« October 2018 | Main | December 2018 »

November 2018 Archives

November 1, 2018

D.C. Circuit to Hear Arguments in Case on Right to Informational Privacy

The D.C. Circuit Court of Appeals will hear arguments Friday in a case about the 2015 data breach at the U.S. Office of Personnel and Management, which affected 22 million federal employees, their friends, and their family members. EPIC filed an amicus brief in the case, joined by forty-four technical experts and legal scholars (members of the EPIC Advisory Board). In the brief, EPIC said that "when personal data is collected by a government agency, that agency has a constitutional obligation to protect the personal data it has obtained." In the 2011 case NASA v. Nelson, EPIC urged the Supreme Court to limit data collection by federal agencies, citing the growing risk of data breach in the federal government. Arguments are scheduled to begin at 9:30 AM ET and will be streamed live.

November 2, 2018

EPIC Urges Department of Transportation to Adopt Privacy Act Safeguards For "Insider Threat" Database

In comments to the Department of Transportation, EPIC has proposed privacy safeguards for the agency's "Insider Threat" database. The database would permit boundless collection of personal data on many people unaffiliated with the agency. The Department also plans to exempt the database from Privacy Act obligations that require data minimization and individual access to records. EPIC wrote, "It is as if the agency has placed itself beyond the reach of the American legal system on the issue of greatest concerns to the American public - the protection of personal privacy." EPIC also urged the agency to limit data collection, citing numerous government data breaches that have put individuals at risk. EPIC has consistently warned against overbroad and insecure government databases.

November 5, 2018

EPIC Seeks Special Counsel Reports on Russian Election Interference

EPIC has submitted an urgent Freedom of Information Act request to the Department of Justice for records about Special Counsel Robert Mueller's investigation into the Russian interference in the 2016 U.S. presidential election. In May 2017, the Acting Attorney General authorized an investigation into Russian interference, including "any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump." Special Counsel Mueller has since brought criminal charges against 33 individuals and three organizations. According to news reports and President Trump's attorneys, Special Counsel Mueller intends to transmit one or more reports detailing his findings. EPIC launched a project on Democracy and Cybersecurity in response to Russian interference in the 2016 presidential election. EPIC is currently pursuing several related FOIA cases concerning Russian interference with the 2016 election: EPIC v. FBI (response to Russian cyberattacks), EPIC v. ODNI (Russian hacking), EPIC v. IRS I (release of Trump's tax returns), EPIC v. IRS II (release of Trump’s offers-in-compromise), and EPIC v. DHS (election cybersecurity).

November 6, 2018

EPIC Urges Agencies to Abandon Data Practices that Extend Detention of Children

In comments to the Department of Health and Human Services, EPIC urged the agency to abandon a policy of transferring background check information from potential sponsors of unaccompanied children to the DHS. According to reports, children are kept in detention centers for extended periods due to this policy which places sponsors and household members at risk of deportation. The proposed rule also conflicts with HHS's Privacy Impact Assessment, which fails to assess this risk. EPIC had previously warned Congress about the misuse of immigrant data by the DHS.

November 7, 2018

UK Privacy Commissioner Releases Report on Data Analytics and Political Campaigns

The UK Information Commissioner released a report on the misuse of personal data in the Brexit vote. The investigation "uncovered a disturbing disregard for voters' personal privacy" and found that the Leave.EU campaign and Cambridge Analytica both improperly harvested personal data. The Commissioner's office will fine the Leave.EU campaign and would fine Cambridge Analytica if the firm were not already in bankruptcy proceedings. The UK report proposes a code of practice for the use of personal data in political campaigns. Earlier this year, EPIC and a coalition of consumer groups urged the FTC to investigate the Facebook-Cambridge Analytica matter. In March, the FTC said it would investigate the matter, but there is still no report, no findings and no fine. In response to EPIC's Freedom of Information Act lawsuit, the FTC has released agency emails about the 2011 Facebook Consent Order.

