EPIC Alert 24.06

1. EPIC FOIAs Docs for Key Witnesses at Cancelled Oversight Hearing

EPIC has submitted a series of urgent Freedom of Information Act requests for records concerning three witnesses who were scheduled to testify at a cancelled oversight hearing. In the three FOIA requests, EPIC seeks to make public the information known to the witnesses about the Russian interference that would have presented to Committee members.

The House Intelligence Committee is conducting a bipartisan investigation into the Russian interference in the 2016 Presidential Election, including any "links between Russia and individuals associated with campaigns or other U.S. persons." Former Director of National Intelligence James Clapper, former Central Intelligence Agency Director John Brennan, and former Deputy Attorney General Sally Yates, oversaw the investigation of the Russian interference in their former posts. The trio was intended to testify this week before the House Intelligence Committee precisely because of their expertise.

Last Friday, Chairman Devon Nunes (R-CA) abruptly cancelled the hearing on the Russian interference in the 2016 Presidential Election, in a move Ranking Member Adam Schiff (D-CA) called "an attempt to choke off public info." Seeking to obtain the information that would have been presented, EPIC immediately issued FOIA requests to the witnesses' former posts--the ODNI, CIA, and DOJ--for records of the Russian investigation conducted under their watch.

In a statement to CNN this week, Nancy Pelosi and Rep. Schiff called for Nunes to recuse himself from the investigation immediately.

EPIC is also pursuing FOIA lawsuits against the FBI and ODNI to press for details concerning the Russian interference to be made public. For more information about EPIC's latest open government work, visit: https://epic.org/open_gov/.

2. EPIC Complaint Seeks Investigation of Auto "Starter Interrupt Devices"

EPIC recently submitted a complaint to the Consumer Financial Protection Bureau over the use of Starter Interrupt Devices (SIDs). SIDs are used by subprime auto lenders who attach these devices to vehicles as a condition of financing. EPIC's complaint alleges that these devices are used to "monitor borrowers' real-time location, limit borrowers' movements to prescribed boundaries via geo-fencing technology, and disable vehicles in remote or dangerous locations" in violation of the Consumer Financial Protection Act. The complaint asks the CFPB to start an investigation into the practices of two specific auto lenders and to stop and investigate similar practices used by other auto lenders.

Subprime borrowers have been charged interest rates as high as 30%. Auto lenders who finance vehicles to subprime borrowers are increasingly installing SIDs on the vehicles as a condition of financing. These devices are able to remotely disable vehicles when borrowers are late on payments or travel outside of certain geographical areas. Many SIDs also use GPS to monitor the location of vehicles and have the ability to record and store where the driver is traveling.

The two companies at issue in EPIC's complaint are PassTime USA, a SIDs developer, and CAG Acceptance, LLC (CAGA), a subrprime lender. The disclosure form provided to borrowers by PassTime requires them to acknowledge that they have no right to location privacy in their vehicles and that should any federal or state law determine that they have such a right, they waive that right. Once the SIDs device is installed, CAGA does not identify any restrictions on location monitoring. As such, both companies are able to obtain substantial amount of information about borrowers such as where they work, live, worship, and socialize. SIDs devices have been used to disable cars while they are idling red lights, in remote locations with limited cellular or wireless service, or refueling at gas stations. The privacy and safety problems with these devices are well documented. One woman in Texas had her car repossessed by her auto lender after they located the car at a shelter she was staying in to escape her abusive husband. Additionally, a CAGA borrower testified before the Nevada Assembly on Commerce and Labor that CAGA had twice disabled her vehicle while she was driving.

EPIC has routinely raised concerns with privacy matters related to cars in testimony and statements to Congress and in comments to federal agencies and has continually urged for privacy standards to be considered in the development of connected vehicles. EPIC regularly interacts with the CFPB and has submitted comments on debt collection practices and publication of consumer complaint narratives.

3. EPIC Asks Senate Committee to Explore Gorsuch's Views on Privacy

In a letter sent to the Senate Judiciary Committee last week, EPIC urged Senators to question Supreme Court nominee Neil Gorsuch on a wide range of privacy, First Amendment, open government, and consumer protection issues during Gorsuch's confirmation hearing.

Judge Gorsuch's views on these subjects could have "far-reaching implications" for "the future of privacy in the digital era," EPIC wrote. EPIC's letter also emphasized the timeliness of these issues given recent allegations by the President "that he was the target of government surveillance"--a claim that is the target of an EPIC freedom of information request.

