« November 2016 | Main | January 2017 »

December 2016 Archives

December 1, 2016

Uber Expands Data Collection, Tracks Users, as Transport Services Case is Heard by European Court

Uber is now routinely tracking the location of all of its users, even when they are not using the transportation service. Last year, EPIC filed a complaint with the FTC after Uber announced the plan to collect location data when the app operated in the background. EPIC said that Uber had engaged in unfair and deceptive trade practice. The FTC failed to act and Uber is now tracking users non-stop. In Europe, Uber is facing legal action as the European Court of Justice considers whether the company should be considered a transportation service, subject to the same rules as its competitors, or a digital platform, which operates outside the law.

December 6, 2016

EPIC, International Consumer Coalition Urges Recall on "Toys That Spy"

#toyfail imageEPIC has filed a landmark complaint with the Federal Trade Commission about “toys that spy.” The complaint alleges that My Friend Cayla and i-Que Robot violate federal privacy law. “The toys subject young children to ongoing surveillance,” EPIC said in a statement. The EPIC complaint targets manufacturer Genesis Toys and Nuance Communications and describes how Internet-connected toys pose ongoing serious safety threats to children. EPIC’s complaint, joined by the Campaign for Commercial Free Childhood, the Center for Digital Democracy, and Consumers Union, is part of coordinated effort to ban these toys from the marketplace. The complaint follows earlier efforts by the Norwegian Consumer Council. EPIC warned Congress about the risks of the Internet of Things, and filed complaints with the FTC about “always on” devices and “smart TVs.”

December 7, 2016

EPIC, Coalition Urge OMB to Protect the Privacy Act and FOIA

EPIC, OpenTheGovernment.org, and a coalition of over 40 groups urged the Office of Management and Budget to "suspend action on any pending rules or regulations that would diminish the effectiveness of the Privacy Act or the Freedom of Information Act." The Acts ensure government transparency while protecting personal information retained by government agencies. EPIC has filed numerous Freedom of Information Act lawsuits to increase transparency around government surveillance programs. In public comments to federal agencies, EPIC has consistently recommended stronger privacy protections and argued against agency proposals to exempt themselves from the safeguards of the Privacy Act.

December 9, 2016

Senate Explores Security of Ground Transportation, Witnesses Express Privacy Concerns

The Senate Commerce Committee examined security issues in road and railroad transportation. Witnesses expressed concerns about the cybersecurity of commercial trucking networks, customer data, and hacking of a truck's braking systems. Witnesses also proposed a credentialing system for access port facilities. EPIC has submitted comments to NHTSA and testified before Congress on the safety and privacy risks of automated vehicles.

Open Government Lawsuits at Near-Record Highs in 2016

Advocates, journalists, and businesses have brought a near-record 512 lawsuits under the Freedom of Information Act in 2016. The findings, complied by for FOIAproject.org by the Transactional Records Access Clearinghouse, show a 35 percent increase in FOIA litigation over the past five years. According to the new report, the lawsuits have covered diverse issues including "private email accounts, national security, immigration, the environment and even Donald Trump." In 2016, EPIC brought FOIA suits for the DOJ's secret inspector general reports, the DOT's drone task force records, and the FBI's biometric data transfer memos.

Watchdog Report Shows Wiretap Powers Ineffective

The Justice Department's Inspector General has released the latest report to Congress on government surveillance. The report includes a review of the FBI's data collection under Section 215 of the Patriot Act, which was revised by the Freedom Act. According to the IG report, FBI agents "did not identify any major case developments that resulted from use of the records obtained in response to the [Section 215] orders." Similar findings were made by the PCLOB and the Senate Judiciary Committee: section 215 has not prevented terrorist acts. The Second Circuit ruled last year that the NSA's telephone record collection program exceeded the legal authority of Section 2015. EPIC recently obtained nonpublic IG reports through a FOIA lawsuit.

