« October 2016 | Main | December 2016 »

November 2016 Archives

November 3, 2016

Second Legal Challenge Launched Against "Privacy Shield"

La Quadrature du Net, a French privacy organization, has launched a legal challenge to “Privacy Shield,” a controversial framework for the transfer of personal data from Europe to the United States. This lawsuit follows a similar  challenge brought by the Irish group Digital Rights Ireland. "Privacy Shield" was the response of EU and US politicians after the European Court of Justice determined that there was insufficient legal protection for transatlantic data transfers. NGOs in the United States and Europe had urged the adoption of a comprehensive framework for data protection and said that Privacy Shield was not adequate. EPIC also testified before Congress on the need to update US privacy law. EPIC is currently participating as amicus curiae in related case brought by privacy advocate Max Schrems.

November 4, 2016

House Members Urge FTC to Examine Internet-of-Things

In the wake of October's massive distributed denial of service attack, two members of Congress have sent a letter to Federal Trade Commission Chairwoman Edith Ramirez urging the FTC to protect consumers from insecure Internet of Things devices. Rep. Frank Pallone, Jr. and Rep. Jan Schakowsky, senior members of the House Energy and Commerce Committee, wrote that the FTC should "immediately use all the tools at its disposal to ensure that manufacturers of IoT devices implement strong security measures." EPIC is at the forefront of policy work on the Internet of Things, recommending safeguards for connected cars, "smart homes," 'consumer products, and "always on" devices. EPIC recently urged the federal government to establish legal requirements to promote Privacy Enhancing Technologies, limit user tracking, minimize data collection, and "ensure security in both design and operation of Internet-connected devices."

November 7, 2016

EPIC, Consumer Coalition Defend FTC Authority Over Common Carriers

EPIC joined a coalition of consumer advocates to challenge a recent federal court decision that would limit the Federal Trade Commission's authority over companies engaged in "common carrier" activities. In an amicus brief filed with the Ninth Circuit Court of Appeals, the consumer coalition urged reconsideration of the court's decision that the common carrier exemption to FTC authority is status-based, not activity-based. The brief warned the decision "could immunize from FTC oversight a vast swath of companies that engage in some degree in common carrier activity." Internet companies such as Google that offer some broadband service could be entirely exempt from consumer protection regulation. EPIC previously filed an amicus brief in FTC v. Wyndham to defend the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards."

EPIC Urges OMB to Strengthen Privacy Act Safeguards

EPIC has submitted comments on Circular A-108, guidelines proposed by the Office of Management and Budget for federal agency compliance with the Privacy Act. EPIC warned that agencies frequently misuse exceptions to the Privacy Act to circumvent important safeguards required by law. EPIC urged the OMB to "strengthen its guidance on federal agency implementation of the Privacy Act" and to limit the 'routine use' exemption. EPIC regularly comments on privacy safeguards for federal databases and has urged Congress to modernize the Privacy Act.

European Parliament Explores Algorithmic Transparency

A hearing today in the European Parliament brought together technologists, ethicists, and policymakers to examine "Algorithmic Accountability and Transparency in the Digital Economy." Recently German Chancellor Angela Merkel spoke against secret algorithms, warning that that there must be more transparency and accountability. EPIC has promoted Algorithmic Transparency for many years and is currently litigating several cases on the front lines of AI, including EPIC v. FAA (drones), Cahen v. Toyota (autonomous vehicles), and algorithms in criminal justice. EPIC has also proposed two amendments to Asimov's Rules of Robotics, requiring autonomous devices to reveal the basis of their decisions and to reveal their actual identity.

As Voters Go To Polls, EPIC Backs "Data Protection 2016," Secret Ballot

With voters heading to the polls for the 2016 Presidential election, EPIC has urged national focus on "data protection," calling it "the most important, least well understood issue" of this election season. Together with Common Cause and Verified Voting, EPIC also published a report on the importance of the secret ballot for democratic decision making. And EPIC's Freedom of Information Act litigation has uncovered flaws in online voting reported by the Department of Defense in a 2011 report. EPIC is non-partisan, educational organization and does not endorse candidates for public office.

