EPIC Alert 25.09

1. EPIC Renews Call for FTC to Stop Google's Tracking of Consumer Purchases

EPIC has urged the Federal Trade Commission to act on a complaint EPIC previously filed with the Commission concerning Google's tracking of consumer purchases. The complaint alleges that Google's "Store Sales Measurement" practice correlates in-store credit card transactions with consumers' online advertising clicks to track when a consumer clicks on an advertisement and subsequently makes an in-store purchase. To accomplish this, Google collects billions of credit card transactions containing personal information from third-party data brokers and matches those offline transactions with the online activity of consumers.

Google relies on a secret, proprietary algorithm that it claims will protect the privacy of the millions of consumers it tracks, but Google refuses to disclose or allow independent testing of this technique. Thus it is impossible for consumers to verify that their private activities are protected. Google also claims that consumers can opt out of being tracked, but the process is burdensome, opaque, and misleading.

Google has continued to deploy its "Store Sales Measurement" practice since EPIC filed its complaint with the FTC in 2017. EPIC told the FTC that Google's tracking "is without precedent and also raises questions as to what else Google does with the consumer data it obtains." EPIC alleged that Google's practices are unfair and deceptive in violation of Section 5 of the FTC Act, urging the Commission to investigate Google and enjoin these practices.

The FTC recently welcomed a new slate of four Commissioners, including a new Chairman. The new leadership has indicated that they will focus increased scrutiny on the tech giants such as Google and Facebook. Incoming Commissioner Rohit Chopra issued a memo calling for more robust enforcement of FTC consent orders, stating that "FTC orders are not suggestions." Recently, EPIC and a coalition of consumer groups called on the FTC to enforce its 2011 Consent Order against Facebook for violating the privacy of millions of its users in the Cambridge Analytica breach.

2. Supreme Court: Fourth Amendment for Lawful Driver of Vehicle Regardless of Rental Agreement

The U.S. Supreme Court ruled this week that a driver in lawful possession of a rental car has a reasonable expectation of privacy regardless of a rental car agreement. In other words, the Fourth Amendment protects a lawful driver of a rental vehicle even if the driver is not authorized under the rental agreement.

The Court, ruling in Byrd v. United States, held that "the mere fact that a driver in lawful possession or control of a rental car is not listed on the rental agreement will not defeat his or her otherwise reasonable expectation of privacy." The Court saw "no reason why the expectation of privacy that comes from lawful possession and control and the attendant right to exclude would differ depending on whether the car in question is rented or privately owned by someone other than the person in current possession of it.

EPIC filed an amicus brief in the case, joined by 23 technical experts and legal scholars of the EPIC Advisory Board, which stated that "relying on rental contracts to negate Fourth Amendment standing would undermine legitimate expectations of privacy." EPIC also urged the Court to recognize that a modern car collects vast troves of personal data and "make[s] little distinction between driver and occupant, those on a rental agreement and those who are not."

EPIC has filed extensive comments with the National Highway Traffic Safety Administration, the Federal Trade Commission, and the Department of Transportation and has testified before the U.S. Congress about the privacy and consumer safety risks posted by connected vehicles. EPIC also routinely participates as amicus curiae in cases before the Supreme Court, including in United States v. Microsoft Corp., Dahda v. United States, and Carpenter v. United States.

3. EPIC Warns of Privacy Act Obligations for Potential Federal Database of Food Aid Recipients

In advance of a hearing on "Program Integrity for the Supplemental Nutrition Assistance Program" (SNAP), EPIC submitted a statement to the House Oversight Committee. A provision of the Agriculture and Nutrition Act of 2018 would establish a federal database of SNAP recipients for the purpose of denying food assistance. The SNAP program provides assistance to low-income households and is administered by the states. However, Section 4001 would create a federal database with personal data, such as social security numbers, employment status, and income amounts, to make opaque determinations on denying food assistance and disenrolling participants.

