« December 2014 | Main | February 2015 »

January 2015 Archives

January 20, 2015

In Defense of the Right to be Forgotten: An American Perspective

"In Defense of the Right to be Forgotten: An American Perspective"

Marc Rotenberg,
EPIC President

20th Anniversary Lecture
Tilburg Institute for Law, Technology and Society
The Hague, Netherlands
20 January 2015

January 22, 2015

EPIC International Champion of Freedom Award Ceremony

EPIC International Champion of Freedom Award Ceremony

Marc Rotenberg,
EPIC President

Computers, Privacy, and Data Protection
Brussels, Belgium
22 January 2015

January 2, 2015

FTC Finalizes Snapchat Settlement

The Federal Trade Commission has approved a final order with Snapchat, the messaging service that falsely promised that messages sent and received through the service would "disappear forever.” The Commission’s investigation and initial proposed consent order followed a complaint filed by EPIC in 2013. EPIC brought the complaint against Snapchat after a researcher discovered that Snapchat photos could be retrieved by others after they should have vanished. EPIC also filed comments regarding the Commission's proposed consent order, expressing support for the Commission’s findings but recommending that Snapchat should be required to implement the Consumer Privacy Bill of Rights and make Snapchat's privacy assessments publicly available. Under the settlement, Snapchat will be subject to 20 years of privacy audits, and will be prohibited from making false claims about its privacy policies. For more information, see EPIC: In re Google, EPIC: In re Facebook and EPIC: FTC.

FTC Charges Data Broker with Theft

The Federal Trade Commission has brought a complaint against LeapLab, a commercial data broker. According to the complaint, LeapLab bought the payday loan applications of “financially strapped consumers,” and then sold the consumer information to marketers. At least one marketing company that purchased consumer information from LeapLab used that information to steal millions of dollars from consumers’ bank accounts. “This case shows that the illegitimate use of sensitive financial information causes real harm to consumers,” said Jessica Rich, Director of the Federal Trade Commission’s Bureau of Consumer Protection. In 2005, EPIC testified before the the House Commerce Committee on "Identity Theft and Data Broker Services" and Urged Congress to establish comprehensive regulation of the data broker industry following the disclosure that Choicepoint was selling personal information to criminals engaged in identity theft. Further, EPIC's complaint to the FTC against Choicepoint lead to a $10 million settlement. For more information, see EPIC: Choicepoint, EPIC: Privacy and Consumer Profiling, and EPIC: FTC.

Facebook Modifies User Privacy Policy

Facebook has modified its privacy and data use policies, effective January 1, 2015. Facebook will now allow advertisers to include a “buy” button directly on targeted advertisements on a user’s page. Facebook will also allow advertisers to use the location data gathered from tools like “Nearby Friends” and location "check-ins” to push geolocation-based targeted advertisements. For instance, a Facebook user who checks in near a restaurant that partners with Facebook may now be shown menu items from that restaurant. Last month, the Dutch data protection commission announced that it planned to open an investigation into Facebook’s policy modifications. In July 2014, EPIC and a coalition of consumer privacy groups urged the FTC to halt Facebook’s plan to collect web-browsing information from its users. Facebook is already under a 20 year consent decree from the FTC that requires Facebook to protect user privacy. The consent decree resulted from complaints brought by EPIC and a coalition of consumer privacy organizations in 2009 and 2010. For more information, see EPIC: Facebook Privacy; and EPIC: FTC.

Senators Seek Answers on Use of Cell Phone Surveillance Devices

Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Chuck Grassley (R-Iowa) have asked Attorney General Eric Holder and Secretary of Homeland Security Jeh Johnson several questions about the government’s use of cell site simulators or “Stingray” devices to track cell phones. According to the letter, the Senators previously asked FBI Director James Comey about the FBI’s use of cell site simulators and, after two briefings with the Senators, the FBI announced a new policy that it would obtain search warrants before using the devices, subject to certain exceptions. The new letter raises questions about the broader use of cell site simulators by other law enforcement agencies and their impact on the privacy of innocent individuals. EPIC filled a lawsuit under the Freedom of Information Act in 2012, seeking information about the FBI’s use of cell site simulators and, in particular, what legal process the agency required before deploying the technology. As a result of EPIC’s lawsuit, more than 4,000 pages of partially-redacted FBI records were released to the public. For more information, see EPIC v. FBI - Stingray / Cell Site Simulator.

