« December 2015 | Main | February 2016 »

January 2016 Archives

January 4, 2016

EPIC Opposes Sea Traveller Surveillance Program

In comments to the DHS, EPIC criticized a proposal to collect detailed records on people traveling by boat. The DHS is planning to track people arriving and departing the United States by sea, including between ports within the United States. However, DHS will ignore Privacy Act protections, and make the data collected routinely available to private companies and foreign governments. The proposal, explained EPIC, would "create a massive government database of detailed personal information that lacks accountability." EPIC has opposed other boat surveillance programs. And a FOIA case pursued by EPIC about a controversial boater tracking program revealed that the DHS fuses tracking data with other intelligence data to develop detailed profiles on boaters.

January 6, 2016

EPIC Seeks Default Judgment in Umbrella Agreement Lawsuit

In its fight to obtain a copy of the EU-US Umbrella Agreement, EPIC asked a federal court in Washington, D.C. today to grant default judgment against the Department of Justice. EPIC sued the agency to obtain the secret agreement, which concerns the transfer of personal information between the EU and US. After the DOJ failed to answer EPIC's complaint, the court entered default against the agency. The Agreement is central to pending legislation, which the Senate Judiciary Committee is set to debate this month yet the DOJ has not made the document available to the public or to Members of Congress.

EPIC Warns Education Department of Research Database Privacy Risks

In comments to the Education Department, EPIC objected to the Department's recent proposal to gather detailed student information. The Department plans to collect student data, including discipline records, to assess "data-driven instruction professional development." The Department also proposes to disclose the data to private contractors. EPIC suggested that the agency use aggregate data instead of students' personally identifiable information so as to reduce the risk that might result from a data breach. EPIC noted that the agency's Inspector General recently found that "information systems continue to be vulnerable to serious security threats." EPIC has called for a Student Privacy Bill of Rights, an enforceable privacy and data security framework.

DHS Releases Drone Privacy Best Practices

The Department of Homeland Security has released a set of drone privacy best practices. The best practices reflect many of the recommendations made by EPIC in testimony to Congress, including limiting data collection, use, dissemination, and retention. The recommendations also propose a redress program so individuals can challenge inappropriate collection. The best practices are only guidelines, but a Presidential Memorandum on drones and privacy requires that all federal agencies to establish and publish drone privacy procedures by February 2016. EPIC has sued the Federal Aviation Administration, EPIC v. FAA to establish privacy rules for commercial drones. Oral arguments are scheduled before the D.C. Circuit Court of Appeals on February 10.

January 7, 2016

EPIC Urges HHS to Protect Privacy of Human Research Subjects

In comments to the Department of Health and Human Services, EPIC pointed out several flaws in proposed revisions to the "Common Rule," ethical rules regarding biomedical and behavioral research involving human subjects. While EPIC supports the agency's proposals to strengthen requirements for informed consent and to adopt a broad definition of Personally Identifiable Information, many of the proposed changes "place research interests ahead of the privacy interests" and fail to address the risks to human subjects of "Big Data" research. EPIC previously expressed concern about proposed changes to the Common Rule and continually advocates for health privacy rights.

Uber, New York AG Reach Settlement Over Rider Data Privacy Practices

The New York Attorney General’s office has announced a settlement in its investigation of Uber’s collection and misuse of rider locational data, as well as its failure to provide timely notice of a data breach affecting 50,000 Uber drivers. The investigation was prompted by public outcry over Uber’s “God View” tool that allowed Uber employees to obtain a specific rider’s real-time and historic location data without permission. The settlement requires the Uber to encrypt rider locational data and enhance its data security. EPIC previously filed a complaint with the FTC, charging that Uber’s plan to track users and gather contact details is an unlawful and deceptive trade practice. In the Huffington Post, EPIC also recommended privacy law to regulate Uber and other companies in the ride-sharing industry.

