: Facebook Privacy, EPIC: FTC Facebook Settlement, EPIC: Online Tracking and Behavioral Profiling, and EPIC: Practical Privacy Tools.

June 13, 2014

Canadian High Court Holds Internet Use Protected by Constitutional Privacy Right

The Supreme Court of Canada has ruled that police conducted an unconstitutional search when they used an IP address to obtain subscriber information from an Internet Service Provider without legal authorization. The Court also found Canada’s personal information protection law does not require ISPs to disclose subscriber information to law enforcement. In its analysis, the Court described information privacy as "control over, access to and use of information." The Court stressed that "anonymity may be the foundation of a privacy interest that engages constitutional protection against unreasonable searches and seizures." Two recent opinions from the European Court of Justice have firmly established the right of information privacy law in EU law. EPIC has urged the US Supreme Court to recognize the right of information privacy and also to safeguard the right of anonymity. For more information, see EPIC: NASA v. Nelson, EPIC: Watchtower Bible v. Stratton, EPIC: Internet Anonymity and EPIC: Search Engine Privacy.

June 16, 2014

On Privacy, New Survey Places US Attitudes Among EU Countries

One of the most comprehensive surveys of privacy ever undertaken finds US attitudes toward privacy remarkably similar to those of Europeans. The survey of 15 countries on privacy, and tradeoffs consumers are prepared to make, placed the US squarely in the middle of European countries, roughly between France and Italy on one side and Germany and the Netherlands on the other. The survey looked at current concerns and support for new laws in countries around the globe. According to EMC, "only 27% say there are willing to trade some privacy for greater convenience." A large majority of respondents (81%) expect privacy will decrease in the next five years. But 9 out of1 0 respondents want new laws to limit the sale of personal data. Concerns about privacy and support for new laws is somewhat greater in the US than in other countries. For more information, see EPIC - Public Opinion on Privacy.

June 17, 2014

Coalition to President: End NSA's Bulk Collection Program Now

EPIC and a coalition of 25 organizations urged the President and the Attorney General to end the NSA's bulk record collection program when the current authority expires on June 20. In January, the President committed to "end the Section 215 bulk metadata program as it currently exists." The coalition letter states, "[t]he NSA's Bulk Metadata program is simply not effective." Both the Privacy and Civil Liberties Oversight Board report and the President's Review Group report found the NSA's bulk collection to be ineffective. EPIC petitioned the Supreme Court to end the NSA's bulk collection of telephone records after the program was revealed last summer. EPIC's petition argued that the Foreign Intelligence Surveillance Court exceeded its authority when it ordered the production of all domestic telephone records. For more information, see In re EPIC.

June 20, 2014

Senate Cybersecurity Information Sharing Bill Proposed

Senators Dianne Feinstein and Saxby Chambliss have proposed the Cybersecurity Information Sharing Act of 2014. The Senate bill is similar to the House Cyber Intelligence Sharing and Protection Act (CISPA), which was opposed by civil liberties organizations and would have been vetoed by the White House if enacted. Like CISPA, the Senate bill allows companies to monitor private communications on their networks and to disclose user activity to the government. The bill would also exempt companies from liability for monitoring communications or disclosing user information. However, the Senate bill makes some attempt to limit the collection of personally identifiable information. EPIC recently won a five-year court battle with the NSA and obtained National Security Presidential Directive 54. The directive was issued by President Bush in 2008 and is the foundational legal document for U.S. cybersecurity policies. The Presidential Directive reveals the government’s long-standing interest in enlisting private sector companies to monitor user activity. For more information, see EPIC: Cybersecurity.

US Federal Court Upholds "Right to be Forgotten" for Seized Data

A federal appeals court ruled that the government violated the Fourth Amendment when investigators searched computer files that had been seized in an unrelated investigation more than two and a half years earlier. The Second Circuit found that the government has a duty to delete all files not responsive to the original warrant and cannot indefinitely retain data "for use in future criminal investigations." This rule imposes a data minimization requirement on law enforcement investigators and is similar also to the much discussed "right to be forgotten." EPIC argued in favor of the data minimization principles adopted by the Ninth Circuit in US v. Comprehensive Drug Testing. For more information, see United States v. Ganias, EPIC: Quon v. City of Ontario, CA and EPIC: Code of Fair Information Practices.

EPIC Seeks Records on FTC "Sign-off" for Facebook Changes

EPIC has filed a FOIA request with the Federal Trade Commission, seeking records related to Facebook's decision to collect users' internet browsing history for advertising purposes. Previously, Facebook collected user data from facebook.com and mobile apps. Now, Facebook plans to collect user data from sites all over the web. Facebook claims that the FTC was briefed about the change beforehand. However, the plan may violate a Federal Trade Commission order prohibiting Facebook from changing its business practices without users’ express consent. Through the FOIA request, EPIC seeks information about the FTC's review of Facebook's plans to monitor users. For more information, see EPIC: Facebook Privacy, EPIC: Online Tracking and Behavioral Privacy, and EPIC: Practical Privacy Tools.

