« January 2016 | Main | March 2016 »

February 2016 Archives

February 2, 2016

Anticipating Annulment, EU-US Negotiators Sign Off on "Privacy Shield"

Disregarding a decision of the European Court of Justice, negotiators for the US Commerce Dept., the FTC, and the European Commission have agreed to allow the continued transfer of consumer data without adequate legal protection. A virtually identical arrangement was recently struck down by the Court in the Schrems case as a violation of multiple rights of Europeans, including rights to privacy, data protection, and effective redress. Consumers in the US have also expressed concern about rising levels of data breach, identity theft, and financial fraud. EPIC and many EU and US consumer organizations urged negotiators to establish strong safeguards for the transfer of personal data.

February 3, 2016

Privacy Commissioners to Review "Privacy Shield"

The Article 29 Working Party, the association of European Data Protection Commissioners, has said it will review the adequacy of the "Privacy Shield" proposal for transborder data flows. The Working Party said there must be (1) clear and precise rules, (2) a "necessary and proportionate" standard for data collection and access, (3) independent oversight, and (4) effective remedies for the individual. The Working Party also said it must first receive the relevant documents to assess the legal force of the arrangement and whether it will resolve "wider concerns raised by the Schrems judgement."

February 4, 2016

EPIC Seeks Release of "Privacy Shield," Secret Data Transfer Agreement

EPIC has filed emergency Freedom of Information requests with the US and the EU for release of a secret agreement for the transfer of personal data across the Atlantic. A new framework was required by a recent decision of the European Court of Justice. But European and American consumer organizations say the "Privacy Shield" does not provide adequate protection for the transfer of personal data. EPIC stated, “The public has a right to know whether this agreement provides adequate legal protection.” EPIC previously obtained the secret EU-US Umbrella Agreement in FOIA litigation.

Court Orders DOJ to Justify Withholding of FISA Reports in EPIC FOIA Suit

A federal court in Washington, DC ruled today that the Justice Department's explanation for withholding information about the Foreign Intelligence Surveillance Court was "manifestly insufficient." In EPIC v. Department of Justice, EPIC is seeking release of FISA surveillance reports routinely provided to Congress. The court ordered the government to submit the reports for review, and to provide specific reasons for withholding the material sought by EPIC. For almost 20 years, EPIC has made available information about FISC orders and surveillance reports. As EPIC explained to the court, release of these materials is of the "utmost importance to the public."

February 7, 2016

EPIC Launches "Data Protection 2016" to Make Privacy a Campaign Issue

Noting widespread concern about the state of privacy in America, EPIC has launched "Data Protection 2016," a non-partisan campaign to make data protection an issue in the 2016 election. EPIC President Marc Rotenberg said, "Data breaches, identity theft, and government surveillance are critical issues facing American voters, yet the candidates have said hardly a word." Security expert Bruce Schneier said, "Privacy is a critical issue that touches many aspects of Americans' lives. The Presidential candidates need to have a plan to protect our personal information." DataProtection2016 shows widespread support for stronger privacy protections in the United States. Campaign materials, including buttons and stickers, are available. Donations will support the work of EPIC.

February 9, 2016

Hackers Breach US Government Database, No Recourse for Non-Americans

Less than a week after the European and US governments struck a deal for a framework to permit transborder data flows of personal data, hackers breached sensitive personal data at the US Department of Homeland Security. The DHS stores vast amounts of personal information on non-US persons, including detailed travel information. Under current law, non-US persons have no legal rights when federal agencies fail to safeguard their personal data. EPIC is seeking release of the so-called "Privacy Shield" and has launched a new campaign to promote Data Protection in the United States.

EPIC to Argue before Federal Appeals Court for Drone Privacy Rules

EPIC President Marc Rotenberg will argue EPIC v. FAA before the D.C. Circuit Court of Appeals on February 10, 2016. EPIC, joined by more than 100 groups and experts, petitioned the agency to conduct a public rule-making on the privacy impact of increased drone deployment in the United States. The FAA acknowledged the importance of privacy and responded in November 2014 that it would undertake the rulemaking. But in early 2015, the agency reversed course and announced it would not establish privacy safeguards for commercial drones. As of February 5, 2016, the agency has granted more than 3,300 waivers to drone operators who lack certification to demonstrate airworthiness.

February 10, 2016

Department of Commerce: Privacy Shield "does not exist"

As a response to EPIC's Freedom of Information request for the "Privacy Shield," the Commerce Department responded that "the record you requested does not exist." EU and US officials celebrated earlier this month that the EU and the US reached an agreement for transatlantic data transfers but they did not make the agreement public. Apparently there was nothing to make public since the agreement does not exist. The EPIC FOIA request is designated DOC-ITA-2016-000577.

