You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC Alert 24.05

EPIC Alert logo

EPIC Alert 24.05 - March 15, 2017

  1. EPIC Challenges FAA Failure to Establish Drone Privacy Rules
  2. EPIC Publishes 2017 FOIA Gallery
  3. EPIC Sues Justice Department Over "Risk Assessment" Techniques
  4. Irish High Court Examines EU-US Data Transfers
  5. EPIC Seeks Documents on Trump - Pai White House Meeting
  6. News in Brief
  7. EPIC in the News
  8. EPIC Bookstore
  9. Upcoming Conferences and Events

1. EPIC Challenges FAA Failure to Establish Drone Privacy Rules

EPIC has filed the opening brief in a lawsuit against the Federal Aviation Administration concerning drone surveillance. EPIC charged that the FAA's failure to establish privacy rules for commercial drones is a breach of federal law.

The lawsuit is based on an Act of Congress requiring a "comprehensive plan" for drone deployment in the United States and a petition, backed by more than one hundred organizations and privacy experts, calling for privacy safeguards. In its brief, EPIC argued that the FAA's continuing refusal to issue such safeguards is a direct violation of Congress's instructions and an "arbitrary and capricious" omission by the agency in charge of U.S. civil aviation.

"As the FAA has refused to issue any privacy-related rules and refused to conduct a comprehensive rulemaking, contrary to the FAA Modernization Act and to EPIC's Rulemaking Petition, the Court must now order the agency to do so," EPIC wrote.

"The advanced surveillance capabilities of drones make them the perfect tools for paparazzi, private detectives, stalkers, and criminals," EPIC noted. "In addition to the extraordinary privacy risks of increased drone deployment in the United States, the devices also create unique security risks. Drones are equipped with onboard computers enabling remote control through a communication channel; the same remote control features that make drones easy to operate also make them susceptible to cyberattacks."

EPIC also sent detailed letter to the Senate Commerce Committee this week ahead of a hearing on drone deployment in the United States. Emphasizing the acute privacy risks of drones, EPIC warned the committee that the FAA has failed to establish the necessary safeguards. "EPIC believes that strong drone privacy rules are vital for the safe integration of commercial drones in the National Air Space," EPIC wrote. "The present course is simply not sustainable."

2. EPIC Publishes 2017 FOIA Gallery

In celebration of Sunshine Week, a national recognition of public access to information, EPIC has unveiled the 2017 FOIA Gallery. Since 2001, EPIC has released annual highlights of EPIC's most significant open government cases.

The Freedom of Information Act establishes a legal right for individuals to obtain records in the possession of government agencies. Public awareness of our government's activity through the FOIA not only allows for a more informed debate over issues of public concern, but also ensures accountability for government officials. Since the organization's inception, EPIC has used the Freedom of Information Act to aggressively enable public oversight of critical federal government operations.

Over the past year, EPIC has bolstered its record as a champion for a more open and transparent government. In 2016, EPIC obtained records detailing a Customs and Border Protection data mining program used to build "risk" profiles on travelers, unveiled two years' worth of statistical data showing the FBI's growing biometric identification program, and revealed the DEA's failure to conduct legally mandated privacy assessments in EPIC v. DEA. In the latest FOIA Gallery, EPIC also highlights two new FOIA lawsuits to uncover details of the Russian interference in the 2016 election case concerning electronic surveillance report, and the launch of EPIC's new course teaching the basics of the federal FOIA.

An introduction to the Freedom of Information Act and EPIC's recent FOIA work are available at https://epic.org/foia_gallery_2017.html. To participate in EPIC's weekly FOIA class, visit epicfoia.org.

3. EPIC Sues Justice Department Over "Risk Assessment" Techniques

EPIC recently filed a Freedom of Information Act suit against the Department of Justice seeking information on "risk assessment" tools. Risk assessment tools, sometimes called "evidence-based assessment tools," are algorithms that attempt to predict an individual's likelihood of recidivism. These tools are used throughout the criminal justice system to set bail and determine criminal sentences. They can be used to contribute to determinations about guilt or innocence and project outcomes based on social and personal behavior, not prior bad acts, of an individual. EPIC requested information on how these risk assessment tools were used in sentencing more than seven months ago. The Department of Justice failed to release any information within the statutory time period prompting EPIC to file suit.

