« August 2018 | Main | October 2018 »

September 2018 Archives

September 3, 2018

EPIC Urges Senate Committee to Explore Kavanaugh's Views on Privacy, Klayman Opinion

In a letter and memo to the Senate Judiciary Committee, EPIC has urged Senators to question Supreme Court nominee Brett Kavanaugh on critical privacy, open government, and government surveillance issues. EPIC expressed concerns about the Kavanaugh’s views on privacy and Constitutional rights, stating “In Klayman v. Obama, Judge Kavanaugh went out of his way to set out theories to defend the suspicionless surveillance of the American public that surprised even conservative legal scholars.” EPIC said that Kavanaugh's views are out of step with recent Supreme Court opinions that carry forward Fourth Amendment protections to the digital age for GPS tracking, cell phone searches, and cell site location data. EPIC also asked the Senate to determine Judge Kavanuagh’s role, while in the Bush White House, in the unlawful warrantless wiretapping program and the secret expansion of the Patriot Act. EPIC regularly shares its views with the Senate concerning nominees to the Supreme Court, including Justice Gorsuch, Justice Kagan, Justice Sotomayor, Justice Alito, and Chief Justice Roberts. The Senate hearings begin on Tuesday, September 4.

September 4, 2018

EPIC To Congress: Require Algorithmic Transparency For Twitter, Dominant Internet Firms

In advance of a hearing on Twitter: Transparency and Accountability, EPIC has sent a statement to the House Energy and Commerce Committee. EPIC said that "algorithmic transparency" could help establish fairness, transparency, and accountability for much of what users see online. In a 2011 statement to the FTC during the investigation of Google, EPIC said that Google's acquisition of YouTube led to a skewing of search results after Google substituted its secret "relevance" ranking for the original objective ranking, based on hits and ratings. EPIC pointed out that it was then competing with the search giant for the rankings of "privacy" videos and that Google's algorithm preferences Google's web pages over EPIC's. The FTC took no action on EPIC's complaint. But last year the European Commission found that Google in fact rigged search results to give preference to its own shopping service. The Commission required Google to change its algorithm to rank its own shopping comparison the same way it ranks its competitors.

September 5, 2018

EPIC To Congress: Urge Social Media Platforms to be Transparent about Russia Hacking

In advance of a hearing on "Foreign Influence Operations' Use of Social Media Platforms," EPIC has sent a statement to the Senate Select Committee on Intelligence. EPIC said that the American public must be given more information about the extent of Russian interference in the 2016 election. EPIC asked the Senate Committee to press the social media companies to be more transparent about the manipulation of news and information. EPIC sent similar requests this year to both the Senate and House Intelligence Committees. EPIC also pursued an important FOIA case, EPIC v. ODNI, to make public the Intelligence Committee Assessment on Russian interference.

U.S. Defends Privacy Shield, But Fails to Comply with Privacy Commitments

The Department of Commerce has told the President of the European Parliament that the US is in compliance with the Privacy Shield, a pact that permits US companies to obtain the personal data of Europeans. The statement follows a resolution of Parliament to suspend the international arrangement if the U.S. did not comply in full by September 1. The Parliament cited the Cambridge Analytica data breach, the reauthorization of FISA Section 702 without reform, the failure to stand up the PCLOB, the passage of the CLOUD Act, and the absence of a Privacy Shield ombudsman. The Commerce Department disputed the Parliament's findings but failed to show progress on the issues identified. EPIC highlighted similar problems with data protection in the United States in recent comments to the European Commission. Almost six months have passed since the FTC reopened the investigation of Facebook's compliance with the 2011 consent order, which followed a complaint from EPIC and other consumer privacy organizations.

September 6, 2018

National Academies Releases Report on Voting Security and American Democracy

The National Academies of Sciences has released a report "Securing the Vote: Protecting American Democracy," highlighting vulnerabilities in current voting technology. EPIC Advisory Board member Ronald Rivest served on the expert committee. The Academies report includes many recommendations "designed to harden our election infrastructure and safeguard its integrity and credibility," concerning voter registration, ballot design, voting technology, system certification, cybersecurity, online voting, and auditing. The Academies report recommends end-to-end verifiable systems to ensure that votes have been counted as intended. These systems use cryptographic methods developed by EPIC Advisory Board member David Chaum. In 2016, EPIC published "The Secret Ballot at Risk: Recommendations for Protecting Democracy," highlighting the importance of the secret ballot for American democracy. The Academies report noted that new strategies for election security "must still preserve the secret ballot."

