« December 2018 | Main | February 2019 »

January 2019 Archives

January 3, 2019

Federal Court: NYC Data Disclosure Law Violates Fourth Amendment

A federal court has blocked a New York City law requiring home-sharing platforms to disclose detailed personal information about users, ruling that the ordinance violates the Fourth Amendment. The law would have required companies such as Airbnb to disclose the names, contact information, financial data, and rental histories of hosts, even when no unlawful conduct was suspected. "An attempt by a municipality in an era before electronic data storage to compel an entire industry monthly to copy and produce its records as to all local customers would have been unthinkable under the Fourth Amendment," the court wrote. The court followed a Supreme Court case Los Angeles v. Patel, which prohibited the warrantless searches of hotel records. EPIC filed an amicus brief in Patel. The federal court also cited Carpenter v. United States, Byrd v. United States, Riley v. California, and United States v. Jones, Supreme Court cases in which EPIC also filed amicus briefs. The decision in Airbnb v. New York also has implications for the data collection practices of so-called Smart Cities.

Border Agency Finalizes Social Media Collection Rule

Despite comments from EPIC and others, Customs and Border Protection will collect social media information from Americans and place that data outside legal protections provided by the Privacy Act. EPIC proposed opposed the collection of personal data and said that CBP should narrow the Privacy Act exemptions. The agency responded briefly to public comments, failing to defend the agency's decision. In a related FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government.

January 7, 2019

Supreme Court Denies Review of EPIC Petition

The Supreme Court has let stand an adverse lower court ruling in EPIC's case about state voter data. EPIC filed suit against the Presidential Election Commission in 2017 to halt the collection of state voter data. As a result of EPIC's case, the Commission suspended data collection, discontinued the use of an unsafe computer server, and deleted the state voter data it wrongly acquired. And the Commission was terminated last year. However, a lower court ruled that EPIC, at the time it brought the case, was limited in its ability to pursue certain claims. EPIC asked the Supreme Court to review that decision and the fact the demise of the Commission made it impossible for EPIC to challenge the ruling. But the Court left the ruling unchanged. EPIC's case in the Supreme Court is EPIC v. Commission, No. 18-267.

National Archives Releases Kavanaugh Emails on Surveillance Programs Identified in EPIC Suit

The National Archives has released thousands of emails Justice Kavanaugh sent between January 2001 and July 2003 while working in the White House Counsel's office. The release includes hundreds of emails concerning controversial White House surveillance programs the Archives previously identified in response to EPIC's lawsuit. In October, the National Archives revealed that Kavanaugh sent 11 e-mails to John Yoo, the architect of warrantless wiretapping; 227 e-mails about "surveillance" programs and the "Patriot Act;" and 119 e-mails concerning "CAPPS II" (passenger profiling), "Fusion Centers" (government surveillance centers), and the Privacy Act. Subsequent searches revealed thousands more emails sent to Kavanaugh about mass surveillance programs.

January 8, 2019

EPIC Commends FAA Comment Opportunity on Aircraft Security, Urges More Public Reporting

In comments to the Federal Aviation Administration, EPIC praised the agency for inviting public input on technology that exposes aircraft control networks to remote hacking. EPIC previously warned the FAA that, "hackers can exploit weaknesses in drone software to gain control of a drone's movement and other features." EPIC has also called attention to the potential for connected cars and Internet of Things devices to be hacked. EPIC recommended that the FAA routinely report on the growing risks of cyber attack.

January 9, 2019

EPIC to FTC: Establish Free Credit Monitoring for All Consumers

In comments to the FTC, EPIC recommended free credit monitoring for all consumers. The agency will require free credit monitoring for all active service members, following legislation enacted last year. EPIC said the FTC should urge Congress to extend free credit monitoring services. The statute includes several pro-consumer measures that EPIC favored: it (1) requires consumer reporting agencies to provide a consumer with free "credit freezes" that limit third party access to personal data, (2) establishes clear provisions for these freezes, and (3) creates new protections for the credit records of minors. In testimony before the Senate and House following the Equifax data breach, EPIC recommended credit freezes and free credit monitoring services.

