« April 2016 | Main | June 2016 »

May 2016 Archives

May 2, 2016

EPIC Sues TSA to Block Mandatory Body Scanners at US Airports

EPIC has filed a lawsuit challenging the Transportation Security Administration's regulation for airport body scanners. The TSA announcement came nearly five years after a federal appeals court ordered the agency to "promptly" solicit public comments on the controversial screening procedure. Public comments overwhelmingly favored less invasive security screenings. But the TSA decided it may now mandate body scanners at US airports. In 2011, EPIC challenged the intrusive and ineffective TSA screening procedure. EPIC's new lawsuit challenges the regulation because it "denies passengers the right to opt out" of body scanner screening. EPIC also challenged the effectiveness of airport body scanners and the TSA's failure to recommend less invasive security screening.

May 3, 2016

Intelligence Court Skeptical of Some FISA Applications

The Department of Justice has published the 2015 FISA report, which summarizes the use of the Foreign Intelligence Surveillance Act. The report also details the number of applications rejected or modified by the FISA Court (FISC). Overall, the Government’s applications for FISA warrants has declined since 2003  but there was a slight uptick this year with 1,456 orders granted. A significant number of orders were modified by the FISC. The FISC modified 80 orders and the Government even withdrew one application. Prior to the USA FREEDOM Act, which limited bulk collection under section 215, the FISC modified many of those orders.

May 5, 2016

NY Attorney General Reports 40% Increase in Data Breaches

New York Attorney General Eric Schneiderman announced that his office has received 459 notices of data breaches impacting New Yorkers so far in 2016, representing a 40 percent increase over the same period last year. The office expects to receive a record-setting thousand notices or more this year. "Data breaches are an escalating threat to our personal and national security, and companies need to do more to ensure reasonable security practices and best standards are in place to protect our most sensitive information," said Schneiderman. EPIC recently launched “Data Protection 2016,” a non-partisan campaign to make data protection an issue in the 2016 election.

FAA Announces Drone "Advisory Committee"

Yesterday FAA Administrator Michael Huerta announced that the FAA will establish a Drone Advisory Committee. According to Administrator Huerta, the committee "will help identify and prioritize integration challenges and improvements." Intel CEO Brian Krzanich will chair the committee. The Federal Advisory Committee Act requires federal agencies to ensure that advisory committees are “objective and accessible to the public.” EPIC previously criticized the FAA Drone Registration Task Force, which met in secret and includes no consumer groups. EPIC is currently suing the FAA for the secret meeting records of the Registration Task Force. EPIC previously sued the FAA for failing to establish privacy rules for commercial dronesEPIC v. FAA is pending before the D.C. Circuit Court of Appeals.

White House Report Points to Risks with Big Data

A new White House report "Big Data: A Report on Algorithmic Systems, Opportunity, and Civil Rights" points to risks with big data analytics. According to the authors, "[t]he algorithmic systems that turn data into information are not infallible--they rely on the imperfect inputs, logic, probability, and people who design them." An earlier White House report warned of "the potential of encoding discrimination in automated decisions." EPIC launched a campaign on "Algorithmic Transparency" after warning about the risks of secretive decision making coupled with "big data."

May 6, 2016

EPIC Urges California Supreme Court to Protect Open Records Law

EPIC has urged the California Supreme Court to reverse a lower court decision that blocked public release of records about "automated license plate readers" operated by the state police. The lower court held that information about the public surveillance system was an “investigative record” under California law. EPIC’s amicus brief stated, "Public scrutiny is essential to counter the unique threats posed by these programs of broad-scale surveillance." EPIC had obtained documents about the FBI’s license plate reader program under the FOI law. Those records revealed that the FBI failed to address the system's privacy implications.

May 8, 2016

Federal Court Upholds Photo Tagging Suit Against Facebook

A federal judge has rejected Facebook's argument that the company did not violate an Illinois law that requires companies to obtain consent from consumers before collecting biometric data such as a "faceprint." Describing the biometric privacy law, the court said that Facebook's position was "antithetical to its broad purpose of protecting privacy in the face of emerging biometric technology." In 2011, EPIC filed a complaint with the Federal Trade Commission, arguing that the facial identification of users was an unfair and deceptive trade practice. In 2012, EPIC urged the FTC to suspend facial recognition "until adequate safeguards and privacy standards are established." Canada and Europe have since required Facebook to suspend the use of photo tagging.

