« November 2015 | Main | January 2016 »

December 2015 Archives

December 1, 2015

Federal Court Lifts Gag Order on National Security Letter Recipient

For the first time, a federal court has lifted a national security letter gag order, allowing an Internet Service Provider to publish the FBI's demands for records of user web browsing history, IP addresses, online purchases, and location information. The FBI issues thousands of NSLs each year, forcing companies to disclose troves of consumer records without probable cause. Recipients are preventing from acknowledging these warrantless searches. EPIC filed an amicus brief in In re National Security Letter, arguing that NSL gag orders frustrate the public's right to know about government surveillance programs.

December 2, 2015

Markey and Barton Pursue VTech Data Breach

Senator Edward Markey (D-Mass.) and Congressman Joe Barton (R-Tex) have asked VTech, "How do you protect children's information?" The electronic toy produced,recently exposed the personal profiles of millions of children in a cyber hack. The personal date included names, mailing addresses, email addresses, download history, birthdates, and genders. Senator Markey and Congressman Barton asked about VTech's data and security practices, including compliance with the Children's Online Privacy Protection Act, data the company collects about children, and security standards. EPIC has testified several times before Congress on protecting children's data and supported the updates to the Childrens Online Privacy Protection Act.

Schrems Pursues Legal actions to Block Data Transfers to the US

EU Privacy Advocate Max Schrems made new legal moves following the judgment of the European Court of Justice that struck down the Safe Harbor data transfer pact. He filed complaints with data protection officials in Ireland, Germany and Belgium to to block Facebook data transfers to the United States. Schrems says he wants to "ensure that this very crucial judgment is also enforced in practice when it comes to the US companies that are involved in US mass surveillance." NGOs in the Europe and the United Stated have urged governments to update domestic privacy laws and strengthen international commitments to enable the continued transfer of data between the EU and the US.

December 4, 2015

EPIC, Coalition Criticize Platform for Comments to Government

EPIC and a coalition of open government organizations submitted a letter to the Office of Management and Budget regarding revisions to Circular A-130, a government policy for access to information resources. The groups expressed concern about a poorly designed Internet service -- GitHub -- that created "new barriers to public participation in government decision-making." EPIC and its partners called on the OMB to "ensure meaningful public participation by notifying the public of opportunities to comment and accepting comments in other formats." EPIC frequently submits comments to state and federal agencies. OMB is accepting comments on A-130 through December 5.

White House Announces Federal Privacy Council

White House OMB Director Shaun Donovan announced plans to establish a new Federal Privacy Council. The Privacy Council will develop and coordinate privacy strategies and best practices across the federal government. Director Donovan remarked, " Government has a critical role in enforcing and ensuring protections for the privacy of its citizens." Donovan also announced plans to update privacy guidance for federal agencies. Donovan highlighted the White House's efforts to protect privacy and civil liberties, including the White House Consumer Privacy Bill of Rights and Big Data Review. EPIC recently urged Congress to enact the Consumer Privacy Bill of Rights and establish an independent privacy agency.

Austrian Supreme Court to Consider Schrems' Case against Facebook

The Austrian Supreme Court will decide if the Schrems case against Facebook can be brought as a class action. "The 'class action' is not only legal but also the only reasonable way to deal with thousands of identical privacy violations by Facebook," says Schrems. EPIC frequently works to protect the interests of Internet users in facing common violations of privacy rights.

December 5, 2015

EPIC Promotes Open Access to Law, Criticizes Government Website Tracking

EPIC has submitted comments recommending changes to Circular A-130, the government policy for managing federal information resources. Building on prior comments supporting increased access to public court records, EPIC urged federal agencies to make legislation, statutes, rules, regulations, and other relevant court documents available to the public on agency websites. EPIC also recommended that the federal government refrain from tracking website visitors. EPIC has previously argued against government tracking of people seeking access to public information, and pushed for increased privacy protections on government platforms. EPIC's 2009 Freedom of Information Act request revealed that government contractors providing social media services lacked privacy protections.

December 8, 2015

At UNESCO, EPIC's Rotenberg Argues for Algorithmic Transparency

Speaking at UNESCO headquarters in Paris, EPIC President Marc Rotenberg explained that algorithms, complex mathematical formulas, have an increasing impact on people's lives in such areas as commerce, employment, education, and housing. He warned that processes would continue to become more opaque as more decision making was automated. He said to experts in Freedom of Expression, Communication, and Information at UNESCO that "knowledge of the algorithm is a fundamental right, a human right," EPIC has launched a new program on Algorithmic Transparency, building on the work of several members of the EPIC Advisory Board.

