« March 2015 | Main | May 2015 »

April 2015 Archives

April 2, 2015

Campaign for a Commercial-Free Childhood Protests Eavesdropping Barbie

The Campaign for a Commercial-Free Childhood has launched a campaign and petition to protest Mattel's "Hello Barbie." The toy is a WiFi-connected doll with a built-in microphone. Hello Barbie records and transmits children's conversations to Mattel, where they are analyzed to determine "all the child's likes and dislikes." The advocacy group explained that Hello Barbie is "a significant violation of children's privacy...Kids using 'Hello Barbie' won't only be talking to a doll, they'll be talking directly to a toy conglomerate whose only interest in them is financial." EPIC has participated in numerous campaigns to safeguard childrens' privacy and recently filed a complaint with the FTC about Samsung's always on "SmartTV."

April 3, 2015

EPIC Obtains E-Voting Documents, Security Questions Remain Unanswered

As the result of a Freedom of Information Act lawsuit, EPIC has obtained a September 2011 report about online voting. The report, produced in response to EPIC's July 2014 FOIA request, summarizes a pilot test of e-voting system. The report recommends several changes, including accessibility and user interface, but does little to address privacy and security concerns except for recommending "visible security features" to "give users greater confidence in the privacy and security of their ballots." EPIC will continue to pursue the documents that have been withheld from the public about the risks of online voting.

Court Orders Government to Respond to EPIC's Petition in Case Over Cell Phone Shutdown Policy

The federal appeals court in Washington, DC, has ordered DHS to respond to EPIC's petition to reconsider a recent decision allowing the federal agency to withhold the criteria for shutdown of cell phone networks. EPIC sued the DHS for the policy following a 2011 San Francisco BART incident, when government officials shut down cell phone service during a peaceful protest. EPIC argued that the recent decision would "create an untethered national security exemption for law enforcement agencies," and is contrary to other court decisions and the intent of Congress. The appeals court has determined that the government must respond to EPIC's petition.

Department of Justice Adopts Improved FOIA Rule

In response to extensive comments by EPIC and the Sunlight Foundation, the Department of Justice has issued an improved final rule that will govern the agency's Freedom of Information Act practices. The initial rule would have made it difficult for FOIA requesters to obtain favorable fee status, created new obstacles to open government, and reduced agency oversight. The final rule adopted by the agency incorporates nearly all of EPIC's recommendations, including provisions that help ensure accountability, access, and favorable fee status for news media and educational requesters. EPIC routinely comments on agency FOIA rulemakings, and has had past success with the Federal Trade Commission, Privacy and Civil Liberties Oversight Board, and other federal agencies.

Judge Approves Laughably Bad, Collusive Class Action Settlement

A federal judge has approved a settlement involving Google after the company routinely disclosed the search histories of Internet users to third parties in violation of federal law. Under the settlement, Google will continue the practice and the attorneys will receive several million in fees. Google will also distribute millions to the schools the lawyers attended. None of the class members will receive any benefit. A coalition of consumer privacy organizations, including EPIC, twice urged the judge to reject the settlement. The groups cited an opinion by Supreme Court Chief Justice John Roberts about a similarly collusive settlement.

April 8, 2015

Drug Enforcement Agency Gathered Telephone Records on Millions of Americans

According to USA Today the Drug Enforcement Agency has engaged in a secret telephone record collection program involving Americans for many years. The federal agency collected the telephone call records of Americans for nearly a decade before September 11. Government officials told USA Today that the program was discontinued in 2013, but documents obtained by EPIC indicate that the DEA program "Hemisphere" is ongoing. EPIC is pursuing a Freedom of Information Act lawsuit, EPIC v. DEA, to obtain further details about the DEA's bulk collection activities. EPIC is also pursuing related suits against the National Security Agency and the Department of Justice concerning metadata collection.

Massive AT&T Consumer Privacy Violation Results in $25 Million FCC Penalty

The Federal Communications Commission has settled an enforcement action against AT&T for the company's massive consumer privacy violations. According to the Commission, employees at AT&T call centers around the world accessed the "CPNI" (call record information) of nearly 280,000 U.S. customers without their permission. Then AT&T distributed that information to traffickers of stolen cell phones. As a condition of settlement, AT&T will pay a $25 million penalty, eclipsing the 2014 Verizon settlement as the FCC's largest ever data security action. EPIC has long supported the robust defense of CPNI privacy.

April 9, 2015

Court Awards EPIC Attorneys' Fees in FOIA Case Against NSA

A federal district court has ordered the NSA to pay EPIC attorneys fees in a lawsuit that led to the the release of a presidential cybersecurity order. Back in 2009, EPIC requested National Security Presidential Directive 54, which concerns the NSA's domestic surveillance authority. After EPIC brought suit and then an appeal to the D.C. Circuit, the NSA finally released the document to EPIC. The agency then opposed EPIC's request for attorneys fees in the case. A federal court has now ruled that NSA's refusal to disclose the document was "incorrect as a matter of law," that EPIC had "substantially prevailed," and awarded EPIC more than $31,000 in fees.