EPIC's letter noted, for example, that Judge Gorsuch "has authored several Fourth Amendment decisions that protect individuals against intrusive searches." But Gorsuch has also adopted a troubling view of the "third-party" doctrine, "which has diminished privacy protections for individuals whose personal information is held by third parties like banks, Internet Service Providers, and medical companies." Given his record, "it is important to fully explore Judge Gorsuch's views on several aspects of Fourth Amendment doctrine," EPIC wrote.

EPIC highlighted other issues of concern for the committee's review of Judge Gorsuch, including the Freedom of Information Act, the right to anonymity, the safeguarding of health data, and two key legal doctrines that affect the ability of regulators and individual citizens to protect privacy rights.

Privacy issues featured prominently during last week's hearing, where Judge Gorsuch was questioned repeatedly about his views on the constitutional right to privacy, on the application of the Fourth Amendment to new technologies, and on the First Amendment right to anonymous speech. Gorsuch said that "one of [his] favorite cases" is United States v. Jones, in which the Supreme Court held that attaching a GPS tracking device to a person's car constitutes a search under the Fourth Amendment.

EPIC regularly shares its views with the Senate concerning nominees to the Supreme Court, including Justice Kagan, Justice Sotomayor, Justice Alito, and Chief Justice Roberts.

4. Comey Confirms Russian Investigation, FBI Seeks Delay in EPIC FOIA Case

Following FBI Director James Comey's confirmation of the FBI investigation into ties between Russia and Trump's presidential campaign, the FBI asked to delay EPIC's FOIA lawsuit against the agency. In EPIC v. FBI, EPIC seeks to uncover details of the FBI's response to the Russian interference after the press reported a lax response by the agency. EPIC is pursuing the records to help the "public . . . evaluate the FBI response to the Russian interference, assess threats to American democratic institutions, and to ensure the accountability of the federal agency with the legal authority to safeguard the American people against foreign cyber attacks."

On March 20, in an open hearing before the House Select Intelligence Committee, Comey acknowledged for first time that the FBI is investigating possible coordination between the Trump campaign and Russia's interference in the election. Following the testimony, the FBI immediately asked the court for more time file a schedule for processing the FOIA request in EPIC's case against the FBI.

As EPIC wrote in commentary in The Hill this week, "[t]he public has a right to know the details when a foreign government attempts to influence the outcome of a U.S. presidential election. The public has a right to know the extent of the risk and how the government agencies, tasked with defending the nation, responded. And the public has a right to know what steps have been taken to prevent future attacks."

A new EPIC project, the EPIC Cybersecurity and Democracy Project, will focus on US cyber policies and preserving democratic institutions.

5. Court Rules in EPIC's Passenger Profiling Lawsuit Against DHS

A federal court in Washington, DC has issued a ruling in EPIC v. DHS, a case involving a controversial passenger screening program operated by Customs and Border Protection. The case arises from a FOIA request EPIC submitted to the agency in April 2014. EPIC requested information about the Analytical Framework for Intelligence, which CBP uses to assign "risk assessments" to travelers, including U.S. citizens traveling solely within the United States.

Using the system for scoring travelers, the federal agency collects and analyzes data from a variety of sources, including databases from the government and commercial data brokers. These databases contain large quantities of personally identifiable information including full name, address, age, gender, race, physical characteristics, marital status, residency status, country of citizenship, city and country of birth, date of birth, Social Security number, passport number, law enforcement records, and familial and other contact information.

As a result of EPIC's FOIA lawsuit, the CBP released several hundred pages of documents but withheld more than 300 pages in whole or in part under FOIA Exemption 7(E). Exemption 7(E) allows the government, in some circumstances, to withhold records or information if they are compiled for law enforcement purposes and if disclosure would reveal techniques and procedures used in law enforcement investigations or prosecutions. In an earlier phase of the case, EPIC challenged the Exemption 7(E) withholdings and prevailed. The court ruled that the federal agency had failed to establish that it properly withheld the documents under Exemption 7(E), but gave the CBP another opportunity to justify the agency's withholdings.

After the CBP submitted a more detailed justification, the Court declined to order the further release of certain training materials for the profiling system EPIC sought. EPIC is currently deciding whether to pursue further a legal challenge to the agency's withholding.

EPIC Book Review: "Robot Law"

"Robot Law," edited by Ryan Calo, A. Michael Froomkin, and Ian Kerr

In "Robot Law," editors Ryan Calo, A. Michael Froomkin, and Ian Kerr compile fourteen chapters surveying the legal issues associated with autonomous robots. As befits a book on the law of an emerging technology, it poses more questions than it answers. How should the law treat robots? What liability should attach to the use of robots or for damage that might happen from their use? Can tort law accommodate robots, or are changes needed? When should humans cede decisionmaking to robots that have become better experts than us? Do robots have rights? What happens when robots enforce the law or set punishments? What are the rules for the use of robots in war?