European Commission Seeks Input on AI Policy

The European Commission's Expert Group on Artificial Intelligence has requested comments on draft Guidelines for Trustworthy AI. The EU Guidelines state, "Trustworthy AI has two components: (1) it should respect fundamental rights, applicable regulation and core principles and values, ensuring an 'ethical purpose' and (2) it should be technically robust and reliable since, even with good intentions, a lack of technological mastery can cause unintentional harm." The EU Guidelines reflect several principles from the Universal Guidelines for Artificial Intelligence, which have been endorsed by more than 250 experts and 60 organizations in 40 countries. The Universal Guidelines promote transparency, accuracy, and fairness for AI systems. Comments to the European Commission are due January 18, 2019. The final report will be released in March 2019.

Appeals Court Hears Arguments in Dating App Abuse Case

A federal appeals court heard oral arguments in a case about whether a dating app is liable for failing to remove a false profile that enabled abusive conduct. EPIC filed an amicus brief in Herrick v. Grindr, arguing that the relevant law was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if internet services are not accountable for harassment and abuse. EPIC routinely files friend of the court briefs in cases concerning emerging privacy and civil liberties issues.

January 10, 2019

EPIC FOIA: Kavanaugh and Yoo Corresponded at White House about Warrantless Surveillance

Newly released emails from the Bush Whitehouse reveal that Brett Kavanaugh and John Yoo, architect of the warrantless surveillance program, exchanges several messages about warrantless surveillance programs in the fall of 2001. The release follows EPIC's FOIA lawsuit for Justice Kavanaugh's records from when his nomination was before the United States Senate. The new records show that there were multiple emails about the warrantless surveillance program that was eventually overturned by the US Congress. The emails also reference a signing statement—likely for the 2001 authorization of military force — and a discussion thread "FISA [Foreign Intelligence Surveillance Act] letter." The agency previously identified several hundred e-mails about surveillance programs that Kavanaugh authored. But the text of many emails was withheld in full, leaving open questions about Kavanaugh's role in the post-9/11 surveillance programs.

EPIC Asks UN to Question US About Privacy Violations by Private Firms

As part of a routine review, EPIC asked the United Nations Human Rights Committee to question the US about the failure to protect individuals against privacy violations by private industry. This year the Committee will review US compliance with human rights obligations under the International Covenant on Civil and Political Rights. EPIC explained that countries "have a duty to protect individuals against human rights violations by non-state actors," and pointed to Article 17 in the international agreement. "Despite record-breaking data breaches, identity theft, and extensive corporate surveillance, the U.S still lacks both comprehensive privacy legislation and a data protection authority," EPIC concluded. The EPIC 2018 Privacy Law Sourcebook provides a comprehensive overview of privacy laws in the US and around the world.

January 11, 2019

European Court Adviser Says Right to be Forgotten Need Not Be Applied Worldwide

The opinion of a key adviser to the Europe's top court finds that that the "right to be forgotten" need not be applied worldwide. Google v. Commission nationale de l'informatique et des liberté follows a ruling in Google v. Spain that Europeans have a right, in some circumstances, to remove links to their personal data posted online by Google. The advocate general said that while Europeans are entitled to have private information delisted in the EU, search engines do not have to remove links from view in foreign domains even though they make the personal data available in those domains for commercial benefit. EPIC has supported the CNIL's approach instead, contending "the right to privacy is global." The European Court of Justice will now decide whether to adopt the opinion from the Advocate General. EPIC published "The Right to be Forgotten on the Internet: Google v. Spain" an account of the case by former Spanish Privacy Commissioner and EPIC Champion of Freedom Professor Artemi Rallo.

Supreme Court to Consider Open Government and Fourth Amendment in 2019

The Supreme Court agreed today to hear two cases of interest to privacy and open government advocates. One case concerns the withholding of "confidential" information requested under the Freedom of Information Act. EPIC recently sued the Federal Trade Commission for information about Facebook's privacy practices, but the FTC has claimed the records are confidential and therefore should not be released. The second case, Mitchell v. Wisconsin, concerns a state law that permits law enforcement officers to draw blood from unconscious motorists without a warrant. EPIC routinely participates as amicus in Supreme Court cases concerning open government and privacy issues. Both cases are expected to be decided by the end of the Court's term in June.