Pew Research Surveys: Americans Have Complicated Relationship with Facebook

Two recent surveys reveal that many Facebook users don’t understand how the site’s news feed works and that Americans are changing their relationship with Facebook. 54% of adult Facebook users have adjusted their privacy settings in the past year and 42% say they have not used the platform for at least several weeks. 53% of U.S. adults who use Facebook said that they do not understand why certain posts but not others are included in their news feed. Only 14% of Facebook users think they have “a lot” of control over the content that appears in their newsfeed, while 57% think they have “a little” control and 28% think they have no control. Public opinion polls consistently find strong support among Americans for privacy rights in law to protect their personal information from government and commercial entities.

Contrary to DHS Policy and Prior Statements, ICE Seeks NC State Voter Data

Immigration and Customs Enforcement has demanded that North Carolina provide over 18 million voter records from the past eight years. The subpoena is outside the Department of Homeland Security authority and goes against testimony by DHS Secretary Kirstjen Nielsen, who told Congress this year that DHS’s role is limited to voluntary requests for assistance from the states. Nielsen also wrote, in records obtained through an EPIC FOIA request, that associating the DHS with voter data collection “could disrupt critical efforts” to work with state officials on election cybersecurity. EPIC has long fought to ensure voter privacy and recently forced the defunct Presidential Election Commission to delete millions of state voter records unlawfully obtained.

Senator Leahy Pursues Questions about Privacy with Judge Kavanaugh

During day three of the Senate Judiciary Committee’s nominations hearings, Senator Patrick Leahy asked Judge Kavanaugh about privacy and government surveillance. (6:20) Senator Leahy stated “In your concurrence in Klayman v. Obama you went out of your way to say that not only is the dragnet collection of American’s telephone records by the NSA okay because it’s 'not a search,’ you also said that 'even if it is a search, it is justified in order to prevent terrorism.’” Senator Leahy pointed out that the Privacy and Civil Liberties Oversight Board found that the legal authorities in the Klayman case had not prevented a single terrorist act. Leahy asked, "Why did you go out of your way to write an opinion stating that the program met a critical national security need when it had already been found by our national security people it made no concrete difference in fighting terrorism?” Judge Kavanaugh said that the recent Supreme Court decision in Carpenter was a “game-changer” and that had it been law at the time, he could not have written the concurrence in Klayman. Senator Leahy also questioned Judge Kavanaugh on U.S. v. Jones, asking “do you believe that there becomes a point where the collection of data about a person becomes so pervasive that a warrant would be required even if the collection of one bit of the same data would not?” Judge Kavanaugh did not answer this question directly. Senator Flake commended Senator Leahy’s questions, noting that future of privacy was a critical issue for the Committee to consider.

September 7, 2018

In Privacy Victory, ICE Backs Down from Voter Data Demand

ICE has reversed position and is no longer seeking the immediate release of over 18 million voting records from North Carolina. Citing administrative difficulties and the unprecedented scope of the subpoena, ICE agreed to limit its demand to preserve voter privacy and will allow state officials to respond after the midterm elections in January 2019. The demand still poses substantial privacy risks and departs from testimony by Homeland Security Secretary Kristjen Nielsen, who told Congress that DHS would not make such requests. EPIC previously highlighted these problems and explained that the data demand violates DHS policy. EPIC has long fought to ensure voter privacy and recently forced the defunct Presidential Election Commission to delete millions of state voter records unlawfully obtained.

September 11, 2018

Court: California Donor Disclosure Requirement Doesn't Violate First Amendment

A federal appeals court has ruled that a California law requiring nonprofit organizations to provide the state with an annual list of donors and donations does not violate the First Amendment. The Ninth Circuit concluded that the law does not significantly burden the free speech of nonprofits "because the information is collected solely for nonpublic use, and the risk of inadvertent public disclosure is slight." EPIC filed an amicus brief in the case, arguing that the reporting requirement "infringes on several First Amendment interests, including the free exercise of religion, the freedom to express views without attribution, and the freedom to join in association with others without government monitoring." EPIC also explained that California had "failed to implement basic data protection standards" for donor information. EPIC has argued for donor privacy and similar constitutional privacy rights in Packingham v. North Carolina, Doe v. Reed, and Watchtower Bible v. Stratton.

