EPIC Alert 23.16
EPIC Alert 23.16 - August 31, 2016
- EPIC, CDD Charge WhatsApp Policy Change Unlawful, Urge FTC to Act
- EPIC Sues FAA, Challenges Failure to Establish Drone Privacy Safeguards
- EPIC, Verified Voting, Common Cause Release Report on Ballot Secrecy
- EPIC Launches EPIC Amicus Tracker to Assist Public Interest Litigators
- EPIC Opposes DHS Plan to Collect Social Media Identifiers
- News in Brief
- EPIC in the News
- EPIC Bookstore
- Upcoming Conferences and Events
EPIC and the Center for Digital Democracy (CDD) have filed a complaint with the FTC concerning WhatsApp’s plan to transfer user data, including personal phone numbers, to Facebook. This reversal contradicts WhatsApp’s previous promises to users that their personal information would not be disclosed or used for marketing purposes, and constitutes an unfair and deceptive trade practice.
Facebook purchased WhatsApp in 2014, and the companies promised users of the privacy-protective messaging service that “nothing” will change for WhatsApp users’ privacy. Facebook CEO Mark Zuckerberg promised, “We are absolutely not going to change plans around WhatsApp and the way it uses user data.”
EPIC filed a complaint with the FTC over the 2014 deal, and the FTC responded by warning the two companies that they must honor their privacy promises to WhatsApp users. The letter explained that failure to obtain users’ opt-in consent before changing data practices would be an unfair and deceptive trade practice and would violate Facebook’s FTC Consent Order. The FTC has also previously said, “When companies tell consumers they will safeguard their personal information, the FTC can and does take law enforcement action to make sure that companies live up these promises.”
On August 25, 2015, WhatsApp announced plans to disclose user information to Facebook, including phone numbers and other user data, that will be connected with Facebook profiles. The companies plan to use this information to provide “friend suggestions and more relevant ads on Facebook” and to allow businesses to send WhatsApp users marketing messages. WhatsApp will provide users 30 days to opt-out of data transfers to Facebook.
According to EPIC’s complaint, “WhatsApp plans to transfer user data that was previously collected under the promise this data would not be used or disclosed for marketing purpose.”
“As of February 1, 2016, over one billion individuals provided their phone numbers and other personal information to WhatsApp with the understanding that their information would not be used or disclosed for marketing purposes,” EPIC further explained. EPIC said that WhatsApp’s proposed change in business practices is unlawful and that the FTC is obligated to act.
In 2012, EPIC and a coalition of consumer privacy organizations led a successful effort at the FTC after Facebook changed the privacy settings of its users, which resulted in the FTC’s 20-year consent order with Facebook.
EPIC has filed a federal lawsuit against the Federal Aviation Administration (FAA) for failing to establish privacy rules for drones. After Congress ordered the FAA in 2012 to issue “comprehensive” rules for drone use, EPIC and more than 100 organizations, experts, and advocates petitioned the FAA to establish privacy rules before permitting widespread drone deployment.
In 2014, the FAA responded to EPIC’s petition, claiming that drone privacy implications “did not raise an immediate safety concern.” The agency further stated that “the FAA has begun a rulemaking addressing civil operation of small unmanned aircraft systems in the national airspace system. We will consider your comments and arguments as part of that project.” But in 2015, when the FAA announced a rulemaking on commercial drones, the agency purposefully ignored privacy concerns, claiming that privacy “issues are beyond the scope of this rulemaking.”
EPIC sued the agency, but a federal appeals court ruled that EPIC’s lawsuit was premature. The court reasoned that the FAA had not yet issued a final rule and that the agency might still consider the privacy concerns raised by EPIC and others.
This past June, the FAA issued final rules for small drones, but again, the agency failed to include any privacy safeguards. In the latest lawsuit, EPIC challenges the agency’s drone rules, noting that they are “a final order and reviewable.”