EPIC warned that if Congress decides to create this federal database, then the Department of Agriculture will be subject to Privacy Act obligations, including potential liability for the breaches of sensitive data that may result. EPIC noted that "government data breaches have been numerous and severe and have raised concerns surrounding the safety of data stored by the U.S Government. In recent years, data breaches have affected the Office of Personnel Management, Internal Revenue Service, Federal Bureau of Investigation, and the Department of Homeland Security."

EPIC also made clear that under the E-Government Act, federal agencies must undertake a Privacy Impact Assessment (PIA) prior to the creation of a new record system containing personally identifiable information. The Department of Agriculture, for example, will have to conduct a PIA before a database of SNAP recipients is established. EPIC has filed numerous Freedom of Information Act lawsuits to compel the disclosure of PIAs by federal agencies, including FBI, the DEA, the NSA. Last year, EPIC also successfully challenged the efforts of a presidential commission to establish a national voter database, noting that voting is a state function.

Privacy scholars have explained that government agencies often subject individuals living in poverty to excessive surveillance. Professor Danielle Citron, Chair of the EPIC Board of Directors, recently detailed the privacy implications of the SNAP database in "We Don't Need a National Data Center of the Poor."

4. White House Establishes AI Advisory Committee

The White House has established the "Select Committee on Artificial Intelligence" to advise the President and formally coordinate artificial intelligence policies among executive branch agencies. The Office of Science and Technology Policy, National Science Foundation, and Defense Advanced Research Projects Agency will lead the interagency committee.

According to the White House, the goals of the Committee are (1) prioritize funding for AI research and development; (2) remove barriers to AI innovation; (3) train the future American workforce; (4) achieve strategic military advantage; (5) leverage AI for government services; and (6) lead international AI negotiations. The Committee will also coordinate federal research and adoption of technologies such as autonomous systems, biometric identification, computerized image and video analysis, machine learning, and robotics.

The Committee membership includes the Department of Commerce, Department of Defense, Department of Energy, and Office of the Director of National Intelligence as well as representatives from the Executive Office of the President such as the National Security Council and Office of Management and Budget. The Committee may also "interact with and receive ad hoc advice" from private sector groups, but it is unclear whether the Committee will include public perspectives in its work.

In 2014, EPIC—joined by 24 consumer privacy, public interest, scientific, and educational organizations—petitioned the OSTP to accept public comments on a White House project concerning Big Data. The petition stated, "The public should be given the opportunity to contribute to the OSTP's review of 'Big Data and the Future of Privacy' since it is their information that is being collected and their privacy and their future that is at stake." EPIC launched an international campaign for Algorithmic Transparency in 2015 and recently urged Congress to establish oversight mechanisms for the use of AI by federal agencies.

5. EPIC Advises Senate on Drone Privacy Issues

In advance of a hearing titled "Keeping Pace with Innovation - Update on the Safe Integration of Unmanned Aircraft Systems into the Airspace," EPIC submitted a statement to inform the Senate Commerce Committee of EPIC's ongoing work to establish transparency and oversight for the use of unmanned aircraft in the United States. EPIC believes that strong drone privacy rules are vital for the safe integration of commercial drones into the National Airspace.

EPIC is currently proceeding against the FAA in the D.C. Circuit Court of Appeals, where EPIC challenging the agency's refusal "to establish privacy rules governing the deployment of drones—unmanned aerial vehicles with sophisticated surveillance cameras—in the United States." As EPIC told the court, "The agency's failure to act threatens fundamental privacy rights, is arbitrary and capricious, and is contrary to law."

EPIC has also filed suit to enforce the transparency obligations of the Drone Advisory Committee (DAC), a body created by the FAA to study and make recommendations on U.S. drone policy. The DAC "has the obligation to present to the FAA proposals and recommendations to address widespread and obvious public concerns about the impending risks of drone surveillance in the United States," EPIC wrote in its complaint. "Yet there is no evidence that the DAC has fulfilled its essential responsibility to assess these risks to the public interest."

EPIC has also pursued several open government matters regarding the FAA's decision-making process, which appears intended to purposefully avoid the development of meaningful privacy safeguards. As EPIC wrote to the Senate Commerce Committee, "We urge the Committee to question why the FAA has not yet taken steps to issue regulations on drone privacy despite prior Congressional directives to do so."

