EPIC Alert 24.09

1. EPIC Files Emergency Motion in EPIC v. FBI to Preserve Russia Docs

The Electronic Privacy Information Center (EPIC) has filed an emergency motion in EPIC v. FBI, a Freedom of Information Act case launched by EPIC to obtain records concerning the Russian interference with the 2016 Presidential election.

The case began on December 22, 2017, when EPIC filed an urgent FOIA request with the FBI for records about the investigation. After the FBI failed to rule on EPIC’s request for expedited processing, EPIC filed a lawsuit in federal district court in Washington, DC.  Following a report from EPIC and the FBI, Judge Royce C. Lamberth issued an Order requiring the FBI to produce documents to EPIC beginning on May 11, 2017.

On May 12, 2017, two days after the President abruptly fired the FBI Director, apparently for reasons related to the FBI’s investigation, EPIC filed a motion to preserve records related to the Russian interference with the election and impose sanctions if any records are altered or destroyed.

In the motion, EPIC cited Senator Kamala Harris, who this week questioned the Acting FBI Director as to whether the records of the Russian investigation would be preserved.  EPIC also cited members of Congress who wrote to the Deputy Attorney General asking that “all files, . . . involving the Department’s and FBI’s criminal investigation into matters related to Russian interference . . . be preserved and placed off limits to any and all White House officials and staff and any other individuals, including Attorney General Sessions, who have recused themselves from the investigation.”

“This is the first time in our 25-year history of litigating FOIA cases that we have asked a federal court for a preservation order,” EPIC President Marc Rotenberg explained. “But these are very unusual circumstances. And we have a genuine concern that the records at issue in EPIC v. FBI could be altered or destroyed.”

The case is EPIC v. FBI, No. 17-721. EPIC President Marc Rotenberg and EPIC Senior Counsel Alan Butler represent EPIC in the case.

2. EPIC To Senate Judiciary - "Public Has Right to Know About Russia Ties"

In a statement to the Senate Judiciary Committee Subcommittee on Crime and Terrorism last week, EPIC wrote that “the public has the right to know the extent of Russian interference with democratic elections and the steps that are being taken to prevent future attacks.” The Subcommittee is one of many Congressional committees investigating the issue. Sent in advance of a hearing on "Russian Interference in the 2016 United States Election," EPIC’s statement describes the four Freedom of Information Act matters EPIC is pursuing to learn more about the Russian interference in the 2016 Presidential election.

In EPIC v. ODNI, EPIC is seeking the release of the complete intelligence report on Russian interference with the 2016 election. The Declassified ODNI Assessment, published in January 2017, failed to provide critical information about the extent and nature of the Russian interference and leaves significant questions unanswered. For example, although the report notes that “Russian actors” had been “targeting or compromising” democratic institutions including “state or local election boards” since “early 2014,” the report provides no further detail on these intrusions or the extent of the damage or future threats involved.

In EPIC v. FBI, EPIC seeks to understand the FBI's response to the Russian interference in the 2016 Presidential election. The FBI is the lead federal agency for investigating cyber attacks in the United States by criminals, overseas adversaries, and terrorists. But lawmakers have questioned the FBI’s failure to adequately investigate the attacks on the nation’s political institutions.  EPIC is therefore pursuing FBI records to help the “public. . . . evaluate the FBI response to the Russian interference, assess threats to American democratic institutions, and to ensure the accountability of the federal agency with the legal authority to safeguard the American people against foreign cyber attacks.”

EPIC is also pursuing the release of any FISA orders for Trump Tower. The public should be told whether the FBI pursued an investigation regarding Russian communications with a U.S. Presidential campaign. Following EPIC’s appeal of a decision to “neither confirm nor deny” the existence of a FISA application to monitor Trump Tower, the Justice Department took the unusual step of submitting the matter for declassification review.

Lastly, on April 15, 2017, EPIC filed a Freedom of Information Act lawsuit against the IRS to enable the public release of the tax records of President Donald  Trump. Many individuals, including the President, have published conflicting statements of fact about the contents of Trump’s tax returns and the extent of his business dealings with the Russian government. As a general matter, tax records are protected under federal privacy laws. However, EPIC uncovered a key provision in the Internal Revenue Code that permits the release of tax records in certain circumstances to correct misstatements of fact.

