EPIC Alert 21.24

======================================================================= E P I C A l e r t ======================================================================= Volume 21.24 December 19, 2014 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC http://www.epic.org/alert/epic_alert_21.24.html "Defend Privacy. Support EPIC." http://epic.org/support ========================================================================= Table of Contents ========================================================================= [1] 'Eyes Over DC' - Defense Department Launches Surveillance Blimps [2] Privacy Research Study: Future of Data Privacy Uncertain [3] EPIC Backs Comments on Location Privacy [4] Dutch Privacy Officials Find Google Violates National Privacy Law [5] Senator Franken Questions Uber on Use of Passenger Data [6] News in Brief [7] EPIC in the News [8] EPIC Book Review: 'The Black Box Society' [9] Upcoming Conferences and Events TAKE ACTION: Rock the Freedom of Information Act with FOIA.ROCKS! VISIT EPIC's New FOIA Domain: http://foia.rocks TWEET in Support of FOIA: #FOIAat40 LEARN about EPIC's FOIA Work: https://epic.org/foia/ SUPPORT EPIC: https://epic.org/support/ ========================================================================= [1] 'Eyes Over DC' - Defense Department Launches Surveillance Blimps ========================================================================= On Friday, December 19, 2014, the US army will deploy drone surveillance blimps just north of the nation's capital. The surveillance blimp system, known as "JLENS," is comprised of two 250' blimps. As deployed in Iraq, one blimp contains aerial and ground surveillance technology that covers a 340-mile range, while the other has targeting capability including HELLFIRE missiles. The surveillance blimps fly as high as 10,000 feet and can remain operational for up to 30 days straight. The JLENS system is manufactured by defense contractor Raytheon. Raytheon has tested the JLENS system with the company's MTS-B Multi- Spectral Targeting System. The MTS-B offers long-range video surveillance that allows the real-time tracking of moving targets, including vehicles and persons, on the ground. Earlier in 2014, EPIC filed a Freedom of Information Act lawsuit to gain more information about the JLENS system. EPIC asked the Army for technical specifications as well as any policies limiting domestic surveillance. EPIC's goal in the FOIA request and subsequent FOIA lawsuit is to determine what surveillance data the Army plans to collect during the three-year JLENS test, as well as how the Army plans to process, store, redact or delete data. Preliminary documents obtained by EPIC suggested that the blimps would be equipped with video surveillance, though the Army since has claimed that video surveillance will not be deployed. However, documents obtained by EPIC in another FOIA case demonstrate that Customs and Border Protection is operating surveillance blimps with video surveillance. Raytheon also has demoed a video surveillance upgrade for the JLENS system. EPIC has urged Congress to establish privacy safeguards for aerial drones. EPIC also recommended requiring notice of all drone surveillance policies through the Administrative Procedure Act. The Freedom of Information Act lawsuit is EPIC v. Army, No. 14-776 (D.D.C. filed May 6, 2014), Raytheon: JLENS http://www.raytheon.com/capabilities/products/jlens/ EPIC: FOIA Request to Dept. of Army re: JLENS (Nov. 1, 2013) http://epic.org/foia/army/FOIA-Request.pdf EPIC: Complaint v. Dept. of Army (May 6, 2014) http://epic.org/foia/army/Complaint.pdf EPIC: Testimony before Congress re: Drone Privacy (Jul. 12, 2012) http://www.epic.org/privacy/testimony/EPIC-Drone-Testimony-7-12.pdf CBP: Privacy Assessment on Aerial Surveillance (Aug. 29, 2014) http://epic.org/redirect/121914-cpb-aerial.html EPIC: EPIC v. Army - Surveillance Blimps https://epic.org/foia/army/ EPIC: Spotlight on Surveillance - Eyes in the Sky (Oct. 2014) https://epic.org/privacy/surveillance/spotlight/1014/drones.html#_ftn EPIC: Unmanned Aerial Vehicles (UAVs) and Drones https://epic.org/privacy/drones/ ======================================================================== [2] Privacy Research Study: Future of Data Privacy Uncertain ======================================================================== The Pew Research Center's new survey on "The Future of Privacy" has found that privacy experts predict that the struggle