May 9, 2016

EPIC FOIA - Secret Drone Task Force Records Disclosed

In response to EPIC's FOIA lawsuit, the Department of Transportation has released the minutes of a secret meeting  of the FAA drone task force. The task force included industry groups such as GoogleX, Amazon, and DJI, but consumer groups and privacy advocates were excluded from the hastily created advisory committee. The documents shed light on the secret meetings held last November. Several participants warned about privacy risks in drone deployment. The minutes also stated, "Current state of non-regulation negatively affects the public perception of drones. There is no regulatory recourse for anyone who is negatively affected by a small UAV [drones]." EPIC has urged the agency to do more to safeguard the public, and in EPIC v. FAA, challenged the FAA's failure to establish privacy regulations for drones.

May 10, 2016

Court Rules EPIC Must Wait to Challenge Missing Drone Privacy Rules

The federal appeals court in Washington, DC ruled today that EPIC’s suit against the Federal Aviation Administration must be set aside because the agency has not yet finalized the rules for drone operations in the United States. EPIC previously filed suit against the FAA after more than 100 groups and experts petitioned the agency to conduct a rulemaking on drone privacy. The FAA has repeatedly acknowledged the need to address privacy in drone operations, but has so far refused to adopt any privacy rules. In a related case, EPIC recently uncovered the minutes of a secret FAA drone task force. According to one of the participants, the “Current state of non-regulation negatively affects the public perception of drones. There is no regulatory recourse for anyone who is negatively affected by a small UAV [drones]."

EPIC Urges Senate to Back Comprehensive Communications Privacy Protection

EPIC has sent a letter to the Senate Judiciary Committee in advance of a hearing on "Examining the Proposed FCC Privacy Rules." EPIC pointed to growing public concerns about the loss of privacy and the need to update federal privacy laws. EPIC explained that the neither Federal Communications Commission or the  Federal Trade Commission has done enough to safeguard consumer privacy. EPIC warned that the "failure to modernize our privacy law is imposing an enormous cost on American consumers and businesses."

May 12, 2016

Top EU Legal Advisor Says IP Addresses are PII

The Advocate General, top advisor to the European Court of Justice, has issued an opinion today about Internet anonymity. He found that dynamic IP addresses are personal data subject to data protection law. The opinion concerns the case of German pirate party politician and privacy activist Patrick Breyer who is suing the German government over logging visits to government websites. "Generation Internet has a right to access information on-line just as unmonitored and without inhibition as our parents read the paper," says Breyer. The opinion is not legally binding but "is usually a good indication of how the court will eventually rule". EPIC has supported Internet anonymity since the 1990s and brought a similar challenge to the US government tracking of users of government website.

May 13, 2016

Senator Leahy Calls for FISA Reforms

The Senate Judiciary Committee held a hearing on the FISA Amendments Act, a law that grants the government broad surveillance powers over Internet communications. The Act, commonly referred to as "Section 702,: is the basis for the NSA’s “PRISM” program. EPIC testified before the House Judiciary Committee in 2012 on the need to limit the scope of Section 702 surveillance and to improve transparency of the Foreign Intelligence Surveillance Court. US and EU NGOs have since called for the end of the section 702. This week Senator Patrick Leahy (D-VT) stated that "additional reforms are needed to protect Americans’ privacy, and restore global trust in the U.S. technology industry."

May 15, 2016

FTC Issues Guidelines for Employment Background Screening

The Federal Trade Commission has issued new guidelines for companies that sell employment background checks.  Under the Fair Credit Reporting Act  companies must ensure “maximum possible accuracy” in reports about job applicants. The FTC warns that a background report incorrectly listing a criminal conviction based on bad records match —for instance, a person with a different middle name than the applicant—could violate FCRA. EPIC recently filed an amicus brief in a case brought by David A. Smith, who was denied employment after a background report incorrectly included the criminal records of David O. Smith.