EPIC Seeks to Intervene in Human Rights Case on Government Hacking

EPIC is requesting to intervene in a case before the European Court of Human Rights testing the human rights standards for government hacking of computers and other devices. Brought by international NGO Privacy International, Privacy International v. United Kingdom asks whether remote hacking of devices and the use of malware by UK intelligence services violate the European Convention on Human Rights. EPIC seeks to present information to the Court on the unique privacy risks of government hacking. EPIC previously filed a brief with the Court of Human Rights in Big Brother Watch v. UK, which found UK mass surveillance violated fundamental rights to privacy and freedom of expression. EPIC also participated as amici in Apple v. FBI, concerning a court order that would have required Apple to assist the FBI hack a seized iPhone.

January 14, 2019

Congress Requests Emergency Meeting On Location Privacy

A key House panel requested an emergency briefing from the Federal Communications Commission to determine why the agency has not prevented wireless carriers from selling consumers' location data. The request followed reports that wireless providers sell location data to third parties, despite pledging to not do so after investigations last year. In 2007, EPIC urged the FCC to establish privacy safeguards for location data. And in 2010 EPIC wrote to the House Commerce Committee that "Locational privacy concerns are substantial and growing more severe." EPIC also filed a friend of the court brief in 2017 in the landmark location privacy case, Carpenter v. United States. A recent article by EPIC President Marc Rotenberg, for the American Constitution Society, sets out recommendations for Congress after the Carpenter decision.

Senate to Consider Nomination of William Barr for Attorney General

This week the Senate Judiciary Committee will begin hearings on the nomination of William Barr for Attorney General. In a statement to the Committee, EPIC warned that "Mr. Barr has consistently supported warrantless surveillance of the American people." EPIC pointed to Barr's previous Congressional testimony where he stated that FISA is "too restrictive" and that Americans have no Fourth Amendment right in records held by third parties. EPIC recommended that the Department of Justice work with Congress to update federal wiretap laws after the Supreme Court's decision in Carpenter, improve reporting on surveillance orders, and protect consumers in cases before the Supreme Court.

January 15, 2019

NY Court Blocks Citizenship Question in 2020 Census

A federal judge has ruled that the Secretary of Commerce's decision to add the citizenship question to 2020 Census was unlawful. EPIC filed an amicus brief in the case, arguing that "history has shown that personal data, collected by the government through the census, can threaten individual rights." EPIC has also sued the Department of Commerce (EPIC v. Commerce) because the agency failed to complete a Privacy Impact Assessment prior to collecting citizenship data. A 2004 EPIC FOIA lawsuit revealed that the Census Bureau provided DHS with data on Arab Americans after 9-11, leading the Census Bureau to revise its "sensitive data" policy for transfers to law enforcement and intelligence agencies.

Senator Leahy Questions Barr about Carpenter Privacy Case

During the nomination hearing for the next Attorney General, Senator Leahy asked Mr. Barr whether the Supreme Court's recent decision in the Carpenter case affected his views on privacy. "You had said that a person has no Fourth Amendment right to these records left in the hands of third parties—the third-party doctrine—which seems to be undercut by Carpenter," observed Senator Leahy. Barr responded, somewhat surprisingly, that he had "not read that decision" but "it may modify [his] views." Senator Leahy said he would expect an answer from the nominee to a written question. EPIC filed an amicus brief in Carpenter. The Supreme Court ruled that the Fourth Amendment protects location records stored by telephone companies.