EPIC FOIA Lawsuit Reveals Failure to Conduct Privacy Assessments for DEA Surveillance Programs

In response to an EPIC FOIA lawsuit, EPIC has learned that the Drug Enforcement Administration never completed privacy impact assessments for the agency's massive license plate reader program, a telecommunications records database, and other systems of public surveillance. Despite a federal judge instructing the agency to search for records in response to the FOIA lawsuit, the DEA failed to produce the privacy assessments required by law. The outcome of EPIC v. DEA raises questions about the privacy review of the agency systems funded by Congress. EPIC is currently litigating a similar lawsuit against the FBI.

November 8, 2016

EPIC Urges FTC to Strengthen "Safeguard Rule"

In comments to the FTC, EPIC has asked the agency to strengthen the  Safeguards Rule, which sets out basic security standards for the processing of consumer information. EPIC urged the agency to expand the scope of the Rule, which now only applies to financial institutions. EPIC also recommended that the FTC mandate compliance with the Rule and require data minimization. EPIC has previously urged the Commission to enforce the Safeguards Rule against both financial and non-financial institutions and has also recommended data minimization to safeguard consumer privacy.

UK Information Commissioner Suspends WhatsApp Data Transfer to Facebook

Facebook has agreed to suspend targeted advertising for UKWhatsApp users. The decision follows an investigation by UK Information Commissioner Elizabeth Denham. "I don't think WhatsApp has got valid consent from users to share the information," Denham stated. WhatsApp announced in August that it would transfer its users verified phone numbers to Facebook in violation of previous privacy promises. EPIC then filed a complaint with the FTC and more than a dozen US consumer groups backed the efforts. Then European Union privacy officials and officials in Spain, Germany, India, and Italy opened investigations. Back in the US, the Commission said it will "carefully review" EPIC's complaint. The FTC has previously stated, "When companies tell consumers they will safeguard their personal information, the FTC can and does take law enforcement action to make sure that companies live up these promises."

November 14, 2016

EPIC Sues FBI Over Biometric Data Program

EPIC has filed a FOIA lawsuit against the Federal Bureau of Investigation for information about the agency's plans to transfer biometric data to the Department of Defense. The FBI maintains one of the world's largest biometric databases, known as the "Next Generation Identification" system, but the FBI has resisted maintaining privacy safeguards. The Bureau previously proposed to exempt the database from many of the safeguards in the federal Privacy Act, which EPIC opposed. Then EPIC, following a FOIA lawsuit, obtained documents that revealed an error rate up to 20% for facial recognition searches in the FBI database. Now EPIC has filed an open government lawsuit to obtain a secret document that details the transfer of personal data in the FBI system to the Department of Defense. [Press Release]

November 21, 2016

EPIC FOIA: EPIC Obtains Secret Inspector General Reports

Through a Freedom of Information Act lawsuit EPIC has obtained nonpublic reports from the Department of Justice's Inspector General. The documents include audits of drug control funds. Another set of documents include audits of other grant programs, as well as a list of information security audits conducted since 2005. EPIC also obtained a previously unpublished audit of a state lab's DNA database. The mission of the DOJ Inspector General is "to detect and deter waste, fraud, abuse, and misconduct in DOJ programs and personnel." EPIC also recently sued the Federal Bureau of Investigation to obtain information on the massive biometric database "Next Generation Identification."

EPIC Prevails in Internet Surveillance Case

A federal judge in Washington, DC has granted EPIC attorney's fees in a long-running case against the Department of Homeland Security. In 2012 EPIC sued the DHS for information about a secret program to monitor Internet traffic. The "Cyber Pilot" program applied originally to defense contractors, but a 2012 Executive Order dramatically expanded the program, raising concerns about violations of federal wiretap law. EPICs lawsuit produced the release of several thousand pages on the program. In today's extensive opinion, Judge Gladys Kessler concluded that EPIC "substantially prevailed in this litigation" and that EPIC had added "to the fund of information that citizens may use in making vital political choices." The Court awarded EPIC substantial attorneys fees for its work in the case.

EPIC Asks FTC to Continue "Disposal Rule"

In comments to the FTC, EPIC continued support for the FTC's Disposal Rule, which requires that businesses to take reasonable steps to protect consumer information against unauthorized access or use. EPIC told the FTC that the Rule protects consumers from identity theft. EPIC backed the initial Disposal Rule. In the 2016 comments, EPIC explained that information that can identify an individual should be covered by the rule.