EPIC to Defend Privacy Statute in Federal Appellate Case

EPIC appears in court today in In re Nickelodeon, a case concerning the Video Privacy Protection Act. The privacy law bars companies from disclosing personally identifiable information about users of Internet video services. Children who watch videos on Nick.com believe that Viacom disclosed their viewing records to Google for adverting purposes. The companies dispute this, claiming that cookies and IP addresses are not personally identifiable. EPIC's "friend of the court" brief argues that the definition of personal information in the privacy law is "purposefully broad to ensure that the underlying intent of the Act--to safeguard personal information against unlawful disclosure--is preserved as technology evolves." EPIC Senior Counsel Alan Butler will represent EPIC before the court.

December 9, 2015

Massachusetts Court Hears Arguments in Student Privacy Case

The Massachusetts Supreme Judicial Court heard arguments yesterday in Commonwealth v. White, a case concerning both student privacy and cell phone privacy. EPIC filed an amicus brief in the case, arguing that the police should obtain a warrant before seizing a student's cell phone. EPIC explained that "digital is different," and therefore the legal standard for school searches of contraband does not apply to cell phones. EPIC also explained the significance of Riley v. California, the recent Supreme Court case on cell phone searches that upheld a warrant requirement. The EPIC State Policy Project is based in Cambridge, Massachusetts.

Wyndham Settles FTC Charges Over Failure to Safeguard Customer Data

Wyndham Hotels has settled charges with the FTC that the company's data security practices unfairly exposed the financial data of hundreds of thousands of customers to hackers. Earlier this year, in FTC v. Wyndham, a federal appeals court upheld the FTC's authority to enforce data security standards. EPIC's amicus brief filed in Wyndham played an important role in defending the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards." EPIC explained that data breaches, which have caused more than $500 million in damages last year alone, are one of the top concerns of American consumers.

December 10, 2015

EPIC Celebrates Human Rights Day

On December 10, EPIC celebrates international Human Rights Day. On December 10, 1948, the United Nations adopted the Universal Declaration of Human Rights. The Declaration sets out civil, political, cultural, economic, and social rights. EPIC pursues the global recognition of privacy, a fundamental right set out in Article 12 of the Universal Declaration. Follow @EPICPrivacy on Twitter! #HumanRightsDay

Senate Judiciary Committee Holds FBI Oversight Hearing

The Senate Judiciary Committee held an oversight hearing with FBI Director James Comey. Following the calls of some political leaders to exclude Muslims from the United States, Senator Leahy warned leaders to not "succumb to the politics of fear and lose sight of our fundamental American values." Director Comey continued to advocate for weakened encryption to enable law enforcement access to private communications. EPIC has championed strong encryption and urged President Obama to reject proposals to weaken encryption. EPIC has also urged oversight of the FBI's Next Generation Identification program, a massive biometric database, that lacks appropriate privacy safeguards.

Report on "Still Interested?" Letters Delayed Until 2016

The federal FOIA Ombudsman informed EPIC that an investigation into the open government practices of the Department of Homeland Security won't be finished until March 2016. In 2014, EPIC and other open government advocates urged the Office of Government Information Services to investigate "still interested?" letters. The DHS has sent these letters to FOIA requesters to prematurely terminate open government requests. EPIC objected to the practice and explained that "no provision in the FOIA allows for administrative closures."

December 11, 2015

EPIC Urges Supreme Court to Review Cellphone Shutdown Case

Today, EPIC filed a brief to the U.S. Supreme Court in a long-running campaign to obtain the government's cellphone shutdown policy. EPIC has sought the secret policy from the DHS since 2012 after government officials disabled cellular service at a BART station during a peaceful protest. In the latest filing, EPIC countered the DHS's opposition to the high court's review of the case. EPIC highlighted the government's inconsistent views on the law, and urged the Court to resolve "a direct conflict between the D.C. Circuit and the Second Circuit" Courts of Appeals. EPIC successfully obtained a redacted version of the procedure, but is fighting to uncover more of the secret document.