January 17, 2019

Consumer Organizations Announce New Framework for US Privacy Protection, Propose Privacy Agency

EPIC joined 16 organizations in support of a “A Framework for Privacy Protection in the United States." The consumer groups outlined a new approach to privacy protection: (1) enact baseline federal legislation; (2) enforce fair information practices; (3) establish a data protection agency; (4) ensure robust enforcement; (5) establish algorithmic governance; (6) prohibit “take it or leave it” terms; (7) promote privacy innovation; and (8) limit government access to personal data. The consumer framework states that the Federal Trade Commission has failed to enforce the orders it has established. "The US needs a federal agency focused on privacy protection, compliance with data protection obligations, and emerging privacy challenges.” [Press Release]

January 18, 2019

Senators Urge FTC to Act Against Facebook

In a letter to the Federal Trade Commission, Senators Ed Markey and Richard Blumenthal pushed the Commission to take swift action against Facebook, despite the government shutdown. "While we have repeatedly expressed concerns about the pace of this investigation, we fear that the current government shutdown further threatens the FTC's ability to complete this investigation," the Senators wrote. "When Americans' privacy is breached, they deserve a speedy and effective response." The letter comes nearly ten months after the FTC announced it would reopen an investigation into Facebook after EPIC's urging. Since then, EPIC has urged the Commission to act and has repeatedly highlighted Facebook's violations of the 2011 consent order in statements to Congress. The 2011 consent order followed an extensive complaint filed by EPIC and a coalition of consumer privacy organizations in 2009.

EPIC Seeks Injunction to Block Census Citizenship Question

EPIC is seeking a preliminary injunction to block the Census Bureau from adding a question about citizenship to the 2020 Census. EPIC alleges that the Census Bureau failed to complete privacy impact assessments, required by law, before it abruptly added the question to the census last year. EPIC explained that the "extraordinary reach of the Bureau into the private lives of Americans brings with it extraordinary risks to privacy." A federal court in New York recently blocked the citizenship question, but the Census Bureau has appealed that decision. EPIC filed an amicus brief in the New York case and has long advocated for robust protections for census data. EPIC has also filed numerous successful lawsuits to require privacy impact assessments, including EPIC's lawsuit that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained.

January 22, 2019

Federal Court Rules Police May Not Compel Passenger ID During Traffic Stop

The Ninth Circuit has ruled that the police violated the Fourth Amendment when they asked a passenger to provide identification. The Court found that "a demand for a passenger's identification is not part of the mission of a traffic stop." As the court explained, "The identity of a passenger...will ordinarily have no relation to a driver's safe operation of a vehicle." EPIC filed a "friend of the court" brief in a similar case before the Supreme Court in 2004. In Hiibel v. Sixth Judicial District, the Supreme Court narrowly upheld a state identification law for the driver of a vehicle. EPIC argued in Hiibel that "A name is now no longer a simple identifier: it is the key to a vast, cross-referenced system of public and private databases, which lay bare the most intimate features of an individual's life." EPIC also filed amicus brief in Watchtower Bible v. Stratton, concerning the right of anonymity. In that case the Supreme Court ruled that an ordinance requiring door-to-door petitioners to obtain a permit and identify themselves violated the First Amendment.

January 23, 2019

EPIC, Open Markets, Civil Rights Groups Press FTC on Facebook Consent Order

EPIC joined a coalition of groups urging the FTC to issue strong penalties in Facebook matter. "Given that Facebook’s violations are so numerous in scale, severe in nature, impactful for such a large portion of the American public and central to the company’s business model, and given the company’s massive size and influence over American consumers, penalties and remedies that go far beyond the Commission’s recent actions are called for,” the letter stated. The groups said the FTC should 1) impose substantial fines; 2) establish structural remedies; 3) require compliance with Fair Information Practices; 4) reform hiring and management practices; and 5) restore democratic governance.

January 24, 2019

Census Bureau: 99 Percent of Commenters Oppose Citizenship Question

According to a Census Bureau report, 99 percent of commenters who gave feedback on the 2020 Census are opposed to the planned addition of the citizenship question. The Bureau received more than 136,000 comments against the collection of citizenship data, many of which were signed by multiple individuals and organizations. EPIC filed comments opposing the citizenship question, arguing that it will interfere with the census's constitutional purpose and undermine the integrity of the census. EPIC is currently seeking a preliminary injunction to block the collection of citizenship data because the Bureau failed to complete privacy impact assessments required by law. The Court has scheduled a hearing for Feb. 8. EPIC's case is EPIC v. Commerce, No. 18-2711 (D.D.C.).