Obama Renews Unlawful NSA Bulk Record Collection Program

Today the Attorney General and the Director of National Intelligence announced that the President will seek a renewal of the court order authorizing the NSA's bulk collection of American telephone records through September 12, 2014. The President has chosen to renew this order despite his promise in March 2014 to end the bulk collection program and the widespread opposition from members of Congress, and the recommendations of expert panels. The Attorney General's statement suggests that "legislation would be required" to end the program, but it was the President's decision to seek renewal of the Foreign Intelligence Surveillance Court order. EPIC, along with 25 other privacy organizations, wrote a letter to the President last week urging him not to renew the order. Last summer, EPIC petitioned the Supreme Court to end the NSA's telephone record collection program. EPIC's argued that the Foreign Intelligence Surveillance Court exceeded its authority when it ordered the production of all domestic telephone records. For more information, see In re EPIC.

June 23, 2014

EPIC with Civil Society Urge OECD to Examine "Dominant Internet Firms"

Speaking at a high level meeting on Internet Policy Making, EPIC President Marc Rotenberg urged the OECD to examine the impact dominant Internet firm may have on the future of innovation and freedom. Citing the Charter of the OECD Civil Society Council, Rotenberg said "dominant Internet firms are moving to consolidate their control over the Internet. It is vitally important for the OECD to develop a better understanding of the challenge industry consolidations pose to the open Internet." The OECD is well known for the International Privacy Guidelines and is currently updating the Security Guidelines, which establish a global framework for managing cyber risks. A Ministerial meeting meeting will be held in Mexico in 2016. For more information, see CSISAC, EPIC - OECD Privacy Guidelines, OECD Security Guidelines.

June 24, 2014

Freedom of Information Act Modernization Federal Advisory Committee Inaugural Meeting

Freedom of Information Act Modernization Federal Advisory Committee Inaugural Meeting

Ginger McCall,
Director, EPIC Open Government Project

National Archives
Washington, D.C.
June 24, 2014

June 23, 2014

Federal Appeals Court Releases "Drone Killing" Memo, EPIC Filed Amicus

The Court of Appeals for the Second Circuit today made public the legal analysis justifying the Administration's controversial "targeted killing" drone program. The action follows an earlier ruling by the federal appeals court in New York Times v. Department of Justice. The government had argued that this memo could not be disclosed under the Freedom of Information Act because it was a privileged "deliberative" document. But the plaintiffs explained that the government relied on the analysis to defend the program and that it operated as secret law. EPIC filed an amicus brief, supported by seven open government organization, arguing that under the FOIA such a legal opinion by the Justice Department cannot be a deliberative documents. The federal appeals court agreed, and has now released the opinion to the public. Last week, in EPIC v. NSA the Department of Justice released to EPIC NSPD-54, the President Directive concerning cybersecurity. For more information, see EPIC: New York Times v. DOJ and EPIC v. DOJ - Warrantless Wiretapping Program.

June 27, 2014

US-German Cyber Dialogue;Ensuring Security and Freedom

"US-German Cyber Dialogue;Ensuring Security and Freedom"

Marc Rotenberg,
EPIC President

Federal Foreign Office
Berlin, Germany
June 27, 2014

June 25, 2014

Senators Leahy and Cornyn Introduce FOIA Reform Bill

A bipartisan Freedom of Information Act reform bill was introduced today by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX). The FOIA Improvement Act of 2014 addresses chronic problems with overuse of exemptions by federal agencies, excessive fee assessments, and the culture of secrecy. The bill will codify a "presumption of openness" in the processing of FOIA requests. The bill will require agencies to weigh the public interest in disclosure against the agency’s interest in secrecy before withholding documents such as Office of Legal Counsel memos. The FOIA Improvement Act will also close a loophole that agencies have used to make requesters pay excessive fees, even when the agency takes years to process the request. EPIC has recommended many of these reforms. EPIC specifically recommended proposed changes to the "(b)(5)" exemption. For more information see: EPIC: FOIA Cases.

Coalition to Attorney General: Review FBI's Massive Biometric Database

EPIC, EFF, ACLU, Defending Dissent, and a coalition of over 30 organizations have urged Attorney General Holder to immediately conduct a privacy assessment of the FBI's proposed "Next Generation Identification" system. NGI is a massive database that includes biometric identifiers, such as digitized fingerprints and facial images, of millions of Americans. The system is set to go fully operational despite a required privacy assessment. EPIC previously sued the FBI to obtain details about the system. According to a FOIA document obtained by EPIC, the FBI accepts a 20% error rate for facial recognition searches of the Next Generation Identification database. Last year, EPIC also obtained documents from the FBI regarding the use of facial recognition on state DMV photos. For more information, see EPIC's Spotlight on Surveillance on FBI's Next Generation Identification Program.