U.S. House Flips, EPIC Seeks Release of Trump Tax Returns

With the change of control in Congress and the ongoing interest in President Trump's tax returns, two EPIC Freedom of Information Act cases will receive renewed attention. In EPIC v. IRS, currently before the D.C. Circuit, EPIC argued that the IRS has the authority to disclose the returns to correct numerous misstatements of fact concerning his financial ties to Russia. President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim contradicted by his own attorneys, family members, and business partners. EPIC has repeatedly urged Congress to exercise oversight of the IRS and to support the disclosure of the President's returns in EPIC's case. In a second case, EPIC v. IRS II, EPIC is seeking the release of additional tax records related to President Trump and over 300 of his businesses. Two-thirds of voters favor the release of Trump's tax returns.

November 8, 2018

New Hampshire Voters Establish Constitutional Right to Informational Privacy

New Hampshire voters overwhelmingly approved a ballot measure that guarantees a constitutional right to information privacy in the state. The measure, which received 80% of the vote, amends Article 2 in the New Hampshire Bill of Rights providing that "an individual's right to live free from governmental intrusion in private or personal information is natural, essential, and inherent." New Hampshire joins a growing number of states with constitutional privacy protections. EPIC Advisory Board member David Flaherty has written about the development of constitutional privacy protections. EPIC regularly files amicus briefs supporting state privacy rights. In a recent amicus brief concerning the OPM data breach, EPIC argued that the right to information privacy exists in the federal Constitution.

November 9, 2018

EPIC Comments on NTIA’s Consumer Privacy Framework

EPIC submitted comments to the National Telecommunications and Information Administration—the agency that advises the White House on Internet policy—on the proposed framework for consumer privacy. EPIC backed the "Desired Outcomes:" (1) transparency, (2) control, (3) minimization, (4) security, (5) access and correction, (6) risk management, and (7) accountability. But EPIC urged the agency to support federal baseline legislation, the creation of a data protection agency, and the ratification of the International Privacy Convention. EPIC explained, "These are not policy preferences or partisan perspectives. These are the steps that modern societies must take to safeguard the personal data of their citizens.” NTIA Secretary David Redl met with the Privacy Coalition last month.

Continue reading "EPIC Comments on NTIA’s Consumer Privacy Framework" »

November 8, 2018

EPIC Urges Agencies to Abandon Data Practices that Extend Detention of Children

In comments to the Department of Health and Human Services, EPIC urged the agency to abandon a policy of transferring background check data from potential sponsors of unaccompanied children to the DHS. According to reports, children are kept in detention centers for extended periods due to a policy which places sponsors and household members at risk of deportation. The proposed rule also conflicts with a Privacy Impact Assessment, which fails to assess this risk. EPIC had previously warned Congress about the misuse of immigrant data by the DHS.

November 6, 2018

Supreme Court Orders Additional Briefing in Consumer Privacy Case

The U.S. Supreme Court has ordered additional briefing in Frank v. Gaos, a case about a controversial class action settlement. Plaintiffs alleged that Google disclosed search histories to third parties in violation of various privacy laws, but settled the case with no change in business practice and no benefit to class members. Now the Supreme Court has ordered supplemental briefs to determine whether any named plaintiff has standing to pursue the dispute. EPIC filed an amicus brief about the settlement, arguing that the "proposed settlement is bad for consumers and does nothing to change Google's business practices." EPIC and several consumer privacy organizations objected to the original settlement on three separate occasions. EPIC has filed many briefs on standing in consumer privacy cases.

November 13, 2018

EPIC Supports Constitutionality of "Robocall" Law

EPIC has filed a "friend of the court" brief in a case concerning the constitutionality of the Telephone Consumer Protection Act, the law the prohibits unwanted "robocalls." In Gallion v. Charter Communications, EPIC argued that "the TCPA prohibitions are needed now more than ever," citing the intrusiveness of marketing calls directed toward cell phones. EPIC also said the TCPA "protects important consumer privacy interests." EPIC testified in support of the TCPA and has submitted extensive comments and amicus briefs on the consumer privacy law.