April 13, 2015

Gunter Grass Dies at 87, Nobel Novel Basis of US Privacy Case

Famed German novelist and social critic Gunter Grass passed at age 87. Grass's first novel, The Tin Drum, was adapted for film and won the 1979 Palme d'Or and the Academy Award for Best Foreign Language Film. Grass later received the Nobel Prize in literature. The Tin Drum was also the center of a dispute concerning the privacy of video rental records. Following a complaint that the film constituted "child porn" in violation of Oklahoma law, the police sought the names of all the people who had rented the Oscar winning film. Citing the Video Privacy Protection Act, a federal court ruled the search illegal and awarded damages.

April 15, 2015

House Reconsiders Data Breach Bill

Members of the Energy and Commerce Committee have convened to rework the Data Security and Breach Notification Act. The Act, introduced by Reps. Blackburn and Welch, would require businesses to notify consumers of a data breach "unless there is no reasonable risk of identity theft or financial harm." The bill would also preempt stronger state laws, and would strip the FCC of its authority to protect consumer privacy. Rep. Frank Pallone and others have raised concerns. EPIC previously urged Congress to adopt baseline federal law that would allow states to develop innovative legislative responses to privacy risks.

"Eyes Over Washington:" EPIC Obtains Documents about Army Blimps in DC

As the result of a Freedom of Information Act lawsuit, EPIC has obtained several thousand pages about the blimps deployed by the Army, just north of the nation's capital. The records document the use of "JLENS," as well as the Army's relationship with the contractor Raytheon, which has proposed a video surveillance capability. The Army has disputed the claim that JLENS has surveillance capability. EPIC has recently filed suit against the FAA for failure to establish privacy rules for commercial drones in the US.

April 20, 2015

NIST Seeks Comments on De-identification Report

The National Institute of Standards and Technology has released a draft report on "De-Identification of Personally Identifiable Information." The agency is requesting comments by May 15. The NIST report reviews de-identification techniques and research, including work by EPIC Advisory Board members Cynthia Dwork and Latanya Sweeney. Last year, in response to a similar request for comments, EPIC recommended Privacy Enhancing Technologies that "minimize or eliminate the collection of personally identifiable information." EPIC also expressed support for Fair Information Practices and the Consumer Privacy Bill of Rights.

NGOs Urge European Commission to Uphold Privacy

EPIC has joined a coalition of over sixty NGOs from around the world in a letter to President Juncker of the European Commission, urging him to uphold robust data protection standards. The institutions of the European Union are currently negotiating the new General Data Protection Regulation. The European Commission previously promised that the Data Protection Regulation would be at least as strong as the 1995 Directive it replaces. In 2012, EPIC spoke before the European Parliament on "The Reform of the EU Data Protection Framework-Building Trust in a Digital and Global World."

April 21, 2015

Supreme Court Limits Traffic Stop Searches

The Supreme Court issued its opinion today in Rodriguez v. United States, a Fourth Amendment case involving the use of a drug-detection dog during a traffic stop. The Court found that it was unlawful for a police officer to detain a driver for the sole purpose of conducting a "sniff" test after the traffic stop was completed. The Supreme Court rejected the Government's argument that extending the stop to wait for a dog to search for drugs was "only a de minimis" intrusion of Fourth Amendment rights. EPIC previously filed an amicus brief in Florida v. Harris, a similar case before the Supreme Court concerning the use of canines for drug detection, arguing that the Fourth Amendment requires routine testing of investigatory techniques to assess reliability and establish reasonableness.

April 22, 2015

Beckstrom, Bryant and Strossen Join EPIC Advisory Board, Chip Pitts Named Chair

EPIC has announced the 2015 members of the EPIC Advisory Board. They are Rod Beckstrom, former CEO and President of ICANN, Kimberly Bryant, founder of Black Girls Code, and Nadine Strossen, professor at New York Law School and former President of the ACLU. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy. Human rights attorney and expert in corporate social responsibility Chip Pitts was also voted EPIC Board Chair.

April 23, 2015

Privacy Groups Appeal UK Surveillance Decision

Human rights organizations have appealed a judgment concerning GCHQ spying to the European Court of Human Rights. Liberty first challenged the GHCQ in case before the UK Investigative Powers Tribunal. The Tribunal ruled in December that the GCHQ complied Article 8 of the European Convention on Human Rights, but in February 2015 the Tribunal held that the oversight rules were not made accessible to the public as required by Article 8.