EPIC wrote that the "need to understand Russian efforts to influence democratic elections cannot be overstated.” The EPIC Policy Project frequently submits statements to Congress on issues of privacy, civil liberties, and democratic values.

3. Intelligence Agency Provides Non-Responsive Response in EPIC Lawsuit for Russia Report

The Director of National Intelligence failed to provide a sufficient response in EPIC v. ODNI, a Freedom of Information Act lawsuit seeking public release of the Complete Assessment on the Russian interference in the 2016 Presidential election.

In January 2017, the Director of National Intelligence released a limited, declassified version of the intelligence community’s assessment of the Russian interference. The influence campaign represented a ”significant escalation” of Russian operations and was intended  “to undermine public faith in the US democratic process,” the report explained. EPIC filed a FOIA suit for public release of the Complete Assessment of Russian interference.

In accordance with the briefing schedule in the case, ODNI was required to release all “non-exempt portions" of the report to EPIC on May 3, 2017. But the agency withheld the entire document, refusing to provide even partial information that should have been released to EPIC under the Freedom of Information Act. 

As EPIC stated in the complaint, “There is an urgent need to make available to the public the Complete ODNI Assessment to fully assess the Russian interference with the 2016 Presidential election and to prevent future attacks on democratic institutions.” In an op-ed published in The Hill, EPIC President and Executive Director Marc Rotenberg explained, “The public has a right to know the details when a foreign government attempts to influence the outcome of a U.S. presidential election." 

EPIC will challenge the agency’s response as the litigation continues in federal district court in Washington, DC. EPIC v. ODNI is a part of the EPIC Cybersecurity and Democracy Project, which focuses on US cyber policies, threats to election systems and foreign attempts to influence American policymaking.

4. EPIC: 'Not Possible' for FAA to Regulate Drone Hazards Without Privacy Rules

EPIC has filed a reply brief in EPIC v. FAA, a lawsuit concerning the Federal Aviation Administration's failure to issue privacy rules for small commercial drones.

EPIC sued the FAA last year after it refused, yet again, to establish drone privacy regulations—even though Congress demanded a ”comprehensive plan“ for drone deployment in the United States and after more than 100 experts and organizations petitioned the agency for privacy safeguards. In a brief filed last month, the FAA acknowledged "that cameras and other sensors attached to [drones] may pose a risk to privacy interests." Despite this admission, the FAA continues to deny the agency's responsibility to set privacy rules.

“The FAA’s response that ‘its mission’ does ‘not include regulating privacy’ ignores the mandate of Congress and the agency’s prior statements,” EPIC wrote in reply. "It is not possible to address the hazards associated with drone operations without addressing privacy in the final rule for small commercial drone."  

EPIC also explained that the FAA "profoundly mischaracterizes the aviation technology at issue" by suggesting that cameras are simply add-ons to drones. Even the FAA’s own statistics disprove this claim: nearly every drone the agency has authorized to fly requires a camera to carry out its approved operations.  "Drone cameras are an integral component of drone operations," EPIC wrote. "Without a camera, it would be almost impossible to operate a commercial drone. Once this essential characteristic of drones is understood, the agency’s high-flying response . . . falls to the ground.”

The case, which is before a federal appeals court in Washington, D.C., is expected to go to oral argument later this year.

5. Goldberg, Kasparov, Rivest, and Wald to Receive EPIC 2017 Awards

EPIC has announced that privacy attorney Carrie Goldberg, human rights advocate Garry Kasparov, and Judge Patricia Wald are recipients of the 2017 Champions of Freedom Awards. Computer scientist Ron Rivest will receive the 2017 EPIC Lifetime Achievement Award. The EPIC Champion of Freedom Award is given out annually to those who protect privacy, open government, and democratic institutions with courage and integrity.  The EPIC Lifetime Achievement Award is given to individuals who have devoted their career to protecting privacy, open government, and democratic institutions.