EPIC, Verified Voting, and Common Cause recently released The Secret Ballot at Risk: Recommendations for Protecting Democracy, a report highlighting the right to a secret ballot and how Internet voting threatens voter privacy. The secret ballot reduces the threat of coercion, vote buying and selling, and tampering. For individual voters, it provides the ability to exercise their right to vote without intimidation or retaliation. The secret ballot is a cornerstone of modern democracies.
A state survey conducted by the authors found that the vast majority of states - 44 total - have constitutional provisions guaranteeing secrecy in voting, while the remaining states have statutory provisions referencing secrecy in voting. Despite this, 32 states and DC are promoting Internet voting, typically for overseas and military voters, and most of those states are asking online voters to sign a waiver of their right to a secret ballot. That threatens voting freedom and election integrity.
Giving up the right to a secret ballot threatens the freedom to vote as one chooses. The report cites several examples of employers making political participation a condition of employment -- such as an Ohio coal mining company requiring its workers to attend a presidential candidate’s rally - and not paying them for their time.
The report recommends actions voters can take to protect the secrecy of their ballot, and encourages states to do more to safeguard voter privacy. EPIC has a long history of working to protect voter privacy and election integrity.
EPIC has launched the EPIC Amicus Tracker, a public resource designed to help public interest litigators pursue significant privacy and civil liberties cases. The EPIC Amicus Tracker highlights cases with upcoming amicus opportunities in federal appellate and state supreme courts.
The Amicus Tracker is updated regularly and includes cases with upcoming briefing schedules. The Tracker provides useful information about current cases including court and docket information, along with a brief description of the case. EPIC will also link to the case docket where possible, or to the relevant lower court opinion. The Tracker will link to prior EPIC amicus briefs on similar topics.
The EPIC Amicus Tracker builds on EPIC’s extensive work participating in cases concerning emerging privacy and civil liberties issues. Over twenty years, EPIC has filed nearly 100 amicus briefs, often with the participation of technical experts and legal scholars, in federal and state cases concerning emerging privacy and civil liberties issues and EPIC is frequently cited in judicial opinions.
EPIC hopes the EPIC Amicus Tracker will inspire other public interest litigators.
In comments to the Department of Homeland Security, EPIC urged the agency to drop a plan to review the social media accounts of people seeking to visit the U.S. The agency stated, “collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.”
EPIC argued that the proposal is “open for abuse, mission creep, and the disproportionate targeting of Muslim and Arab Americans among other marginalized groups.” EPIC also argued that the proposal would have a chilling effect on First Amendment protected activities.
EPIC previously sued DHS in a Freedom of Information Act lawsuit to obtain documents about another social media monitoring program. The FOIA documents revealed that Homeland Security contracted with General Dynamics to track criticism and dissent, stating that the contractor should monitor and summarize media stories that "reflect adversely" on DHS or the US government. DHS also stated that the agency was attempting to "capture public reaction to major government proposals." DHS instructed the contractor to generate "reports on DHS, Components, and other Federal Agencies: positive and negative reports on FEMA, CIA, CBP, ICE, etc. as well as organizations outside the DHS."
The documents obtained by EPIC led to a congressional hearing on DHS monitoring of social networks and media organizations. The hearing, held by the House subcommittee on Counterterrorism and Intelligence, revealed bipartisan opposition to the original DHS social media monitoring program. Chairman Meehan stated, “collecting, analyzing, and disseminating private citizens’ comments could have a chilling effect on individual privacy rights and people’s freedom of speech and dissent against their government.”
Facebook to Collect WhatsApp User Data, Violating FTC Order and Privacy Promises
WhatsApp has announced plans to disclose user information to Facebook, including phone numbers and other user data, that will be connected with Facebook profiles. Facebook purchased WhatsApp in 2014, and the companies promised users of the privacy-protective messaging service that “nothing” will change for WhatsApp users' privacy. EPIC filed a complaint with the FTC over the deal, and the FTC responded by warning the two companies that they must honor their privacy promises to WhatsApp users. The letter explained that failure to obtain users' opt-in consent before changing data practices would be an unfair and deceptive trade practice and violate Facebook’s FTC Consent Order. WhatsApp’s recent announcement indicates users will have 30 days to opt-out of data transfers to Facebook, in violation of the law and the FTC’s Order. In 2012, EPIC and a coalition of consumer privacy organizations also led a successful effort at the FTC after Facebook changed the privacy settings of its users. As a result, Facebook is subject to an FTC consent order.
