« September 2018 | Main | November 2018 »

October 2018 Archives

October 1, 2018

Government Report: Border Drones Lack Effective Privacy Safeguards

An Inspector General report has found that a federal agency failed to establish privacy safeguards for sensitive drone communications. Customs and Border Control did not complete a privacy threshold analysis and sidestepped review by the agency privacy office. According to the IG report, the CBP also collected and stored surveillance data that "remained unprotected for more than 2 years." Through a Freedom of Information Act lawsuit, EPIC obtained a related CBP directive on Unmanned Aircraft System Operations and Privacy. In a recent statement to Congress, EPIC highlighted the unique threat drones pose to privacy and said that the Congress should "establish drone privacy safeguards that limit the risk of public surveillance" before granting new authority to federal agencies.

Intrusive Presidential Emergency Alert Scheduled for October 3 at 2:18 EDT

The Department of Homeland Security and FCC have rescheduled a controversial test that allows the President to suspend cell phone service and communicate directly with cell phone subscribers in the United States. The test message header is labelled "Presidential Alert" and will include the following text "THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed." Cell phone users cannot opt out of the test. The President has sole authority to determine when the alert will be activated. The test will use the same special tone and vibration as with alerts for Tornado Warnings and AMBER Alerts. It is unclear why the alert is designated a "Presidential Alert" or when it may be issued. In 2006, the Department of Homeland Security established a secret procedure - "SOP 303" - to suspend cell phone services. EPIC sued the agency after government officials disabled wireless service during a peaceful protest at a San Francisco metro station in 2011.

October 2, 2018

California Bans Anonymous Bots, Regulates Internet of Things

California Governor Jerry Brown recently signed two modern privacy laws, including a first in the nation law governing the security of the Internet of Things. SB327 sets baseline security standards for IoT devices. EPIC recently submitted comments to the Consumer Product Safety Commission recommending similar action. Governor Brown also signed a bill banning anonymous bots. The law makes it illegal to use a bot, or automated account, to mislead California residents or communicate without disclosing the identity of the actual operator. EPIC President Marc Rotenberg had earlier proposed that Asimov's Laws of Robotics be updated to require that robots reveal the basis of their decisions (Algorithmic Transparency) and that robots reveal their actual identity.

October 3, 2018

EPIC Urges Removal of Citizenship Question on 2020 Census

In advance of the nomination hearing for the Census director, EPIC has sent a statement to a Senate committee urging the Census Bureau to suspend the citizenship question in the 2020 Census until a Privacy Impact Assessment is conducted. The administration conceded that the question was added at the request of the Justice Department, but EPIC explained that census data should never be used for law enforcement because that would undermine the constitutional purpose and the integrity of the census. An earlier Privacy Impact Assessment preceded the addition of the citizenship question. EPIC said that assessment does not meet the agency standards and that the Census is required by law to conduct a revised assessment. Through a Freedom of Information Act request, EPIC obtained documents (part 1, part 2, part 3, part 4) concerning Commerce Secretary Wilbur Ross and the citizenship question. The census raises significant privacy risks and was used to target Japanese-Americans for internment during World War II. EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to DHS after 9-11. As a consequence of EPIC's lawsuit, the Census Bureau revised its policy on disclosing statistical information about "sensitive populations" to law enforcement and intelligence agencies. EPIC also opposed the addition of the citizenship question in recent comments to the U.S. Census Bureau.

Tim Cook to Keynote International Data Protection Conference

Apple CEO Tim Cook, an EPIC Champion of Freedom, will deliver the keynote speech at the 40th International Conference of Data Protection and Privacy Commissioners in Brussels on October 24. European Data Protection Supervisor Giovanni Buttarelli said, "Tim has been a strong voice in the debate around privacy, as the leader of a company which has taken a clear privacy position, we look forward to hearing his perspective." The theme of the International Conference is "Debating Ethics: Dignity and Respect in Data Driven Life." EPIC and the Public Voice are organizing a related symposium, "The Public Voice: AI, Ethics, and Fundamental Rights." Speakers include the European Data Protection Board Chair Andrea Jelinek, UK Information Commissioner Elizabeth Denham, NGO leaders, human rights advocates, and experts in Artificial Intelligence. EPIC has provided Public Voice Scholarships to support NGO participation.