Carrie Goldberg is a privacy attorney who established her own law firm in New York that focuses on internet privacy and abuse, domestic violence, and sexual consent. She was recently profiled in The New Yorker as “The Attorney Fighting Revenge Porn.” She recently spoke in Washington about  “Outlawing Revenge Porn: How Congress Can Protect Privacy and Reduce Online Harassment”

Garry Kasparov is an international human rights advocate and former World Chess Champion. Kasparov founded the United Civil Front movement and campaigned for the Russian Presidency in 2012 against Vladimir Putin. His 2015 book, Winter is Coming: Why Vladimir Putin and the Enemies of the Free World Must Be Stopped, discusses Russia’s current ambitions on the world stage and the threat they pose to Western democracies. Kasparov’s most recent book, Deep Thinking: The Human Future of Artificial Intelligence, explores his historic chess match against Deep Blue in 1997. Both books are available at the EPIC Bookstore.

Judge Patricia Wald stepped down from the Privacy and Civil Liberties Oversight Board earlier this year, She was formerly the Chief Justice of the DC Circuit Court of Appeals and served as a judge on the International Criminal Tribunal for the Former Yugoslavia. In 2013, President Obama awarded Judge Wald the Presidential Medal of Freedom, the nation’s highest civilian honor.

Professor Ronald L. Rivest is an Institute Professor at the Massachusetts Institute of Technology in the Electrical Engineering and Computer Science Department.  He is well-known for the invention of the RSA public-key cryptosystem with Adi Shamir and Len Adleman, for which they were awarded an ACM Turing Award.  He is a member of the National Academy of Science, the National Academy of Engineering, and the American Academy of Arts and Sciences.  He has published extensively in the fields of algorithms, cryptography, machine learning, and election systems integrity

EPIC will honor these award winners on June 5^th at the Champion’s of Freedom Award Dinner at the National Press Club in Washington, DC. Tickets are currently available.

News in Brief

Executive Order on Cybersecurity Finally Released

A long delayed Executive Order on cybersecurity was released this week. The Order continues many of the cybersecurity policies of the Obama and Bush administrations. The Executive Order requires agency heads to use the NIST Framework to manage cybersecurity risk and to provide a risk management report. The Order also requires Cabinet officials to devise a strategy for international cooperation in cybersecurity. However, the Order does not address Russia's cyber interference with the 2016 Presidential Election. EPIC and a group of forty leading experts in law and technology had urged the White House to strengthen privacy and data protection and support strong encryption. The EPIC Cybersecurity and Democracy Project focuses on US cyber policies, threats to election systems, and foreign attempts to influence American policymaking.

D.C. Circuit: California Water Well Information Exempt from Public Disclosure

The D.C. Circuit Court of Appeals has ruled that information about a government project to manage water in the California is exempt from disclosure under the Freedom of Information Act. The Court found that Exemption 9, which covers "geological and geophysical information…concerning wells," permitted the Bureau of Reclamation to withhold information about well location and depth information. "Congress enacted FOIA to 'permit access to official information long shielded unnecessarily from public view,'" the Court said. However, the D.C. Circuit rejected the arguments of environmental group AquAlliance that the legislative history indicated that the exemption only applied to oil and gas wells; the Court said it should "assume that Congress meant what it said, and said what it meant." EPIC frequently fights overbroad agency withholding of public records. In EPIC v. FBI, a FOIA lawsuit seeking release of FBI privacy assessments, a court sided with EPIC and agreed that the agency did not justify withholding records under a FOIA exemption for law enforcement procedures and techniques.

In Merger Reviews, EPIC Advocates for Privacy, Algorithmic Transparency

EPIC has sent a statement to the Senate Judiciary Committee ahead of a hearing on the new Antitrust Chief. EPIC urged the Committee to consider the role of consumer privacy and data protection in merger reviews. EPIC warned that "monopoly platforms" are reducing competition, stifling innovation, and undermining privacy. EPIC pointed to the FTC's failure to block the Google/DoubleClick merger, which accelerated Google's dominance of Internet advertising, and the WhatsApp/Facebook merger, which paved the way for Facebook to access confidential WhatsApp user data. EPIC also said that "algorithmic transparency" would become increasingly important for merger analysis. EPIC is a leading consumer privacy advocate and regularly submits complaints urging investigations and changes to unfair business practices.