Before any of those questions can be studied, another one must be answered: what is a "robot?" Although the definition varies between chapters, the robots considered by this book share the feature of autonomy. Unlike the simple industrial robots that will screw bolts in place whether there is a car to receive them or not, legally interesting robots are capable of making what look like decisions. Furthermore, there is some element of unpredictability--even the robot's programmers cannot say what the robot will do in a particular situation. In many but not all of the articles, robots are also physical: they interact directly with the world. This distinguishes them from disembodied algorithms, machine learning systems, or artificial intelligence.

One of the most obvious legal questions about autonomous robots is whether existing tort law is a sufficient approach to liability for robots that can cause physical injury or death. Patrick Hubbard's chapter takes the "yes" side of this debate, arguing that existing tort laws provide the best balance between innovation and safety. He considers two proposals to change liability for robots. The first would use either no-fault insurance or strict liability to spread the cost of injuries. The second proposal, meant to promote development of robots, would reduce manufacturer liability through immunity or preemption. Hubbard finds fault with both proposals and argues that the current system strikes the best balance.

Judge Curtis Karnow offers a contrasting view. In a chapter that includes a well-written and remarkably concise overview of tort and products liability law, Judge Karnow argues that foreseeability is the linchpin to liability under tort law. Because the actions of autonomous robots cannot be predicted, they are not foreseeable and may not be subject to liability under any theories of tort, he claims. Instead of prescribing changes to the law, Judge Karnow sees solutions coming in the form of increased predictability of robot decisions--either through the development of a robotic "common sense" or through humans getting better at predicting robots' behavior.

Bryant Walker Smith's chapter focuses on the need for a common language about robots between lawyers and engineers. Using examples from industry efforts to build rules and standards for driverless cars, Smith discusses the importance of understanding the interconnected system between cars, other machines, the environment, and humans. He argues that risk can be lowered by improving communication between engineers and lawyers.

Jason Millar and Ian Kerr tackle a difficult question raised by expert robots like IBM's Watson: how much control should humans give up to robots? After setting up the premise that robots that unpredictably perform complex tasks should be seen as "experts," Millar and Kerr address how to handle the inevitable cases when a human expert and robot expert disagree. The problem is thorniest when the robot is a better expert than the human but still not perfect. Are we willing to relinquish control for a better outcome, knowing that the robot will still make mistakes? When human experts disagree, they may try to support their positions with reasoning, logic, and evidence. An expert robot may or may not be able to do the same. There is a tension between performance and accountability--is loss of transparency and accountability worth the benefit of improved decision-making? The calculus is not easy, especially when lives are at stake. Millar and Kerr argue that the potential benefits of ceding control are too great to ignore. Humans should, in effect, get over ourselves and welcome our new robot overlords.

Interactions between humans and robots also raise ethical and moral issues. AJung Moon et al. explore the emerging norms of human-robot interaction with an experiment involving a robot that can ride elevators. The robot is too large for anyone to safely ride in an elevator with it. The authors conducted a small-scale survey asking what the robot should do in situations where both a robot and humans want to use an elevator. In the scenarios, either the robot or the humans were already on the elevator, the robot had urgent or non-urgent business, and the humans were in a wheelchair, carrying heavy objects, or standing and unencumbered. The responses indicated that the "most appropriate" action for the robot in all situations was either to yield to the humans or to engage in a dialogue. The authors place less emphasis on the importance of this result for human-robot relations than on its role as an illustration of an open approach to roboethics.

Diana Marina Cooper's chapter discusses a different angle of "open robotics": the licenses under which robots are sold and used. Traditional open licenses do not allow manufacturers to limit downstream use, opening manufacturers to liability. Ryan Calo has advocated selective immunity for manufacturers or mandatory robot liability insurance as potential solutions. Cooper suggests a different approach: a model "selectively open license" that contains "ethical terms and conditions" restricting downstream use. The license incorporates elements of Calo's proposals by limiting liability for manufacturers and requiring licensees to obtain insurance. The license also calls for a central database of robot modifications and prohibits modifying the robot to use it as a weapon, to perform sexual acts, for military or national defense, or to give it self-defense capability. Whether manufacturers or users would find such a license appealing is questionable. Cooper's focus on ethics instead of law leaves many questions about the validity or viability of such a license unanswered.