May 16, 2016

Supreme Court Remands Consumer Privacy Case for Further Consideration

The Supreme Court has ruled in Spokeo v. Robins, a case brought under the Fair Credit Reporting Act concerning the sale of inaccurate personal data. The Court said it was necessary to determine whether plaintiffs injuries were sufficiently "concrete." Justice Ginsburg, in a dissenting opinion, wrote that remand was unnecessary, "Spokeo's misinformation 'cause[s] actual harm to [his] employment prospects.'" EPIC filed an amicus brief, joined by thirty-one technical experts and legal scholars, citing the national epidemic of data breaches. EPIC wrote  this is "not the time for the Supreme Court to limit the ability of individuals to seek redress for violations of privacy rights set out by Congress."

Lack of Privacy Impacts Internet Use, Economy, Says NTIA Survey

A recent study by the National Telecommunications and Information Administration found that nearly half of Internet users in the US refrained from online activities due to privacy and security concerns. Identity theft was the top concern, cited by 63 percent of respondents, followed by financial fraud, noted by 45 percent. Nearly a quarter of Americans cited concerns about online tracking. “In addition to being a problem of great concern to many Americans, privacy and security issues may reduce economic activity and hamper the free exchange of ideas online,” NTIA concluded. EPIC has supported enactment of the Consumer Privacy Bill of Rights and recently launched “Data Protection 2016,” a non-partisan campaign to make data protection an issue in the 2016 election.

May 17, 2016

EPIC Urges Appeals Court to Strike Down Voter ID Law

EPIC has urged a federal appellate court to find unconstitutional a Texas law that requires voters to obtain photo IDs. A lower court held that Senate Bill 14 violates the Voting Rights Act and burdens the constitutional right to vote. Texas appealed. In response, EPIC argued that the ID requirement also burdens the constitutional right of informational privacy. “Individuals should not be subject to excessive identification requirements to exercise fundamental democratic rights,” EPIC stated. EPIC has previously filed amicus briefs defending the right to informational privacy.

Continue reading "EPIC Urges Appeals Court to Strike Down Voter ID Law" »

May 19, 2016

Justice Department Releases 2016 FOIA Reports

The Justice Department has released an assessment of the 2016 FOIA compliance reports. Every year, federal agencies prepare reports describing steps taken to implement President Obama's Memo and former AG Eric Holder's Guidelines. The DOJ grades FOIA compliance in five areas: applying the presumption of openness, effective and responsive systems, proactively releasing information, utilizing technology, and reducing backlogs and improving response times. The Senate recently passed by unanimous consent the Freedom of Information Improvement Act of 2015; the bill is now in the House. EPIC and other open government organizations have called on President Obama to strengthen the FOIA.

Senators Introduce Bill to Block Broad Remote Hacking Rules

Senators Wyden, Paul, Baldwin, Daines, and Tester have introduced the Stop Mass Hacking Act of 2016.  The law would block amendments to Rule 41 of the Federal Rules of Criminal Procedure that were recently issued by the Supreme Court. The amendments authorized judges to issue "remote access" warrants to search computers even when the targets are outside the jurisdiction of the court. EPIC criticized the Rule 41 change in a statement last year. Unless Congress takes action to block the Rule 41 amendments by December 1, the government’s surveillance authority will be expanded significantly.

Continue reading "Senators Introduce Bill to Block Broad Remote Hacking Rules" »

Senate Examines "Do Not Call" Law

The Senate Commerce Committee held a hearing yesterday on the Telephone Consumer Protection Act. The "TCPA" bars telemarketers and robocallers from contacting consumers by phone or fax without prior express consent. In January, EPIC filed an amicus brief to provide greater TCPA protections for consumers.  EPIC said that widespread use of cellphones “has amplified the nuisance and privacy invasion caused by unwanted calls and text messages.” EPIC has testified before Congress about the TCPA and submitted many comments concerning the implementation of the consumer privacy law.

May 20, 2016

Federal Court Strikes Down Obstacle to Student FOIA Requests

A federal appeals court has ruled that government agencies must give students who pursue Freedom of Information Act requests favorable fee treatment. The case involved a Ph.D. student who was charged $900 to process a FOIA request. The Department of Defense contended that students are not entitled to the favorable fee standards of “educational institutions." The D.C. Circuit disagreed and ruled today that “[s]tudents who make FOIA requests to further their coursework or other school-sponsored activities are eligible for reduced fees under FOIA because students, like teachers, are part of an educational institution.” In 2011, EPIC criticized the practice of charging students extra fees for FOIA requests, calling the government’s position “absurd.”