over privacy protection will continue through the next decade, though those experts - including several affiliated with EPIC - are divided on the likely outcomes. Pew polled thousands of privacy experts with one question: "Will policy makers and technology innovators create a secure, popularly accepted, and trusted privacy-rights infrastructure by 2025 that allows for business innovation and monetization while also offering individuals choices for protecting their personal information in easy-to-use formats?" Fifty-five percent of respondents stated No; 45% of respondents stated Yes. Among the key privacy threats identified in the Pew study are the Internet of Things, the monetization of personal information, and increasing government surveillance. Many respondents who do not believe that a data-privacy infrastructure will emerge by 2025 also predicted that data privacy would become a "luxury." Among the respondents who believe there will be a privacy rights infrastructure in 2025, many anticipate that the "backlash against the most egregious privacy invasions will bring a new equilibrium between consumers, governments, and businesses." EPIC president Marc Rotenberg, one of the experts consulted, predicted, "There will be many contentious battles over the control of identity and private life. The appropriation of personal facts for commercial value - an issue that emerged with Google's 'shared endorsements' and Facebook's 'sponsored stories' - are a small glimpse of what lies ahead. The key will be the defaults: either individuals will control their online persona or it will be controlled by others." EPIC advisory board members danah boyd, Charlie Firestone, Craig Newmark, Barbara Simons, Alice Marwick and David Vladeck were also quoted in the study. In May 2015, EPIC will release an anthology on the future of privacy. The book, "Privacy in the Modern Age: The Search for Solutions," will be published by The New Press. Pew: "Digital Life in 2025: The Future of Privacy" (Dec. 18, 2014) http://epic.org/redirect/121914-pew-privacy-survey.html Pew Research Center on Internet http://www.pewinternet.org/ Amazon: "Privacy in the Modern Age: The Search for Solutions" (2015) http://amzn.to/1v7DdiW New Press: "Privacy in the Modern Age: The Search for Solutions" http://thenewpress.com/books/privacy-modern-age EPIC: Public Opinion on Privacy https://epic.org/privacy/survey/ ========================================================================= [3] EPIC Backs Comments on Location Privacy ========================================================================= EPIC has joined a coalition of nearly 20 consumer privacy groups in opposing a industry-led to promote location tracking of cell phone users. The "Roadmap for Improving E911 Location Accuracy" raises concerns that users' locations will be routinely known to federal agencies, whether or not there is an emergency. Specifically, the consumer privacy organizations argue that (1) The Roadmap's proposed "National Emergency Address Database," or NEAD, would contain sensitive information; (2) There is no indication that "signatories will adhere to critical safeguards for sensitive information"; (3) The deployment of "Beacon" technology described in the Roadmap raises concerns; and (4) It is still unclear "whether and how existing privacy regulations would apply in the context of the Roadmap." EPIC filed similar comments with the FCC in 2007 during a proposed rulemaking on the E911 service. EPIC urged the Commission to recognize that it had an obligation to protect the privacy of consumer information generated by the provision of communication services. EPIC's comments also explained how current regulations fail to adequately protect location-based information and how many legal frameworks, notably in the European Union, provide safeguards for location data. EPIC also urged the Commission to establish rules that limit the use of customer location-based information. In the past two years EPIC has filed "friend of the court" briefs in the US Supreme Court and the Supreme Court of New Jersey, arguing that location tracking by the government is a search under the Fourth Amendment and should only be conducted with a judicial warrant. EPIC et al.: Comments to FCC on E911 "Roadmap" (Dec. 15, 2014) http://epic.org/redirect/121914-epic-e911-comments.html EPIC: Comments to FCC on proposed E911 rules (Aug. 2007) https://epic.org/privacy/pdf/EPIC_e911_Comments.pdf EPIC: US. v. Jones