January 11, 2016

Supreme Court Denies EPIC's Petition to Obtain Cellphone Shutdown Policy

Today, the U.S. Supreme Court declined to review EPIC v. DHS, concerning the government's cellphone shutdown policy. EPIC had pursued the secret policyafter government officials disabled cellular service at a BART station in San Francisco during a peaceful protest. A district court in Washington, D.C. ruled in EPIC's favor when the DHS sought to withhold the policy, but the court of appeals later overturned the ruling. EPIC urged the Supreme Court to review the case to resolve a conflict between the D.C. Circuit and the Second Circuit Courts of Appeals. EPIC also pointed to competing public safety interests when cell service is disabled, but the Court declined. Despite today's order, EPIC successfully obtained a redacted version of the shutdown policy.

Amid Criticism of Agency Compliance, House Passes Substantial FOIA Reforms

Congress has passed the FOIA Oversight and Implementation Act, H.R. 653, which would limit exemptions that allow agencies to withhold public records, create an online portal for FOIA requests, and require agencies to post frequently requested documents. Open government advocates and members of Congress have criticized federal agencies for lax compliance with the Freedom of Information Act. The House Oversight Committee concluded that "[e]xcessive delays and redactions" have undermined the Act." The FOIA Ombudsman criticized the Transportation Security Administration for its "weak management" and lack of a "FOIA tracking system." EPIC has pursued many FOIA cases. EPIC and a coalition previously urged President Obama to strengthen the FOIA by committing to a "presumption of openness" and narrowing the use of FOIA exemptions.

January 13, 2016

EPIC, Coalition Call for Congressional Hearings on Unlawful TSA Mandate for Body Scanners

EPIC and 25 organizations have urged Congress to hold a hearing on TSA's decision to end the opt-out for airport body scanners. Dozens of organizations petitioned the DHS secretary in 2010 to solicit public comments on the original program. In EPIC v. DHS the lawsuit that followed, the D.C. Circuit ruled that TSA violated federal law when it installed body scanners in airports without public comment. The agency said at the time that the body scanner program was optional. The Court also concluded because "any passenger may opt-out of AIT screening in favor of a patdown" there was no violation of the Fourth Amendment.

January 14, 2016

Court Upholds Facebook Settlement, Allows Continued Use of Kids' Images in Ads

A federal appeals court has upheld a 2013 settlement agreement in Fraley v. Facebook, a consumer privacy class action involving Facebook's use of young children's names and images for advertising without consent. That practice is currently prohibited in seven states. Questions were also raised about the cy pres determinations. In dissent, Judge Bea stated that the "district court abused its discretion in approving the final settlement." In an amicus brief to the Ninth Circuit, EPIC urged the appeals court to overturn the deal, explaining that the settlement is unfair to class members and authorizes continued privacy violations. In 2010, EPIC and a coalition of consumer privacy organizations filed an extensive complaint with the Federal Trade Commission that eventually required Facebook to improve its privacy practices.

January 15, 2016

EPIC Urges FAA to Make Drone Surveillance Capabilities Public

In comments to the FAA, EPIC urged the agency to make public the surveillance capabilities of drones operated in the United Staes. EPIC also proposed privacy safeguards for personal information. EPIC stated, "It is not the personal information of the drone registrant that should be readily available to the public, but the technical capabilities of the registered drone." The FAA recently published a rule requiring drone registration, which EPIC supported. EPIC previously sued the FAA for failing to establish privacy rules for commercial drones. EPIC v. FAA is pending before the D.C. Circuit Court of Appeals.

January 16, 2016

EPIC Urges Senate to Postpone Action on Judicial Redress Act

Today EPIC urged the Senate Judiciary Committee to postpone action on the Judicial Redress Act until the Department of Justice releases a secret data transfer agreement on which the bill is based. The so-called Umbrella Agreement outlines data transfers between law enforcement agencies in Europe and the United States. EPIC has sued the DOJ for release of the document. EPIC also urged the Senate Committee to conduct a public hearing on Privacy Act modernization following the massive data breach at the office of Personnel and Management.EPIC previously wrote to the House Judiciary Committee to recommend updates to the Privacy Act.