May 23, 2016

EPIC, Coalition Recommend Improvements to U.S. Open Government Plan

EPIC and a coalition of open government groups have urged the country’s trade agency to improve the open government plan for the United States. The coalition called on the United States Trade Representative to (1) make public the rules for trade negotiations, (2) publish comprehensive updates after each round of negotiation, and (3) appoint an independent transparency officer. EPIC and others also developed model Freedom of Information Act Regulations that would apply across the government.

Continue reading "EPIC, Coalition Recommend Improvements to U.S. Open Government Plan" »

May 25, 2016

EPIC to OPM: "If You Can't Protect It, Don't Collect It"

In comments to the Office of Personnel Management, EPIC urged the federal agency to limit the personal data it collects from job applicants. OPM currently gathers detailed personal information, including biometric data, Social Security numbers, educational history, medical records, foreign travel, drug use, and financial records. In 2015, OPM lost the personal data of 21.5 million people in a massive data breach. The OPM Director and CIO were forced to resign. OPM now proposes to collect even more personal data on more people, including distant relatives of job applicants. EPIC has previously urged the Supreme Court to recognize a right of "information privacy" that would limit the ability of the federal government to collect personal information.

May 26, 2016

European Parliament Requires Changes to Privacy Shield

The European Parliament called for changes in the draft arrangement to permit data transfers to the United States. The Parliament said that officials must "fully implement" privacy recommendations and negotiate further changes to the "Privacy Shield." The European Data Protection Supervisor is expected to issue an opinion on the data transfer arrangement next week. EPIC and other consumer and privacy organizations have said that the Privacy Shield fails to provide adequate safeguards for consumers.

May 27, 2016

Amendment Would Overturn Model Facial Recognition Privacy Law

The Illinois Biometric Information Privacy Act is one of the strongest facial recognition laws in the country. Enacted in 2008, the law prohibits the use of biometric recognition technologies without consent and provides for meaningful enforcement. But a proposed amendment would undercut legal protections, exempting facial recognition software from the law. A pending lawsuit against Facebook alleges that the company violates the law by amassing a database of users’ faceprints “without even informing its users — let alone obtaining their informed written consent.” EPIC has urged a moratorium for such surveillance techniques, pending the enactment of strong privacy laws such as those in Illinois. In much of the world, facial recognition software is illegal.

Federal Court Leaves Digital Search Law Unresolved

A federal appeals court ruled today that the government did not violate the Fourth Amendment by keeping a copy of files for more than two years after an investigation because it acted in "good faith." EPIC argued that the government must adopt data minimization practices and that the use of evidence was unlawful. In a dissenting opinion, Judge Chin wrote  that the search violated the Fourth Amendment.

Continue reading "Federal Court Leaves Digital Search Law Unresolved" »

EPIC Calls for Strong Communications Privacy Rules

EPIC has urged the Federal Communications Commission “to fully apply" the Consumer Privacy Bill of Rights to all communications services. The FCC's proposed privacy rules would regulate only broadband services and are based on the weak "notice and choice" framework.EPIC said the agency should endorse data minimization requirements, promote Privacy-Enhancing Technologies, and require opt-in consent. EPIC also urged the Commission to regulate all companies that gather consumer data for communications services.

May 31, 2016

Top European Privacy Official Rejects EU-US "Privacy Shield"

The European Data Protection Supervisor has determined that "Privacy Shield is not robust enough to withstand future legal scrutiny." He called for changes in the draft arrangement to permit data transfers to the United States. "Significant improvements are needed," said Giovanni Buttarelli. The Article 29 Working Party, the European Parliament, and a coalition of EU and U.S. consumer organizations have also opposed the data transfer proposal. Citing rampant data breaches in the United States, NGOs have urged strong safeguards for privacy and data protection.

About May 2016

This page contains all entries posted to epic.org in May 2016. They are listed from oldest to newest.

April 2016 is the previous archive.

June 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.