Risk assessment tools attempt to predict an individual's chance of recidivism using statistical probabilities such as age, employment history, and prior criminal record. However, because this information has more to do with an individual's social and personal information than past actions, there is the potential that these tools could produce an unjust outcome for an individual. These tools are currently used by state and federal officials across the country at various stages of the criminal justice system. To understand how these tools produce the outcomes that they do, algorithmic transparency is necessary. Many of these tools are developed by private industries; as such, competition to produce and sell these tools to law enforcement agencies is high and transparency as to how the tools function is low. Furthermore, the Department of Justice has previously expressed reservations about these tools and the reliance on social and personal factors as opposed to prior bad acts.

EPIC's FOIA suit seeks to compel the agency to produce records related to these risk assessment tools. Specifically, EPIC requested validation studies for risk assessment tools; polices, guidelines, and memos relating to the use of evidence based sentencing; purchasing and sales contracts for risk assessment tools; and source codes for risk assessment tools used by the federal government in pre-trial, parole, and sentencing. EPIC hopes to obtain these records to make the public of aware of these risk assessment tools and hopes to gain information on how these tools work so that the public can be aware of how various factors in their personal life could be used, for or against them, in the criminal justice system.

EPIC regularly submits FOIA requests to various government agencies and has been particularly interested in obtaining information related to algorithmic transparency. EPIC has sought documents on passenger risk assessment, "future crime" prediction, and proprietary forensic analysis. Additionally, the Supreme Court is currently considering whether to take a case on the use of a secretive technique to predict possible recidivism.

4. Irish High Court Examines EU-US Data Transfers

The high-profile case concerning privacy protections for transatlantic data transfers, Data Protection Commissioner v. Facebook, continued in Ireland as the court began to hear closing arguments by the Commissioner. EPIC has submitted arguments as amicus curiae in the case.

The case follows a landmark decision invalidating an agreement between the United States and European Union concerning commercial data transfers (the "Safe Harbor" agreement). In response to a challenge by privacy advocate Max Schrems concerning transfers of his personal data by Facebook Ireland to the company's U.S. servers, the Court of Justice of the European Union found that Safe Harbor agreement did not ensure adequate protection for individuals' data protection rights. The European Court's decision followed revelations about U.S. surveillance activities by Edward Snowden and in a joint U.S.-EU report issued following the disclosures.

The new case in the Irish High Court concerns similar transfers made pursuant to "standard contractual clauses," a different mechanism for transferring EU citizens' data to the United States. Mr. Schrems has again challenged these transfers, and contends that Facebook's contracts do not provide adequate protection against surveillance by the United States. The Irish Data Protection Commissioner agreed, and filed a case in the Irish High Court requesting review of the adequacy of these contracts by the European Court of Justice. The Irish High Court designated EPIC as the US NGO amicus curiae in the case to offer a "counterbalancing perspective from the US Government" on US law. EPIC recently participated in the hearing before the court, offering submissions on the limited privacy protections that the U.S. has for foreign citizens and the obstacles to privacy redress.

EPIC is represented in this case by local counsel Sinead Lucey at FLAC (Free Legal Advice Centres), an independent human rights organization, based in Dublin, dedicated to the realization of equal justice for all, and by Mr. Colm O'Dwyer, SC, and Ms. Grainne Gilmore, BL.

5. EPIC Seeks Documents on Trump-Pai White House Meeting

EPIC has filed an urgent FOIA request with the FCC for information on the recent meeting between FCC Chairman Ajit Pai and President Donald Trump.

EPIC is seeking memos, briefing papers, emails, and talking points relating to the White House meeting that took place on March 6, 2017. EPIC said in the FOIA request that public disclosure of this information is critical because President Trump has described the media, which is subject to FCC regulation, as the "enemy of the people." Pai refused to answer "yes" or "no" when asked in a Senate Commerce Committee oversight hearing whether he agreed. Democratic members of the committee sent Pai a letter asking him to respond to that question and others relating to the independence of the FCC.