November 23, 2016

EPIC Recommends Privacy and Safety Standards for Autonomous Vehicles

In comments to the National Highway Traffic Safety Administration, EPIC has backed strong privacy and safety standards. Responding to the "Federal Automated Vehicles Policy," EPIC said self-regulation would not be enough to protect drivers in the United States. EPIC urged the safety agency to mandate the Consumer Privacy Bill of Rights, establish new oversight authority, and protect state privacy rules for autonomous vehicles. EPIC is on the front lines of vehicle privacy as well as efforts to regulate the "Internet of Things." EPIC also defends the right of states to develop strong privacy laws.

DHS Releases Revised FOIA Regulations, Agrees and Disagrees with EPIC's Suggestions

The Department of Homeland Security has released revised Freedom of Information Act regulations. EPIC submitted extensive comments on the proposed changes to the agency's open government practices. The DHS agreed to make some changes, recommended by EPIC, that should improve the processing of FOIA requests. The agency maintained a broad definition of "educational institutions" so that individual researchers will be able to access government records at minimal cost, and clarified steps that could be taken to delay "administrative closure," a controversial agency practice. The agency disagreed with EPIC about agency referrals, the definition of "commercial interest," and the routine release of public information to general public.

November 29, 2016

New Study Shows Global Increase in Comprehensive Privacy Protections

An updated study by David Banisar of the human rights organization Article 19 finds that over 100 countries now have data protection laws. Another 40 countries are considering new laws, and most countries have established a data protection authority to enforce privacy protections. Two EPIC publications - The Privacy Law Sourcebook 2016 and Privacy and Human Rights: An International Survey of Privacy Laws and Developments - provide an overview of privacy frameworks around the world and track emerging privacy challenges. EPIC has urged the US Congress to establish a federal privacy agency and to enact comprehensive privacy legislation.

FBI to Monitor Twitter

According to FBI contracting documents, the FBI has hired Dataminr to monitor in real-time more than 500 million daily tweets. EPIC has warned that these techniques of mass surveillance will subject more innocent people to government investigation. In 2012, EPIC successfully obtained documents detailing the social media monitoring program of the Department of Homeland Security, including instructions to analysts to monitor critics of the agency. EPIC's FOIA work led to a Congressional hearing on social media monitoring and government surveillance.

Government Breaches Continue, Hacker Compromises more than 130,000 Navy Records

In the latest government data breach, the Navy reported that a hacker gathered the personal data of more than 130,000 current and former sailors from a laptop that belonged to a government contractor. Government security vulnerabilities are on the rise. In 2015, the records of more than 21 million federal workers, friends and family members were breached. In 2016, EPIC urged candidates for office to focus on "data protection." EPIC has warned that inaccurate, insecure, and overbroad government databases pose a risks to the safety of Americans. Earlier this year, EPIC urged the Dept. of Defense and Dept. of Homeland Security to drop proposals to expand government databases that lacked adequate privacy safeguards.

Congress Passes Consumer Review Fairness Act, Bans Gag Clauses

Congress has passed the Consumer Review Fairness Act, a law protecting consumers' right to post negative reviews without fear of retaliation. The bipartisan measure would make it illegal for companies to include non-disparagement clauses in consumer contracts, or to impose penalties or fees for critical reviews. The Federal Trade Commission will enforce the new law, which now awaits President Obama's signature. "By ending gag clauses, this legislation supports consumer rights and the integrity of critical feedback about products and services sold online." said Senate Commerce Committee Chairman John Thune. EPIC has long supported free speech and access to information online.

November 30, 2016

Congress to Examine Artificial Intelligence

Today the Senate Commerce Committee will hold a hearing on "The Dawn of Artificial Intelligence." Experts from industry and academia will provide "a broad overview of the state of artificial intelligence, including policy implications and effects on commerce." In a prepared statement, EPIC urged the Committee to support "Algorithmic Transparency," an essential public policy strategy to make AI accountable. The hearing follows two White House reports -Preparing for the Future of Artificial Intelligence and the National Artificial Intelligence Research and Development Strategic Plan. EPIC is currently litigating several "AI" cases including EPIC v. FAA (drone surveillance), Cahen v. Toyota (autonomous vehicles), EPIC v. CPB (U.S. traveler "risk assessments"), and Secret DNA Forensic Source Code.

About November 2016

This page contains all entries posted to epic.org in November 2016. They are listed from oldest to newest.

October 2016 is the previous archive.

December 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.