National Archives Confirms Existence of Numerous Kavanaugh Records on Surveillance Programs

In response to EPIC's Freedom of Information Act suit, the National Archives has now confirmed that there are hundreds of records concerning Brett Kavanaugh's role in controversial White House surveillance programs, including warrantless wiretapping and the Patriot Act. The programs were later suspended, curtailed, or modified by Congress. The communication to EPIC revealed that Kavanaugh sent 11 e-mails to John Yoo, the architect of warrantless wiretapping; 227 e-mails about "surveillance" programs and the "Patriot Act;" and 119 e-mails concerning "CAPPS II" (passenger profiling), "Fusion Centers" (government surveillance centers), and the Privacy Act. The National Archives has processed roughly 300,000 pages of Judge Kavanaugh's records between 2001 and 2003. These records will be released this month pending White House approval. EPIC has warned that Kavanaugh, both as a top-level White House aide and then as a federal appellate judge, has shown little regard for the Constitutional privacy rights of Americans.

EPIC Calls on Senate Leaders to Postpone Vote on Kavanaugh Pending Release of White House Emails on Surveillance Programs

Following the release of new information to EPIC in a FOIA lawsuit against the National Archives, EPIC has asked Senator McConnell and Senator Schumer to postpone a vote on the nomination of Judge Brett Kavanaugh. The documents obtained in EPIC v. NARA reveal that Judge Kavanaugh played a significant role in controversial White House surveillance programs that implicate the constitutional privacy rights of Americans. The Archives has now confirmed that there are hundreds of emails concerning Kavanaugh's role in such programs as warrantless wiretapping, the Patriot Act, "CAPPS II" (passenger profiling), and "Fusion centers" (government surveillance centers). Kavanaugh exchanged almost a dozen emails to John Yoo, whose legal memos on surveillance were later rescinded by the Office of Legal Counsel. EPIC wrote, "the Senate curtailed several of these programs that Brett Kavanaugh helped develop."

FAA Funding Bill Passed by Senate Ignores Drone Surveillance Risks

The Senate has passed legislation to reauthorize the FAA and expand drone integration, but the bill ignores pressing concerns about the privacy impact of drones. A previous version of the bill included privacy protections originally proposed by Sen. Markey and Rep. Welch in the Drone Aircraft Privacy and Transparency Act. The version passed by the House and Senate only requires a report on drone surveillance risks but does not establish any baseline privacy safeguards. The bill now goes to the President's desk. EPIC has repeatedly urged both Congress and the FAA to take decisive action to limit the use of drones for surveillance and to establish a national database detailing drone surveillance capabilities. EPIC sued the FAA to establish privacy rules for drones, after more than 100 experts and organizations petitioned the agency.

October 4, 2018

International Privacy Experts Adopt Recommendations for Connected Vehicles

The International Working Group on Data Protection adopted new recommendations to protect privacy as vehicles become increasingly connected. The Berlin-based Working Group includes data protection authorities who assess emerging privacy challenges. As cars today connect both to the Internet and other vehicles "more and more personal data will be collected and processed by the vehicles and will become accessible to third parties," the Working Group paper explains. The Working Group recommended that vehicle sensors not store personal data of persons outside the vehicle, allow drivers to opt out of non-essential data collection, and minimize personal data collection. In comments to NHTSA, EPIC called for national safety standards for connected cars. EPIC also underscored the privacy risks of modern vehicles in a recent amicus brief to the Supreme Court. In 2017, EPIC hosted a meeting of the IWG in Washington, D.C. at the Goethe-Institut.

Inspector General Report: Airport Facial Recognition Faces Technical Problems

A Department of Homeland Security Inspector General report highlighted many challenges to facial recognition at airports. The problems of accurate biometric matches apply to all travelers, and particularly U.S. citizens. According to the Inspector General's report, "U.S. citizens accounted for the lowest biometric confirmation rate." A report obtained by EPIC last year through a Freedom of Information Act lawsuit revealed that iris imaging and facial recognition for border control did not perform at a "satisfactory" level. In a statement to Congress earlier this year, EPIC warned that biometric identification techniques are unreliable and lack proper privacy safeguards.