News in Brief

EPIC To Senate Judiciary: Privacy Is Integral to Democracy

In advance of a hearing on Cambridge Analytica and the Future of Data Privacy, EPIC has sent a statement to the Seante Judiciary Committee. EPIC said that "It has become increasingly clear that even as we are asked to give up our privacy, companies have become ever more secretive about how they profile and target voters." In 2014, EPIC challenged Facebook's manipulation of users' News Feeds for psychological research. "If Facebook used data manipulation to shape users' emotions, it can use data manipulation to shape voters' practices," EPIC told the Committee.

EPIC Urges FTC to Strengthen Revised Settlement with Uber

In detailed comments to the Federal Trade Commission, EPIC urged the FTC to strengthen a revised settlement with Uber. The FTC reached a settlement with Uber back in August of 2017 for its numerous privacy abuses, including secretly tracking riders and using software to evade authorities. But shortly after announcing the settlement, the FTC discovered that Uber had hid a massive data breach and used its bug bounty program to pay off the hackers. As a result, the FTC required Uber to submit all of its privacy assessments to the Commission. While EPIC supported the FTC's action, EPC said that "the FTC should make Uber's privacy assessments public so that consumers can evaluate whether the company is meeting its obligations under the Consent Order." The FTC's initial investigation and subsequent settlement with Uber were prompted by EPIC's complaint against Uber's in 2015.

EPIC Obtains Comey's Memos Detailing Conversations with Trump

Through a Freedom of Information Act request, EPIC obtained declassified memorandums from former FBI Director James Comey detailing his conversations with President Trump from January to April 2017. The conversations include President Trump asking about the possibility of imprisoning journalists, dropping the investigation of former advisor Michael Flynn, and the need to "lift the cloud" of the Russia investigation. In early 2017, EPIC launched the Project on Democracy and Cybersecurity. EPIC is currently pursuing several FOIA cases concerning Russian interference with the 2016 election including: EPIC v. ODNI (Russian hacking), EPIC v. IRS (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity).

EPIC Advises FTC on Children's Privacy

In response to an industry proposal to diminish safeguards for children's privacy, EPIC reminded the FTC that industry guidelines must comply with the Children's Online Privacy Protection Act. EPIC also highlighted recent updates in the COPPA regulations that minimize data collection concerning children. EPIC wrote, "COPPA has evolved to address changes in technology and business practices." EPIC has testified several times before Congress on protecting children's data and supported the 2013 updates to COPPA.

EPIC Seeks Records from FTC Regarding Irish Audits of Facebook

EPIC has submitted a Freedom of Information Act request seeking records about the Irish Data Protection Commissioner's inquiries regarding Facebook's compliance with the FTC's Consent Order. In 2011, the Austrian privacy group Europe-v-Facebook and other parties filed formal complaints to the Irish Data Protection Commissioner about third party access to Facebook user data. The Irish Data Protection Commissioner then initiated an audit of Facebook to assess its compliance with both Irish Data Protection Law and EU law. The 2011 Irish audit found that the safeguards for third party applications did not ensure security for user data. In a 2012 re-audit, the Irish on Commissioner found a "satisfactory response" from Facebook regarding preventing third party applications. Following the 2012 re-audit, the FTC and the Data Protection Commissioner signed a Memorandum of Understanding to exchange information to enforce compliance with privacy laws in each respective country. Two years after the Data Protection Commissioner found a "satisfactory response" from Facebook regarding third party applications, a third party application harvested the data of over 87 million users and transferred the data to Cambridge Analytica.