https://epic.org/amicus/jones/ EPIC: State of New Jersey v. Earls https://epic.org/amicus/location/earls/ EPIC: Locational Privacy https://epic.org/privacy/location_privacy/ ======================================================================== [4] Dutch Privacy Officials Find Google Violates National Privacy Law ========================================================================= The Dutch Data Protection Authority (DPA) has found that Google's 2012 privacy policy changes violate Dutch data protection law. The policy changes, which EPIC also opposed, combined user data across more than 60 separate services and gave Google the ability to track and profile users in extraordinary detail. According to DPA officials, "[t]his combining not only involves people that are logged in to a Google account, but also people that use the search engine, or people that visit a (third party) website that places or reads cookies from Google," and "occurs without Google adequately informing the users in advance and without the company asking for consent." The Dutch DPA ordered Google to: (1) obtain "unambiguous consent of users for the combining of personal data" from different Google services; (2) describe in detail how the personal data are used by each Google service; and (3) clearly explain to consumers that YouTube is a Google service. Google must comply with the order by February 2015 or face $19 million in fines. In issuing the decision, Jacob Kohnstamm, chairman of the Dutch DPA, stated, "Google catches us in an invisible web of our personal data without telling us and without asking us for our consent. This has been ongoing since 2012 and we hope our patience will no longer be tested." In 2012 EPIC sued the Federal Trade Commission to block Google's privacy policy changes, which, according to EPIC, clearly violated an earlier Consent Order between Google and the FTC in which Google agreed to conduct a comprehensive privacy program and to regular privacy audits for 20 years. The Consent Order followed an extensive complaint prepared by EPIC and subsequent findings by the FTC concerning Google's business practices. Dutch DPA: Order Against Google (Dec. 15, 2014) http://epic.org/redirect/121914-dpa-google.html EPIC: FTC Complaint re: Google Privacy Policy Changes (Feb. 8, 2012) https://epic.org/privacy/ftc/google/EPIC-Complaint-Final.pdf FTC: Press Release on Google Consent Order (Mar. 30, 2011) http://epic.org/redirect/121914-google-consent.html EPIC: In re Google Buzz https://epic.org/privacy/ftc/googlebuzz EPIC: Federal Trade Commission https://epic.org/privacy/internet/ftc/ ========================================================================= [5] Senator Franken Questions Uber on Use of Passenger Data ========================================================================= Senator Al Franken (D-MN) has received a response from Uber regarding the ride-sharing company's privacy practices. In November 2014, Franken, Chair of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law, wrote a letter to Uber's CEO, asking him to answer 10 questions about how the company uses passenger data, particularly "in regard to reports of recent comments and actions by top Uber executives concerning journalists. The reports suggest a troubling disregard for customers' privacy, including the need to protect their sensitive geolocation data," Senator Franken wrote. Specifically, Senator Franken questioned Uber's use of the "God view" tool, which allows the company to track individual customers in real time. "It has been reported that a tool known as 'God view' is 'widely available to most Uber corporate employees' and allows employees to track the location of Uber customers who have requested car service," Franken wrote. "In at least one incident, a corporate employee reportedly admitted to using the tool to track a journalist. The journalist's permission had not been requested, and the circumstances of the tracking do not suggest any legitimate business purpose." Uber's three-page response letter to Senator Franken failed to answer several of Franken's questions and, according to the senator, provided "a surprising lack of detail." Uber's letter recited some of the company's privacy policies and directed the senator to its website. The letter answered one of Franken's questions, but left the rest unanswered. In a press release, Senator Franken commented, "Quite frankly, they did not answer many of the questions I posed directly to