February 11, 2016

Google Concedes "Right to be Forgotten" Applies Worldwide

After waging an unproductive battle against the privacy rights of Internet users, Google will finally remove links to sensitive personal information. Google had challenged the legal authority of the Spanish people to protect their personal information, but lost the case Google v. Spain before the top court in Europe. Google then claimed that the links to personal data should only be removed in the country where the Internet user resided. Privacy experts said Google's position made no sense for the "global Internet." The French data protection agency threatened Google with sanctions. Google again fought back, claiming it did not need to comply with decision of the Court of Justice of the European Union. Now the company has decided to comply with the law.

February 12, 2016

"Judicial Redress Act" Provides Little Redress

The Judicial Redress Act of 2015, enacted by Congress and now on to the President for signature, fails to extend Privacy Act protections to non-U.S. citizens. EPIC previously recommended changes to protect transborder data flows. The bill, as adopted, coerces European countries to transfer data to the US, even without adequate protection, or be denied legal rights. Congress adopted the narrow amendment to the Privacy Act without any changes to benefit U.S. citizens even after a data breach compromised 21.5 records maintained by the Office of Personnel Management. EPIC explained that the OPM breach made clear the need for updates to the federal privacy law.

February 17, 2016

EPIC Prevails in Passenger Screening Lawsuit Against DHS

EPIC has prevailed in EPIC v. DHS, a case involving a controversial passenger screening program operated by Customs and Border Protection. The agency combines detailed personal information with secret algorithms to assign "risk assessments" to travelers, including US citizens. EPIC sued the DHS and argued that the agency unlawfully withheld records under the Freedom of Information Act. Today, a federal judge concluded that EPIC "has the more convincing argument" and that the agency failed to disclose information about the "Analytic Framework for Intelligence" program.

Apple Opposes FBI Decryption Order

Apple has opposed a court order that would require the company to make changes to the iPhone to enable law enforcement access to personal information. The order followed an FBI application under the All Writs Act, a law from 1789. Apple CEO Tim Cook wrote in response that the government's action "would undermine the very freedoms and liberty our government is meant to protect." In 2015, EPIC gave the Champion of Freedom Award to Mr. Cook for his work protecting privacy and promoting encryption. The EPIC 2016 Awards dinner will be held June 6 in Washington, DC.

February 18, 2016

California AG Releases 2016 Data Breach Report, Retail and Financial Sectors Most Vulnerable

A new report from California Attorney General Kamala Harris examines data breaches in California from 2012 to 2015. There were 657 data breaches during the last four years, which compromised over 49 million records. The retail sector experienced the largest share of breaches at 25%, followed by the financial sector at 18%. Among several recommendations, the report recommends that organizations adopt strong encryption. "Government and the private sector have a shared responsibility to safeguard consumers from threats to their privacy, finances, and personal security," Attorney General Harris stated. The Attorney General received a 2015 EPIC Champion of Freedom Award. EPIC recently launched "Data Protection 2016," a non-partisan campaign to make data protection an issue in the 2016 election.

February 22, 2016

Supreme Court to Consider Fourth Amendment ID-Check Case

The Supreme Court will hear arguments today in Utah v. Strieff. At issue is the use of evidence obtained from government databases following an illegal police stop. In a brief signed by twenty-one technical experts and legal scholars, EPIC warned about the vast amount of personal data, much of it inaccurate, stored in government databases and pointed to the failure of the Justice Department to enforce Privacy Act safeguards. EPIC argued that "a diminished Fourth Amendment standard coupled with a weakened Privacy Act is truly a recipe for a loss of liberty in America." EPIC had filed amicus briefs in several related Supreme Court cases, including Hiibel v. Sixth Judicial District, Tolentino v. New York, and Herring v. U.S..

February 23, 2016

President Announces $19 billion Cybersecurity Plan

President Obama has proposed a $19 billion Cybersecurity National Action Plan that aims to modernize government IT and improve Americans' cybersecurity. The government will reduce reliance on social security numbers and promote increased use of multi-factor authentication. The plan will also establish a Commission on Enhancing National Cybersecurity. A Federal Privacy Council will coordinate federal privacy guidelines but lacks authority to enforce Privacy Act obligations. EPIC has repeatedly urged federal agencies to uphold Privacy Act protections.

EPIC Recommends Greater Accountability for Government Screening Database

EPIC submitted comments to DHS urging the agency to improve transparency and privacy protections for the controversial Terrorist Screening Database that is used for Watchlist programs, such as the No Fly List, containing information that is often inaccurate and incomplete. The agency solicited comments on a proposal to remove Privacy Act safeguards while simultaneously expanding data collection and distributing data more widely across the DHS. EPIC and many other organization opposed the establishment of the Screening Database and called for the suspension pending a full review of the privacy and security implications. EPIC has testified before Congress about the risks of the Watchlist program.