Senator Franken Presses Google on Student Privacy

Senator Al Franken (D-MN) asked Google to explain what the company does with student data, including: what types of data Google collects, to whom Google discloses student information, and whether students and schools “have control over what data is being collected and how the data are being used?” Senator Franken stated, “I believe Americans have a fundamental right to privacy, and that right includes a student or parent’s access to information about what data are being collected about them and how the data are being used.” EPIC has called for a Student Privacy Bill of Rights, an enforceable student privacy and data security framework.

January 20, 2016

EPIC Urges FCC to Establish Communications Privacy Protections for Consumers

EPIC has submitted a letter to the Federal Communications Commission urging the agency to undertake a rulemaking to protect the communications privacy of consumers. EPIC asked the FCC to explore "the full range of communications privacy issues facing US consumers." EPIC proposed that the FCC implement Fair Information Practices and the Consumer Privacy Bill of Rights; adopt data minimization requirements; promote Privacy-Enhancing Technologies; and require opt-in consent for the use or disclosure of consumer data. EPIC suggested that the FCC model its communications privacy rules on the Code of Fair Information Practices for the National Information Infrastructure. EPIC has worked with the FCC to promote consumer privacy in the communications field for more than 20 years.

Supreme Court Rules Settlement Offers Can't Moot Consumer Class Actions

The Supreme Court has ruled that a company cannot terminate class action litigation by strategically making a settlement offer of full relief to individual plaintiffs. The case, Campbell-Ewald Co. v. Gomez, involved a consumer who refused to drop his Telephone Consumer Protection Act lawsuit in exchange for such an offer. The defendant company argued that the offer, which exceeded the statutory damages under the TCPA, mooted his case. The Justices disagreed, ruling 6-3 that "an unaccepted settlement offer has no force. Like other unaccepted contract offers, it creates no lasting right or obligation." EPIC routinely works to protect consumer privacy interests in class action settlements.

January 22, 2016

EPIC Seeks to Intervene in Privacy Case Before European Court of Human Rights

EPIC has asked the European Court of Human Rights for permission to submit an amicus brief in a case concerning mass surveillance. Ten international human rights NGOs brought the case to challenge UK surveillance laws and practices. The case concerns Tempora, PRISM, and Upstream programs, and the interception of communications by UK intelligence services and the National Security Agency. EPIC proposes to assist the Court in understanding U.S. surveillance law, and to provide relevant information EPIC has obtained through freedom of information litigation. EPIC routinely files amicus briefs in cases concerning emerging privacy and civil liberties issues.

January 25, 2016

EPIC v. DOJ: EPIC Prevails, DOJ Releases Secret EU-US Umbrella Agreement

After months of delay, the Department of Justice has finally released to EPIC the full text of the EU-US Umbrella Agreement. EPIC sued the DOJ last year after the agency failed to act on EPIC's FOIA request for the secret agreement. Today's release comes on the heels of EPIC's opposition to the agency's attempt to further delay the Agreement's release. The Umbrella Agreement outlines data transfers between EU and US law enforcement agencies, and is the basis for the Judicial Redress Act currently before Congress. EPIC has criticized the legislation, and recently urged the Senate to delay action on the bill until the DOJ releases the Umbrella Agreement and the Judiciary Committee holds a hearing on the legislation.

EPIC and Consumer Privacy Groups File Brief Supporting FCC in Telephone Privacy Case

EPIC and six consumer privacy organizations have filed a "friend-of-the-court" brief in support of the Federal Communications Commission in ACA International v. FCC. The case was brought against the FCC by industry groups charged with violating the Telephone Consumer Protection Act. The FCC had made clear that companies cannot make automated or prerecorded calls to consumers without their consent. EPIC argued in its brief that widespread adoption of cell phones "has amplified the nuisance and privacy invasion caused by unwanted calls and text messages." EPIC and the consumer organizations urged the federal court to uphold the FCC order safeguarding consumers.