January 25, 2019

Public Voice Urges World Economic Forum to Adopt Universal Guidelines for AI

This week, The Public Voice urged participants at Davos to adopt the Universal Guidelines for AI to protect human rights, and to ensure access, inclusion, and equity for global citizens. Leaders of the World Economic Forum launched the 2019 Davos conference this week, with several events on privacy and AI to develop technology policies that are "underpinned by the necessary ethical principles and values-based framework." In opening remarks, Klaus Schwab said the 4th Industrial Revolution demands human-centered, inclusive, and sustainable solutions. @ThePublicVoice urged adoption of the UGAI principles to reduce bias in decision-making algorithms, ensure digital globalization is inclusive, create human-centered evidence-based policy, promote safety in AI deployment in national security uses, and rebuild trust in institutions.

Computers, Privacy and Data Protection Conference Upcoming in Brussels

The conference on Computers, Privacy, and Data Protection begins next week in Brussels. The theme of CPDP2019 is "Data Protection and Democracy." Several members of the EPIC Advisory Board will be speaking, including Julie Cohen, Jennifer Daskal, Kristina Irion, Malavika Jayaram, Max Schrems, and Shoshana Zuboff. EPIC will be promoting new books by several members, including Simon Davies, Roger McNamee, and Shoshana Zuboff. EPIC will also present the International Privacy Awards on Wednesday, January 30.

Unanimous Decision in Illinois Supreme Court Ensures Strict Limits on Biometric Data Collection

The Illinois Supreme Court ruled today in Rosenbach v. Six Flags, a case about a state privacy law that protects biometric data. Parents sued the theme park after it collected a child's fingerprints, charging a violation of the Illinois biometric privacy law. The theme park claimed that it was necessary to show some additional harm, but the Illinois Court held that when companies violate the law, "the injury is real and significant." EPIC filed a "friend of the court" brief in the case, arguing that the biometric privacy law "imposes clear responsibilities on companies that collect biometric identifiers" and that if these provisions are "not enforced, the statute's subsequent provisions are of little consequence." EPIC has long advocated for strict limits on use of biometric data. EPIC also filed an amicus brief the OPM data breach, a case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case.

European Privacy Board Report Criticizes Privacy Shield Compliance

A report from the European Data Protection Board, an influential independent European privacy body, criticizes U.S. oversight of the EU-U.S. Privacy Shield. The European Commission recently renewed the framework permitting the flow of European consumers' personal data to the U.S. However, the Board now states U.S. oversight of compliance lacks "substantial checks." The EU Data Protection Board encouraged the Privacy and Civil Liberties Oversight Board to review U.S. surveillance authorities, and stated that the Privacy Shield Ombudsperson could not be considered an "effective remedy" for privacy violations. During review of Privacy Shield, EPIC cited concerns about the failure of the FTC to enforce the 2011 Consent Order against Facebook, passage of the CLOUD Act, and renewal of bulk foreign intelligence surveillance.

During Government Shut Down, Facebook Moves to Integrate WhatsApp User Data

The New York Times has reported that Facebook is planning to integrate WhatsApp, Facebook Messenger, and Instagram. Earlier this week, EPIC joined a coalition of groups urging the FTC to unwind the Facebook-WhatsApp merger, citing promises the companies made at time of the merger. In 2014, EPIC and the Center for Digital Democracy warned the Commission that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition. The FTC responded to EPIC and CDD and told Facebook and WhatsApp "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the FTC Act and potentially the FTC's order against Facebook." The FTC letter concludes "hundreds of millions of users have entrusted their personal information to WhatsApp. The FTC staff continue to monitor the companies' practices to ensure that Facebook and WhatsApp honor the promises they have made to those users." Last week, Senators Markey and Blumenthal expressed concern over the impact of the government shutdown on the FTC's investigation into Facebook. Next week, the House Commerce Committee will hold a hearing on the government shutdown's impact on the FTC's Facebook investigation.