Sinziana Gutiu is also concerned with an issue of robot ethics: sexual consent in the context of "sexbots"--robots that, as technology improves, will "look, feel, and sound to the user like a real woman who is programmed into submission and who functions as a tool for sexual gratification." Gutiu argues that allowing people to treat objects that look like women as objects could lead to the erosion of consent in interactions between men and non-robot women. Her argument echoes those that have been made about pornography for decades. To her credit, Gutiu's chapter discusses existing laws on obscenity and pornography, though her analysis favors highlighting harms instead of free speech concerns.

Most robots, of course, do not look like improbably idealized sex kittens. They do not even resemble cinematic androids like WALL-E, C-3PO, or the Maschinenmensch of Frtiz Lang's Metropolis. That does not stop us from ascribing them human qualities. Ask anyone with a Roomba. Kate Darling's chapter explores what our anthropomorphic tendencies mean for computer-robot interactions. Proceeding from the premise, adapted from Kant, that a person who mistreats a robot will not treat people well, Darling suggests that legally protecting robots against abuse would benefit society. Given our tendency to personify robots, the question may be when and how, not if, these protections will be extended.

Lisa Shay et al. survey the implications of automated law enforcement. They present a taxonomy of automation capabilities, including use for surveillance, analysis, aggregation of data points, and punishment. They follow this taxonomy with a comprehensive discussion of the issues that must be addressed in automated law enforcement. Consider the simple example of speed limits. A car traveling on cruise control at the speed limit may travel faster or slower than the speed limit many times as it goes up and down hills. How should a system that automatically issues tickets respond? Is each time a person crosses the speed limit a separate offense? Is there a minimum duration above the speed limit for an offense, or a minimum time period between infractions? The law does not address these questions, leaving them to the discretion of police officers.

In the next chapter, Shay and most of the same authors from the previous chapter test the translation of law to code empirically. They ran a fascinating experiment in which they gave three sets of computer science and information technology students a programming assignment: write a program to issue tickets based on a car's observed speed. They told the first group of students that their code should follow the letter of the law. They told the second group to code the spirit of the law. They provided the third group with detailed instructions on when tickets should be issued based on the accuracy of the measuring device, the amount over a speed limit that will not be enforced, and the amount of time that must pass before a new ticket may be issued. The results showed wide variations in implementation, even among the students who were given detailed instructions. In interviews after the assignments were complete, most students said they would not want to be subject to the systems they programmed--although one student said she would not mind as long as she could build a back door to exempt her from the system! Shay's work illustrates the difficulty of translating even seemingly simple quantitative laws like a speed limit into code.

Kirsten Thomasen's chapter examines the issue of robot-enhanced interrogation. Current technologies for detecting lies are notoriously unreliable and cumbersome to employ. But what if they were not? Would the use of a hyper-accurate, convenient lie detector be as legally restricted as the polygraph is today? What if that technology can not only detect lies but discern knowledge? Legal precedent on the issue has focused on reliability and availability of the technology to the general public. These rubrics will be of little use in a future with robots that can accurately read minds just by looking at a person's face. Thomasen's chapter is an excellent analysis of technology's role in interrogations and the potential legal implications that will arise when the primary objection to lie-detecting technology is not that it is unreliable.

The book concludes with two chapters on "killer robots"--robots intended for use in war. Ian Kerr and Katie Szilagyi analyze the "practically inevitable" rise of autonomous robots in warfare. They compare these robots to the biological and chemical weapons that were banned by the Geneva convention and the nuclear weapons that, despite efforts to outlaw their use, were not banned. Their argument is that the ostensibly technology-neutral principles of proportionality, discrimination, and military necessity in the use of force often succumb to the force of technological advances. As examples, they discuss how the submarine changed the norms of naval warfare and, less lethally, how improvements in tomato harvesting forced the world to accept hard, tasteless tomatoes. Efficiency and military necessity, it seems, overcome all other considerations.

Finally, Peter Asaro argues for laws prohibiting autonomous weapons. He finds a justification for ban under the Martens clause of the Hague Convention of 1899, a common interpretation of which is that acts are not legal simply because they are not explicitly prohibited. Instead, the "principles of humanity and the dictates of public conscience" should govern. These principles, Asaro argues, demand new rules of international humanitarian law that preserve human control over technologies of war.

Robot Law is constructed like a particularly interesting reading list for a survey class. It is a thorough and engaging survey of the legal and ethical issues advances in robotics may bring.