January 26, 2016

Pew Survey: Americans Unhappy with How Personal Data is Used by Companies

According to the recent survey of the Pew Research Center, Americans are cautious about disclosing personal data in commercial settings. They are also frequently unhappy with how companies use their data afterwards. For example, 55% of adults said it would be unacceptable for a "smart thermostat" to track their movements around their home in exchange for a discount on their energy bill. And a majority said it would not be acceptable for a car insurance company to monitor a driver's speed and location in exchange for safe driving discounts. EPIC had urged the Federal Trade Commission to investigate Google's acquisition of Nest and has a complaint pending before the FTC regarding "always on" devices.

January 27, 2016

U.S. Law Firm Argues U.S. Privacy Law "Essentially Equivalent"

A recent report from a U.S. law firm concludes that the United States offers essentially equivalent privacy protection to Europe. The report also finds that "This body of laws ensures that government access to data for law-enforcement and intelligence purposes is limited to what is necessary and proportionate." Of course, all travel records of Europeans are routinely transferred to the U.S. Department of Homeland Security without any legal protection. Under Section 702 of the Patriot Act, the US government routinely obtains vast amounts of personal data on non-US persons, including communications logs and website activity. Executive Order 12333 provides even broader surveillance authorities.

January 28, 2016

EPIC Gives 2016 Freedom Award to Viviane Reding

EPIC has awarded the 2016 International Champion of Freedom Award to former EU Justice Minister Viviane Reding. Ms. Reding led the effort in the European Common for adoption of the new European privacy law, the General Data Protection Regulation. The EPIC awards was presented at the annual conference on L3Computers Privacy and Data Protection in Brussels. The US EPIC Champion of Freedom Awards will be presented on June 6, 2016 in Washington, DC.

EPIC Celebrates International Privacy Day

EPIC celebrates January 28, International Privacy Day, which commemorates the signing of Convention 108, on January 28, 1981. The Privacy Convention was the first binding international treaty for privacy and data protection. EPIC and consumer organizations have called on the United States to ratify Convention 108. NGOs and Privacy experts have also expressed support for the Madrid Declaration, a substantial document that reaffirms international instruments for privacy protection, identifies new challenges, and calls for concrete actions.

January 29, 2016

"Clock is ticking" on Safe Harbor, says European Consumer Organization

BEUC, the consumer organization of the European Union, has urged European policy makers to accept a revised Safe Harbor arrangement only if it complies with the Schrems decision and "guarantees that EU citizens' fundamental rights are upheld when their data is exported to the United States." Last year, 40 consumer privacy organizations in Europe and the United States urged US Secretary Pritzker and EU Commissioner Jourova to take specific steps to close the widening EU-US data divide. Secretary Pritzker has been unwilling to meet with consumer organizations.

Schrems Responds to US Lobby Groups on Safe Harbor

In a brief but clearly argued letter to European data protection authorities, Max Schrems writes that "attempts by lobby groups and the US government to 'reinterpret' or 'overturn the clear judgement of the Union's highest court are fundamentally flawed." Schrems brought the successful case to the European Court of Justice that struck down the Safe Harbor arrangement. The Schrems letter, released on International Data Protection Day, also states that a new transfer agreement must provide "protection against government surveillance and "essentially equivalent" protection against the commercial use of data by certified companies." Max Schrems received the 2013 EPIC Champion of Freedom Award.

EPIC Urges Supreme Court to Uphold Fourth Amendment Safeguards for Police Stops

EPIC has filed a "friend-of-the-court" brief in Utah v. Strieff, a U.S. Supreme Court case about whether the Fourth Amendment allows evidence to be admitted after an illegal stop. Mr. Strieff was unlawfully detained by an officer, who checked his ID and then arrested him on an unrelated outstanding warrant. In a brief, signed by twenty-one technical experts and legal scholars, EPIC detailed a number of sweeping government databases that contain inaccurate and detailed records about Americans' noncriminal activity. EPIC argued that "a diminished Fourth Amendment standard coupled with a weakened Privacy Act is truly a recipe for a loss of liberty in America." EPIC previously argued against compelled identification during police stops in Hiibel v. Sixth Judicial District and Tolentino v. New York.

About January 2016

This page contains all entries posted to epic.org in January 2016. They are listed from oldest to newest.

December 2015 is the previous archive.

February 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.