Top European Court Hears Key "Right to Be Forgotten" Case

Today the Court of Justice for the European Union heard arguments in Google v. Commission nationale de l'informatique et des liberté concerning the "Right to Be Forgotten." Google v. CNIL follows a ruling in Google v. Spain that Europeans have a right, in some circumstances, to remove links to their personal data posted online by Google. Google has fought the judgement of the European high court and now is fighting the French agency, continuing to post links to personal data worldwide even after it is found to violate privacy rights in democratic countries. EPIC has supported the CNIL's approach, explaining that "the right to privacy is global." EPIC published "The Right to be Forgotten on the Internet: Google v. Spain" an account of the case by former Spanish Privacy Commissioner Artemi Rallo, an EPIC Champion of Freedom.

D.C. Circuit to Hear Arguments in EPIC v. IRS, FOIA Case for Trump's Tax Returns

The D.C. Circuit will hear arguments on Thursday, September 13 in EPIC v. IRS, EPIC's Freedom of Information Act case to obtain public release of President Trump's tax returns. Live audio of the arguments will be streamed from this link at or around 9:30 a.m. EPIC has argued that the IRS has the authority to disclose the President's returns to correct numerous misstatements of fact concerning his financial ties to Russia. For example, President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim "plainly contradicted by his own attorneys, family members, and business partners." As EPIC told the Court, "there has never been a more compelling FOIA request presented to the IRS." A broad majority of the American public favor the release of the President's tax returns. EPIC v. IRS is one of several FOIA cases EPIC has pursued concerning Russian interference in the 2016 Presidential election, including EPIC v. FBI (response to Russian cyberattack) and EPIC v. DHS (election cybersecurity).

September 12, 2018

EPIC FOIA: EPIC Obtains Facebook Privacy Documents

In response to an EPIC Freedom of Information Act lawsuit, the Federal Trade Commission has released supplemental materials from the biennial Facebook audits (production 1, production 2, production 3, production 4). The audits were required by the FTC's 2011 Consent Order with Facebook. The documents include letters from the FTC to Facebook inquiring about Facebook's relationship with Instagram and telling the company that "whenever a corporate change such as an acquisition may affect the design and/or implementation of the Company's privacy program, the Company must notify the Commission." EPIC opposed Facebook's acquisition of WhatsApp and submitted comments for the FTC's review of the merger remedy process. FTC reopened its investigation into Facebook in March after EPIC, consumer groups urged action. The UK Information Commissioner completed its initial investigation, published report, and issued a fine in July. The FTC begins hearings this week on competition and consumer protection in the 21st century.

Government Report on One Year Anniversary of Equifax Breach Finds No Action by Federal Agencies

The Government Accountability Office released a report on "Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach." The GAO report details the Equifax data breach in 2017 that compromised the authenticating details (SSN, Data of Birth) of over one hundred million Americans. The response also summarizes the response of Equifax and federal agencies. To date no federal agency has taken action against Equifax, following one of the largest data breaches in US history. Rep. Luetkemeyer (R-MO) has introduced a bill that would codify basic data breach notification standards for the financial services industry but would preempt stronger state laws. The House Financial Services Committee is expected to mark up the bill this week. In testimony before the House Financial Services Committee in February, EPIC called on Congress to ensure that the CFPB takes action against Equifax and to pass comprehensive data protection regulation that would not preempt state laws.

FTC to Explore Competition and Consumer Protection Issues at Hearings this Week

The FTC is holding a hearing this week to examine the regulation of consumer data, the consumer welfare standard in antitrust law, and vertical mergers. This is the first in a series of hearings on "Competition and Consumer Protection in the 21st Century" that will examine how changes in the economy affect the FTC's enforcement priorities. EPIC and a coalition of consumer groups submitted extensive comments for the hearings. EPIC and the groups said that privacy protection is critical for competition and innovation. EPIC and the groups told the FTC that it should: 1) unwind the Facebook-WhatsApp deal; 2) require Facebook and Google to spin off their advertising units; 3) block future acquisitions by Facebook and Google that would extend monopoly control over consumer data; 4) impose privacy safeguards for all mergers that implicate data privacy; and 5) perform audits of algorithmic tools to promote accountability and to limit anticompetitive conduct. The FTC reopened the investigation of Facebook in March after EPIC and consumer groups filed a formal complaint, but has still taken no action. The UK Information Commissioner completed its initial investigation, published a report, and issued a substantial fine in July.