December 12, 2015

Senate Postpones Action on Weak EU-US Privacy Measure

The Senate Judiciary Committee has "held over" the Judicial Redress Act, industry-sponsored legislation regarding the transfer of personal data on Europeans to the United States. European legal experts have stated that the measure does not provide meaningful protections for the data of Europeans. Forty NGOS have recommended substantial changes to privacy law in the US and the EU to make possible the continuation of transborder data flows. EPIC has also recommended specific changes to the Judicial Redress Act. European data protection agencies are expected to begin enforcement actions against US companies after January 30, 2016. According to Govtrack, the Judicial Redress Act has a "1% chance of being enacted."

December 14, 2015

FAA Requires Drone Registration but Again Fails to Limit Drone Surveillance

The FAA has published an rule requiring drone registration by December 21st. Owners of small drones will be required to pay a small fee and provide their name, physical address, and e-mail address. The agency announced that the registration database will be searchable, but owner e-mail addresses will not be made public. EPIC filed extensive comments on the proposed registration scheme, recommending that drones broadcast registration IDs and include information about surveillance capabilities. The FAA acknowledged EPIC's comments, but failed to adopt the recommendations. EPIC previously sued the FAA for failing to establish privacy rules for commercial drones. EPIC v. FAA is pending before the D.C. Circuit Court of Appeals.

December 15, 2015

EPIC Named Among Top-Ranked U.S. Think Tanks

EPIC has been ranked among the most influential thinks tanks in the United States. At #16, EPIC placed behind the Council on Foreign Relations and the Brookings Institution, but ahead of CSIS, the Aspen Institute, the Woodrow Wilson Center, and the New America Foundation. Established in 1994 to focus public attention on emerging privacy and human right issues, EPIC works with distinguished experts in law, public policy, and technology. Recent publications include Privacy in the Modern Age: The Search for Solutions and Privacy Law and Society. More at the EPIC Bookstore and EPIC Commentaries.

Obama Administration Gets Failing Grade on Surveillance Reform

EPIC has launched a scorecard for the 46 surveillance reform recommendations made two years ago by the President's Review Group on Intelligence and Communications Technologies. Although some of the recommendations have been fully implemented, the Administration has failed to implement most of them. The recommendations set out to limit NSA surveillance, expand judicial oversight, create new transparency requirements, update federal privacy laws, and create a new privacy agency. During the review process, EPIC met with the review group and submitted extensive comments to the panel, specifically urging the end of the bulk record collection program.

December 14, 2015

Congress Calls on Education Department to Protect Student Privacy

Congress has enacted the "Every Child Achieves Act of 2015," a law that provides technology funding for schools but requires extensive student data collection. In recognizing the substantial student privacy risks the law poses, Congress stated that the Education Department "should review all regulations addressing issues of student privacy, including those under this Act, and ensure that students' personally identifiable information is protected." The Act also requires ongoing compliance with L2 and other applicable state privacy law. EPIC previously sued the Education Department for weakening federal student privacy protections. EPIC supports establishment of a Student Privacy Bill of Rights.

December 15, 2015

European Institutions Conclude Data Protection Reform

The EU Commission, Parliament and Council reached an agreement on a comprehensive new privacy law after four years of negotiation. The General Data Protection Regulation establishes common privacy rules across Europe and creates strong enforcement power. The law will be fully applicable in about two years. The new law is a "major step forward for consumer protection and competition," said Jan Philip Albrecht. Sophie In’t Veld said, "The EU will now have the most extensive data protection laws in the world and will set global standards." EPIC, and many consumer privacy organization have urged the US to modernize domestic privacy law. EPIC President Marc Rotenberg told USA Today, "The U.S. will need to update privacy laws to safeguard U.S. consumers and maintain trade relations with Europe."

December 16, 2015

DHS and State Department Pushing for Increased Social Media Monitoring

According to reports and statements from former Homeland Security officials, the DHS has initiated three "pilot programs" to analyze social media posts during the visa review process. Prior to 2014, a DHS policy prohibited social media monitoring by immigration officials. EPIC successfully obtained documents in 2012 detailing the DHS social media monitoring policies, including instructions to analysts to monitor criticism of the agency. EPIC also submitted a letter to congressional leaders, outlining how DHS officials misrepresented their policies in a Homeland Security Committee hearing. EPIC wrote that the DHS' monitoring program should be suspended, as it exceeds the agency's statutory authority and chills First Amendment activity.