January 28, 2019

New Edition of GDPR Today Now Available

A new edition of GDPR Today is available now. The online hub of the latest developments in data protection, launched by EDRi, a powerful association of European NGOs, is designed to implement the EU General Data Protection Regulation. The latest issue details the EU-Japan agreement on international transfers of personal data, NGO complaints that tech companies violated individuals' right to access their data, and recent criticism of U.S. compliance with the EU-U.S. Privacy Shield. EPIC has encouraged U.S. companies to offer GDPR protections to all consumers. The 2018 Privacy Law Sourcebook also includes the full text of the GDPR.

EU Receives 95,000 Privacy Complaints, Still No News from US FTC on Facebook Case

According to the European Commission, recent figures from the European Data Protection Board reveal that EU Data Protection Authorities have received more than 95,000 complaints from citizens across the continent. In a joint statement on International Privacy Day, the Commissioners said "Citizens have become more conscious of the importance of data protection and of their rights. And they are now exercising these rights, as national Data Protection Authorities see in their daily work." The European Data Protection Board also reported that the majority of the complaints were related to activities such as telemarketing, promotional e-mails, and video surveillance. In the United States, the Federal Trade Commission announced in March 2018 that it was reopening the Facebook investigation, following news that Cambridge Analytica improperly harvested the personal data of 87 millions users. Still no word from the FTC on how that one case is proceeding.

January 29, 2019

American Bar Association Takes Stand on Privacy Rights and Border Searches

Leaders of the American Bar Association completed their midyear meeting yesterday and tackled a range of policy issues, including privacy at the border. The ABA adopted a new policy that "Urges the federal judiciary, Congress, and the Department of Homeland Security to enact legislation and adopt policies to protect the privacy interests of those crossing the border by imposing standards for searches and seizures of electronic devices, protection of attorney-client privilege, the work product doctrine, and lawyer-client confidentiality." The resolution was introduced by the ABA Section of Civil Rights and Social Justice and the Criminal Justice Section. EPIC Senior Counsel Alan Butler is the Chair of the ABA Civil Rights and Social Justice Section's Committee on Privacy and Information Protection. EPIC has previously submitted "friend of the court" briefs advocating for Fourth Amendment protection of cell phone data in Riley v. California and Carpenter v. United States.

January 30, 2019

EPIC Gives International Privacy Award to Giovanni Buttarelli, Joe McNamee

EPIC presented the 2019 International Privacy Champion Awards to Giovanni Buttarelli, European Data Protection Supervisor, and Joe McNamee, long time Executive Director of the European Digital Rights Initiative. The ceremony took place at the annual conference on Computers, Privacy, and Data Protection in Brussels, Belgium. EPIC Advisory Board members Max Schrems and Shoshana Zuboff presented the awards. The 2019 EPIC Champion of Freedom Awards will be held at the National Press Club in Washington, DC on June 5, 2019. [Press Release]

EPIC Joins Statement to Facebook, End Messenger for Kids

EPIC joined a letter with fourteen other public interest groups to Mark Zuckerberg, calling on the Facebook CEO to shut down Facebook Messenger Kids, and cease all child-targeted business operations. This coalition effort, led by Campaign for a Commercial-Free Childhood, follows reporting that Facebook made millions of dollars by intentionally duping kids into making accidental purchases while playing games. Last year, the groups called on the company to shut down Facebook Messenger Kids based on research linking adolescent social media use with depression, poor sleep habits, and unhealthy body image. Senators Markey (D-MA) and Blumenthal (D-CT) also wrote a letter to Zuckerberg requesting answers on children's use of Facebook. EPIC, civil rights, and open market groups recently urged the FTC to act on numerous violations of the 2011 Consent Order.

About January 2019

This page contains all entries posted to epic.org in January 2019. They are listed from oldest to newest.

December 2018 is the previous archive.

February 2019 is the next archive.

Many more can be found on the main index page or by looking through the archives.