EPIC's "Toys That Spy" Complaint Spurs Congressional Investigation

Senator Edward Markey (D-MA) has sent letters to toy maker Genesis Toys and speech technology developer Nuance Communications requesting information on their data collection from young children. The investigation follows EPIC's complaint filed with the Federal Trade Commission over "toys that spy" on children in violation of federal privacy laws. EPIC's complaint, joined by the Campaign for Commercial Free Childhood, the Center for Digital Democracy, and Consumers Union, is part of coordinated, international efforts to ban these toys from the marketplace. Senator Markey and Rep. Joe Barton (R-TX), joined by Senator Mark Kirk (R-IL) and Rep. Bobby Rush (D-IL), introduced the Do Not Track Kids Act, comprehensive children's online privacy legislation that updates the law to protect children's personal information.

Obama Orders Review of Hacking During 2016 Election

President Obama's top homeland security advisor Lisa Monaco announced today that the Administration has asked the intelligence community to conduct a "full review" of cyber activity during the 2016 election. In 2016, EPIC urged candidates for office to focus on data protection, calling it "the most important, least well understood issue" of the 2016 election. EPIC also published a report on the importance of the secret ballot for democratic decision making. EPIC's Freedom of Information Act litigation uncovered flaws in online voting reported by the Department of Defense just prior to the 2012 election.

EPIC Promotes Strong Crypto, Civil Society at Internet Governance Forum in Mexico

EPIC President Marc Rotenberg, speaking at the Internet Governance Forum in Guadalajara, Mexico described the early "crypto wars" during a panel on Encryption and Journalism, sponsored by UNESCO. Marc said "an email service that is not encrypted end to end is not an email service. It is something else." Marc also participated in a panel discussion on CSISAC and the role of civil society at the OECD. Copies of the latest edition of EPIC's Privacy Law Sourcebook were distributed to NGOs from Latin America.

December 14, 2016

European Communications Privacy Law Strengthens Rights for Internet Users

A draft of the update to the European "e-Privacy Directive" provides important new safeguards for users of Internet-based services. The new regulation will apply to all online communications services, including email, instant messaging, and social media. The updated privacy law will limit tracking and profiling of Internet users. The report notes that lax rules for companies such as Facebook and Skype, "create a void of protection of confidentiality for the users of these services." The US FCC recently adopted modest privacy rules that apply only to broadband services offered by telecom companies, despite EPIC's repeated advice to the FCC to address "the full range of communications privacy issues facing US consumers." The EU Commission's update of the e-Privacy Directive follows the recently adopted General Data Protection Regulation. The Commission's formal proposal is expected in January of 2017

December 15, 2016

Google Settles Wiretapping Suit, Shifts Scanning of Gmail Messages to Servers

Google and lawyers for a class of Gmail users have reached a settlement in a case concerning the company's interception of private emails. The 2015 lawsuit accused Google of violating the federal Wiretap Act and California law by surreptitiously scanning Gmail messages for advertising revenue. Google has now agreed "to eliminate any processing of email content" for advertising purposes "prior to the point" when a Gmail user can retrieve email, but scanning of Gmail users (and non-Gmail users) on Google's servers will continue. EPIC recently filed an amicus brief in a related case before the Massachusetts Supreme Court, calling attention to Google's "systematic data mining of millions of private email messages" as a clear violation of the state's Wiretap Act. EPIC has also warned of collusive settlements in consumer privacy cases that enrich lawyers and leave business practices essentially unchanged.

Data Stolen from Over One Billion User Accounts in Second Yahoo Data Breach

Yahoo announced this week that data was stolen from over one billion user accounts in August 2013. The breach included names, email addresses, telephone numbers, dates of birth, passwords, and security questions and answers. More than 150,000 U.S. government and military employees are among the victims. Yahoo's earlier breach drew wide-ranging concern from U.S. Senators to European privacy officials. EPIC testified in support of strong data breach notification laws in 2009 and 2011 (urging Congress to establish a short timeline for notification to users of breaches), launched the Data Protection 2016 campaign to make privacy a campaign issue, and recently filed an amicus brief to protect the ability of consumer to sue companies that fail to protect their personal information.

December 20, 2016

EPIC Hosts Curated CRS Reports on Cyber Topics

EPIC has launched an online resource to make selected reports of the Congressional Research Service available to the public. The Congressional Research Service, housed within the US Library of Congress, provides timely reports on important legislative and policy issues pending in Congress. EPIC has reviewed CRS reports over the past decade and, with a dedicated portal, will now make available CRS reports on cyber security, surveillance, open government, drones, and other similar topics. The EPIC CRS Reports page will be frequently updated to make relevant reports widely available during the upcoming Congress. EPIC’s own work on these topics is often cited in CRS reports.