January 6, 2015

Inspector General: Border Drone Program Expensive, Ineffective

The DHS Office of Inspector General has released a new report on the drone surveillance program operated on the US border. The Inspector General found that the government "has invested significant funds in a program that has not achieved the expected results, and it cannot demonstrate how much the program has improved border security." The report also found that Customs and Border Protection underestimated the cost of operations. The Inspector General recommends tabling any expansion of the drone surveillance program. In February 2013, EPIC petitioned the agency to suspend the border surveillance program pending the establishment of concrete privacy regulations. The petition followed an EPIC Freedom of Information Act request, which found that border drones carry advanced surveillance equipment that could intercept electronic communications and identify human targets on the ground. For more information, see EPIC: Domestic Drones and EPIC Spotlight on Surveillance: Drones - Eyes in the Sky.

New Report Surveys FOIA Litigation in 2014

The Transactional Records Access Clearinghouse has released its analysis of 2014 litigation under the Freedom of Information Act. TRAC found that 422 FOIA lawsuits were filed in the past year, the highest number since 2001. Among advocacy organizations, EPIC was the third most frequent filer, with seven lawsuits filed in 2014. Several notable lawsuits were also filed by the New York Times and Vice reporter Jason Leopold. The Department of Justice was the federal agency most frequently sued, followed by the Department of Defense. For more information see: EPIC: Open Government and FOIA.ROCKS.

January 7, 2015

FTC Chair Warns About Risks of Connected Devices

In a speech at the CES conference this week, FTC Chair Edith Ramirez warned of the privacy risks of connected home devices. "In the not-too-distant future, many, if not most, aspects of our everyday lives will be digitally observed and stored," Ramirez said. EPIC has written extensively on interconnected devices, known as the "Internet of Things." In comments to the FTC, EPIC described several risks, including the hidden collection of sensitive data. EPIC recommended that companies adopt Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. For more information, see EPIC: FTC and EPIC: Big Data.

January 9, 2015

EPIC Urges Congress to Hold Hearing on FBI Database

In a letter to Senators Grassley and Leahy, EPIC has urged the Senate Judiciary Committee to investigate the FBI's "Next Generation Identification" program. NGI is the most extensive biometric database in the world and raises many privacy risks. In a recent FOIA case, EPIC v. FBI, EPIC obtained documents which show that the FBI accepted a 20% error rate for facial recognition matches. EPIC and over 30 organizations have urged Attorney General Holder to conduct a privacy assessment of NGI, but the program has since gone fully operational without the required evaluation.

January 22, 2015

Governing Credit Scoring: Data Protection, Algorithms & Surveillance

"Governing Credit Scoring: Data Protection, Algorithms & Surveillance"

Julia Horwitz,
EPIC Consumer Protection Counsel

Computers, Privacy, and Data Protection
Brussels, Belgium
22 January 2015

January 12, 2015

President Obama Backs Student Privacy Law

Today the President will propose legislation to safeguard student data, to "ensure that data collected in the educational context is used only for educational purposes." The Student Digital Privacy Act, based on a landmark California statute, will prohibit companies from selling data for non-educational purposes and from using data for targeted advertising. Last year, EPIC called for a Student Privacy Bill of Rights to safeguard student information. EPIC has urged Congress and the Department of Education to strengthen student privacy.