them. Most importantly, it still remains unclear how Uber defines legitimate business purposes for accessing, retaining, and sharing customer data." In an recent op-ed in The Huffington Post, EPIC President Marc Rotenberg and EPIC Consumer Protection Counsel Julia Horwitz proposed "Privacy Rules for Uber" as part of the "Rideshare Privacy Act of 2015." "There should be clear legal limits on the use of 'God view,'" Rotenberg and Horwitz wrote, explaining that "any use of that feature to track or stalk passengers should be prohibited by law. And all of these legal rights should be backed with meaningful fines if the company crosses the line." "The collection of detailed information on Uber passengers is a real problem that can no longer be ignored," they concluded. Senator Al Franken (D-MN): Press Release on Uber Letter ( Dec. 15, 2014) https://www.franken.senate.gov/?p=press_release&id=3005 Senator Franken: Response Letter from Uber (Dec. 15, 2014) http://www.franken.senate.gov/files/documents/141215UberResponse.pdf Senator Franken: Letter from Franken to Uber (Nov. 19, 2014) http://www.franken.senate.gov/files/letter/141119UberLetter.pdf The Huffington Post: "Privacy Rules for Uber," by EPIC President Marc Rotenberg and EPIC Consumer Protection Counsel Julia Horwitz (Dec. 12, 2014) http://www.huffingtonpost.com/julia-horwitz/privacy-rules-for- uber_b_6304824.html EPIC: Drivers' Privacy Protection Act https://epic.org/privacy/drivers/ EPIC: Location Privacy https://epic.org/privacy/location_privacy/default.html ======================================================================== [6] News in Brief ======================================================================== Strossen Joins EPIC Board of Directors Former ACLU President Nadine Strossen has been elected to EPIC's Board of Directors. Professor Strossen, who was recently named the John Marshall Harlan II Professor of Law at the New York Law School, is one of the world's leading experts on constitutional law, civil liberties and international human rights. She joins a distinguished group of Internet pioneers, security experts, privacy activists, Supreme Court advocates and policy experts on the EPIC Board of Directors and the EPIC Advisory Board. NY Law School: Press Release on Strossen Appointment (Dec. 15, 2014) http://epic.org/redirect/121914-nyls-strossen.html EPIC: Board of Directors https://epic.org/epic/staff_and_board.html EPIC: Advisory Board https://epic.org/epic/advisory_board.html EPIC, Coalition Urge Changes for House Procedures on National Security EPIC and a coalition of more than 50 civil liberties groups have written a letter to US House Speaker John Boehner and Minority Leader Nancy Pelosi, advocating changes that would create more Congressional oversight and accountability in national security issues. The coalition's letter recommended that House leadership provide all members of Congress with access to relevant information and sufficient staff assistance; revise procedures for the House Permanent Select Committee on Oversight so that other Committees are kept informed; make unclassified reports public with minimal delay; and urged the Committee to operate more openly. The coalition also proposed a option for whistleblowers so that information can be communicated to members of Congress "without fear of reprisal," and a comprehensive review of the activities of the Intelligence Community since 9/11, modeled after the 9-11 Commission. EPIC et al.: Letter re: National Security Oversight (Dec. 17, 2014) http://epic.org/redirect/121914-coalition-natsec.html US House: Permanent Select Committee on Oversight http://intelligence.house.gov/ EPIC: Open Government https://epic.org/open_gov/ FOIA.ROCKS Homeland Security Pushes Forward 'REAL ID' Beginning in 2015, many federal facilities will require a "REAL ID" for entry where identification must be shown. Several states have opted out of the REAL ID Act, a federal mandate to modify the design of state drivers licenses, raising questions about the ability of people in those states to access federal buildings and board commercial aircraft. In 2007, EPIC, supported by a broad coalition, opposed the Real ID regulations, arguing that many of the required identification techniques, such as facial recognition and RFID tags, compromise privacy and enable surveillance. Also in 2007, EPIC, joined by technical experts and legal scholars, provided detailed comments to the Department of Homeland Security about