October 9, 2018

EPIC Tells Senate U.S. Faces Data Protection "Crisis"

In advance of a hearing on consumer privacy, EPIC told the Senate Commerce Committee that America is facing a data protection "crisis." EPIC highlighted recent breaches at Google and Facebook, coupled with the FTC's failure to enforce its own consent orders, and said the system is "badly broken." EPIC also noted that more than six months have passed since the FTC said it would investigate Cambridge Analytica, "but still there is no report, no outcome, and no fine." EPIC joined a coalition of 28 consumer privacy groups in a letter to the Senate Commerce Committee, endorsing "federal baseline legislation, heightened penalties for data breaches, the end of arbitration clauses, the establishment of a privacy agency in the U.S., techniques for data minimization, [and] algorithmic transparency to prevent the secret profiling of American consumers." In today's statement, EPIC told the Committee "The FTC's failure to enforce consumer privacy safeguards has led not only to diminished data protection in the United States, but also to less innovation and less competition among Internet services."

Registration Opens for Public Voice Symposium on AI and Ethics

EPIC and the Public Voice, a coalition of civil society organizations, will host a symposium in Brussels on AI and ethics on October 23, 2018. Speakers for "AI, Ethics, and Fundamental Rights" include Professor Anita Allen, European Data Protection Board Chair Andrea Jelinek, UK Information Commissioner Elizabeth Denham, Irish Data Protection Commissioner Helen Dixon, NGO leaders, human rights advocates, and experts in Artificial Intelligence. EPIC has provided Public Voice Scholarships to support NGO participation in the International Conference of Data Protection and Privacy Commissioners, which follows the Public Voice symposium. Registration is now open for the Public Voice symposium. Email brussels18@thepublicvoice.org with full name and affiliation to register. EPIC will also provide copies of the 2018 Privacy Law Sourcebook to symposium participants.

Consumer and Privacy Organizations Propose Framework for U.S. Data Protection

EPIC joined a group of twelve consumer and privacy organizations that submitted a statement to the Senate Commerce Committee in advance of a consumer privacy hearing. The groups outlined a draft framework for data protection in the U.S., advocating that Congress (1) enact baseline federal data protection legislation; (2) limit government access to personal data; (3) establish algorithmic transparency and end discriminatory profiling; (4) prohibit “take it or leave it” and other unfair terms; (5) ensure robust enforcement; (6) promote privacy innovation; and (7) establish a data protection agency. EPIC also submitted a statement to the Committee that highlighted recent breaches at Google and Facebook and the FTC's failure to enforce its own consent orders.

October 11, 2018

Public Voice Seeks Comments on AI Guidelines

In advance of an international conference with privacy commissioners from around the world, the Public Voice, a civil society coalition, is seeking comments on Guidelines for Artificial Intelligence. The draft Guidelines set out several principles to "guide the design and use of AI," including a Right to Transparency and a Right to a Human Determination, an Identification Obligation and a Public Safety Obligation, and Prohibitions on Secret Profiles and National Scoring. According to the statement, "the Guidelines should be incorporated into ethical standards, adopted in national law and international agreements, and built into the design of systems." The Public Voice launched a similar campaign in 2009 in support of the Madrid Privacy Declaration. The draft AI Guidelines are open for comment until October 16, 2018. The Guidelines will be open for signature by individuals and organizations on October 17, and released in Brussels on October 23.

International Privacy Convention Open for Signature

The Council of Europe has opened for signature updates to Convention 108, the international Privacy Convention. Among other changes, the modernized Convention requires prompt data breach notification, establishes national supervisory authorities to ensure compliance, permits transfers abroad only when personal data is sufficiently protected, and provides new user rights, including algorithmic transparency. Twenty-one nations have signed the treaty. Many more are expected to sign. EPIC and consumer coalitions have urged the United States to ratify the international Privacy Convention. The complete text of the modernized Convention will be available in the 2018 edition of the Privacy Law Sourcebook, available at the EPIC Bookstore.

In EPIC Suit, National Archives Identifies Thousands of Kavanaugh E-mails on Surveillance Programs

In EPIC's Freedom of Information Act suit, the National Archives has now identified thousands of additional records concerning Justice Kavanaugh's role in controversial White House surveillance programs, including warrantless wiretapping and the Patriot Act. These programs were later suspended, curtailed, or modified by Congress. The agency completed its second search of e-mails on Wednesday, in response to EPIC's case, and found that Kavanaugh received 183 messages from John Yoo, the architect of the warrantless wiretapping program. The Archives also found 1,988 e-mails concerning Kavanaugh and "surveillance" programs and the "Patriot Act" and 754 e-mails concerning Kavanaugh "CAPPS II" (passenger profiling), "Fusion Centers" (government surveillance centers), and the Privacy Act. The National Archives will eventually release these records to the public as a result of EPIC's lawsuit. Prior to nomination hearing, EPIC had warned that Kavanaugh, both as a White House legal advisor and then as a federal appellate judge, showed little regard for the constitutional privacy rights of Americans.