EPIC Tells Congress to Consider Census Privacy Risks

In advance of a hearing on the 2020 Census, EPIC told Congress to consider the privacy issues arising from potential misuse of Census data. After the Department of Commerce announced that the 2020 Census will include a question on citizenship status, many have expressed concerns about the confidentiality of the data collected. EPIC told Representatives: "your committee should ensure that the data collected by the federal government is not misused." The census raises significant privacy risks and has been used to discriminate. EPIC previously obtained documents which revealed that the Census Bureau transferred the personal data of Muslim Americans to the Department of Homeland Security after 9-11. As a consequence, the Census Bureau revised its policy on sharing statistical information about "sensitive populations" with law enforcement or intelligence agencies. Customs and Border Protection also changed its policy on requesting "information of a sensitive nature from the Census Bureau."

EPIC Joins Coalition Urging CFPB to Maintain Public Database of Consumer Complaints

EPIC and a coalition of consumer organizations have sent a letter to Mick Mulvaney urging the Acting Director not to ban public access to the CFPB consumer complaint database. "The public complaint database is a tool that empowers individuals to inform and protect themselves in the marketplace," the groups stated. In recent remarks at a banking industry conference, Mulvaney said that he is considering closing off access to the database. The database has helped expose wrongdoing by numerous financial institutions-including failures by Equifax following its data breach, as detailed in a report just released by three Senators. EPIC has called on the CFPB to more vigorously pursue its investigation of Equifax, and has filed a Freedom of Information Act request to obtain communications about that investigation.

EPIC Advises Safety Commission on Dangers of IoT

EPIC submitted comments to the Consumer Product Safety Commission for an upcoming hearing on "The Internet of Things and Consumer Product Hazards." EPIC urged the Commission to focus on privacy and security issues, which the Commission claims are outside its scope. EPIC told the Consumer Product Safety Commission that "Holding a hearing in the year 2018 to discuss IoT without addressing privacy and security is akin to holding a hearing in the last century about kitchen appliances without addressing the risk that a toaster might catch fire because of bad wiring." EPIC recommended that the Commission implement thirteen rules for manufacturers of IoT devices that were laid out by the UK government in a recent report on privacy and security for IoT devices. EPIC and a coalition of consumer groups preciously urged the Commission to order the recall of the Google Home Mini "smart speaker" and received a response saying that it does not pursue privacy or data security issues.

FTC Commissioner Chopra: 'FTC Orders Are Not Suggestions'

Incoming Federal Trade Commissioner Rohit Chopra issued a memo this week warning that the FTC will enforce its consent orders against companies that violate the law. "FTC orders are not suggestions," said Chopra. Chopra said the FTC should seek structural remedies as well as monetary fines. EPIC has repeatedly told the FTC to enforce its orders, and even sued the agency, EPIC v. FTC, for failing to enforce the order against Google following the Buzz fiasco. More recently, EPIC and a coalition of consumer groups told the FTC that the Cambridge Analytica breach could have been avoided had FTC enforced the 2011 Consent Order against Facebook. The FTC has since confirmed that it is investigating Facebook for the breach. According to the former Acting Director of the FTC's Bureau of Consumer Protection, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook."

Supreme Court: Government's Reading of Wiretap Act 'Makes Little Sense'

The Supreme Court has ruled in Dahda v. United States, a case about the federal Wiretap Act and the suppression of evidence obtained under an overly broad wiretap order. A lower court permitted the evidence, relying on a novel interpretation of the Act. EPIC filed an amicus brief in the case, arguing that "it is not for the courts to create textual exceptions" to federal privacy laws. The Supreme Court agreed with EPIC that it "makes little sense" for the court to rewrite the statute. However, the Court declined to suppress the evidence, finding that it was a lawful search under a narrow interpretation of the Wiretap Act. EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, including Byrd v. United States (a case in which the Court rejected suspicionless searches of rental cars) and Carpenter v. United States (a case about warrantless searches of cellphone location records).

Senators Urge DHS to Address Concerns Over Facial Recognition at Airports; Conduct Public Rule-Making

In a letter to DHS Secretary Kirstjen Nielson, Senators Edward Markey (D-MA) and Mike Lee (R-UT) urged the agency to promptly conduct a public rulemaking on the agency's biometric exit program prior to any expansion of the program. The program, currently implemented in nine U.S. airports, requires travelers on departing international flights to submit to facial recognition identification. The Senators requested that DHS determine the accuracy of the technique and the procedures for collecting passenger data. EPIC is currently pursuing documents about the biometric exit program, but documents EPIC obtained about a related program that tested iris and facial recognition scanning at the border revealed that the technology did not perform operational matching at a "satisfactory" level. An earlier EPIC lawsuit against the DHS led to the removal of backscatter x-ray devices—"body scanners"—at US airports.