Chairman Pai also recently suspended parts of a broadband privacy order that protects Internet users from invasive tracking and profiling. In his dissent to the Privacy Order, he said that "if the FCC truly believes that these new rules are necessary to protect consumer privacy, then the government must now move forward to ensure uniform regulation of all companies in the Internet ecosystem at the new baseline the FCC has set."

The letter states that the request should be granted expedited processing so that media organizations are not "deprived of information necessary to fully represent the First Amendment interests of the media and the American public." Expedited processing is also needed "to preserve the public's right to meaningfully participate in the fate of a rule that impacts millions of consumers and businesses," according to EPIC.

EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC also has a long-standing petition before the FCC to end the mandatory retention of customer telephone records.

News in Brief

EPIC to Senate: FAA Must Establish Drone Privacy Safeguards

EPIC sent a detailed letter to the Senate Commerce Committee ahead of a hearing on drone deployment in the United States. Emphasizing the unique privacy risks of drones, EPIC explained that the FAA has failed to establish necessary safeguards. EPIC has sued the agency, arguing that is has failed to comply with Congressional directives following a petition by EPIC and hundreds of comments the agency received in support of privacy rules. EPIC also pointed out that the FAA has excluded privacy experts from the agency task force on drone policy.

EPIC Names New Advisory Board Members

EPIC has announced the newest members of the EPIC Advisory Board. They are Jennifer Daskal, Robert Groves, Cathy O'Neil, Jennifer Mnookin, Erin Murphy, and James Waldo. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy who contribute to EPIC's work on privacy and civil liberties issues. Professor Danielle Citron, author of "Hate Crimes in Cyberspace," was recently named Chair of the EPIC Board of Directors. Sherry Turkle and Shoshana Zuboff joined the Board of Directors.

House Committee Approves Bill That Places Genetic Privacy At Risk

The House Committee on Education and the Workforce gave approval last week to a bill that would undermine the privacy protections guaranteed by the Genetic Information Nondiscrimination Act (GINA). The bill would condition health insurance discounts for wellness programs on whether an employee agrees to participate in genetic testing. Under GINA, employers may not penalize employees for keeping their genetic data private. DNA profiles and other genetic records contain particularly sensitive personal information that can impact employment decisions, insurance availability, and even criminal justice outcomes. EPIC supported GINA and has backed the right of individuals to control the use of their genetic data in numerous comments and cases.

DOJ Report on FOIA Compliance: EPIC #2 in 2016 for Fee Awards.

The Justice Department's Office of Information Policy has released the 2016 Freedom of Information Act Litigation and Compliance Report. The report describes the DOJ's efforts in 2016 to ensure compliance with the open government law across the federal government, from issuing policy guidance to holding FOIA trainings. The agency also issued a list of FOIA cases where a court decision was rendered in 2016 and the amount of fees awarded by the court. EPIC tied for second (with the ACLU), behind the Public Employees for Environmental Responsibility, as the most successful FOIA litigator in the country, receiving court-ordered fee awards in three cases in 2016. In 2017, EPIC has already prevailed in a FOIA case against the FBI for public release of the agency's privacy assessments. Fees are anticipated in that case. For more information about EPIC's open government work, visit https://epic.org/open_gov/.

EPIC Urges House Committee to Protect Democratic Institutions.

EPIC has asked the House Committee on Foreign Affairs to examine the risk to democratic institutions of cyberattack. EPIC described two recent Freedom of Information Act cases against the FBI and the ODNI to obtain records about the Russian interference with the 2016 US Presidential election. EPIC pointed to the upcoming federal elections in Europe and the need to safeguard democratic elections. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which focuses on US cyber policies, threats to election systems, and foreign attempts to influence American policymaking.

EPIC to Senate: Back FCC Broadband Privacy Rule, End FCC Bulk Data Collection.