-- Jim Graves

News in Brief

Following Congress, EPIC Seeks Public Release of DHS Records on Russian Interference

EPIC has submitted an urgent Freedom of Information Act request for DHS's review of the Russian Interference with the presidential election. The EPIC FOIA request follows House Resolution 235, sponsored by Rep. Bennie Thompson (D-MS), which would direct the Secretary of Homeland Security to transmit DHS's documents related to Russian interference to the House of Representative. EPIC is now pursuing public release of the same records, and has notified Chairman Jason Chaffetz (R-UT) and Ranking Member Cummings (D-MD) of the House Oversight Committee of the pending FOIA request. Earlier this week, EPIC argued "the public has the right to know" about the extent of Russian interference with the 2016 election.

D.C. Circuit Hears Arguments in Data Breach Case

A federal appeals court in Washington, D.C. heard arguments today in a major data breach suit. The faulty security practices of Carefirst, a health insurer, allowed hackers to obtain the personal information of more than 1,100,000 customers. But a lower court dismissed the case because the judge believed that consumers must suffer actual identity theft before before filing a lawsuit. EPIC's amicus brief explained that the judge misunderstood the law and confused the harm consumers eventually suffer with the failure of companies to uphold obligations to safeguard the data they choose to collect. The appellate judges today voiced similar doubts about the lower court's decision, suggesting that consumers don't have to wait until their identity is stolen to bring a lawsuit. One judge compared the case to a person putting down her driver's license to rent a Segway, only to have it stolen from the rental company. EPIC regularly files briefs, defending the privacy rights of consumers.

EPIC To Senate Intelligence - "Public Has Right to Know About Russia Ties"

EPIC has sent a letter to the Senate Intelligence Committee for a hearing on "Disinformation: A Primer in Russian Active Measures and Influence Campaigns." EPIC described its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions. EPIC is also pursuing the release of any FISA orders for Trump Tower, as well as Donald Trump's tax returns. EPIC wrote the "need to understand Russian efforts to influence democratic elections cannot be overstated." EPIC President Marc Rotenberg summarized EPIC's FOIA efforts in an op-ed in The Hill earlier this week.

EPIC Pursues Release of President Trump's Tax Returns

EPIC has renewed its Freedom of Information Act request for Donald Trump's tax returns after FBI Director Comey confirmed an FBI investigation into financial ties between the Trump campaign and the Russian government. The Senate Intelligence Committee is also investigating Russian interference in the 2016 presidential election and the role of Trump advisors. Former National Security Advisor Mike Flynn resigned after evidence emerged that he received more than $30,000 to celebrate the Russian propaganda outlet RT. As EPIC stated, "At no time in American history has a stronger claim been presented to the IRS for the public release of tax records." EPIC explained that the IRS has the authority to release tax records to correct "misstatements of fact." EPIC cited contradictory statements made by the President, advisers, and family members, including Jared Kusher, who stated "Russians make up a pretty disproportionate cross-section of a lot of our assets. We see a lot of money pouring in from Russia." The President later tweeted that he "has ZERO investments in Russia" and that he has "NOTHING TO DO WITH RUSSIA-NO DEALS, NO LOANS, NO NOTHING."

EPIC Warns Congress about Law Enforcement Forensic Techniques

EPIC has sent a letter to a House Judiciary committee concerning "the state of forensic science in the United States." Citing the work of EPIC Advisory Board members Erin Murphy and Jennifer Mnookin EPIC said that oversight of forensic techniques, such as DNA and algorithms, is needed to ensure confidence in the criminal justice system. Last year, EPIC filed public records requests with six states to obtain the source code of DNA forensic software. EPIC has previously warned the US Supreme Court to carefully assess the reliability of investigative techniques. EPIC also argued a federal appeals case against DNA dragnet surveillance.

European Parliament Adopts Resolution on Big Data

The European Parliament has adopted a resolution on the fundamental rights implications of big data. The resolution stresses that "the prospects and opportunities of big data" can only be realized "when public trust in these technologies is ensured by a strong enforcement of fundamental rights and compliance with current EU data protection law." The resolution discusses the importance of data protection, accountability, transparency, data security, and privacy by design. EPIC has warned about the risks of big data and launched campaigns on "Algorithmic Transparency" and data protection.

Senate Dismantles FCC Broadband Privacy Rules

The Senate voted to roll back the FCC's broadband privacy rules, which require internet service providers to obtain consumers' consent for accessing sensitive information and required consumers to be notified of any data breaches. Senator Edward Markey (D-MA) blasted the vote stating that it is "Now easier for American's sensitive information about their health, finances and families to be used, shared, and sold to the highest bidder without their permission." EPIC had urged the FCC to establish comprehensive safeguards for consumer privacy.