EPIC Asks Senate Committee for Delay on Kavanaugh Vote, Seeks Records Release

In a letter to the Senate Judiciary Committee, EPIC has urged the Senate Judiciary Committee to postpone the vote in the Executive Business Meeting on the nomination of Judge Brett Kavanaugh, pending the release of documents concerning the development, defense, and promotion of surveillance programs during the period 2001-2006. EPIC said “[t[he documents are necessary for a full consideration of the qualifications of the nominee to serve on the United States Supreme Court.” In an earlier letter to the Committee, EPIC asked the Senate to determine Judge Kavanuagh's role, while in the Bush White House, in the unlawful warrantless wiretapping program and the secret expansion of the Patriot Act. Traditionally, the records of Supreme Court nominees who served in the White House are routinely made available prior to committee hearings. Last month, EPIC submitted two urgent Freedom of Information Act requests for the records. EPIC regularly shares its views with the Senate concerning nominees to the Supreme Court, including Justice Gorsuch, Justice Kagan, Justice Sotomayor, Justice Alito, and Chief Justice Roberts.

September 13, 2018

European Court of Human Rights Rules UK Surveillance Violated Human Rights

The European Court of Human Rights has ruled that the UK's surveillance regime, revealed by Edward Snowden, violates human rights set out in the European Convention. In consolidated cases Big Brother Watch v. UK, Bureau of Investigative Journalism v. UK, and 10 Human Rights Organizations v. UK, the Court ruled that the UK surveillance system violated Article 8, the right to privacy, because there were "inadequate" safeguards for selecting the data subject to surveillance. The Court also said "all interception regimes...have the potential to be abused," and that bulk surveillance include safeguards "to be sufficiently foreseeable to minimise the risk of abuses of power." The Court also ruled UK surveillance violated the right of free expression because the law did not sufficiently protect confidential journalistic material. EPIC filed a brief in the case explaining that the US, which transfers intelligence data to the UK, has "technological capacities" enabling "wide scale surveillance" and that US law do not restrict surveillance of non-U.S. persons abroad. EPIC casebook Privacy Law and Society explores a wide range of privacy issues, including recent decisions of the European Court of Human Rights.

EPIC v. IRS: D.C. Circuit Hears Arguments in FOIA Case for Trump's Tax Returns

The D.C. Circuit heard oral arguments today in EPIC v. IRS, EPIC's Freedom of Information Act case to obtain public release of President Trump's tax returns. EPIC argued that the IRS has the authority, under a provision known as "(k)(3)," to disclose the President's returns to correct numerous misstatements of fact concerning his financial ties to Russia. For example, President Trump falsely tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING." EPIC Counsel John Davisson told the court that "If ever there were a situation that justified the use of (k)(3), this is it." Judge Patricia Millett questioned the IRS's claim that it can only process EPIC's FOIA with the President's consent. "It would be ludicrous to require consent of the taxpayer under (k)(3)," Millett said. A broad majority of the American public favor the release of the President's tax returns. EPIC v. IRS is one of several FOIA cases EPIC has pursued concerning Russian interference in the 2016 Presidential election, including EPIC v. FBI (response to Russian cyberattack) and EPIC v. DHS (election cybersecurity). In a related case, EPIC v. IRS II, EPIC is seeking the release of tax settlement information concerning Donald Trump's businesses. These "offers in compromise" are "an agreement between a taxpayer and the Internal Revenue Service that settles a taxpayer's tax liabilities for less than the full amount owed."

September 14, 2018

New Federal Law Makes Credit Freezes Free for All Consumers

Starting next week, consumers will be able to "freeze" their credit reports at no cost. A credit freeze restricts public access to a consumer's credit report, making it much more difficult for identity thieves to open fraudulent accounts. Previously, state laws allowed credit bureaus to charge consumers $2 to $10 to place or lift credit freezes. Amendments to the Fair Credit Reporting Act also extend the time period for a fraud alert in a consumer's file and create new safeguards for the protection of credit records of minors. Following the Equifax data breach in 2017, EPIC President Marc Rotenberg testified before the Senate Banking Committee and recommended free credit freezes and other consumer safeguards to mitigate the risk of identity theft.