EPIC Urges Amazon, Walmart, Target, and Toys "R" US to Stop Selling Toys That Spy

EPIC has joined the Campaign for a Commercial-Free Childhood and the Center for Digital Democracy in letters to major U.S. retailers urging the companies to immediately discontinue sales of My Friend Cayla, an internet-connected doll that spies on young children. Earlier this month, EPIC filed a complaint with the Federal Trade Commission against toymaker Genesis Toys and speech recognition firm Nuance Communications over “toys that spy” on children in violations of federal privacy laws. The letters from the consumer groups, sent to AmazonWalmartToys "R" Us, and Target, urge the companies "to put the welfare of children first, and to cease sales of My Friend Cayla pending investigation and action by the FTC." Toy stores across Europe have already removed Cayla from their shelves and are offering refunds to parents who purchased the toys.

Congressional Working Group Releases Encryption Report

The Congressional Encryption Working Group has released a year-end report. Two Congressional Committees formed the working group following the FBI’s demand that Apple weaken cell phone security to provide access to encrypted data on an iPhone. The report, endorsed by both Republican and Democratic members of Congress, finds that “any measure that weakens encryption works against the national interest.” The report also notes that encryption is a global technology, and suggests that Congress should “foster cooperation between the law enforcement community and technology companies” instead of seeking a “one-size-fits-all” solution. EPIC has advocated for strong encryption since its founding in 1994 and published the first comprehensive survey of encryption use around the world. Earlier this year, EPIC filed a “friend of the court" brief in support of Apple's challenge in the FBI iPhone case. The EPIC amicus brief explained that encryption protects the owners of the approximately three million cell phones lost or stolen each year from criminal hacking, financial fraud, and identify theft.

December 21, 2016

European Court of Justice Holds that Data Retention Laws Violate EU Law

In a major privacy decision, the Court of Justice of the European Union has ruled that data retention schemes enacted by member states violate EU law. The case involved challenges to data retention laws in Sweden and Britain. The Court of Justice found that subscriber data, which "contain information on the private life of natural persons," "may only be stored to the extent that is necessary for the provision of the service for the purpose of billing and for interconnection payments, and for a limited time." The court further explained that fighting terrorism or crime is not, by itself, justification for indiscriminate, blanket data retention. In 2014, the Court struck down the EU Data Retention Directive, which had required telephone and Internet companies to keep traffic and location data as well as user identifying information for use in subsequent investigations of serious crimes. EPIC has advocated against mandatory data retention and currently has a petition pending before the FCC to overturn the regulation requiring the retention of phone records of US telephone customers.

Rep. Sensenbrenner Warns Trump on EU-US Data Flows

Congressman James Sensenbrenner has sent a letter to President-elect Donald Trump urging him to retain Presidential Policy Directive 28, which governs domestic and foreign signals intelligence activity. The Directive requires the intelligence community to safeguard the personal information of all individuals regardless of nationality. Sensenbrenner noted that PPD 28 also serves as a foundation for the “Privacy Shield,” a framework for commercial data flows between Europe and the United States. EPIC has urged the EU and US to strengthen safeguards for transborder data flows and is currently participating as amicus curiae in a legal challenge to Privacy Shield brought by privacy advocate Max Schrems.

Continue reading "Rep. Sensenbrenner Warns Trump on EU-US Data Flows" »

The Verge Features EPIC FOIA Docs on Secret Profiling System

In an article today, The Verge featured an EPIC Freedom of Information Act lawsuit about a controversial government data mining program, operated by the Department of Homeland Security. EPIC is seeking documents on the "Analytical Framework for Intelligence," a program that assigns "risk assessment" scores to travelers using data from sources including the Automated Targeting System, also operated by the DHS. Travelers "don't know how the scores are being generated and what the factors are," said EPIC FOIA Counsel, John Tran. "What if there's an error? Users should have an opportunity to correct the error, users should have an opportunity to understand what goes into generating the score." The case is currently pending before a federal judge in Washington, DC. EPIC expects to obtain more records on AFI. The FOIA case is also related to EPIC's ongoing work on "Algorithmic Transparency."