EPIC has sent a letter to the Senate Commerce Committee ahead of an FCC oversight hearing. EPIC urged the Committee to examine the FCC's role in online privacy. EPIC supports the FCC's broadband privacy rule. In fact, EPIC had urged the FCC to adopt a comprehensive privacy rule for all communications services, as suggested by FCC Chairman Pai. EPIC also brought to the Committee's attention an outdated FCC regulation that requires the bulk collection of telephone data of American consumers. In 2015, EPIC and many consumer privacy groups petitioned the FCC to repeal, but the Commission has yet to take any action. In the letter to the Senate, EPIC said the FCC should withdraw the anti-privacy data-retention regulation.

EPIC Seeks Release of FISA Order for Trump Tower

EPIC has filed an urgent FOIA request with the Department of Justice for the release of the warrant for wiretapping the Trump Tower in New York city. The President has charged that President Obama "had [his] wires tapped in Trump Tower." EPIC filed a formal Freedom of Information request for the public release of any applications filed under "FISA" for wiretapping in Trump Tower. Such an order would have been filed by the National Security Division of the Justice Department and approved by the Foreign Intelligence Surveillance Court. The complete text of the Foreign Intelligence Surveillance Act is available in the Privacy Law Sourcebook (EPIC 2016) at the EPIC Bookstore.

EPIC, Children's Advocates Oppose Requests to End FCC Broadband Privacy Rules

EPIC and a coalition of children's advocates have filed a comment opposing petitions that ask the FCC to revoke its broadband privacy rules. The coalition urged the FCC to retain rules that treat children's data, web browsing histories, and app usage data as sensitive and to retain opt-in requirements for all categories of sensitive information. EPIC previously urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC has frequently defended FCC privacy rules and currently has a petition pending before the FCC to end the mandatory retention of customer telephone records.

EPIC Warns of Privacy, Safety Risks with "Smart Cities"

In comments to the National Science Foundation on "Smart Cities and Communities Federal Strategic Plan", EPIC warned that they there were considerable risks to public safety and personal privacy. EPIC urged the NSF to prioritize cybersecurity, protect individual privacy, and minimize the collection of personally identifiable information. EPIC regularly submits comments to federal agencies on emerging civil liberties issues, including cybersecurity, consumer protection, and other privacy issues.

EPIC to Congress: Examine TSA Secrecy

EPIC has sent a letter to the House Committee on Oversight for a hearing on the Transportation Security Administration. EPIC has objected to the TSA's refusal to release information designated as "sensitive security information" that is pertinent to EPIC's ongoing case against TSA regarding airport body scanners. EPIC said that the TSA is "seeking to hide its decision making behind this cloak of secrecy." The House Committee has also criticized the agency's use of the SSI designation. EPIC also raised concerns about the eye scanning of US travelers at US airports as well as the TSA's statement that they will no longer accept drivers licenses from states that oppose "REAL ID".

EPIC Urges Senate Committee to Protect Consumers, Democratic Institutions With Strong Cyber Policies

In advance of a hearing on "Cyber Strategy and Policy," EPIC has sent a letter to the Senate Armed Services Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project that will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking.

NGOs Continue Campaign Against Privacy Shield

In March 2016, EPIC and more than 20 civil society organizations urged European leaders wrote to oppose adoption of the "Privacy Shield" for EU-US data flows. The NGOs wrote that the political agreement fails to provide sufficient data protection and does not respect the decision of the European Court of Justice in the Schrems case. The groups urged the US to make changes in domestic laws and international commitments to permit transfers of personal data to the US. The ACLU and Human Rights Watch have now also sent a letter asking Europe to reexamine Privacy Shield. At a hearing before the High Court of Ireland, EPIC Senior Counsel Alan Butler has made submissions in DPC v. Facebook highlighting weaknesses in US privacy law.