EPIC Urges Wisconsin Legislature to Safeguard Student Privacy
In testimony for the Wisconsin legislature, EPIC urged state lawmakers to protect student privacy. EPIC's testimony: (1) explained how the U.S. Education Department weakened key safeguards for student records, (2) described the privacy risks that students today face, (3) underscored the need for data security safeguards for student information, and (4) recommended that Wisconsin adopt EPIC's Student Privacy Bill of Rights. EPIC has previously urged Congress, the Education Department, and the Federal Trade Commission to strengthen student privacy. EPIC's State Policy Project is monitoring privacy bills nationwide.
EPIC and Coalition Recommend Improvements to Health Agency’s Open Government Rules
In comments to the Department of Health and Human Services, EPIC and a coalition of open government advocates urged the agency to update its FOIA rules to keep in line with the FOIA Improvement Act of 2016. The coalition pressed the agency to “go further to ensure greater access to public interest information.” Signed into law by President Obama on the FOIA’s 50th anniversary, the FOIA Improvement Act creates a new portal for requesters, requires the proactive disclosure of frequently requested records, strengthens the FOIA ombudsman, and codifies the presumption of openness.
EPIC, Consumer Coalition Tell FCC to Protect Privacy, Security in Connected Cars
EPIC has joined a coalition of consumer groups in a letter to the FCC supporting safety rules for connected cars. The consumer groups endorsed a petition for rulemaking, filed earlier this year, that would establish safeguards for car communications networks. EPIC has testified before Congress on the risks of connected cars and recently filed an amicus brief in federal appeals court on vehicle-to-vehicle communications.
- EPIC, CDD complain to FTC about WhatsApp policy changes, PCWorld, August 30, 2016
- WhatsApp-Facebook User Data Move Incites FTC Complaint, Law360, August 30, 2016
- Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook, Threatpost, August 30, 2016
- WhatsApp Sharing Data with Facebook Raises Alarm for Privacy Advocates, ABC News, August 29, 2016
- Facebook Slapped With FTC Complaint Over WhatsApp Data Grab, Motherboard, August 29, 2016
- Facebook’s WhatsApp Privacy Changes Raise EU, U.S. Concerns, Bloomberg BNA, August 29, 2016
- European Regulators Scrutinize WhatsApp Data-Sharing Plan With Facebook, Wall Street Journal, August 29, 2016
- EPIC, CDD file complaint over WhatsApp data sharing, TheHill, August 29, 2016
- Taking a flyer on driverless cars, The Washington Times, August 29, 2016
- New commercial drone rule takes effect, Atlanta Journal-Constitution, August 29, 2016
- EPIC Prepares To File Complaint Over WhatsApp Sharing Data To Facebook, Tech Times, August 28, 2016
- Whatsapp and Facebook data sharing: Privacy group threatens legal action over invasive new terms, The Independent, August 28, 2016
- New Bank Privacy Tool Exposes Opaque, Possibly Illegal Sharing Policies, Motherboard, August 28, 2016
- With Trump’s Campaign App, There’s No Wall Protecting Your Contact Data, Fortune, August 28, 2016
- EPIC, CDD threaten legal action over Facebook, WhatsApp data sharing, SlashGear, August 28, 2016
- Innocents Exposed as WikiLeaks Gushes Information, Tech News World, August 27, 2016
- Donald Trump's new app has some very shady privacy provisions, Mic, August 27, 2016
- WhatsApp's Facebook Data-Sharing Plan Rouses EPIC , Law 360, August 27, 2016
- Trump Campaign App's Data Grab Could Expose Everyone in Your Contact List, Experts Say, ABC News, August 26, 2016
- FAA sued for lack of drone privacy rules, ZD Net, August 25, 2016
- EPIC moves forward with its lawsuit against FAA, Federal News Radio, August 25, 2016
- Advocates Want FCC to Address Car Hacking Threat, Morning Consult, August 25, 2016
- WhatsApp’s Privacy Cred Just Took a Big Hit, WIRED, August 25, 2016
- Relaxing Privacy Vow, WhatsApp Will Share Some Data With Facebook, New York Times, August 25, 2016