EPIC FOIA: Drone Industry Cozied Up to Public Officials

Documents obtained by EPIC reveal a steady line of communication between government officials and the drone industry leading up to the government’s policy on drones. According to the documents obtained through a Freedom of Information Act request, public officials regularly communicated with privacy sector members of the Small UAV Coalition, an industry trade group that includes Google, Amazon, and DJI, a Chinese drone company. The government’s “multistakeholder process” has been criticized for undermining democratic institutions and giving industry lobbyists preferential access to government agencies. EPIC advocated for enforceable privacy rules prior to deployment of commercial drones in the United States. After the a multistakeholder process produced voluntary guidelines, EPIC  sued the FAA. The case is currently pending before the D.C. Circuit Court of Appeals.

Continue reading "EPIC FOIA: Drone Industry Cozied Up to Public Officials" »

December 22, 2016

EPIC Urges Supreme Court to Protect Online Privacy, Right to Read

EPIC has filed a "friend-of-the-court" brief in Packingham v. North Carolina, a U.S. Supreme Court case about a state law that bars access to certain websites. Under a North Carolina law, released sex offenders are barred from accessing any website that allows people under 18 to create profiles and communicate online, including major news sites, such as the New York Times and CNN. In a brief joined by thirty-five technical experts, legal scholars, and civil liberties organizations, EPIC explained that North Carolina laws violates the First Amendment right to receive information, censors vast amounts of speech unrelated to protecting minors, and will lead to widespread police monitoring of all internet users. "The state can no more criminalize what an individual chooses to read on a personal electronic device than it can restrict the contents of a home library: the privacy of both is sacrosanct," EPIC wrote. EPIC regularly files amicus briefs with the US Supreme Court on emerging privacy and civil liberties issues. EPIC previously argued for First Amendment privacy protections in Doe v. ReedWatchtower Bible v. Stratton, and Patel v. Los Angeles.

December 21, 2016

Center for Investigative Reporting: Uber Continues to Abuse Locational Data

A recent report from the Center for Investigative Reporting finds that Uber continues to allow employees broad access to rider location data, raising questions of whether the transportation service is violating the terms of a settlement with New York’s Attorney General. According to the report, "Uber gave thousands of employees access to where and when each customer travels." Uber recently changed the terms of service and expanded the collection of users location data. Uber also faces legal action in Europe over whether it should be considered a transportation service or digital platform. Last year, EPIC filed a complaint with the FTC, charging that Uber’s plan to track users and gather contact details is an unlawful and deceptive trade practice. That complaint, like many other consumer privacy complaints, is still pending before the Federal Trade Commission.

December 22, 2016

EPIC Seeks FBI Records on Russian Interference in 2016 Presidential Election

EPIC has submitted an urgent Freedom of Information Act request to the FBI seeking records about the agency’s response to the Russian interference in the 2016 presidential election. According to several reports, Russian hackers infiltrated computer systems of the Democratic National Committee and the Republican National Committee. The U.S. Intelligence Community has officially attributed the attacks on the Russian government, yet questions have been raised about the failure of the FBI to investigate the attacks on the political parties of the United States. Congress is expected to establish a Select Committee to investigate the matter. “The FBI,” stated EPIC in the FOIA request, “ is entrusted with protecting the cybersecurity of the public and its institutions. The American public, thus has a great interest in understanding the nature of the FBI’s response to the Russian interference with the 2016 presidential election.” EPIC is seeking expedited processing of the FOIA request. EPIC has recently filed a FOIA lawsuit against the FBI, regarding the expansion of “Next Generation Identification,” one of the largest biometric databases in the world.

December 30, 2016

Obama Sanctions Russia for Election “Hack"

President Obama has sanctioned the Russian government for interference with the 2016 Presidential election. Obama stated, "These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior." Throughout this year, EPIC pursued a campaign in support of data protection, contending that it was "the most important, least well understood issue" of the 2016 election. EPIC specifically warned that online voting systems were vulnerable to cyber attack. EPIC recently filed an expedited FOIA request with the FBI, seeking to determine why the agency was slow to respond to the attack on US democratic institutions by a foreign government.

About December 2016

This page contains all entries posted to epic.org in December 2016. They are listed from oldest to newest.

November 2016 is the previous archive.

January 2017 is the next archive.

Many more can be found on the main index page or by looking through the archives.