« November 2014 | Main | January 2015 »

December 2014 Archives

December 2, 2014

Symposium on Student Privacy in Higher Education: Building Privacy Into Data-Driven Education

"Symposium on Student Privacy in Higher Education: Building Privacy Into Data-Driven Education"

Khaliah Barnes,
Director, EPIC Student Privacy Project;
EPIC Administrative Law Counsel

NYU Information Law Institute &
Microsoft Innovation & Policy Center
Washington, D.C.
December 2, 2014

December 1, 2014

FAA Grounds Drone Privacy Safeguards

In a letter to EPIC, the Federal Aviation Administration denied a petition to initiate a public rulemaking to address privacy and civil liberties issues posed by domestic drones. The agency stated it was not required to solicit public comments on the privacy implications of drones because privacy was "not an immediate safety concern." In March 2012, EPIC joined by over 100 other organizations, experts, and members of the public petitioned the FAA to "conduct a notice and comment rulemaking on the impact of privacy and civil liberties related to the use of drones in the United States." The agency published a notice with proposed privacy requirements for drone operators at FAA designated drone test sites. EPIC submitted comments in response to the notice, urging the agency to mandate minimum privacy standards for drone operators. After considering numerous public comments on the privacy impact of aerial drones, the FAA proposed that test site operators develop privacy policies but did not require any specific baseline privacy standards for drone operators. For more information, see EPIC: Domestic Drones and EPIC Spotlight on Surveillance: Drones - Eyes in the Sky.

EU Officials: Court Ruling on "Right to be Forgotten" Applies Worldwide

Privacy regulators in the European Union have issued guidelines calling for the recent "Right to be Forgotten" ruling to apply worldwide. In May, the European Union Court of Justice ruled that a European Union citizen can ask search engines to remove links in search results based on the citizen's name. However, Google chose to remove the links for only certain domains, leaving the private information subject to the ruling accessible to most users. The new report makes clear that the ruling should apply across all search engine services. The EU officials explain, "limiting de-listing to EU domains on the grounds that users tend to access search engines via their national domains cannot be considered a sufficient means to satisfactorily guarantee the rights of data subjects according to the ruling." For more information, see Fact Sheet on the Right to Be Forgotten, EPIC: Right to Be Forgotten, EPIC: International Privacy Law, EPIC: Expungement.

December 8, 2014

Analytics in the Age of Big Data

Analytics in the Age of Big Data

Julia Horwitz,
EPIC Consumer Protection Counsel

Arent Fox, LLP
Washington, D.C.
December 8, 2014

December 3, 2014

EPIC Pursues Information About "Hemisphere," Massive Phone Record Database

EPIC has filed a motion for summary judgment in a Freedom of Information Act lawsuit against the Drug Enforcement Administration. More than a year ago, EPIC sought documents from the agency concerning "Hemisphere," a massive AT&T call records database available to government agents. EPIC asked for the legal basis and privacy impact of the program. After the agency failed to respond to the request, EPIC filed a lawsuit. The DEA then produced several hundred pages of records. However, almost all were entirely redacted. EPIC now contends that the agency has failed to comply with the law. For more information, see EPIC: EPIC v. DEA - Hemisphere and EPIC: Freedom of Information Act.

December 4, 2014

California Court Strikes Down DNA Collection Law

A state appeals court in California has struck down a state law that requires collection of DNA from people arrested on felony charges. The California court ruled that DNA collection by a cheek swab is an unreasonable search and seizure prohibited by the state's constitution. "The California DNA Act intrudes too quickly and too deeply into the privacy interests of arrestees," wrote the court. The appeals court also said that the U.S. Supreme Court's ruling in Maryland v. King, which upheld a similar law in Maryland, did not apply in this case because of significant differences between each state's DNA collection laws. EPIC has participated as amicus in several cases concerning the collection of DNA. In Maryland v. King, EPIC argued that the government collection of DNA opens the door to misuse and threatens personal privacy. For more information, see EPIC: Maryland v. King, EPIC: Maryland v. Raines, EPIC: Kohler v Englade, EPIC: US v. Kincade, EPIC: Herring v. US, EPIC: Comments on TSA Biometric Systems, and EPIC: Genetic Privacy.