EPIC Letter to House Oversight Committee Backs Open Government

A letter from EPIC to the House Oversight Committee for a hearing on "Legislative Proposals for Fostering Transparency" highlighted the Freedom of Information Act. EPIC routinely pursues FOIA case on issues of public concern. Previously, EPIC uncovered evidence that airport body scanners are ineffective, that DHS monitors social media, and that the FBI's biometric database is filled with inaccuracies. EPIC is now seeking the Complete Assessment of Russian interference in the 2016 election as well information on "risk assessment" tools in the criminal justice system. In celebration of Sunshine Week, EPIC recently published the 2017 FOIA Gallery which showcases EPIC's work in 2016 to further government transparency.

Pew Survey Finds Varying Cybersecurity Knowledge Among the Public

The Pew Research Center has released a report on "What the Public Knows About Cybersecurity." According to the Pew survey, 75% of respondents could identify the strongest password out of four options. About half of the people who took the survey could identify a phishing attack; a similar number knew what ransomware is. Only 16% answered that "a group of computers that is networked together and used by hackers to steal information" is called a "botnet." EPIC maintains an Online Guide to Practical Privacy Tools and resources on Public Opinion and Privacy.

EPIC Urges Senate Commerce Committee to Back Algorithmic Transparency, Safeguards for Internet of Things

EPIC has sent a letter to the Senate Commerce Committee concerning "The Promises and Perils of Emerging Technologies for Cybersecurity." EPIC urged the Committee to support "Algorithmic Transparency," an essential strategy to make accountable automated decisions. EPIC also pointed out the "significant privacy and security risks" of the Internet of Things. EPIC has been at the forefront of policy work on the Internet of Things and Artificial Intelligence, opposing government use of "risk-based" profiling, and recommending safeguards for connected cars, "smart homes," consumer products, and "always on" devices.

Senators Markey and Blumenthal Introduce Bill to Protect Driver Privacy in Connected Cars

Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) have introduced the "Security and Privacy in Your Car Act of 2017." The SPY Car Act would establish cybersecurity and privacy standards for new passenger vehicles, and establish a privacy rating system. A 2014 report from Senator Markey "detailed major gaps in how auto companies are securing connected features in cars against hackers." The bill would also prevent the use of driver data for marketing purposes without consent. In 2015 EPIC testified before Congress on the need for privacy and safety safeguards for connected vehicles. In 2016 EPIC filed an amicus brief in federal appeals court to protect consumers in cases involving connect vehicles.

EPIC Submits FOIA Request Seeking Documents on Airline Electronics Ban

EPIC has submitted a Freedom of Information Act request to the TSA seeking information on the recently announced ban on electronics on flights bound for the United States. The ban applies to ten airports in eight majority Muslim countries. EPIC is seeking documents related to the reasons for implementing the ban as well as documentation on TSA policies and procedures for searching electronics in checked luggage. EPIC regularly submits FOIA requests to government agencies and is also seeking information on eye scans conducted at US airports on US travelers. In EPIC v. DHS, EPIC is challenging the TSA's efforts to mandate airport body scanners.

EPIC, Coalition Focus on Immigration Orders, Data Practices, and Government Accountability

In a letter to DHS Secretary Kelly and Attorney General Sessions, EPIC and a coalition of 25 open government organizations expressed concerns about the lawfulness and objectivity of data practices under several recent immigration Executive Orders. Official memos reveal the Orders are being implemented in "manner that is unlawful and inconsistent with federal information quality guidelines, raising serious privacy, transparency, and accountability concerns." The coalition urged Secretary Kelly and the Attorney General to align data practices with privacy safeguards, open data, and data quality requirements. "Public data allows the public to hold its government accountable - but that is only possible if government information is released in a complete, consistent, unbiased, and open manner," the group stated. Earlier this year, EPIC also collaborated with other open government advocates to push for greater transparency in federal dispute resolution services and to preserve access to government information online.

EPIC Urges House Oversight Committee to Explore FBI's Use of Biometric Data

EPIC has sent a letter to the House Committee on Oversight concerning "Law Enforcement's Use of Facial Recognition Technology." EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau proposed to exempt the database from Privacy Act protections. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.

EPIC Appeals DOJ Response to "Neither Confirm nor Deny" FISA Order on Trump Tower

EPIC has appealed the DOJ's decision to "neither confirm nor deny" the existence of a FISA application to monitor Trump Tower. Following tweets by the President alleging that President Obama "had [his] wires tapped in Trump Tower," EPIC submitted an urgent FOIA request with the DOJ's National Security Division for public release of any FISA applications for wiretapping Trump Tower. In response, the DOJ stated on Friday that "we can neither confirm nor deny the existence of records in these files responsive to your request." Yet, in today's hearing before the House Select Committee on Intelligence, FBI Director James Comey stated that both the FBI and the DOJ had "no information to support those tweets." EPIC has appealed the agency's response to the FOIA request, stating "Based on the FBI Director's statement today... the agency may not hide behind the "neither confirm nor deny" response," and the "agency should immediately process EPIC's FOIA Request." The heads of the Senate and House Intelligence committees have also publicly rejected the allegations, along with House Speaker Paul Ryan. EPIC will continue to press the DOJ for release of the information.