September 18, 2018

EPIC Sues for Release of Kavanaugh White House Records on Warrantless Surveillance, Patriot Act

EPIC has filed a lawsuit to compel the National Archives and Records Administration to release Brett Kavanaugh's White House records about warrantless surveillance and the Patriot Act. EPIC's lawsuit follows the agency's failure to respond to EPIC's two urgent Freedom of Information Act requests. In the complaint, EPIC explains that timely release of these records is now essential to assess Kavanaugh's role in the White House surveillance programs. In Senate testimony, Kavanaugh claimed that he knew nothing about these programs, but documents indicate that he drafted President Bush's speech on the Patriot Act, communicated with John Yoo, the architect of the warrantless surveillance program, and defended suspicionless surveillance of the American public. Last week, EPIC sent a letter to the Senate Judiciary Committee urging postponement of the the committee vote on Kavanaugh until the documents EPIC requested are released. EPIC highlighted concerns about Kavanaugh’s White House years in an earlier letter to the Committee.

EPIC FOIA Docs Show FBI and CBP Accessed "Hemisphere" Records

The Drug Enforcement Agency has released to EPIC a new FOIA production about the AT&T "Hemisphere" program. Hemisphere is a massive call records database made available to government agents by the nation's largest telecommunication company. AT&T discloses to the government billions of detailed customer phone records, including location data, without judicial review. The new release to EPIC reveals that both the FBI and CBP obtained access to these call details records. EPIC filed suit against the DEA in 2013 after the agency failed to respond to EPIC's FOIA request for information about the Hemisphere program. EPIC previously argued that the names of other agencies with access to Hemisphere records should be released. In June, the Supreme Court held in Carpenter v US that government access to location data is a search subject to Fourth Amendment review. EPIC filed an amicus brief in the Carpenter case.

September 20, 2018

EPIC, Consumer Groups Urge Senate Commerce to Invite Privacy Witnesses to Privacy Hearing

EPIC joined a coalition of 28 consumer privacy groups in a letter to Senate Commerce Committee Chairman John Thune (R-S.D.) and ranking member Bill Nelson (D-Fla.) that asked the Senators to include consumer advocates in an upcoming hearing on consumer privacy. At this time, the Committee has invited, AT&T, Amazon, Google, Twitter, Apple and Charter Communications. The consumer privacy groups wrote, "the absence of consumer representatives all but ensures a narrow discussion, focused on policy alternatives favored by business groups." Proposals endorsed by consumers include, "federal baseline legislation, heightened penalties for data breaches, the end of arbitration clauses, the establishment of a privacy agency in the U.S., techniques for data minimization, [and] algorithmic transparency to prevent the secret profiling of American consumers." The groups also noted that a recent Harris survey found that "78 percent of U.S. respondents say a company's ability to keep their data private is 'extremely important,' but only 20 percent 'completely trust' organizations they interact with to maintain the privacy of their data."

September 21, 2018

EPIC Seeks Injunction to Compel Release of Kavanaugh Records

EPIC has filed a motion seeking a preliminary injunction against the National Archives to compel the release of Brett Kavanaugh’s White House records about warrantless surveillance and the Patriot Act. EPIC argues that these records are essential to understand Kavanaugh’s views on privacy, and must be released prior to the Senate votes on the Supreme Court nominee. EPIC explained that the agency has already missed deadlines established by the Freedom of Information Act. EPIC filed suit against NARA on September 17 after NARA failed to process EPIC’s two urgent Freedom of Information Act requests. EPIC earlier sent two letters to the Senate Judiciary Committee highlighting concerns about Kavanaugh’s role in the creation of the Patriot Act, his defense of warrantless wiretapping in the White House, and his troubling opinion as a judge in Klayman v. Obama, which justified the warrantless collection of phone records of all Americans.