Senator Leahy Calls on the President to End Bulk Collection of Phone Records

Today Senator Patrick Leahy (D-VT) urged President Obama to end the dragnet collection of U.S. telephone records under Section 215 of the Patriot Act. The current authorization for the NSA's bulk collection program expires on Friday, December 5, 2014. Senator Leahy's comments follow the recent efforts to pass the USA FREEDOM Act of 2014, which would end the NSA's surveillance program. Senator Leahy said that ending the reauthorization of the program "would not be a substitute for comprehensive surveillance reform legislation - but it would be an important first step." In June EPIC, joined by many organizations, urged the President and Attorney General to end the bulk collection program. And in 2013 EPIC petitioned the Supreme Court, arguing that a special surveillance court exceeded its authority when it ordered Verizon to turn over records on all of its customers to the NSA. For more information, see In re EPIC and EPIC: Foreign Intelligence Surveillance Act Reform.

December 5, 2014

Pew Survey: Americans Wrongly Believe Privacy Policies Protect Privacy

According to a Pew Survey, over 50% of internet users in the U.S. believe privacy policies protect their information. The survey posed the following true/false statement, "When a company posts a privacy policy, it ensures that the company keeps confidential all the information it collects on users." 52% of users incorrectly answered "true." The question was based on a similar 2003 survey - which found that 57% of users believed privacy policies protected their information. In the 1999 survey on online privacy, "Surfer Beware III: Personal Privacy and the Internet", EPIC "found that the privacy policies available at many websites are typically confusing, incomplete, and inconsistent." The original EPIC survey "Surfer Beware: Personal Privacy and the Internet (1997)" was the first survey ever undertaken of Internet privacy practices. EPIC wrote at the time, "it is matter of basic fairness to inform web users when personal information is being collected and how it will be used." For more information, see EPIC: Public Opinion on Privacy.

Facebook Revises Privacy Policy

Facebook has again revised its privacy policy. Despite the new graphics, Facebook continues to collect and disclose enormous amounts of user data without meaningful consent. The use of location data has expanded dramatically. "We collect information from or about the computers, phones, or other devices where you install or access our Services," states Facebook. These include "device locations, including specific geographic locations, such as through GPS, Bluetooth, or Wi-Fi signals." Facebook is currently under a 20 year consent decree with the Federal Trade Commission as a consequence of a complaint brought by EPIC and coalition of consumer privacy organizations when the company changed the privacy settings of users. More recently consumer organizations in the US and Europe have objected to Facebook's decision to track the web activities of users and to profile offline purchase. Privacy groups have also objected to Facebook's manipulation of user news feeds. For more information, see EPIC: Facebook and EPIC: In re Facebook.

December 8, 2014

Congress Considers Bill to Strengthen Privacy Act

Congressman Gerry Connolly (D-VA-11) has introduced legislation to update the federal Privacy Act. The "Safeguarding Individual Privacy Against Government Invasion Act of 2014" would compensate individuals for non pecuniary harms after Privacy Act violations. The proposal is a response to FAA v. Cooper, a Supreme Court case holding that the Privacy Act does not cover mental and emotional damages. EPIC filed a "friend of the court" brief in that case, explaining that privacy laws routinely provide recovery for mental and emotional harm, that such damages are the most common consequence of privacy violations, and that civil remedies are necessary to ensure enforcement of the Privacy Act. Following the decision in FAA v. Cooper, EPIC set out proposals to strengthen the Privacy Act. EPIC has recently recommended that the Privacy and Civil Liberties Oversight Board prioritize Privacy Act enforcement. For more information, see EPIC: FAA v. Cooper, EPIC: Doe v. Chao, and EPIC: The Privacy Act of 1974.

U.N. Urges All Countries to Protect Digital Privacy

The United Nations has adopted a resolution on "The Right to Privacy in the Digital Age" that reaffirms the rights and freedoms embodied in the Universal Declaration of Human Rights. The UN resolution highlights the risks of mass surveillance and warns that metadata "can reveal personal information and can give an insight into an individual's behavior, social relationships, private preferences and identity." Earlier this year, in a joint submission to the United Nations, the Brennan Center, EPIC, and other public interest organizations urged the Human Rights Council to review U.S. surveillance programs. The letter stated that U.S. "surveillance activities also violate the rights to privacy, freedom of expression, and the freedom of peaceful assembly and association..." guaranteed by the Universal Declaration of Human Rights. For more information, see EPIC: Council of Europe Privacy Convention and Public Voice - Madrid Declaration.