Appeals Court: Border Searches of Cell Phones Require 'Reasonable Suspicion'

A federal appeals court has ruled that U.S. border officials may not conduct a forensic search of a mobile device without a "reasonable suspicion" that the device contains evidence of a crime. The court's decision followed Riley v. California, a 2014 Supreme Court case holding that the Fourth Amendment requires police to obtain a warrant to search a cell phone. EPIC filed an amicus brief in the Riley case, cited by the Supreme Court, about the detailed personal data stored in cell phones. EPIC's Alan Butler predicted that the Riley decision would lead courts to require "reasonable suspicion" for border searches. EPIC recently filed a FOIA suit against against a federal agency for information about the warrantless searches of cell phones. Senator Patrick Leahy (D-VT) and Senator Steve Daines (R-MT) have introduced legislation to place restrictions on searches and seizures of electronic devices at the border.

Transatlantic Consumer Dialogue Publishes '10 Things to Know About the GDPR'

The Transatlantic Consumer Dialogue, a coalition of more than 70 consumer organizations in Europe and North America, has made available "10 Things to Know About the GDPR." The analysis details key elements of the new European privacy law. TACD wrote, "People's data should be treated with the highest privacy protections no matter where they are based. Privacy is a fundamental human right and data protection is intrinsically linked to it." Last month, TACD sent a letter to Mark Zuckerberg urging Facebook to comply with the GDPR as a baseline standard for all Facebook users worldwide. TACD will host a press conference on GDPR with EPIC in Washington DC on May 16. EPIC makes available the complete text of the GDPR and related materials in the Privacy Law Sourcebook.

Annual ODNI Report Reveals Upturn in U.S. Surveillance

According to the Office of Director National Intelligence 2017 report, the number of Foreign Intelligence Surveillance Act orders to collect call records more than tripled last year, from 151 million records in 2016 to 534 million in 2017. In 2012, EPIC testified before Congress on the need for more public reporting concerning the use of FISA authorities. Several of EPIC's recommendations, including better reporting on government surveillance activities, were incorporated in the USA FREEDOM Act.

Safety Groups Urges Congress to Regulate 'Autonomous Vehicles'

A coalition of consumer safety groups wrote to senators asking them to delay passing the AV START Act (S. 1885) until the National Transportation Safety Board finished its investigation of two recent crashes involving autonomous vehicles. The groups said: "we are very concerned that provisions in the bill put others sharing the road with AVs at unnecessary and unacceptable risk." EPIC has called for national safety standards for connected cars in comments to NHTSA. In a recent amicus brief to the Supreme Court, EPIC also underscored the privacy risks of rental cars, which collect vast troves of personal data.

Facebook Denied Attempt to Delay Review of EU-US Personal Data Transfer

The Irish High Court has denied Facebook's request to halt review of Data Protection Commissioner v. Facebook by Europe's top court. The case, which was recently referred to the European Court of Justice, concerns whether Facebook's transfers of personal data from Ireland to the United States violate the European Charter of Fundamental Rights. The case follows the landmark 2015 decision that the US had insufficient privacy protections to allow transfer of Europeans' personal data. Ruling against Facebook's request to delay the case further pending appeal, the Irish court said EU data subjects could be harmed if the case were delayed, and that there were "considerable concerns" about Facebook's conduct in the case. EPIC was designated the US NGO amicus curiae in this case, and provided a detailed assessment of US privacy law.