Obama Announces New Consumer Privacy Initiatives

Today the President announced several initiatives to help protect consumer privacy following many, many data breaches. The President will move forward the Consumer Privacy Bill of Rights, a model framework for federal consumer privacy legislation, that EPIC supported in comments to executive agencies, legislators, and the White House. The President also proposed that financial firms disclose credit scores and that Congress enact the Student Digital Privacy Act based on "Fair Information Practices."

Obama Calls for Disclosure of Secret Credit Scores

In a speech at the Federal Trade Commission today, President Obama called for free access to credit scores. This will improve transparency for companies that profile consumers with "big data." Last year, the White House explored "Big Data and the Future of Privacy." EPIC called for "algorithmic transparency" and urged the White House to end secret profiling that limits opportunities for consumers, employees, students, and others.

January 15, 2015

Human Rights Implications of Big Data

"Human Rights Implications of Big Data"

Jeramie Scott,
EPIC National Security Counsel

American Association for the Advancement of Science: Science and Human Rights Coalition Meeting
Washington, D.C.
January 15, 2015

January 13, 2015

President Obama Announces New Cybersecurity Initiatives

Today the President announced several cybersecurity initiatives, including a proposal to facilitate private sector threat information disclosures. The White House proposal requires the removal of personal information prior to data transfers but privacy concerns remain. The President threatened to veto a previous bill that lacked privacy and civil liberties safeguards. A 2013 expert report set out 46 proposals for strengthening cyber security that the White House said it would adopt. EPIC supported these recommendations and has also recommended civilian leadership on cybersecurity.

EPIC Urges New Mexico Supreme Court to Limit Aerial Surveillance

EPIC Senior Counsel Alan Butler will argue before the New Mexico Supreme Court this week in a case concerning police surveillance. EPIC filed an amicus curiae brief in State v. Davis warning of the risk of widespread drone surveillance and arguing that aerial surveillance within the airspace surrounding an individual's home is a search under the Fourth Amendment. EPIC frequently files amicus briefs in federal and state courts on emerging privacy and civil liberties issues.

January 15, 2015

CIA Releases Redacted Report on Surveillance of Congress

Several months after EPIC filed a Freedom of Information Act lawsuit against the Central Intelligence Agency, the agency has released the Inspector General's report on the agency's surveillance of Congress. The Inspector General launched an investigation after the Senate accused the CIA of improperly accessing the computers of Senate staff who were investigating CIA torture practices. The Inspector General found that CIA personnel improperly accessed Senate computers multiple times. The Inspector General also found that the CIA's accusations that Senate staff had improperly removed CIA files were baseless. EPIC will pursue release of the full, unredacted report.

January 22, 2015

EPIC Gives Freedom Awards to Peter Hustinx and Philip Zimmermann

EPIC has awarded the 2015 International Champion of Freedom Award to former EU Data Protection Supervisor Peter Hustinx. EPIC also gave the 2015 US Privacy Champion Award to Philip Zimmermann, the inventor of PGP. The EPIC awards were presented at the annual conference on Computers Privacy and Data Protection in Brussels. Press release.

January 26, 2015

EU Privacy Supervisor Sets Out New Agenda

In a speech at the Computers, Data Protection, and Privacy conference in Brussels, European Data Protection Supervisor Giovanni Buttarelli set out a new agenda for the agency. Buttarelli emphasized that "data protection is a top policy priority and a top political priority." CPDP attracted more than 1,000 participants this year.

EPIC Urges House to Safeguard Consumer Privacy

EPIC has sent a statement to the House Commerce Committee for the hearing, "What are the Elements of Sound Data Breach Legislation?". EPIC had testified before the House Committee in 2011 on data breach notification, urging Congress to set a national baseline standard. EPIC also supports enactment of the Consumer Privacy Bill of Rights. EPIC also urged the House Committee to promote "algorithmic transparency." EPIC has warned that “[t]he ongoing collection of personal information in the United States without sufficient privacy safeguards has led to staggering increases in identity theft,security breaches, and financial fraud.”