EPIC Urges House Intelligence Committee to Investigate Russian Interference With US Election

EPIC has sent a letter to the House Intelligence Committee for a hearing on "Russian Active Measures Investigation," during which FBI Director James Comes will testify. EPIC described a FOIA request with the Department of Justice for the public release of any applications filed under "FISA" for wiretapping Trump Tower. This past Friday, DOJ responded to EPIC stating it can neither "confirm nor deny" the existence of a FISA application to monitor Trump Tower. EPIC also described its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions. EPIC explained that upcoming federal elections in Europe underscore the need to assess the threat to democratic elections. EPIC told the Committee the "need to understand Russian efforts to influence democratic elections cannot be overstated."

EPIC FOIA: DOJ will neither "confirm nor deny" existence of FISA Application for Trump Tower

In a letter to EPIC, the Department of Justice's National Security Division stated it will neither "confirm nor deny" the existence of a FISA application to monitor Trump Tower. After the President has charged that President Obama "had [his] wires tapped in Trump Tower," EPIC filed an urgent FOIA request with the DOJ for the public release of any applications filed under "FISA" for wiretapping Trump Tower. In response to EPIC's FOIA request, the DOJ has stated, "we can neither confirm nor deny the existence of records in these files responsive to your request." EPIC will challenge the agency's determination. The Senate Select Committee on Intelligence released a bipartisan statement rejecting the allegations, and House Speaker Paul Ryan stated on Thursday they have "seen no evidence" of wiretapping. EPIC also filed a related request for five categories of FISA applications related to the alleged surveillance of the Trump team. The DOJ provided the same response to EPIC to that request.

Proposed FY2018 Ups Spending for FBI Anti-Encryption Tools

President Trump's proposed budget reveals a $61 million increase in FBI funds dedicated to fighting encryption. The newly released budget for Fiscal Year 2018 directs the FBI to invest "$61 million more to fight terrorism and combat foreign intelligence and cyber threats and address public safety and national security risks that result from malicious actors' use of encrypted products and services." The FY2017 budget set aside $38 million to FBI anti-encryption technology and research. EPIC has advocated for strong encryption since its founding, and consistently pushed back against efforts to weaken the technology. EPIC also published the first comprehensive survey of encryption use around the world.

Data Protection Experts Recommend New protections for Biometric Identification Online

The International Working Group on Data Protection in Telecommunications adopted new recommendations to improve the privacy and security of biometric identification online. The Berlin-based Working Group includes Data Protection Authorities and experts who work together to address emerging privacy challenges. The "Working Paper on Biometrics in Online Authentication )" explains that "biometrics in online authentication offers one possibility to address some of the shortcomings" of conventional online passwords, but the "data protection and privacy risks" must be considered. Among their recommendations, the experts urge policymakers to support for "[p]roactive privacy tools," and contend biometric authentication should "remai[n] an active choice by the user and not a condition of use." EPIC will host the 61st meeting of the International Working Group in Washington DC in April 2017.

EPIC Urges Court to Protect Individual Privacy in Releases of Government Docs

EPIC has filed a "friend-of-the-court" brief in an open government case with implications for informational privacy. A group of anonymous medical employees challenged the release of personal information sought under a state public records act. EPIC argued that withholding personal information is consistent with open government and constitutionally required. "Open government laws and privacy laws are complimentary: the aim is to maximize both the public's access to information about the government and to safeguard personal privacy to the greatest extent feasible," EPIC wrote. EPIC has argued for similar privacy protections in ATF v. Chicago, Chicago Tribune v. University of Illinois, Ostergren v. Cuccinelli, NASA v. Nelson, and FCC v. AT&T.

Secret Ballot At Risk in Colorado As Governor Considers "Ballot Selfie" Bill

The Colorado General Assembly recently passed a bill that allows "ballot selfies," threatening voter privacy. Ballot selfies allow campaigns, employers, unions, and others to verify how an individual voted. But EPIC explained in "The Secret Ballot At Risk: Recommendations for Protecting Democracy" that the secret ballot -- the inability to link particular voters to particular votes -- is a cornerstone of modern democracies. The secret ballot reduces the threat of coercion, vote buying and selling, and tampering. The secret ballot allows people to vote without fear of intimidation or retaliation. EPIC has a long history of working to protect voter privacy and election integrity. In a 2010 Supreme Court case, EPIC argued that disregard for voter privacy may unconstitutionally burden the right to vote.