the program and later issued a report, "REAL ID Implementation Review: Few Benefits, Staggering Costs". DHS: FAQ on REAL ID (Updated Nov. 7, 2014) http://www.dhs.gov/real-id-public-faqs Pew Trusts: Article on REAL ID (Jan. 22, 2014) http://epic.org/redirect/121914-pew-realid.html The Privacy Coalition: "Speak Out Against REAL ID" (2007) http://privacycoalition.org/stoprealid/ EPIC et al.: Comments to DHS re: REAL ID (2007) https://epic.org/privacy/id_cards/epic_realid_comments.pdf EPIC: Report on REAL ID (May 2008) https://epic.org/privacy/id_cards/epic_realid_0508.pdf EPIC: National ID and the Real ID Act https://epic.org/privacy/id_cards/ Schneier: Over 700M People Taking Steps to Avoid NSA Surveillance Famed technologist and EPIC Advisory Board member Bruce Schneier pushed back against media claims that Edward Snowden's revelations about the NSA have had little impact on Internet users. A recent global survey found that 39% of Internet users who have heard of Snowden have taken steps to protect their online privacy. Some news articles have characterized these users as "merely 39%" and "only 39%." But Schneier did the math and found that Snowden's impact has been far from insignificant: "706 million people have changed their behavior on the Internet because of what the NSA and GCHQ are doing," Schneier states. A recent Pew survey also indicates that the NSA revelations have had a dramatic impact on Internet users. In 2013, EPIC filed a petition to the US Supreme Court to stop the NSA's collection of domestic telephone records. Bruce Schneier: "Over 700 Million People Taking Steps to Avoid NSA Surveillance" (Dec. 15, 2014) https://www.schneier.com/blog/archives/2014/12/over_700_millio.html CIGI-Ipsos: "Global Survey on Internet Security and Trust" (Nov. 2014) https://www.cigionline.org/internet-survey International Business Times (UK): "Edward Snowden Revelations Not Having Much Impact on Internet Users" (Nov. 29, 2014) http://www.ibtimes.co.uk/edward-snowden-revelations-not-having- much-impact-internet-users-1477189 The Guardian: "Edward Snowden revelations have had limited effect on privacy" (Nov. 25, 2014) http://www.theguardian.com/technology/2014/nov/25/edward-snowden- privacy-open-thread Pew Internet: Survey on Post-Snowden Perceptions of Privacy (Nov. 2014) http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/ EPIC: In re EPIC - NSA Telephone Records Surveillance https://epic.org/privacy/nsa/in-re-epic/ EPIC: Smith v. Obama https://epic.org/amicus/fisa/215/smith/ EPIC: Foreign Intelligence Surveillance Act Reform https://epic.org/privacy/terrorism/fisa/reform/ DOJ Announces New Guidelines on Government Profiling The Department of Justice has updated federal guidance on the consideration of race and other attributes when performing law enforcement activities. Federal law enforcement agencies are now prohibited from using race, ethnicity, gender, national origin, religion, sexual orientation or gender identity when making "routine or spontaneous law enforcement decisions, such as ordinary traffic stops." The guidance permits federal law enforcement to consider these factors when engaged in national security, intelligence, immigration law, and organized crime investigation. Federal agencies including the Federal Bureau of Investigation and Customs and Border Protection routinely use immutable characteristics, like race and ethnicity, to assign "risk-assessment" profiles on individuals not suspected of any crime. In 2012, EPIC urged the government to end this practice and to suspend the Automated Targeting System's "risk assessment" scoring, arguing that the use of factors such as race and nationality to profile individuals is unconstitutional. US DOJ: Guidance Report on Profiling in Law Enforcement (Dec. 2014) http://epic.org/redirect/121914-doj-guidance-profiling.html Federal Register: FBI SORN on Racial Profiling (Jul. 10, 2012) http://www.gpo.gov/fdsys/pkg/FR-2012-07-10/pdf/2012-16823.pdf Federal Register: CPB SORN on Automated Targeting System (May 22, 2012) http://www.gpo.gov/fdsys/pkg/FR-2012-05-22/pdf/2012-12396.pdf EPIC: Comments to DHS on Automated Targeting System (Jun. 21, 2012) https://epic.org/privacy/travel/ats/EPIC-ATS-Comments-2012.pdf EPIC: Automated Targeting System https://epic.org/privacy/travel/ats/ EPIC: Passenger Profiling https://epic.org/privacy/airtravel/profiling.html EPIC: EPIC v. CPB (Analytical Framework for Intelligence) https://epic.org/foia/epic_v_cbp.html ======================================================================== [7] EPIC in the News ======================================================================== "Driver's license app on a smartphone raises privacy issues." ComputerWorld, Dec. 18, 2014. http://www.computerworld.com/article/2861079/drivers-license- app-on-a-smartphone-raises-privacy-issues.html "Civil liberties groups push for Intel Committee shakeup." Politico, Dec. 18, 2014. http://www.politico.com/morningcybersecurity/1214/ morningcybersecurity16510.html "U.S. Army Displays JLENS Aerostat for East Coast Coverage." AIN Online," Dec. 18, 2014. http://www.ainonline.com/aviation-news/defense/2014-12-18/ us-army-displays-jlens-aerostat-east-coast-coverage "Online privacy will still be a mess a decade from now, experts say." GigoOM, Dec. 18, 2014. https://gigaom.com/2014/12/18/online-privacy-will-still-be-a-mess- a-decade-from-now-experts-say/ "Iowa Pursues a Virtual Driver's License App." The New York Times, Dec. 17, 2014. http://bits.blogs.nytimes.com/2014/12/17/iowa-pursues-a-virtual- drivers-license-app/ "Spy Blimp Opens New Front in Security Vs. Privacy Debate." Roll Call, Dec. 17, 2014. http://blogs.rollcall.com/five-by-five/spy-blimp-opens-new-front- in-security-vs-privacy-debate/?dcz= "The Army Is Launching A Pair Of Billion-Dollar Surveillance Blimps Over I-95." Business Insider, Dec. 17, 2014. http://www.businessinsider.com/army-launching-two-surveillance- blimps-next-week-2014-12#ixzz3MHgjrxfi "Billion Dollar Surveillance Blimp to Launch over Maryland." The Intercept, Dec. 17, 2014. https://firstlook.org/theintercept/2014/12/17/billion-dollar- surveillance-blimp-launch-maryland/ "2014: The year in quotes." PC Magazine, Dec. 16, 2014. http://www.pcworld.com/article/2860272/2014-the-year-in-quotes.html "Ford Wants To Know More About How You Drive, Hires Big Data Expert." International Business Times, Dec. 16, 2014. http://www.ibtimes.com/ford-wants-know-more-about-how-you-drive- hires-big-data-expert-1760305 "How should drones be regulated for commercial use?" KPCC's "Air Talk," Dec. 15, 2014. http://www.scpr.org/programs/airtalk/2014/12/15/40746/how-should- drones-be-regulated-for-commercial-use/ "Opinion: Privacy and drones need to be addressed." MarketWatch, Dec. 15, 2014. http://www.marketwatch.com/story/privacy-and-drones-need-to-be- addressed-2014-12-15 "Drone-Hunting Blimp To Launch Over Washington." Defense One, Dec. 15, 2014. http://www.defenseone.com/technology/2014/12/drone-hunting-blimp- launch-over-washington-dc/101328/?oref=d-river "Judge: Tucson cops may keep cellphone surveillance docs secret." Tucson Sentinel, Dec. 15, 2014. http://www.tucsonsentinel.com/local/report/121514_stingray_decision/ judge-tucson-cops-may-keep-cellphone-surveillance-docs-secret/ "Google Faces Potential $19M Privacy Fine In The Netherlands." Search Engine Land, Dec. 15, 2014. http://searchengineland.com/google-faces-potential-19m-privacy- fine-netherlands-210931 "Privacy Rules for Uber," by EPIC President Marc Rotenberg and EPIC Consumer Advocacy Counsel Julia Horwitz. The Huffington Post, Dec. 12, 2014. http://www.huffingtonpost.com/julia-horwitz/privacy-rules-for- uber_b_6304824.html "Morning Links: Dinner Party Edition." Art News, Dec. 12, 2014. http://www.artnews.com/2014/12/12/morning-links-dinner-party- edition/ "Congress finds sorting Fast and Furious records 'like pieces of a puzzle'." KTAR (AZ) News, Dec. 10, 2014. http://ktar.com/22/1789741/Congress-finds-sorting-Fast-and- Furious-records-like-pieces-of-a-puzzle For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] EPIC Book Review: 'The Black Box Society' ======================================================================= Frank Pasquale, "The Black Box Society: The Secret Algorithms That Control Money and Information" (Harvard University Press 2015) http://amzn.to/1x4Z94u "It was the most transparent of times. It was the most opaque of times. The world's information was at our fingertips, the organizers of that information entirely hidden from our view." Frank Pasquale's "The Black Box Society: The Secret Algorithms that Control Money and Information" describes the information society at a remarkable moment in time, simultaneously awash in data and equally unaware of the forces shaping this new world. Pasquale wants us to understand that there are "unknown unknowns" for a reason - processes that are kept hidden from us to extend power and control. He points to Silicon Valley and Wall