November 15, 2018

Facing EPIC Lawsuit, FAA Scraps Secretive Drone Committees

The FAA's Drone Advisory Committee, facing an open government lawsuit from EPIC, has scrapped the secretive committees that developed drone policy. EPIC filed a lawsuit challenging the closed-door meetings with agency officials and industry reps. EPIC also charged that the FAA ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. The FAA acknowledged that the committees provided policy advice, but the FAA failed to comply with open government laws. EPIC has a long history of promoting government transparency and advocating for privacy protections against drones.

November 16, 2018

Pew Research: Widespread Concerns in US About AI

A new survey from the Pew Research Center "Public Attitudes Toward Computer Algorithms" found widespread concern about the fairness of automated decision making. According to the Pew report, "Americans express broad concerns over the fairness and effectiveness of computer programs making important decisions in people's lives." Americans oppose the use algorithms for criminal risk assessments (56%), automated resume screening for job applicants (57%), and personal finance scores (68%). Many of the concerns in the Pew Report are addressed in the Universal Guidelines for AI, the first human rights framework for AI. More than 200 experts and 50 NGOs have endorsed the Universal Guidelines. Public opinion polls consistently find strong support among Americans for new privacy laws.

EPIC Urges Department of Defense to Limit Disclosure of Personnel Records

In comments to the Department of Defense, EPIC has proposed privacy safeguards for the agency's Personnel Vetting system of records. The records system would authorize limitless collection of sensitive information on current, former, and prospective public and private sector employees, their friends and relatives, Red Cross volunteers, and foreign nationals. EPIC opposes the records system's disclosure standards that authorize sharing of individuals' personal information with any requesting source as part of an investigation, including U.S. Citizenship and Immigration Services and foreign law enforcement entities. EPIC consistently warns against overbroad government databases and urges agencies to withdraw unnecessary Privacy Act exemptions.

November 19, 2018

EPIC's Rotenberg Urges Support for AI Guidelines at OECD

Speaking to the OECD Global Strategy Group in Paris, EPIC President Marc Rotenberg urged OECD member countries to endorse the Universal Guidelines for AI. "Civil society recognizes that AI may help solve the world's greatest challenges - from climate change and resource scarcity to  medical breakthroughs and sustainable development. But we also believe that the public must be given the opportunity to participate in the development of AI policy. And there should be guidelines at the outset that safeguard democratic values and human rights," said Mr. Rotenberg. More than 200 experts and 50 NGOs, from across 40 countries, have endorsed the Universal Guidelines for AI, the first human rights framework for artificial intelligence. The OECD Global Strategy Group brings together senior officials from member countries to discuss the challenges shaping today's world.

November 20, 2018

EPIC Files Suit to Block Census Citizenship Question

EPIC has filed a lawsuit to block the addition of a citizenship question to the 2020 Census. EPIC charged that the Census Bureau failed to complete multiple Privacy Impact Assessments, as required by law. The Bureau abruptly added the citizenship question earlier this year but did not assess the privacy impact on census respondents, who are legally obligated to answer all questions. As EPIC's lawsuit reveals, the Bureau recently indicated—for the first time—that personal data provided to the Census Bureau could be used "for criminal law enforcement activities." The Bureau's admission raises new questions about whether citizenship information will be transmitted to the Department of Justice. EPIC has filed numerous successful lawsuits seeking to enforce federal agencies' obligation to publish Privacy Impact Assessments. Earlier this year, the Presidential Advisory Commission on Election Integrity was shut down after EPIC filed a lawsuit to block the collection of state voter data and challenging the Commission's failure to complete a Privacy Impact Assessment.