September 24, 2018

EPIC Urges Senate to Include Consumer Privacy Advocates in Hearings on Consumer Privacy

In advance of a hearing on "Examining Safeguards for Consumer Data Privacy," EPIC has sent a brief statement to the Senate Commerce Committee, expressing "deep concern that not a single consumer group was invited to testify at this week's hearing." The Senate Commerce hearing follows an FTC hearing on consumer privacy that also excluded experts on consumer privacy. Last week, EPIC joined a coalition of 28 consumer privacy groups in a letter to Committee Chairman John Thune (R-S.D.) and ranking member Bill Nelson (D-Fla.) that asked the Senators to include consumer advocates in the hearing. The Committee is currently scheduled to hear from AT&T, Amazon, Google, Twitter, Apple and Charter Communications. EPIC President Marc Rotenberg and consumer advocate Ralph Nader recently wrote "the voices of these consumer advocates should be heard. It is not too late to start a meaningful dialogue on the future of privacy in America."

September 25, 2018

EPIC Redials FCC, Urges Agency to Block Unlawful Robocalls

In comments to the FCC, EPIC has renewed its call to the agency to block unlawful robocalls. The FCC proposed a rule that would allow phone companies to block calls from numbers they know are invalid, such as numbers that have not been assigned to a subscriber. EPIC recommended that the FCC (1) require phone providers to proactively block calls from numbers that are unassigned, unallocated, or invalid; (2) prohibit spoofing if there is an intent to defraud or cause harm; and (3) encourage the use of call authentication technology that safeguards caller anonymity. EPIC previously filed comments in when the FCC proposed the rule, and has long advocated for robust telephone privacy protections. EPIC filed an amicus brief in 2015 that strengthened consumer protections.

FAA Funding Bill Ignores Drone Surveillance Risks

Congress is considering legislation to reauthorize the FAA and expand drone integration, but the bill ignores pressing concerns about the privacy impact of drones. A previous version of the bill included privacy protections originally proposed by Sen. Markey and Rep. Welch in the Drone Aircraft Privacy and Transparency Act. The pending bill only requires a report on drone surveillance risks but does not establish any baseline privacy safeguards. EPIC has repeatedly urged both Congress and the FAA to take decisive action to limit the use of drones for surveillance and to establish a national database detailing drone surveillance capabilities. EPIC sued the FAA to establish privacy rules for drones, after more than 100 experts and organizations petitioned the agency.

September 26, 2018

NTIA Seeks Comments on ‘Desired Outcomes' Framework for Privacy Protection

The National Telecommunications and Information Administration—the agency that advises the White House on telecommunications and information policy—released a proposed framework for consumer privacy. The NTIA framework outlines seven "desired outcomes" for the processing of personal data: (1) transparency, (2) control, (3) minimization, (4) security, (5) access and correction, (6) risk management, and (7) accountability. The NTIA framework is similar to many Fair Information Practices framework, such as the OECD Privacy Guidelines, but does not outline a strategy for implementation and enforcement. Today the United States experiences unprecedented levels of identity theft, financial fraud, and data breaches. The personal data of Americans, stored by US firms, is also the target of foreign adversaries. European governments, which recently adopted the GDPR to safeguard personal data, have expressed growing concern about the lack of legal protections in the United States. The European Parliament voted recently to suspend Privacy Shield, an arrangement that permits the transfer of personal data of Europeans to the United States. In earlier comments to the NTIA, EPIC urged the agency to "pursue comprehensive data protection legislation that would strengthen privacy protections for Americans and create an independent agency to enforce those rights."

Following EPIC Petition, National Science Foundation Seeks Public Comment on AI Policy

The National Science Foundation has announced that it is seeking public comment on US policy for artificial intelligence The decision follows a petition by EPIC, leading scientific organizations including AAAS, ACM, FAS, and IEEE, and nearly 100 experts calling for public participation in the work of the White House Select Committee on Artificial Intelligence. In May, the White House held a secret meeting with government agencies and federal officials. Several key AI challenges, such as accountability, transparency, ethics, and fairness, were ignored. EPIC recently urged the Senate Commerce Committee to ensure public participation in U.S. AI policy. In a FOIA request, EPIC obtained communications between the Office of Science and Technology Policy and the National Science Foundation. Last month EPIC urged the Senate Commerce Committee to ensure public participation in US AI policy. And EPIC is hosting a Public Voice conference in Brussels on "AI, Ethics, and Fundamental Rights." Comments on US AI policy are due to NSF by October 26.