Street, the Internet titans and the world of finance, as the two culprits. The black box metaphor is central to Pasquale's analysis - a device that both records and a process that is entirely opaque. The outcomes reach to our digital identity, our access to information and our opportunities in the marketplace. "Reputation. Search. Finance. These are the areas in which Big Data looms largest in our lives. But too often it looms invisibly, undermining the openness of our society and the fairness of our markets." Pasquale sets out the case directly: "Decisions that used to be based on human reflection are now made automatically. Software encodes thousands of rules and instructions computed in a fraction of a second." He traces traditional problems with credit reports and FICO scores and explains that similar technique for (secretly) rating consumers is spreading rapidly across the information economy, including medical care. As a consequence our digital reputations increasingly determine our opportunities. Pasquale writes with passion and rigor. The simple antidote to secrecy — transparency — is clearly insufficient when companies counter with increasing complexity. Consider the sea of privacy policies that substitute for meaningful privacy safeguards and the mythic belief that consumers read and act on these statements. As Pasquale explains, "When companies parry with complexity too great to monitor or understand, disclosure becomes an empty gesture." Elsewhere he writes, "In the hall of mirrors of online marketing, discrimination can easily masquerade as innovation." The text is followed by more than 80 pages of notes, making "The Black Box Society" one of the most thoroughly researched books in the field of information policy, though there is much more to say than can be contained in one book. In the data protection world, for example, privacy advocates have long argued for companies to disclose "the logic" of decision-making, a right established in the EU Data Protection Directive of 1995 and which has helped shape the modern claim of informational privacy. "The Black Box Society" examines the thicket of federal regulations that attempt to improve the openness of decision-making. But outside the United States, efforts to make clear the basis of automated decision making are widely viewed as fundamental rights, supported by constitutional principles, most recently Article 8 of the EU Charter Fundamental Rights. Still, "The Black Box Society" could not be more timely. 2014 was marked by growing public debate about "Big Data." Civil rights groups warned about the use of data for discriminatory profiling. Consumer organizations point to the spread of FICO-like scoring in other commercial sectors. Even the Department of Justice has attempted to set out new policies on the permissible and impermissible use of race and other factors for law enforcement activities. In the call for greater accountability - "algorithmic transparency" - a more profound effort may also be underway. It is not simply Wall Street and Silicon Valley that hide their decisions and extend their authority through complex algorithms. It is the systems they are developing, upon which we are increasingly dependent, that are increasingly hidden from view, even from the view of their creators. The argument for transparency is not simply to hold institutions accountable but also to hold accountable the routinized processes and the very machines that increasingly rule our lives. The urgency of that project cannot be overstated. Pasquale identified two attributes of "Black Boxes" - data collection and a hidden process. But there is a third attribute: action in the physical world. -- Marc Rotenberg [Quote at the top is from the reviewer] =================================== EPIC Bookstore =================================== "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75. http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "Computers, Privacy, and Data Protection." Brussels: January 21-23, 2015. For More Information: http://www.cpdpconferences.org/. "EPIC 2015 International Champion of Freedom Award." Brussels: January 22, 2015. For More Information: http://www.cpdpconferences.org/. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.orgor write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/support Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 21.24------------------------

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.