Congress Proposes Bipartisan Student Privacy Bill

The House Education and Workforce Committee has proposed a discussion draft amending the Family Educational Rights and Privacy Act, a federal student privacy law. The draft recommends ways to strengthen the law, including: (1) protecting student data maintained by private companies; (2) shorter wait times for students to access their records; (3) permitting students to opt out of disclosing their data for certain research studies; (4) mandatory data security for schools; (5) written agreements detailing obligations of third parties receiving student data; (6) enhanced enforcement mechanisms; and (7) narrowing exceptions under which schools may disclose student data without consent.

Open Government Groups Oppose Cyber Security Bills

A broad coalition of organizations now oppose cybersecurity bills currently before Congress. The groups warn that the measures will increase monitoring of Internet users, increase government secrecy, and remove judicial oversight for government surveillance. Many have described the cyber security bills as "cyber surveillance" measures. Last year, EPIC won a five-year court battle against the NSA for NSPD 54-the foundational legal document for U.S. cybersecurity policies. The Directive reveals the NSA's interest in enlisting companies to monitor user activity in the United States.

Senator McConnell Seeks Renewal of NSA Bulk Collection Program

Senate majority leader Mitch McConnell has introduced a bill that would extend the Patriot Act until 2020. Specifically, S. 1035 would renew the controversial Section 215 authorities for the NSA's telephone record collection program. The 215 authority is set to expire on June 1. EPIC urged the President and the Attorney General not to renew the 215 order after it became clear that the NSA routinely collected the telephone records of US citizens. EPIC previously petitioned the Supreme Court to suspend the program, arguing that the NSA program exceeded the section 215 legal authority.

April 24, 2015

FTC Reaches Settlement with Customer Tracking Technology Firm Over Privacy Violations

The Federal Trade Commission announced a settlement with the firm Nomi, whose sensors recorded the physical location of customers in stores using their mobile devices' MAC addresses. Nomi's privacy policy stated that customers would be able to opt out of tracking, however, customers were not informed when they were being tracked. The settlement agreement will prohibit Nomi from deceiving consumers in their privacy policies. EPIC supports the use of privacy enhancing technologies to protect consumers from tracking, including the adoption of randomized MAC addresses that prevent persistent identification.

April 25, 2015

EPIC Demands the FAA to Establish Drone Privacy Rules

EPIC has filed extensive comments, urging the Federal Aviation Administration to propose drone privacy safeguards. In 2012, EPIC led a coalition of over 100 experts and organizations in petitioning the FAA to establish privacy protections prior to the deployment of commercial drones in the United States. EPIC stated that, "As a consequence of the FAA’s failure to establish drone privacy rules, millions of Americans now face the possibility of unchecked monitoring and harassment." EPIC has sued the agency for its failure to protect the privacy of Americans.

April 27, 2015

Supreme Court to Hear Privacy Case Against Spokeo

The Supreme Court will hear an important privacy case concerning the disclosure of personal information in violation of the Fair Credit Reporting Act. Spokeo claimed that the plaintiff's lacked lacked "standing" to sue after the company disclosed data protected by the FCRA. The Ninth Circuit disagreed and ruled for the plaintiffs. In the Spokeo case, the Solicitor General has filed a brief in support of the plaintiffs. EPIC filed an amicus curiae brief in First American v. Edwards, a similar case before the Court in 2011.

April 28, 2015

DHS Defends Government Secrecy in "Internet Kill Switch" Case

The Department of Homeland Security has filed a brief in response to EPIC's petition for rehearing in the "Internet Kill Switch" case. EPIC is seeking the release of the public policy that allows the government to suspend cell phone service. The D.C. Circuit previously ruled that DHS may withhold the policy. EPIC pursued the shutdown policy after government officials disabled cell phone service during a peaceful protest in San Francisco. EPIC cited both free speech and public safety concerns and noted that the policy was never subject to public rule making. The Federal Communications Commission recently warned government agencies not to use "jammers," devices that block cell phone signals, because of public safety risks.

April 30, 2015

House Members Introduce Student Privacy Bill

Congressmen Luke Messer (R-IN) and Jared Polis (D-CO) have introduced the "Student Digital Privacy and Parental Rights Act of 2015." The student privacy bill would prohibit companies from selling student information, using student information for targeted advertising, or otherwise disclosing student information for non-educational purposes. The Student Digital Privacy Act would implement portions of EPIC's Student Privacy Bill of Rights, including granting students access to their personal information collected by companies and requiring companies to provide notice of data security breaches. The bill is modeled on a new student privacy law in California.

About April 2015

This page contains all entries posted to epic.org in April 2015. They are listed from oldest to newest.

March 2015 is the previous archive.

May 2015 is the next archive.

Many more can be found on the main index page or by looking through the archives.