January 27, 2015

FAA Settles Case Testing Legality of Commercial Drone Ban

The FAA has settled a case, Huerta v. Pirker, that challenged the agency's ability to regulate the commercial use of drones. The settlement requires the drone operator to pay a $1,100 fine for violating the FAA regulation. Despite the ban, the agency continues to grant exceptions for commercial drone use. A small drone recently crashed on the White House grounds, raising additional concerns the anticipated deployment of drones in the United States. EPIC has petitioned the FAA to establish clear privacy rules for the operation of commercial drones.

January 28, 2015

National Security Agency Violates Defense Department Privacy Rules

The Defense Department has issued a regulation for all Privacy Programs within the agency, including the National Security Agency's. EPIC urged the Department to require the NSA to comply with the Privacy Act, which permits individuals to know about government databases and to inspect their records held by federal agencies. The DoD responded that the NSA complies with the Privacy Act. However, the NSA fails to describe the databases it maintains, which contain telephone numbers, email addresses, and social media information of U.S. citizens, in violation of the Privacy Act.

January 30, 2015

DOJ Reverses Course on Forensic Evidence Committee After Federal Judge Resigns in Protest

The Department of Justice has reversed a decision to limit oversight of scientific evidence after a federal judge threatened to resign in protest. The National Commission on Forensic Science, established by the DOJ, was charged with improving the reliability of forensic science but the Justice Department appeared ready to make a recommendation contrary to the Commission's purpose. Senator Patrick Leahy (D-VT) has urged better oversight of forensic evidence in the criminal justice system. EPIC also asked the Supreme Court in an amicus curiae brief in Florida v. Harris to look more closely at investigative techniques that help establish probable cause. EPIC argued that courts should ensure that techniques are adequately tested to ensure the accuracy and validity of results. The dispute over the recommendations of the National Commission on Forensic Science reflect a similar concern.

Privacy Board Renews Call for President Obama to End Bulk Collection

The Privacy and Civil Liberties Oversight Board released a report on prior recommendations regarding the NSA's domestic and global surveillance programs. The Board stated that the Obama Administration has failed to end the domestic telephone collection program. The Board stated, "the Administration can end the bulk telephone records program at any time, without congressional involvement." EPIC and a broad coalition have repeatedly urged the President end the NSA's bulk record collection program. Previously, EPIC petitioned the Supreme Court, with the support of dozens of legal experts, arguing that the NSA program was unlawful.

Senators Challenge Verizon's Secret Mobile Tracking Program

In a letter to Verizon, Senators on the Commerce Committee challenged the company's practice of placing a "super cookie" oncustomers' smartphones. The letter follows the recent discovery that the advertising company Turn was secretly tracking Verizon customers, even after customers deleted its cookies. In the letter, the Senators asked Verizon to stop tracking users with undeletable cookies. EPIC has urged the White House and the Federal Trade Commission to limit the use of persistent identifiers. EPIC supports opt-in requirements and Privacy Enhancing Techniques for consumers, and algorithmic transparency for data collectors.

EPIC Defends Political Gatherings at Hotels in Brief for Supreme Court

In an amicus brief to the Supreme Court for Los Angeles v. Patel, EPIC said the issue is "whether a city can authorize the police to routinely inspect hotel guest registries without any individualized suspicion or judicial supervision." Citing the famous civil rights case NAACP v. Alabama, EPIC noted the long history of political and religious organizations gathering at hotels in the United States. EPIC wrote, "individuals have a constitutional right to gather at hotels for political and religious purposes without being subject to police inspection." EPIC said, "guest registries should not be made routinely available to the police for inspection, and they should not be collected or retained for that purpose." Thirty-six legal scholars and technical experts supported the EPIC amicus. EPIC is a leading expert in privacy and technology, and regularly files amicus briefs in appellate cases concerning emerging civil liberties issues.

About January 2015

This page contains all entries posted to epic.org in January 2015. They are listed from oldest to newest.

December 2014 is the previous archive.

February 2015 is the next archive.

Many more can be found on the main index page or by looking through the archives.