Congress Considers Federal Database of Food Aid Recipients

A controversial provision of the Agriculture and Nutrition Act of 2018 would establish a federal database of Supplemental Nutrition Assistance Program recipients for the purpose of denying food assistance. The SNAP program provides assistance to low-income households and is administered by the states. However, Section 4001 would create a federal database with personal data, such as social security numbers, employment status, and income amounts, with the aim of denying food assistance. Privacy scholars have explained that government agencies often subject individuals living in poverty to excessive surveillance. Last year, EPIC successfully challenged the efforts of a federal commission to establish a national voter database, noting that voting is a state function.

Senators Release Report on Consumer Complaints Following Equifax Breach

Senators Warren (D-MA), Schatz (D-HI) and Menendez (D-NJ) have published a report examining thousands of consumer complaints filed with the Consumer Financial Protection Bureau after Equifax's massive data breach last fall. The report, entitled "Breach of Trust," reveals the extent of Equifax's failure to address significant harms consumers faced as a result of the breach. The Senators sent their report along with a letter to the CFPB demanding the agency hold Equifax accountable. Despite the massive number of complaints, the CFPB has yet to announce any action against Equifax eight months after the breach. The Senators also admonished Director Mulvaney for his recent suggestion that he would end public access to the CFPB's complaint database. In testimony before the House Financial Services Committee in February, EPIC called on Congress to ensure that the CFPB takes action against Equifax. A February Reuters story indicated that the CFPB had halted its investigation into Equifax, but Mulvaney since confirmed that an investigation is still ongoing. EPIC submitted a Freedom of Information Act request to obtain information about the CFPB's Equifax investigation.

U.S. House Report Finds FBI Cyberattack Victim Notification Inadequate

The House Permanent Select Committee on Intelligence has published a redacted version of its report on Russian interference with the 2016 Presidential Election. The report concludes that Russia did conduct cyberattacks on U.S. political institutions in 2015 and 2016. It also found that the FBI's "notification to numerous Russian hacking victims was largely inadequate." The report recommends that the FBI improve cyberattack victim notification. In a Freedom of Information Act lawsuit EPIC v. FBI, EPIC obtained the FBI notification procedures that would have applied during the 2016 Presidential election. The documents state that "[b]ecause timely victim notification has the potential to completely mitigate ongoing and future intrusions and can mitigate the damage of past attacks while increasing the potential for the collection of actionable intelligence, CyD's policy regarding victim notification is designed to strongly favor victim notification." However, the FBI did not follow this procedure following cyber attacks on the DNC and RNC during the 2016 Presidential Election. The Committee also recommended measures to strengthen U.S. election systems, such as paper ballots, protection of voter registration systems, and funding for risk assessment of state election agency computer systems. In early 2017, EPIC launched the Project on Democracy and Cybersecurity.

Supreme Court to Review Fairness of Cy Pres Awards In Class Action Settlements

The Supreme Court has granted certiorari to address for the first time whether a class action settlement that awards cy pres but provides no direct relief to class members is "fair, reasonable, and adequate." The case, Frank v. Gaos, involves a settlement arising from Google's tracking of Internet users by circumventing their browsers' privacy settings. The settlement awarded cy pres funds to several organizations but resulted in no change in Google's business practices nor payments to class members. EPIC objected to the proposed settlement on three separate occasions, arguing that, "The proposed settlement is bad for consumers and does nothing to change Google's business practices. The company will simply revise its notice so that it may continue to engage in the privacy-invading practice that class counsel claimed at one time provided the basis for class action certification and monetary relief." EPIC has routinely opposed class action settlements that fail to compensate class members or change business practices. In 2013, Chief Justice John Roberts wrote that the Court would soon need to address "fundamental concerns" surrounding the use of cy pres in class action settlements. EPIC has proposed an objective basis to evaluate cy pres awards.