British Court Upholds Mass Surveillance by UK Spy Agency

The Investigatory Powers Tribunal, which reviews complaints of unlawful surveillance by Britain's intelligence agencies, ruled that mass collection of online communications is legal. The complaint was brought by several privacy rights groups in the UK and focused on GCHQ's electronic surveillance program, TEMPORA, and information the UK spy agency obtained through NSA's PRISM and Upstream programs. The privacy rights groups plan to appeal the decision to the European Court of Human Rights. EPIC previously challenged the NSA's mass surveillance of U.S. phone records in a 2013 petition to the Supreme Court. EPIC's petition argued that the Foreign Intelligence Surveillance Court exceeded its authority when it ordered Verizon to turn over records on all of its customers to the NSA. The EPIC petition was supported by legal scholars and former members of the Church Committee. For more information, see In re EPIC and EPIC: Foreign Intelligence Surveillance Act Reform.

EPIC Asks New Mexico Supreme Court to Limit Aerial Surveillance

EPIC filed an amicus brief in a New Mexico Supreme Court case considering the warrantless search of private property. State v. Davis concerns law enforcement surveillance in a low-flying helicopter. EPIC argued that warrantless surveillance around a person's home violates both property interests and an individual's reasonable expectation of privacy. EPIC also warned the New Mexico high court that "Drones will enable broader use of aerial surveillance by law enforcement" agencies. EPIC explained that "it will be necessary to establish privacy rights to protect against constant monitoring." EPIC previously testified before Congress in support of a drone privacy law and petitioned the FAA to establish privacy safeguards for drone use. For more information, see EPIC: State v. Davis and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones.

December 9, 2014

Leahy FOIA Reform Bill Passes in Senate

The Senate has unanimously passed the Freedom of Information Improvement Act of 2014. (Outline of bill.) The bill, cosponsored by Senator Patrick Leahy (D-VT) and Senator John Cornyn (R-TX), requires Federal agencies to operate under a "presumption of openness." "The FOIA Improvement Act will help open the government to all Americans by placing an emphasis on openness and transparency, rather than allowing agencies simply to hide behind exemptions," Leahy and Cornyn said in a joint statement. The FOIA Improvement Act will also close a loophole that agencies have used to make requesters pay excessive fees, even when the agency takes years to process the request. EPIC has recommended many of these reforms, including changes to the "(b)(5)" exemption for agency memos. The bill goes next to the House for consideration. For more information, see EPIC: FOIA and FOIA.ROCKS.

EPIC to Argue Before DC Circuit for Release of Cell Phone Shutdown Policy

This week EPIC President Marc Rotenberg will argue EPIC v. DHS, No. 14-5013 before the US Court of Appeals for the DC Circuit. At issue is the public release of the policy - "SOP 303" - to shut down cell phone service in the United States. EPIC filed a filed a Freedom of Information Act request for the policy after government officials shut down cell phone service during a peaceful protest at BART subway stations in San Francisco. The government first contended it could not find the document, then located the document, then claimed it was exempt from disclosure. EPIC filed suit against the agency and a federal court ruled in EPIC's favor. On appeal, the government argued the decision should be reversed. EPIC responded that the decision was correct and SOP 303 should be released. The DC Circuit will hear arguments Thursday morning. For more information, see EPIC v. DHS - SOP 303.

December 16, 2014

Smart Phone Discovery, Privacy, and Practice - A Braver Newish World

Smart Phone Discovery, Privacy, and Practice - A Braver Newish World

Alan Butler,
EPIC Senior Counsel

D.C. Bar Conference Center
Washington, D.C.
December 16, 2014

EPIC Backs Comments on Location Privacy

EPIC has joined a coalition of consumer privacy groups in comments to the Federal Communications Commission on the "Roadmap for Improving E911 Location Accuracy." EPIC and the groups explained that collecting location information without privacy protections puts customers at risk. EPIC filed similar comments with the FCC in 2007. EPIC urged the Commission to recognize that "(1) the FCC has an obligation to protect the privacy of consumer information generated by the provision of communication services; (2) current regulations do not adequately location-based information, (3) legal frameworks, notably in the European Union, provide safeguards for location data, and (4) the Commission should establish rules that limit the use of customer location-based information." EPIC has frequently advocated for express authorization prior to disclosure of "call location information." The "Roadmap" raises concerns that the location of telephone users will be routinely known to federal agencies, whether or not there is an emergency. EPIC has also filed amicus curiae briefs in the U.S. Supreme Court and the Supreme Court of New Jersey arguing that location tracking by the government is a search under the Fourth Amendment and should only be conducted with a judicial warrant. For more information, see EPIC: Locational Privacy.