October 12, 2018

U.S. Senate Confirms EPIC Advisory Board Member Ed Felten to PCLOB

The Senate last night confirmed Advisory Board Member Ed Felten to serve on the Privacy and Civil Liberties Oversight Board. Professor Felten is a former Chief Technology Officer for the FTC and former Deputy White House Science Advisor. Felten's confirmation, along with two others, establishes a quorum for the long dormant agency but still leaves key nominees pending. EPIC and others have urged the Senate to fill the vacant PCLOB seats. EPIC helped establish the PCLOB. In 2003 EPIC testified before the 9-11 Commission and urged the creation of an independent privacy agency to oversee the surveillance powers established after 9/11. EPIC also set out priorities for the PCLOB and spoke at the first meeting of the Oversight Board in 2013. In 2016, EPIC awarded former PCLOB Board Member Judge Patricia Wald with the Champion of Freedom Award.

EPIC FOIA: EPIC Obtains Secure Flight Documents

In response to EPIC's Freedom of Information Act request, the Transportation Security Administration has released records about Secure Flight, a program that compares airline passenger records with various watch lists. The documents provided to EPIC contain an interagency agreement between the TSA and Customs and Border Protection, as well as related documents about Secure Flight. During the processing of EPIC's request, the TSA destroyed over a hundred pages of responsive records "due to the records disposition schedule." EPIC has testified before Congress and published a "Spotlight on Surveillance" report about the Watchlist Program. For more information, see EPIC: Passenger Profiling, and EPIC: Air Travel Privacy.

EPIC Files Appeal with D.C. Circuit, Seeks Release of 'Predictive Analytics Report'

EPIC has appealed a federal district court decision for the release of a "Predictive Analytics Report." The district court backed the Department of Justice when the agency claimed the "presidential communications privilege." But neither the D.C. Circuit Court of Appeals nor the Supreme Court has ever permitted a federal agency to invoke that privilege in a FOIA case. EPIC sued the agency in 2017 to obtain records about "risk assessment" tools in the criminal justice system. These controversial techniques are used to set bail, determine criminal sentences, and even contribute to determinations about guilt or innocence. EPIC has pursued numerous FOIA cases concerning algorithmic transparency, passenger risk assessment, "future crime" prediction, and proprietary forensic analysis. The D.C. Circuit will likely hear EPIC's appeal next year.

EPIC, Coalition Warn Australian Bill Would Weaken Encryption

EPIC and a coalition of civil society organizations told the Australian Parliament that pending legislation would weaken digital security and increase the risks to human rights. The proposal is one of several that promotes weak encryption for digital services. In 2016, Apple refused a demand by the FBI to redesign iPhones to enable law enforcement access. The FBI sued Apple, and EPIC filed an amicus brief in support of Apple, arguing that the FBI's demand "places at risk millions of cell phone users across the United States." The FBI eventually dropped the case.

October 15, 2018

EPIC v. FTC: EPIC Obtains Emails about Facebook Audits

In response to EPIC's Freedom of Information Act lawsuit, the FTC has released communications about Facebook's biennial audits. The audits are required by the FTC's 2011 Consent Order with Facebook, which followed a detailed complaint by EPIC and other consumer privacy organizations. The emails show that the FTC had concerns about the scope of Facebook's 2015 assessment, stating "PwC's report does not demonstrate whether and how Facebook addressed the impact of acquisitions on its Privacy Program." In other email, the FTC expressed similar concerns about the 2017 assessment and whether the audit evaluated the company's acquisitions impact on Facebook's privacy program. EPIC had previously opposed Facebook's acquisition of WhatsApp and submitted detailed comments for the FTC's review of the merger remedy process. In March 2018, following the Cambridge Analytica breach, the FTC announced it was reopening the Facebook investigation, but still there is no announcement, no report, and no fine.