EPIC in the News

• Prison phone service can expose the location of anyone with a phone, Naked Security, May 15, 2018
• Advocates Question Facebook's Latest Effort To Protect Data, NPR, May 15, 2018
• Warrantless border searches of electronics may be illegal, court rules, Fast Company, May 11, 2018
• Facebook Co-Founder: 'Self-Regulation Alone is Concerning', Techonomy, May 11, 2018
• Brave New World: Ticketmaster to Roll Out Facial Recognition, Sparking Privacy Concerns, The Daily Beast, May 11, 2018
• Regulating Privacy, New York Times, May 7, 2018
• Ireland sending Facebook privacy fight to European Union court, WND, May 6, 2018
• DNA testing kits raise privacy concerns, WKRON, May 4, 2018
• The agency in charge of policing Facebook and Google is 103 years old. Can it modernize?, Washington Post, May 4, 2018
• The Facebook-WhatsApp Lesson: Privacy Protection Necessary for Innovation, Techonomy, May 4, 2018
• Fresh blow for Facebook as court refuses stay in Max Schrems legal action, Computer Weekly, May 3, 2018
• Facebook Wants Data Transfer Row Out Of EU Top Court, Law360, May 3, 2018
• Facebook to press ahead with Supreme Court appeal on data, The Irish Times, May 2, 2018
• DNA testing kits raise privacy concerns, WWLP, May 1, 2018

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

The Privacy Law Sourcebook 2016, edited by Marc Rotenberg (2016)

The Privacy Law Sourcebook is the leading resource for students, attorneys, researchers, and journalists interested in privacy law in the United States and around the world. It includes major US privacy laws such as the Fair Credit Reporting Act, the Communications Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Electronic Communications Privacy Act, the Video Privacy Protection Act, and the Foreign Intelligence Surveillance Act. The Sourcebook also includes key international privacy frameworks including the OECD Privacy Guidelines, the OECD Cryptography Guidelines, and European Union Directives for both Data Protection and Privacy and Electronic Communications. The Privacy Law Sourcebook 2016 (Kindle Edition) has been updated and expanded to include recent developments such as the United Nations Resolution on Right to Privacy, the European Union General Data Protection Regulation, the USA Freedom Act, and the US Cybersecurity Information Sharing Act. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

RightsCon, May 16–18, 2018, Jeramie Scott, EPIC Domestic Surveillance Project Director, Toronto, Canada

OECD Global Forum on Digital Security for Prosperity, May 15–16, 2018, Marc Rotenberg, EPIC President, OECD Directorate for Science, Technology and Innovation, Paris, France

The Internet of Things and Consumer Product Hazards, Sunny Kang, EPIC International Consumer Counsel, Consumer Product Safety Commission, Bethesda, MD, May 16, 2018

Securing Americans' Identities: The Future of the Social Security Number, Sam Lester, EPIC Consumer Privacy Fellow, Committee on Ways and Means, U.S. House of Representatives, Washington, DC, May 17, 2018

Privacy and Surveillance in a Digital Era: Challenges for Transatlantic Cooperation and European Criminal Law, Annual Conference of the European Criminal Law Academic Network (ECLAN), May 17–18, 2018, Marc Rotenberg, EPIC President (keynote), School of Law of Queen Mary, University of London, London, England

EPIC GDPR Party, Fund for Constitutional Government, May 22, 2018, Washington, DC

Policy Panel: The New EU Privacy Law and the Future of Data Protection in the U.S., June 6, 2018, National Press Club, Washington, DC

2018 EPIC Champions of Freedom Awards Dinner, Honoring Supreme Court Justice Ruth Bader Ginsburg, Maine Secretary of State Matthew Dunlap, California Secretary of State Alex Padilla, and Dr. Peter G. Neumann, June 6, 2018, National Press Club, Washington, DC

The American Colossus: The Best of Times and the Worst of Times?, Yale CEO Conference, June 13, 2018, Marc Rotenberg, EPIC President, New York Public Library, New York, NY

Trans-Atlantic Consumer Dialogue (TACD): Consumer Protection in a Connected World, Panel: "Face-crash: how to reduce the harms of technology," Sunny Kang, EPIC International Consumer Counsel, June 19, 2018, Brussels, Belgium

Next-Generation Digital Infrastructure: Towards a New Regime for Promoting Investment, Competition and Consumer Protection, August 13–15, 2018, Marc Rotenberg, EPIC President, Aspen, CO