EPIC Opposes OMB FOIA Regs that Block Access to Public Information

In comments to the Office of Management and Budget, EPIC opposed changes to FOIA regulations that would create obstacles to those seeking access to public information. EPIC urged the agency to remove changes that would delay FOIA requests, increase request costs, and reduce agency accountability. The proposed rules also conflict with the federal law and cases that favor disclosure over withholding. EPIC routinely comments on agency proposals that affect the rights of FOIA requestors. Several agencies, including the Federal Trade Commission, the Privacy and Civil Liberties Oversight Board, and the Defense Logistics Agency have adopted EPIC's recommendations on proposed FOIA rule changes.

Indian Supreme Court Imposes New Limits on National Identity System

In a ruling today, the Indian Supreme Court imposed new limits on Aadhar, India's national biometric identification system. The Court found the system did not violate the Indian constitution, but struck down a section of the law permitting private entities to demand Aadhar to verify identity. Aadhar can no longer be mandatory to register for education, open a bank account, or obtain a cell phone connection. However, the state-issued number may still be required for purposes related to government funds, including filing an income tax. The Court also struck down an exception authorizing disclosure of Aadhar data for national security purposes. The Court encouraged the state to establish a "a robust statutory regime" for data protection "in near future." The dissent would have held Aadhar unconstitutional. The biometric system "violates essential norms pertaining to informational privacy, self-determination and data protection," the dissent states, and "dignity of individuals cannot be made to depend on algorithms or probabilities." Last year, India's Supreme Court ruled that privacy is a fundamental right under the Indian Constitution. EPIC has also backed comprehensive privacy legislation in comments to the Indian government, and urged creation of a private right of action and breach notification requirement.

Following Lax FTC Action, State AGs Fine Uber $148 Million in Data Breach Case

The attorneys general of all 50 states and the District of Columbia have settled their lawsuit with Uber for $148 Million. The nationwide investigation found that Uber had violated data breach notification laws because the company payed a hacker $100,000 to keep quiet about the breach instead of notifying consumers that their information had been compromised. The settlement also requires Uber to adopt model data breach notification and data security practices, a corporate integrity program, and hire an independent third party to conduct data security assessments. After Uber made the breach public, EPIC wrote detailed comments to the FTC and the agency revised its settlement with the company. While EPIC supported the FTC's action, EPC said that "the FTC should make Uber's privacy assessments public so that consumers can evaluate whether the company is meeting its obligations under the Consent Order." The FTC's initial investigation and subsequent settlement with Uber were prompted by EPIC's complaint against Uber in 2015.

September 28, 2018

Senate Committee Moves to Vote on Kavanaugh with White House Records on Mass Surveillance Still Secret

Chairman Charles Grassley (R-IA) has scheduled a vote today on the nomination of Judge Brett Kavanaugh to the Supreme Court, though records of Kavanaugh's White House role in the Patriot Act, warrantless wiretapping, and other programs of mass surveillance remain secret. EPIC filed a Freedom of Information Act lawsuit against the National Archive for release of these records and then moved for a preliminary injunction so that the records could be made available prior to Senate consideration of the nominee. In an earlier statement to the Senate Judiciary Committee, EPIC warned that Kavanaugh, both as a top-level White House aide and then as a federal appellate judge, has shown little regard for the Constitutional privacy rights of Americans. In Klayman v. Obama, he backed the warrantless collection of the telephone records of all Americans under the "special needs" doctrine, a view endorsed by no other judge in the federal judiciary. In a second letter, EPIC urged postponement of the Senate vote, pending release of these documents. Yesterday, the American Bar Association called for postponement of the vote, pending an investigation of charges concerning sexual assault.

EPIC Opposes State Department Inspection of Visa Applicants' Social Media and Communications Records

In comments to the State Department, EPIC opposed changes to the visa application process that would allow the State Department to collect private social media identifiers, email addresses, and phone numbers for vetting purposes. The agency's plans to collect immigrant and nonimmigrant visa applicants' social media history and personal communications records raises substantial privacy, free expression and security concerns. EPIC urged the agency to retract these proposals. EPIC previously filed comments opposing the government's inspection of immigrants' social media activities, and has continuously advocated for strong First Amendment protections.

About September 2018

This page contains all entries posted to epic.org in September 2018. They are listed from oldest to newest.

August 2018 is the previous archive.

October 2018 is the next archive.

Many more can be found on the main index page or by looking through the archives.