EPIC Joins Coalition to Urge FOIA Compliance On Congress-Agency Communications

EPIC joined a coalition of civil society organizations to urge the House Committee on Financial Services to rescind guidance declaring communications between the Department of Treasury and the Committee exempt from public access. In the letter to Chairman Jeb Hensarling (R-TX), the coalition stated that the move represented "a troubling precedent" that "improperly restrict[s] the ability of the public to use FOIA." Records in the possession of federal agencies are presumptively available to the public under the Freedom of Information Act. EPIC and a coalition also recently urged Immigration and Customs Enforcement to comply with the FOIA and "fully disclose information on immigration enforcement cooperation between federal and non-federal law enforcement agencies." For more information about EPIC's latest open government work, visit: https://epic.org/open_gov/.

EPIC Urges Transparency in Negotiation of US-UK Intercept Treaty

EPIC has sent a statement to the Senate Judiciary Committee for a hearing on "Law Enforcement Access to Data Stored Across Borders." According to news reports, the United States and the United Kingdom are seeking to establish an agreement for direct access to personal data outside their legal jurisdictions. A secret agreement is under negotiation. In November 2016, EPIC filed a FOIA Request related to the US-UK agreement. Last week, the Justice Department alerted EPIC that responsive documents had been located and would be referred to the State Department for additional processing. EPIC has long advocated for transparency concerning international agreements. In 2016, EPIC obtained the "Umbrella Agreement" after a successful Freedom of Information Act lawsuit.

Former Attorney General Testifies about Russian Influence with Key Trump Advisor

In a hearing before a Senate Judiciary Subcommittee, former Acting Attorney General Sally Yates said she warned the White House that General Michael Flynn "could be blackmailed by the Russians" who knew he had lied about his Russian contacts. Yates also said the DOJ came forward out of concern that both administration officials and the American people "had been misled." As a part of the Democracy and Cybersecurity Project, EPIC is pursuing a Freedom of Information Act request for records of DOJ's investigation of Russian interference, EPIC explained to the Senate committee that "the public has 'the right to know' the extent of Russian interference with democratic elections and the steps that are being taken to prevent future attacks."

On Cyber Policy, EPIC Urges Senate to Protect Consumers, Democratic Institutions

In advance of a hearing on "Cyber Threats Facing America: An Overview of the Cybersecurity Threat Landscape," EPIC has sent a statement to a Senate Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project that will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking.

Spending Measure Increases FTC Funding by $6 Million

The spending measure recently approved by Congress allocates $313 million to the FTC for fiscal 2017. According to the Senate summary, the allocation is for the FTC "to detect and eliminate illegal collusion, prevent anticompetitive mergers, combat consumer fraud, fight identity theft and promote consumer privacy." The amount is an increase of $6 million, or about 2 percent, over 2016 levels. EPIC has consistently urged the FTC to exercise its full authority in protecting consumers and has filed numerous consumer privacy complaints with the FTC, including a recent complaint about "toys that spy." Earlier this year, an EPIC-led coalition detailed 10 steps for the FTC to protect consumers in 2017.

Senators Introduce Bill to Remove Personal Data from Cargo Manifests

Senators Steve Daines (R-MT) and Gary Peters (D-MI) have introduced a bill that would remove personally identifiable information from shipping manifest sheets that are released to the public. According to the bill's sponsors, the Moving Americans Privacy Protection Act seeks to protect people who make international moves from "identity theft, credit card fraud and unwanted solicitations." EPIC maintains a page on identity theft and launched "Data Protection 2016," a non-partisan campaign to make data protection an issue in the 2016 election.

EPIC to Congress: Protect Student Privacy

EPIC has sent a statement to the House Committee on Oversight for the upcoming hearing on the FAFSA ("Free Application for Federal Student Aid") data breach, which compromised more than 100,000 taxpayer records. EPIC urged the Committee to protect student privacy. EPIC's testimony: (1) explained how the U.S. Education Department weakened key safeguards for student records, (2) described the privacy risks that students today face, (3) underscored the need for data security safeguards for student information, and (4) recommended that Congress adopt EPIC's Student Privacy Bill of Rights. EPIC has previously urged Congress, the Education Department, and the Federal Trade Commission to strengthen student privacy.