October 16, 2018

EPIC Publishes "Privacy Law Sourcebook 2018"

EPIC proudly announces the 2018 edition of the Privacy Law Sourcebook, the definitive reference guide to US and international privacy law. The Privacy Law Sourcebook is an edited collection of the primary legal instruments for privacy protection in the modern age, including United States law, International law, and recent developments. The Privacy Law Sourcebook 2018 has been updated and expanded to include the modernized Council of Europe Convention on Privacy, the Judicial Redress Act, the CLOUD Act, and new materials from the United Nations. The EPIC Privacy Law Sourcebook also includes the full text of the GDPR. EPIC will make the Privacy Law Sourcebook freely available to NGOs and human rights organizations. EPIC publications and the publications of EPIC Advisory Board members are available at the EPIC Bookstore.

October 17, 2018

EPIC FOIA: Records Show DHS Ignored Privacy, First Amendment Threats of Media Monitoring Program

EPIC has obtained records concerning "Media Monitoring Services," a controversial DHS project to track journalists, news outlets, and social media accounts. The records, released in EPIC's FOIA lawsuit against the federal agency, reveal that the DHS bypassed the agency's own privacy officials and ignored the privacy and First Amendment implications of monitoring the coverage by particular journalists of a federal agency. As a result of EPIC's lawsuit, the agency previously admitted that it did not conduct a Privacy Impact Assessment for the program, as required by law. EPIC has successfully obtained several Privacy Impact Assessments, including for a related media tracking system (EPIC v. DHS) and for facial recognition technology (EPIC v. FBI). In EPIC v. Presidential Election Commission, EPIC challenged the Commission's failure to publish a Privacy Impact Assessment prior to the collection of state voter data.

October 18, 2018

EPIC Files Amicus in Case Concerning Government Searches and Google's Email Screening Practices

EPIC has filed an amicus brief with the U.S. Court of Appeals for the Sixth Circuit in United States v. Miller, arguing that the Government must prove the reliability of Google email screening technique. The lower court held that law enforcement could search any images that Google's algorithm had flagged as apparent child pornography. EPIC explained that a search is unreasonable when the government cannot establish the reliability of the technique. EPIC also warned that the government could use this technique "to determine if files contain religious viewpoints, political opinions, or banned books." EPIC has promoted algorithmic transparency for many years. EPIC routinely submits amicus briefs on the application of the Fourth Amendment to investigative techniques. EPIC previously urged the government to prove the reliability of investigative techniques in Florida v. Harris.

October 19, 2018

EPIC v. FTC: EPIC Obtains Facebook-FTC Emails About 2011 Consent Order

In response to EPIC's Freedom of Information Act lawsuit, the FTC has released agency emails about the 2011 Facebook Consent Order. Following a detailed complaint by EPIC and other consumer privacy organizations, the FTC issued an order in 2011 that required biennial audits of Facebook's privacy practices. EPIC pursued public release of these reports and related emails to understand why the FTC failed to bring an enforcement action action against the company. Today the FTC released to EPIC 89 emails between the FTC and Facebook from the years 2011, 2012, 2013, 2014, 2015, 2016, 2017, and 2018. In March 2018, following the Cambridge Analytica data breach, the FTC announced it was reopening the Facebook investigation. To date, there is still no announcement, no report, and no fine.

October 22, 2018

Federal Appeals Court: No Copyright for Public Law

A federal appeals court has ruled that Georgia cannot copyright any part of the state’s code of laws. Georgia had previously charged citizens as much as $400 to access official "annotations" to the code, which establish the meaning of the state's laws. But the appeals court ruled that "the People are the owners of these works, meaning that the works are intrinsically public domain material and, therefore, uncopyrightable." EPIC has long advocated for public access to court documents and other sources of law. In 2015, EPIC called on federal agencies to make statutes, regulations, adjudications, and relevant court documents freely available on agency websites.

BREAKING - Universal Guidelines for Artificial Intelligence to be Released in Brussels

The Universal Guidelines for Artificial Intelligence, the first human rights framework for AI, will be announced in Brussels on October 23 at the Public Voice symposium "AI, Ethics, and Fundamental Rights." The Universal Guidelines set out 12 principles to "inform and improve the design and use of AI. The Guidelines are intended to maximize the benefits of AI, to minimize the risk, and to ensure the protection of human rights." More than 150 experts and 40 organizations, including the American Association for the Advancement of Science, have endorsed the Universal Guidelines. Representatives from more than 30 countries supported the statement. The release of the Universal Guidelines precedes the annual meeting of the Data Protections and Privacy Commissioners, the leading privacy event in the world.