November 21, 2018

EPIC Challenges FTC's Withholdings of Records Regarding Irish Audits of Facebook

EPIC has submitted a Freedom of Information Act appeal challenging the Federal Trade Commission's withholdings of 42 pages of records about the Irish Data Protection Commissioner's inquiries regarding Facebook's compliance with the FTC Consent Order In response to EPIC's FOIA request the FTC released 413 pages of publicly available documents but withheld 42 pages in full under several exemptions, including an exemption protecting records compiled for law enforcement purposes. In 2011 the Irish Data Protection Commissioner initiated an audit of Facebook Ireland, a subsidiary of Facebook that is responsible for data protection for all Facebook users outside of the U.S. and Canada, to assess its compliance with both Irish Data Protection law and EU law. The 2011 audit found that the safeguards for third party applications did not ensure security for user data. The 2012 re-audit found a "satisfactory response" from Facebook regarding preventing third party applications from accessing unauthorized user information. Following the 2012 re-audit, the FTC and Irish Data Protection Commissioner signed a Memorandum of Understanding to mutually assist and exchange information to protect consumer privacy. Two years after the Irish Data Protection Commissioner determined a "satisfactory response," Cambridge Analytica improperly harvested the personal data of millions of users to use for political purposes. The FTC announced that it was reopening the Facebook investigation after the Cambridge Analytica scandal but to date, there has been no announcement, no report, and no fine. EPIC is holding FTC accountable to its 2011 consent order enforcement obligations in EPIC v. FTC seeking the full release of the Facebook Assessments and related records.

November 26, 2018

EPIC Urges Senate To Examine FTC's Failure to Enforce Facebook Consent Order, Unwind WhatsApp Deal

EPIC has sent a statement to the Senate Commerce Committee in advance of a hearing on "Oversight of the Federal Trade Commission." EPIC told the Committee that the FTC should enforce the Facebook Consent Order and unwind the Facebook-WhatsApp deal. As EPIC previously told Congress, the Cambridge Analytica scandal could have been avoided if the FTC had enforced the Consent Order. That Order followed complaints by EPIC and consumer privacy organizations in 2009 and 2010. In 2014, EPIC urged the FTC to block Facebook's acquisition of WhatsApp. In 2016, EPIC filed a second complaint after Facebook broke commitments to the FTC and began collecting WhatsApp users' data. EPIC also highlighted the FTC's inaction in major privacy cases such as those against Uber, Facebook, and Google.

November 27, 2018

At European Parliament, EPIC Proposes Safeguards for Crossborder Access to Personal Data

Speaking at the European Parliament, EPIC International Counsel Eleni Kyriakides called for safeguards for law enforcement access to personal data across national borders. During the LIBE Committee hearing on electronic evidence, Kyriakides stressed the need for prior judicial review, data minimization, transparency, public reporting, and individual remedies. Kyriakides said such "well-established protections should be required for cross-border orders." EPIC submitted an amicus brief in the related Supreme Court case United States v. Microsoft, pointing to fundamental rights obligations in international law and explaining that cross border access to data abroad should require international consensus. EPIC has joined an NGO coalition to establish human rights protections in the Convention on Cybercrime. Kyriakides published "Digital Free for All Part Deux: European Commission Proposal on E-Evidence" in Just Security.

In Hearing on Election Assistance Commission, EPIC Highlights Voting Report of National Academies

In advance of a hearing for commissioners to the Election Assistance Commission, EPIC submitted a statement to the Senate Rules Committee stressing the importance of strong election security standards. EPIC noted growing threats to election security and voting integrity. EPIC said the Commission should finalize the Voluntary Voting Systems Guidelines, the technical guidelines for voting systems' security. EPIC also cited the recent report of the National Academies of Science "Securing the Vote: Protecting American Democracy (2018)," which concluded that "all U.S. elections should use paper ballots by the 2020 presidential election." The National Academies also advised against Internet voting.