Defense Agency Adopts Favorable Open Government Rules After EPIC Comments

The Defense Logistics Agency, an agency component within Department of Defense, has amended its Freedom of Information Act rules. EPIC submitted extensive comments on the initial proposal. EPIC said that several of the proposals are contrary to law, exceed the scope of the agency's authority, and should be withdrawn. The final rule incorporates many of EPIC's recommendations. For example, DLA revised several key definitions, including "administrative appeal," "adverse determination, and "consultation," and modified its general FOIA policy to promote agency transparency. EPIC routinely comments on agency proposals that impact the rights of FOIA requesters. The Privacy and Civil Liberties Oversight Board, the Federal Trade Commission, and the Interior Department have adopted EPIC's recommendations on proposed FOIA rule changes. For more information, see EPIC: Open Government.

Unanimous Supreme Court Upholds Privacy Rights of Cell Phone Users

The Supreme Court ruled today that a warrantless search of a cell phone violates the Fourth Amendment, even when it occurs during a lawful arrest. The Court's decision in Riley v. California makes clear that "a search of the information on a cell phone bears little resemblance to the type of brief physical search" allowed in the past. The Court said "Cell phones differ in both a quantitative and a qualitative sense from other objects that might be kept on an arrestee's person." EPIC, joined by 24 legal scholars and technical experts on the EPIC Advisory Board, filed a friend of the court brief, arguing that cell phones contain a wealth of sensitive personal data, and that officers can reasonably secure phones while they apply for a warrant to search them. EPIC wrote, "Allowing police officers to search a person's cell phone without a warrant following an arrest would be a substantial infringement on privacy, is unnecessary, and unreasonable under the Fourth Amendment." The EPIC brief was cited by the Supreme Court in its decision. For more information, see EPIC: Riley v. California.

June 27, 2014

FTC Ignores Public Comments on Safe Harbor Settlements

The Federal Trade Commission has settled charges against fourteen companies that misrepresented compliance with the EU-US Safe Harbor privacy arrangement. In response to the FTC's request for public comment on the pending settlements, EPIC recommended that the Commission: (1) require the companies to comply with the Consumer Privacy Bill of Rights; (2) publish the companies' consent order compliance reports as they are submitted; and (3) strengthen the sanctions against a DNA testing firm, whose misrepresentations puts genetic information at risk. However, the FTC declined to make any changes. EPIC has previously stated that the Commission's ongoing failure to modify consent orders in response to public comments is "contrary to the interests of American consumers." An Irish Court has recently asked the European Court of Justice to determine whether the Safe Harbor Arrangement still provides adequate protection for EU consumer. For more information, see EPIC: EU Data Protection Directive and EPIC: Federal Trade Commission.

June 30, 2014

Supreme Court Rejects Google's Street View Appeal

The U.S. Supreme Court has denied a petition from Google to reverse the decision in the Google Street View case. In Joffe v. Google, Internet users sued Google for intercepting private communications, including passwords, medical records, and financial information, of millions of users across the country. EPIC filed a friend of the court brief in support of Internet users, arguing that Wi-Fi communications are not "readily accessible to the general public," and that companies should not intercept communications of private residential networks. The Ninth Circuit agreed and found that the wiretap exception for access to "radio communications" does not apply to Wi-Fi networks. More than twelve countries have investigated Google for its collection of private Wi-Fi data, and at least nine countries have found that Google violated their national wiretap laws. For more information, see EPIC: Joffe v. Google and EPIC: Investigations of Google Street View.

FAA, Park Service Ground Drones, Cite Safety Concerns

The Federal Aviation Administration released a proposed Special Rule for Model Aircraft which will prohibit the use of drones for the delivery of packages and other commercial services. At the end of last year, Amazon had raised the prospect of delivering packages via drones. The agency has requested comments on the proposal. A recent Washington Post series highlighted numerous close encounters between commercial aircraft and small drones, as well as many incidents were drones fell from the sky. The National Park Service has prohibited the use of drones in national parks, citing safety concerns. Last year, EPIC urged the Federal Aviation Administration to mandate minimum privacy standards for drone operators. For more information, see EPIC: Domestic Drones.

About June 2014

This page contains all entries posted to epic.org in June 2014. They are listed from oldest to newest.

May 2014 is the previous archive.

July 2014 is the next archive.

Many more can be found on the main index page or by looking through the archives.