Dutch Privacy Officials Find Google Violates National Privacy Law

The Dutch Data Protection Authority has found that Google's 2012 privacy policy change violates Dutch data protection law. Google's policy change, which EPIC also opposed, consolidated user data across more than 60 separate services and gave Google the ability to track and profile users in extraordinary detail. The Dutch DPA has ordered Google to: (1) obtain "unambiguous consent of users for the combining of personal data" from different Google services; (2) describe in detail the personal data are used by each Google service; and (3) clearly explain to consumers that YouTube is a Google service. Google must comply with the Dutch officials' order by February 2015 or face $19 million in fines. In issuing the decision, Jacob Kohnstamm, chairman of the Dutch DPA, stated, "Google catches us in an invisible web of our personal data without telling us and without asking us for our consent. This has been ongoing since 2012 and we hope our patience will no longer be tested." In 2012, EPIC sued the Federal Trade Commission to block Google's 2012 policy change, which violated a 2011 FTC Consent Order. That Consent Order followed an extensive EPIC FTC Complaint and findings by the FTC concerning Google's business practices. For more information, see EPIC: EPIC v. FTC (Enforcement of the Google Consent Order), EPIC: In re Google Buzz, and EPIC: Federal Trade Commission.

December 17, 2014

"Eyes Over DC" - Department of Defense Launches Surveillance Blimps

On Friday, December 19, 2014, the US army will deploy surveillance blimps just north of the nation's capital. The surveillance blimp system, known as "JLENS," is comprised of two 250' blimps. One blimp contains aerial and ground surveillance technology that covers a 340-mile range, while the other has targeting capability. The JLENS was originally deployed in Iraq. Earlier this year, EPIC filed a Freedom of Information Act lawsuit to gain more information about the JLENS system. Preliminary documents obtained by EPIC suggested that the blimps would be equipped with video surveillance, though the Army has since claimed that video surveillance will not be deployed. However, documents obtained by EPIC in another FOIA case indicate that Customs and Border Protection is operating surveillance blimps with video surveillance. And the contractor Raytheon has demoed a video surveillance upgrade for the JLENS system. For more information see: EPIC v. Dept. of Army - Surveillance Blimps, EPIC: Unmanned Aerial Vehicles, and EPIC Spotlight on Surveillance (2005) - "Unmanned Planes Offer New Opportunities for Clandestine Government Tracking."

Schneier: Over 700 Million People Taking Steps to Avoid NSA Surveillance

Famed technologist and EPIC Advisory Board member Bruce Schneier pushed back against media claims that Edward Snowden's revelations about the NSA have had little impact on Internet users. A recent global survey found that 39% of Internet users who have heard of Snowden have taken steps to protect their online privacy. Some news articles have characterized these users as "merely 39%" and "only 39%." But Schneier did the math and found that Snowden’s impact has been far from insignificant: "706 million people have changed their behavior on the Internet because of what the NSA and GCHQ are doing." A recent Pew survey also indicates that the NSA revelations have had a dramatic impact on Internet users. Last year, EPIC filed a petition to the U.S. Supreme Court to stop the NSA's collection of domestic telephone records, following the release of the "Verizon Order." For more information, see EPIC: In re EPIC, EPIC: Smith v. Obama, and EPIC: Foreign Intelligence Surveillance Act Reform.

Strossen Joins EPIC Board of Directors

Former ACLU President Nadine Strossen has been elected to the Board of Directors of EPIC. Professor Strossen, who was recently named the John Marshall Harlan II Professor of Law at the New York Law School, is one of the world's leading experts on constitutional law, civil liberties, and international human rights. She joins a distinguished group of Internet pioneers, security experts, privacy advocates, Supreme Court advocates and policy experts on the EPIC Board and the EPIC Advisory Board. For more information, see EPIC Board of Directors and EPIC Advisory Board.

Senator Franken Questions Uber About Use of Passenger Data

Senator Franken has received a response from Uber about the the ride-sharing company's privacy practices. Last month, Franken asked Uber to answer ten questions about the company treats use of passenger data. Specifically, Franken questioned Uber's use of the "God view" tool, which allows the company to track individual customers in real time. Uber failed to answer several of Senator's questions and provided "a surprising lack of detail." EPIC recently proposed "Privacy Rules for Uber," as part of the "Rideshare Privacy Act of 2015." EPIC wrote that "there should be clear legal limits on the use of 'God view,'" explaining, "any use of that feature to track or stalk passengers should be prohibited by law. And all of these legal rights should be backed with meaningful fines if the company crosses the line." EPIC concluded, "the collection of detailed information on Uber passengers is a real problem that can no longer be ignored." For more information, see EPIC: Drivers Privacy Protection Act and EPIC: Automobile Event Data Recorders (Black Boxes) and Privacy.