EPIC FOIA: EPIC Seeks Information about Airport Eye Scans of U.S. Travelers

EPIC has filed an urgent FOIA request with U.S. Customs and Border Protection for details of eye scans conducted on U.S. citizens traveling internationally. The CBP has long been testing biometric identification of travelers, including U.S. citizens, and a recent report indicates U.S. citizens were subject to eye scans before traveling abroad. EPIC seeks public disclosure of the details of CBP policies for scanning U.S. citizen irises and retinas upon entry or exit to the U.S. EPIC makes frequent use of the Freedom of Information Act. As the result of a FOIA lawsuit, EPIC recently obtained several memorandums of understanding regarding the transfer of biometric identifiers between the FBI and DOD. Last month, EPIC also prevailed in EPIC v. FBI, a FOIA lawsuit public release of the FBI's privacy assessments.

EPIC Urges House Committee To Ensure Transparency, Public Reporting in Surveillance Law

In advance of a hearing on Section 702 of the Foreign Intelligence Surveillance Act, EPIC has sent a letter to the House Judiciary Committee urging increased transparency and new public reporting of the Government's surveillance activities. EPIC also highlighted that Section 702 is the central focus of multiple current legal challenges to international data transfer agreements occurring abroad. Section 702, which authorizes the bulk surveillance on the communications of non-U.S. persons, sunsets on December 31, 2017. EPIC testified before the Committee during the 2012 FISA reauthorization hearings.

EPIC Urges House Committee to Protect Consumers, Democratic Institutions with Strong Cyber Security Measures

In advance of a hearing on "Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities," EPIC has sent a letter to the House Armed Services Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking.

EPIC Tells Senate Committee that Transparency is Critical for Next Director of National Intelligence

EPIC has sent a statement to the Senate Select Committee on Intelligence outlining the key government transparency and cybersecurity challenges the next Director of National Intelligence will confront. The Committee Met on February 28 to consider the nomination of Sen. Dan Coats for the position. EPIC commended former Director Clapper's progress on oversight and transparency and urged the Committee to seek assurance from Sen. Coats that his office will continue that work. EPIC also warned that over-classification remains an issue that frustrates government accountability. EPIC informed the Committee that EPIC has filed suit against the ODNI for public release of the Complete Assessment of the Russian interference in the 2016 election. In the unclassified report, former Director Clapper said that the Russians conducted a "multi-faceted" attack on the 2016 election.

EPIC in the News

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC publications:

The Privacy Law Sourcebook 2016, edited by Marc Rotenberg (2016)

The Privacy Law Sourcebook is the leading resource for students, attorneys, researchers, and journalists interested in privacy law in the United States and around the world. It includes major US privacy laws such as the Fair Credit Reporting Act, the Communications Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Electronic Communications Privacy Act, the Video Privacy Protection Act, and the Foreign Intelligence Surveillance Act. The Sourcebook also includes key international privacy frameworks including the OECD Privacy Guidelines, the OECD Cryptography Guidelines, and European Union Directives for both Data Protection and Privacy and Electronic Communications. The Privacy Law Sourcebook 2016 (Kindle Edition) has been updated and expanded to include recent developments such as the United Nations Resolution on Right to Privacy, the European Union General Data Protection Regulation, the USA Freedom Act, and the US Cybersecurity Information Sharing Act. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas--power, entry, pricing, access, classification, bad content, and intermediary liability--equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy -- they propose solutions

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

March 17, 2017
"Privacy, Security, and the Social Contract in Democratic Society"
Marc Rotenberg, EPIC President
58th Air Force Academy Assembly
Colorado Springs, CO

March 20, 2017
Book Launch: Cockburn, "Transnational Advocacy Networks in the Information Society: Partners or Pawns?"
Marc Rotenberg, EPIC President
School of Information Service
American University
Washington, DC

March 22, 2017
Civil Liberties and Privacy in the Digital Age
Caitriona Fitzgerald, EPIC Policy Director
American Constitution Society, Boston Chapter
Boston, MA

March 31 - April 1, 2017
WeRobot 2017
Yale Law School
New Haven, CT

June 5, 2017
2017 EPIC Champions of Freedom Awards Dinner
Awardees: Garry Kasparov, Judge Patricia Wald, Carrie Goldberg
National Press Club
Washington, DC

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security