House Adds Cyber Surveillance to Budget Bill

Today, the House added the Cybersecurity Act of 2015 to an expansive appropriations bill. The Cybersecurity Act was negotiated behind closed doors and represents a new version of the Cybersecurity Information Sharing Act (CISA). Previous versions of CISA have been opposed by a broad coalition of organizations. The current bill, like previous ones, would allow the government to obtain personal information from private companies without judicial oversight. The Act would also expand government secrecy. EPIC previously won a five-year court battle to obtain NSPD 54, a foundational legal document for U.S. cybersecurity policies that revealed the government's interest in enlisting the private sector to monitor user activity.

EPIC to File "Friend of the Court" Brief in FCC Privacy Case

EPIC today filed a notice of intent in ACA Int'l v. FCC, a case about the consumer protections from unwanted and harassing phone calls. The Telephone Consumer Protection Act prohibits most automated solicitations unless the customer has given consent. Last summer, the Federal Communications Commission issued an order giving consumers more control to limit harassing telemarketing practices. Several marketing companies opposed the FCC order, which EPIC will now defend. EPIC contributed to the establishment of the TCPA and has submitted numerous comments to help ensure the Act's effective implementation.

December 17, 2015

Senators Blumenthal, Markey Propose Do Not Track Legislation

Sen. Richard Blumenthal and Sen. Edward Markey have introduced the Do Not Track Online Act of 2015, to limit online tracking. The bill directs the FTC to develop a simple Do Not Track mechanism that would allow consumers to stop companies from collecting their personal information. The bill authorizes the FTC and state attorneys general to bring enforcement actions against companies that refuse to honor consumers' requests. EPIC has previously said that an effective mechanism must ensure that a consumer's decision is "enforceable, persistent, transparent, and simple."

EPIC Urges FTC to Protect Consumers Amid Surge in Cross-Device Tracking

EPIC filed comments with the FTC on a new advertising practice with significant privacy implications. EPIC urged the FTC to limit "cross-device tracking," linking what a person types on their phone with what they see on their laptop or television. EPIC said the FTC should use its enforcement authority to investigate device tracking practices. EPIC also said the FTC should prohibit the cross-device tracking of minors. EPIC has played a leading role in developing the FTC's privacy authority. Several EPIC complaints are currently pending before the FTC, concerning "always on" devices, Uber's privacy policy, and Facebook's Psychological Study.

December 21, 2015

EPIC Urges OMB to Update Open Government Plan

EPIC and a coalition of transparency advocates urged the Office of Management and Budget to comply with President Obama's plan to promote open government. The OMB is expected to produce an open government plan, "describ[ing] how it will improve transparency." However, OMB Has failed to act even as the Administration has urged other governments to adopt similar plans. "The failure is particularly troubling," wrote the groups, "because OMB is an agency with a central oversight role on information policy, it has responsibility for implementation of this plan, and it often serves as the right hand of the President." EPIC and others previously called on President Obama to address weaknesses in open government administration and support FOIA reform.

December 22, 2015

FTC Issues Enforcement Policy Statement on Deceptive "Native" Advertising

The FTC has issued an enforcement policy statement on the use of "native" advertisements and other deceptive advertising that appear to be non-advertising content. The FTC's statement affirmed that ads must clearly be identifiable to consumers as advertising and not editorial content. EPIC previously filed an amicus brief in Fraley v. Facebook objecting to Facebook's "Sponsored Stories" that implied the user endorsed the brand to their friends. EPIC's prior complaint to the FTC regarding Facebook's privacy practices helped establish privacy rules for the social media network.

December 19, 2015

Ignoring Federal Law, TSA Drops Opt-Out Option for Body Scanners

The TSA has used a "Privacy Impact Assessment Update" to announce an unlawful procedure for screening air travelers in the United States. The agency claims that it may "mandate body scanner screening for some passengers." In EPIC v. DHS (Suspension of Body Scanner Program, the D.C. Circuit Court of Appeals ruled that the screening was Constitutional because passengers could always opt out. As Judge Ginsburg explained, "any passenger may opt-out of AIT screening in favor of a patdown, which allows him to decide which of the two options for detecting a concealed, nonmetallic weapon or explosive is least invasive. "The TSA has also failed to "act promptly," as the Court mandated, to finalize the legal authority for the program.

About December 2015

This page contains all entries posted to epic.org in December 2015. They are listed from oldest to newest.

November 2015 is the previous archive.

January 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.