EPIC Renews Call for Connected Cars Safeguards

In comments to the FTC and NHTSA ahead of a June workshop, EPIC underscored the need to safeguard consumers and improve vehicle security. EPIC also defended the role of states that are developing new safeguards for connected vehicles. For more than a decade, EPIC has been a leading advocate for privacy and security measure for connected vehicles. EPIC routinely submits comments to federal agencies regarding the unique challenges that these vehicles present. EPIC has also testified before Congress, filed amicus briefs, and submitted statements on the risks of autonomous vehicles.

Surveillance Report Shows Uptick in "Backdoor Searches"

The ODNI 2016 Transparency Report provides new details about government surveillance activities. According to the ODNI, there was a 10% increase in the use of “backdoor searches” under Section 702. These searches occur when a government search targets a U.S. person under a law intended to permit only surveillance of non-US persons. This controversial practice is one of the reasons lawmakers oppose renewal of Section 702.

EPIC Urges Senate Committee to Investigate FBI's Massive Biometric Database

EPIC has sent a statement to the Senate Judiciary Committee for an upcoming FBI oversight hearing. EPIC urged the Committee to investigate the FBI's Next Generation Identification system, a massive biometric database. EPIC has sought to ensure that the FBI database complies fully with the federal Privacy Act which the Bureau has opposed. EPIC explained to the Senate Committee that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." In a leading FOIA lawsuit, EPIC v. FBI, EPIC also uncovered documents which revealed high error rates in the biometric system. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense.  

EPIC in the News

• Smart Toys: Smart Or Just Creepy?, Mondaq, May 15, 2017
• Comey made waves as public face of cyber crime fight, POLITICO Pro, May 10, 2017
• Tinder orders researcher to remove dataset of 40,000 profile pictures, Naked Security, May 3, 2017
• Sent to Prison by a Software Program’s Secret Algorithms, The New York Times, May 1, 2017

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC publications:

The Privacy Law Sourcebook 2016, edited by Marc Rotenberg (2016)

The Privacy Law Sourcebook is the leading resource for students, attorneys, researchers, and journalists interested in privacy law in the United States and around the world. It includes major US privacy laws such as the Fair Credit Reporting Act, the Communications Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Electronic Communications Privacy Act, the Video Privacy Protection Act, and the Foreign Intelligence Surveillance Act. The Sourcebook also includes key international privacy frameworks including the OECD Privacy Guidelines, the OECD Cryptography Guidelines, and European Union Directives for both Data Protection and Privacy and Electronic Communications. The Privacy Law Sourcebook 2016 (Kindle Edition) has been updated and expanded to include recent developments such as the United Nations Resolution on Right to Privacy, the European Union General Data Protection Regulation, the USA Freedom Act, and the US Cybersecurity Information Sharing Act. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas--power, entry, pricing, access, classification, bad content, and intermediary liability--equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

May 16, 2017 - May 19, 2017
"The Digital Economy"
Marc Rotenberg, EPIC President
OECD
Paris, France

June 5, 2017
2017 EPIC Champions of Freedom Awards Dinner
Awardees: Garry Kasparov, Judge Patricia Wald, Carrie Goldberg
National Press Club
Washington, DC

June 8, 2017 - June 9, 2017
"Fortifying or Forgetting Forecasting: Can We Ever Plan Accurately?"
Marc Rotenberg, EPIC President
Yale CEO Conference
New York, NY

June 28, 2017
“Privacy, Security Issues Related to Connected, Automated Vehicles”
Marc Rotenberg, EPIC President
FTC / NHTSA
Washington, DC

August 6, 2017 - August 8, 2017
Aspen Institute Roundtable on Artificial Intelligence
Marc Rotenberg, EPIC President
Aspen Institute
Aspen, CO

September 25, 2017 - September 29, 2017
The 39th International Conference of Data Protection and Privacy Commissioners
Marc Rotenberg, EPIC President
Hong Kong