Sen. Markey and Rep. Welch Introduce Drone Privacy Legislation

Senator Markey and Representative Welch today introduced the Drone Aircraft Privacy and Transparency Act of 2017. The Act would establish privacy safeguards to protect individuals from drone surveillance. The Drone Privacy Act requires publicly available data collection statements from operators and warrants for drone surveillance by law enforcement. "Drones flying overhead could collect very sensitive and personally identifiable information about millions of Americans, but right now, we don't have sufficient safeguards in place to protect our privacy," said Senator Markey. The Act includes privacy protections EPIC has proposed in statements to Congress and comments to federal agencies. In EPIC v. FAA, EPIC is challenging the failure of the FAA to protect the public from aerial surveillance.

EPIC Urges Senate Committee to Investigate Russian Interference with US Election

EPIC has sent a letter to the Senate Judiciary Committee for a hearing on "The Modus Operandi and Toolbox of Russia and Other Autocracies for Undermining Democracies Throughout the World." EPIC described two of its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions, as well as a pending FOIA request regarding the "wiretapping of Trump Tower." EPIC explained that upcoming federal elections in Europe underscore the need to assess the threat to democratic elections. EPIC told the Committee the "need to understand Russian efforts to influence democratic elections cannot be overstated."

EPIC in the News

• The Future of Free Speech, Trolls, Anonymity and Fake News Online, Pew Research Center, March 30, 2017
• Op-ed: When the Government Is Watching You, New York Times, March 29, 2017
• Lawmakers scathing over FBI's facial recognition database, Naked Security, March 29, 2017
• Alexa and the Dawn of So-What Surveillance, Seattle Weekly, March 29, 2017
• Privacy Group Denied CBP Passenger Screening Info, Law360, March 28, 2017
• Guerrillas versus robots in online privacy wars, Kansas City Star, March 28, 2017
• OpEd: Americans have a right to know what intel community knows on Russia, The Hill, March 27, 2017
• Senate Republicans Vote To Gut Internet Privacy, BuzzFeed News, March 23, 2017
• Facial Recognition Hearing Looks to Give Lawmakers Clearer Picture on Creepy Technology, NBC News, March 22, 2017
• NASA blocks FOIA request for potential White House 'media blackout' orders, Daily Dot, March 22, 2017
• Committee reviews U.S. law enforcement's use of facial recognition technology, BiometricUpdate, March 22, 2017
• Republican Red-Tape Purge May Help AT&T, Comcast Use Data, Bloomberg, March 22, 2017
• The Long, Weird History of Companies That Put Your Life Online, The Verge, March 21, 2017
• EPIC, SPLC Wade Into Fetal Tissue Researcher Privacy Suit, Law360, March 18, 2017
• ISPs say your Web browsing and app usage history isn't "sensitive", Ars Technica, March 17, 2017
• How To Fight for Your Rights and Privacy Online, The Nation, March 17, 2017
• US Charges 2 Russian Intel Agents, 2 Hackers in Yahoo Case, E-Commerce Times, March 16, 2017

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC publications:

The Privacy Law Sourcebook 2016, edited by Marc Rotenberg (2016)

The Privacy Law Sourcebook is the leading resource for students, attorneys, researchers, and journalists interested in privacy law in the United States and around the world. It includes major US privacy laws such as the Fair Credit Reporting Act, the Communications Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Electronic Communications Privacy Act, the Video Privacy Protection Act, and the Foreign Intelligence Surveillance Act. The Sourcebook also includes key international privacy frameworks including the OECD Privacy Guidelines, the OECD Cryptography Guidelines, and European Union Directives for both Data Protection and Privacy and Electronic Communications. The Privacy Law Sourcebook 2016 (Kindle Edition) has been updated and expanded to include recent developments such as the United Nations Resolution on Right to Privacy, the European Union General Data Protection Regulation, the USA Freedom Act, and the US Cybersecurity Information Sharing Act. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas--power, entry, pricing, access, classification, bad content, and intermediary liability--equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy -- they propose solutions

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

March 31 - April 1, 2017
WeRobot 2017
Yale Law School
New Haven, CT

June 5, 2017
2017 EPIC Champions of Freedom Awards Dinner
Awardees: Garry Kasparov, Judge Patricia Wald, Carrie Goldberg
National Press Club
Washington, DC