EPIC FOIA - Information about Controversial DNA Forensic Technique Released

In response to EPIC's FOIA request, the California Department of Justice has released records on a controversial forensic technique. The records show that in 2014, the state agency spent more than $300,000 on STRMix, a secret technique for matching DNA. Investigators in Australia subsequently found an error in the STRMix code that produced incorrect results in 60 criminal cases, including a high-profile murder case. STRMix promises prosecutors the ability to "[c]arry out familial searches against a database, searching for close relatives of contributors to mixed DNA profiles" but the algorithm remains secret. EPIC is pursuing FOIA requests on the secret DNA matching algorithms with state agencies across the U.S.

February 24, 2016

Writers Side with Apple in Encryption Fight with FBI

In a letter to the Attorney General, leading writers and artists protested the FBI's "efforts to force Apple to create software that could effectively enable the U.S. government to unlock any iPhone." The letter from the PEN America Center highlights how "intrusions on privacy damage creative expression and free speech." EPIC has long supported strong encryption as key to the future of privacy and security. EPIC recently gave the 2015 Champion of Freedom Award to Apple CEO Tim Cook for his work in promoting encryption and protecting privacy and security. The 2016 EPIC Awards dinner will be held on June 6th in Washington, DC.

February 25, 2016

House Members Seek Answers on FBI Stingray Agreements

Two leading members of the House Judiciary Committee sent a letter to FBI Director James Comey regarding Stingray surveillance devices, which intercept cellphone communications. Representative Jim Sensenbrenner (R-Wisc) and Representative Sheila Jackson Lee (D-Tx) sharply criticized the FBI's use of "non disclosure agreements" that prohibit local law enforcement agencies from discussing the use of Stingrays, even in court proceedings. The representatives noted that such secrecy "shields the technology from debate." They asked the FBI to answer specific questions about the agreements. In 2013, EPIC first uncovered these secret Stingray agreements in a Freedom of Information Act suit against the FBI.

Apple Opposes FBI Decryption Order

Today Apple filed a "motion to vacate" a court order that would require the company to make changes to the iPhone to enable law enforcement access to personal information. In its brief, Apple asserts that this case is about "the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe." Apple argued that the FBI's requested court order violates the First and Fifth Amendments. Consumer Reports found that more than 3.1 million cellphones were stolen in 2013, and noted that "efforts by the telecom industry to reduce thefts don't seem to be helping matters." In 2015, EPIC gave the Champion of Freedom Award to Apple CEO, Tim Cook, for his work protecting privacy and promoting encryption.

February 26, 2016

European Commission Wrongly Denies EPIC's Request For "Privacy Shield"

The European Commission has wrongly denied EPIC's Freedom of Information request for the text of the "Privacy Shield." The Commission said the adequacy decision about Safe Harbor is "in preparation" and "negotiations with the U.S. are still ongoing." The Commission confused the text of the political agreement, known as "the Privacy Shield," with a legal determination about whether the agreement meets EU data protection law. EPIC will pursue public release of the Privacy Shield, which was previously announced, and then the release of the adequacy determination when it is final. EU and US Consumer and privacy organizations have opposed the agreement because it fails to provide adequate privacy protections.

NSA to Disclose Agency Records to Other Federal Agencies, Implicating Federal Privacy Act

According to the New York Times, the NSA plans to disclose intercepted private communications to other federal agencies, including records of communications concerning US persons. The substantial change in agency practices "would relax longstanding restrictions on access to the contents of the phone calls and email." In 2013, EPIC and a group of legal scholars and technical experts, petitioned the NSA to undertake a public rule making on "the agency's monitoring and collection of communications traffic within the United States." EPIC has previously urged the Department of Defense to ensure that the NSA complies with the federal Privacy Act and has opposed expansion of the "Operations Records" database.

February 29, 2016

"Privacy Shield" Released, New Questions Raised

The text of the "Privacy Shield" was released today by European Commission and the US Department of Commerce. The arrangement was intended to bring EU-US data transfers in line with the recent decision of the European Court of Justice in the Schrems case. But the framework appears to provide less protection than the Safe Harbor arrangement it replaces. New exceptions take broad categories of personal data entirely outside the scope of the agreement. Max Schrems said "this is far from what the Court required and does not seem like a stable solution." Privacy experts will now assess the text and determine whether it provides an adequate basis for the transfer of personal data. EU and US NGOs have urged the US to update its privacy laws.

NY District Court Denies Government Demand to Unlock iPhone

Magistrate Judge Orenstein denied a government request under the All Writs Act to force Apple to unlock an iPhone. Judge Orenstein stated "the government's construction of the [All Writs Act] produces absurd results in application." The ruling comes the day before a Congressional hearing to address recent efforts to force Apple to decrypt iPhones. Apple is opposing a court order in another case that would require the company to make changes to the iPhone to enable government access. In 2015, EPIC gave the Champion of Freedom Award to Apple CEO, Tim Cook, for his work protecting privacy and promoting encryption.

About February 2016

This page contains all entries posted to epic.org in February 2016. They are listed from oldest to newest.

January 2016 is the previous archive.

March 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.