December 18, 2014

New Guidelines on Government Profiling Announced

The Department of Justice has updated federal guidance on the consideration of race and other attributes when performing law enforcement activities. Federal law enforcement agencies are now prohibited from using race, ethnicity, gender, national origin, religion, sexual orientation, or gender identity when making "routine or spontaneous law enforcement decisions, such as ordinary traffic stops." The guidance permits federal law enforcement to consider these factors when engaged in national security, intelligence, immigration law, and organized crime investigation. Federal agencies including the Federal Bureau of Investigation and Customs and Border Protection routinely use immutable characteristics, like race and ethnicity, to assign "risk-assessment" profiles on individual who are not suspected of any crime. EPIC has previously urged the government to end this practice and to suspend the Automated Targeting System's "risk assessment" scoring EPIC said that the use of factors such as race and nationality to profile individuals is unconstitutional. For more information, see EPIC: Automated Targeting System, EPIC: Passenger Profiling, and EPIC: EPIC v. Customs and Border Protection (Analytical Framework for Intelligence).

EPIC, Coalition Urge Changes for House Procedures on National Security

EPIC and a coalition of civil liberties groups is advocating for changes that would create more oversight and accountability in Congress for national security issues. In a letter to House Speaker John Boehner and Minority Leader Nancy Pelosi, more than 50 organizations recommended that the leadership provide all Members of Congress with access to relevant information and sufficient staff assistance. That groups recommended revising procedures for the House Permanent Select Committee on Oversight so that other Committees are kept informed, unclassified reports are made public with minimal delay, and the Committee operates more openly. The groups proposed a Congressional option for whistleblowers so that information can be communicated to Members of Congress "without fear of reprisal" and a comprehensive review of the activities of the Intelligence Community since 9/11, modeled after the 9-11 Commission For more information see: EPIC: Open Government and FOIA Rocks.

Pew Research: Future of Data Privacy Uncertain

The Pew Research Center's new survey on "The Future of Privacy" found that experts predict that the struggle over privacy protection will continue through the next decade, though experts are divided about the likely outcomes. Among the key threats identified in the Pew study are the Internet of Things, the monetization of personal information, and increasing government surveillance. EPIC president Marc Rotenberg, one of the experts consulted, predicted, "There will be many contentious battles over the control of identity and private life. The appropriation of personal facts for commercial value — an issue that emerged with Google's 'shared endorsements' and Facebook's 'sponsored stories' — are a small glimpse of what lies ahead. The key will be the defaults: either individuals will control their online persona or it will be controlled by others." In May 2015, EPIC will release an anthology on the future of privacy. The book, "Privacy in the Modern Age: The Search for Solutions," will be published by The New Press. For more information, see EPIC: Public Opinion on Privacy.

Homeland Security Pushes Forward "Real ID"

Beginning in 2015, many federal facilities will require a "Real ID" for entry where identification is required. Several states have opted out of the Real ID Act, a federal mandate to modify the design of state drivers licenses, raising questions about the ability of people in those states to access federal buildings and board commercial aircraft. EPIC, supported by a broad coalition, opposed the Real ID regulations, arguing that many of the required identification techniques, such as facial recognition and RFID tags, compromise privacy and enable surveillance. EPIC, joined by technical experts and legal scholars, also provided detailed comments to the Department of Homeland Security about the program and later issued a L6[report: "REAL ID Implementation Review: Few Benefits, Staggering Costs" (May 2008). For more information see: EPIC: National ID and the Real ID Act.

December 24, 2014

Final Act: Senator Rockefeller Proposes Drone Privacy Bill

Senator Rockefeller, the outgoing Chair of the Senate Commerce Committee and a leading privacy champion, introduced a bill to require privacy safeguards in the commercial operation of drones. The Unmanned Aircraft Systems Privacy Act of 2014 would prohibit surveillance of individuals by companies unless explicit prior consent is obtained and would require the development of remote identification transmission technologies for drones. The bill would also provide a private right on action against invasions of privacy in violation of the act and grant the FTC additional authority to regulate on commercial drone privacy issues. EPIC previously testified before Congress in support of a drone privacy law. EPIC recommended data use and retention limitations as well as additional transparency and accountability measures for drone operators. For more information, see EPIC Spotlight on Surveillance: Drones - Eyes in the Sky and EPIC: Domestic Drones.

About December 2014

This page contains all entries posted to epic.org in December 2014. They are listed from oldest to newest.

November 2014 is the previous archive.

January 2015 is the next archive.

Many more can be found on the main index page or by looking through the archives.