- WhatsApp Will Start Sharing Data, Including Phone Numbers, With Facebook, NPR, August 25, 2016
- WhatsApp Shaves Off a Little More Privacy, E-Commerce Times, August 25, 2016
- WhatsApp privacy backlash: Facebook angers users by harvesting their data, The Guardian, August 25, 2016
- Whatsapp says it will start sharing user info with Facebook, UPI.com, August 25, 2016
- FAA Sued Over Lack Of Privacy Controls In Final Drone Rule, Law 360, August 24, 2016
- Goal of app is to keep peace between public, police, The Boston Globe, August 22, 2016
- New report finds glaring issues with online voting, The Daily Dot, August 22, 2016
- The Dangers of Internet Voting, POLITICO Morning Cybersecurity, August 19, 2016
- U.S. government extends offer to protect states from electoral cyberthreats, SC Magazine, August 19, 2016
- New Report Discusses Risks To Secret Ballot, Encourages Voters To Take Precautions, Election Academy, August 19, 2016
- SuperValu Tells 8th Circ. Not To Revive Shopper-Privacy MDL, Law360, August 18, 2016
- Voting Online Means You’re Giving Up Privacy, Researchers Warn, Vocativ, August 18, 2016
- Voting Should Be Easier—But Not Like This, Mother Jones, August 18, 2016
- Internet Voting Leaves Out a Cornerstone of Democracy: The Secret Ballot, MIT Technology Review, August 18, 2016
- Report: State Laws Put Secret Ballot at Risk for Internet Voters, Morning Consult, August 18, 2016
- Online voting could be really convenient. But it’s still probably a terrible idea, The Washington Post, August 18, 2016
- Law Enforcement, Privacy, And How The Machines Will Be Racists, Above the Law (Video), August 16, 2016
- FCC urged to crack down on Baltimore police for using phone trackers , Computerworld, August 16, 2016
- Will Smart Machines Be Less Biased Than Humans?, Brink, August 15, 2016
- Pokemon hunt leads to glory for Google-born Niantic, Daily Nation, August 15, 2016
- Warning issued over computer hacks that can injure motorists, WND, August 12, 2016
EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.
Recent EPIC publications:
Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (Apr. 2016).
This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas--power, entry, pricing, access, classification, bad content, and intermediary liability--equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.
Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (Dec. 2015).
The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.
Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (May 2015). Price: $25.95.
The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.
The contributors to this anthology don't simply describe these problems or warn about the loss of privacy -- they propose solutions
Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.
September 13, 2016
"How We’ll Remember November"
Marc Rotenberg. EPIC President
Yale Washington CEO Caucus
Yale School of Management
September 22, 2016
Disruption or protection? The impact of privacy, data protection and cybersecurity laws on the adoption and use of technology
Alan Butler, EPIC Senior Counsel
International Bar Association
September 23, 2016
"Big Data and Privacy"
Marc Rotenberg, EPIC President
National Academies of Science
Woods Hole, MA
October 13, 2016
"The Misunderstood Right to Be Forgotten, and the Future of Free Expression and Privacy in the Online World"
Marc Rotenberg, EPIC President
2016 Davis, Market, Nickerson Lecture on Academic and Intellectual Freedom
Ann Arbor, MI
October 13, 2016
Fall Technology Series: Drones
Jeramie Scott, EPIC Domestic Security Counsel
Federal Trade Commission
October 19, 2016 - October 20, 2016
38th International Privacy Conference: Opening New Territories for Privacy
Marc Rotenberg, EPIC President
International Conference of Data Protection and Privacy Commissioners
November 21, 2016 - November 23, 2016
59th Meeting of the International Working Group
Marc Rotenberg, EPIC President
International Working Group on Data Protection in Telecommunications