November 28, 2018

EPIC Urges Congress to Examine Surveillance at the Border

EPIC wrote to a Senate committee about the nominee to head the Immigration and Customs Enforcement agency. EPIC urged the Committee to examine the agency's practices, including the use of secretive algorithms and databases, warrantless searches of mobile devices, social media profiling, and the use of DACA application data for investigative purposes. EPIC has filed multiple FOIA lawsuits against ICE regarding theses surveillance programs. A previous FOIA lawsuit EPIC v. CPB uncovered Planter's role in Analytical Framework for Intelligence, a program that assigns "risk assessment" scores to travelers.

November 29, 2018

EPIC Provides U.S. Report for Privacy Experts Meeting

EPIC has provided a comprehensive report explaining the latest developments in U.S. privacy law and policy for the 64th meeting of the International Working Group on Data Protection, held this year in Queenstown, New Zealand. The Working Group includes Data Protection Authorities and experts from around the world who review emerging privacy challenges. The EPIC 2018 report details the NTIA's proposed U.S. consumer privacy framework, the confirmation of three members of the Privacy and Civil Liberties Oversight Board, the passage of the California Consumer Privacy Act of 2018, the announcement of the Universal Guidelines on Artificial Intelligence, and more. In April 2017, EPIC hosted the 61st meeting of the IWG in Washington, D.C. at the Goethe-Institut, Germany's cultural institute.

DHS Privacy Office Releases 2017 Data Mining Report

The Department of Homeland Security released the 2017 Annual Data Mining Report. According to the report, Customs and Border Protection expanded the use of Automated Targeting System's risk assessments to TSA's Secure Flight passenger data. TSA uses the Secure Flight data to compare airline passenger records against various watch lists and to score air travellers. The report describes the use of biometric data to match and screen individuals applying for immigration benefits against other databases. In EPIC v. CBP, EPIC is currently pursuing documents related to the biometric entry/exit program, which uses facial recognition at border crossings to identify and screen travelers.

November 30, 2018

EPIC to Senators: Universal Guidelines for Artificial Intelligence Are a Model Policy

In a statement to a Senate committee focused on technology and privacy, EPIC urged Senators to implement the Universal Guidelines for Artificial Intelligence in US law. The Guidelines maximize the benefits of AI, minimize the risk, and ensure the protection of human rights. More than 200 experts and 50 organizations, including the American Association for the Advancement of Science, have endorsed the Universal Guidelines. EPIC also expressed concern about the secrecy surrounding the Senate workshops on AI. In a petition earlier this year, EPIC and leading scientific organizations, including AAAS, ACM and IEEE, and nearly 100 experts urged the White House to solicit public comments on AI policy. EPIC told the Senate committee that the Senate must also ensure a public process for developing AI policy. EPIC has pursued several criminal justice FOIA cases, and FTC consumer complaints to promote transparency and accountability for AI decisionmaking. In 2015, EPIC launched an international campaign for Algorithmic Transparency.

Trump-Russia Records at Issue in Mueller Probe, EPIC v. IRS

New revelations in the Mueller probe implicate EPIC’s Freedom of Information Act cases for President Trump’s tax returns. In EPIC v. IRS, currently before the D.C. Circuit, EPIC argued that the IRS has the authority to disclose the returns to correct misstatements of fact concerning financial ties to Russia. Trump had tweeted that “Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING.” This claim is now disproven by the Special Counsel’s investigation, which recently determined that Mr. Trump pursued a major real estate deal with the Russian government in 2016. In a second case, EPIC v. IRS II, EPIC is seeking the release of tax records related to President Trump's businesses. EPIC has also filed a FOIA request for records concerning the Special Counsel investigation.

Continue reading "Trump-Russia Records at Issue in Mueller Probe, EPIC v. IRS" »

About November 2018

This page contains all entries posted to epic.org in November 2018. They are listed from oldest to newest.

October 2018 is the previous archive.

December 2018 is the next archive.

Many more can be found on the main index page or by looking through the archives.