October 24, 2018

Buttarelli Opens Commissioners Conference: "Put Dignity Back Into Digital"

Giovanni Buttarelli, the European Data Protection Supervisor, delivered the opening speech of the Privacy Commissioners Conference, "Choose Humanity: Putting Dignity back into Digital." Buttarelli said "we need to establish a sustainable ethics for a digital society." The privacy commissioners have adopted new resolutions on Artificial Intelligence, E-Learning, Collaboration with Consumer Protection Authorities, and Building Effective Privacy Networks.

Tim Cook Calls for "Comprehensive" Federal Privacy Law

Apple CEO Tim Cook (@tim_cook) delivered an impassioned speech at at the Commissioners Conference in Brussels. Cook said, "Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies." Cook warned, "Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false. This crisis is real. It is not imagined, or exaggerated, or crazy." Cook endorsed the GDPR and called for comprehensive privacy legislation in the US. Tim Cook received the EPIC Champion of Freedom Award in 2015.

In Brussels, Professor Allen Addresses Ethics and Law

Professor Anita Allen delivered a moving keynote address today at the Privacy Commissioners Conference. Allen spoke about ethics as the "basis of character and moral life." And she described the coexistence of law and ethics. "Ethics are respected as the ideal foundation of law and professional standards." Allen published an essay this week in New Europe "Why Ethics Now?" Allen is a member of the EPIC board of directors and a recipient of an EPIC Lifetime Achievement award. She is the author of several books, including Privacy Law and Society.

Professor Allen Backs AI Universal Guidelines at Press Event in Brussels

Professor Anita Allen expressed support for the Universal Guidelines for AI at a press conference in Brussels. Allen called attention to the fairness, transparency, and accountability guidelines as foundational ethical principles. More than 220 experts and NGOs have endorsed the UGAI. Allen also called for a comprehensive privacy law in the US, noting that US law is "outdated." Allen spoke on a panel with Tristan Harris, Elizabeth Denham, Tim Berners Lee, and Pascale Fung, organized by the European Data Protection Supervisor.

EPIC FOIA: National Archives Finds More Kavanaugh E-mails on Surveillance Programs

The National Archives has found hundreds of e-mails about Justice Kavanaugh's role in controversial White House surveillance programs, including warrantless wiretapping and passenger profiling. Following EPIC's Freedom of Information Act lawsuit, the agency found hundreds of Kavanaugh email messages about the wiretapping program from 2003. Kavanaugh also exchanged 95 e-mail messages about the controversial renewal in 2004, which the Attorney General and FBI Director opposed. There are also 573 Kavanaugh email messages about "Lichtblau" and "Risen" prior to the New York Times expose on the warrantless wiretapping program. The National Archives also found more than 8,000 e-mails that Kavanaugh sent or received about passenger profiling programs. Prior to the nomination hearing, EPIC warned that Kavanaugh, both as a White House legal advisor and then as a federal appellate judge, showed little regard for the constitutional privacy rights of Americans.

October 25, 2018

Rotenberg Addresses Role of Civil Society, Ethics at Commissioner's Conference

Speaking at the closing session of the 40th annual meeting of the Data Protection Commissioners, EPIC President Marc Rotenberg emphasized the importance of civil society participation in the annual privacy conference. "This cannot be a conversation between governments and industry. Democratic legitimacy requires public participation," said Mr. Rotenberg. He thanked European Data Protection Supervisor Giovanni Buttarelli and the Data Protection Commissioners for their support for the Public Voice and the work of civil society. Speaking to the conference theme, Mr. Rotenberg emphasized the importance of ethics to emerging challenges in the data protection field, such as AI. He described the development of the Universal Guidelines for AI, which acknowledged current legal rights but also incorporated ethical guidelines from computer science and human rights. "Ethics tells us not only what the law is, but also what the law should be," said Mr. Rotenberg.

October 29, 2018

EPIC Urges NSF to Establish Universal Guidelines as Basis for US AI Policy

Following a petition from EPIC and leading scientific societies requesting the opportunity for public comment on national policies for Artificial Intelligence, EPIC submitted comments urging the National Science Foundation to adopt the Universal Guidelines for Artificial Intelligence, and to promote and enforce the UGAI across funding, research, and deployment of US AI systems. Over 200 experts and 50 organizations, including the American Association for the Advancement of Science, have endorsed the Universal Guidelines for Artificial Intelligence. The Guidelines outline rights to transparency and human determination, obligations for identification, fairness, accountability, validity, data quality, public safety, cybersecurity, termination, and prohibitions on secret profiling and unitary scoring. EPIC said that UGAI should shape the National AI Strategic Plan for the United States.

Federal Trade Commission Approves Settlement with Uber

The Federal Trade Commission finalized a settlement with Uber after the company failed to implement reasonable security measures and allowed employees to access customers' personal information. Because of Uber's lax security practice, the company was breached twice, exposing vast amounts of sensitive information. The settlement follows on the heels of Uber's settlement with the attorneys general of all fifty states and the District of Columbia for failing to notify users of Uber's second breach in 2016. EPIC wrote to the FTC in May, urging the Commission to strengthen its existing settlement with Uber. The Commission responded directly to several of EPIC's suggestions, which included mandating cybersecurity and privacy requirements. Commissioner Chopra also agreed with EPIC that "the Commission should make required audits and assessments public." EPIC's 2015 complaint with the FTC regarding Uber's abuse of personal data led to a previous FTC settlement with Uber. EPIC has also proposed a privacy law for Uber and other similar transportation companies.

October 30, 2018

In Amicus Brief, EPIC Opposes Citizenship Question in 2020 Census

EPIC has filed an amicus brief in a case challenging the addition of a citizenship question to the 2020 census. EPIC expressed support for the decennial tally of those in the US, but warned that, "history has shown that personal data, collected by the government through the census, can threaten individual rights." EPIC said that the Bureau failed to complete an updated Privacy Impact Assessment about the risk that personal data could be used for purposes unrelated to the census. In comments to the Census Bureau, EPIC opposed the citizenship question this year. EPIC also obtained Census Bureau documents in FOIA case, including email from Kris Kobach to Secretary Ross requesting the addition "on the direction of Steve Bannon." A 2004 EPIC FOIA lawsuit revealed that the Census Bureau had provided DHS with data on Arab Americans after 9-11, leading the Census Bureau to revise its "sensitive data" policy for transfers to law enforcement and intelligence agencies. Former Directors of the Census Bureau also filed an amicus brief in New York et al. v. Department of Commerce, opposing the citizenship question.

Supreme Court to Hear Arguments about Controversial Consumer Privacy Settlement

The U.S. Supreme Court will hear arguments this week in Frank v. Gaos, a class action settlement that provided no benefit to Internet users. Google disclosed user search histories to third parties without consent, a practice that could violate federal and state privacy laws. But under the terms of the settlement, Google "will not be required or requested to make any changes" to its business practices. Also, no funds were provided to the Internet users on whose behalf the case was brought. EPIC filed an amicus brief arguing that the settlement was not "fair, reasonable, and adequate." EPIC stated, "The proposed settlement is bad for consumers and does nothing to change Google's business practices." A federal appeals court narrowly approved the settlement, 2-1, with the dissenting judge warning that courts must be on the lookout "not only for explicit collusion, but also for more subtle signs that class counsel have allowed pursuit of their own self-interests." EPIC and several consumer privacy organization objected to the original settlement on three separate occasions. EPIC routinely opposes class action settlements that fail to benefit consumers and Internet users.

October 31, 2018

European NGOs Launch GDPR Campaign

EDRi, a powerful association of European NGOs, launched a campaign to implement the EU General Data Protection Regulation. GDPR Today is an online hub reporting the latest developments in data protection. "The initiative will prioritise building knowledge around legal guidelines and decisions, data breaches, new codes of conduct, tools facilitating individuals’ exercise of rights, important business developments and governmental support for data protection authorities," EDRi explained. EPIC recently encouraged US firms to comply with the GDPR, and advised the UK Information Commissioner's Office on Data Protection Impact Assessments and GDPR implementation. The 2018 Privacy Law Sourcebook also includes the full text of the GDPR.

EPIC Opposes Agency Collection of Personal Information Contained In Correspondence

In comments to the Department of Homeland Security, EPIC opposed changes to the agency's Correspondence Tracking System. The agency's proposal would allow the DHS to collect personal information about individuals named in agency correspondence, even if they had no direct contact with the agency. EPIC urged DHS to withdraw the proposal, along with revisions that would conflict with federal law. EPIC said DHS should undertake an updated Privacy Impact Assessment. EPIC has routinely urged strict compliance with Privacy Act and warned that overbroad government databases threaten individual privacy.

About October 2018

This page contains all entries posted to epic.org in October 2018. They are listed from oldest to newest.

September 2018 is the previous archive.

November 2018 is the next archive.

Many more can be found on the main index page or by looking through the archives.