EPIC Alert 26.07
EPIC Alert 26.07 - April 23, 2019
- EPIC v. DOJ: EPIC Raises Questions About Redactions to Mueller Report
- EPIC Tells FTC: 'Enforcement Is a Measure of Success'
- EPIC FOIA: EPIC Obtains DHS Drone Status Report
- EPIC Recommends Border Agency Adopt Universal Guidelines for Artificial Intelligence
- Lawmakers Introduce Algorithmic Accountability Act
- News in Brief
- EPIC in the News
- EPIC Bookstore
- Upcoming Conferences and Events
EPIC filed the first lawsuit in the country for the public release of the Special Counsel's Report on Russian interference in the 2016 presidential election. Now, in a court filing in EPIC v. Department of Justice, EPIC has raised key questions about the version of the Mueller Report released by the Attorney General and about the Justice Department's inconsistent statements regarding the release.
The Mueller Report reveals that Russian interference in the 2016 presidential election was far greater than previously known. The Special Counsel's investigation found that the "Russian government interfered in the 2016 presidential election in sweeping and systematic fashion." The Report details Russia's hacking of U.S. political organizations and a large-scale social media disinformation campaign. The Report also reveals that Russia breached the computers of election officials in Florida.
But much in the report is still secret. The Attorney General withheld information on more than 170 pages of the 448-page report. More than 12 pages were entirely redacted. Approximately 10% of the report was withheld. Most of the redactions appear in Volume I, concerning Russian interference with the 2016 election.
EPIC, in its court filing, explained that the Attorney General claimed "harm to ongoing matter" as the primary reason for withholding information—a phrase that is nowhere to be found in the Freedom of Information Act. EPIC also highlighted the Attorney General's statement that he gave the Mueller Report to the White House Counsel and the President's personal lawyers in advance of his April 18 press conference. The Justice Department previously told the Court in EPIC v. DOJ that it was not possible to disclose the Report to EPIC before that date.
At a hearing earlier this month, Judge Reggie B. Walton described the material that EPIC is seeking as an "extremely important subject matter to the nation" and urged the Department of Justice to disclose the records sought by EPIC as "expeditiously as humanly possible." The Court has scheduled a hearing in EPIC's case for May 2.
The EPIC Democracy and Cybersecurity Project has pursued numerous FOIA cases concerning Russian interference with the 2016 election. EPIC first confirmed that the Russians launched a "multi-pronged attack" on US democratic institutions (EPIC v. ODNI); EPIC then obtained records about the FBI's non-response to the Russian cyber attack (EPIC v. FBI); EPIC also pursued tax returns that would indicate financial relations with a foreign government (EPIC v. IRS I and EPIC v. IRS II); and EPIC blocked the collection of state voter data by the Presidential Election Commission (EPIC v. Presidential Advisory Commission on Election Integrity).
EPIC's case for the release of the full Mueller Report is EPIC v. Department of Justice, No. 19-810 (D.D.C.).
EPIC Consumer Protection Counsel Christine Bannan testified at a recent FTC consumer privacy hearing titled "Is the FTC's Current Toolkit Adequate?" Bannan discussed the agency's effectiveness at protecting consumer privacy. She said that the FTC's success should be measured by the enforcement of its orders. She also advocated for the FTC to use antitrust remedies to unwind mergers that have negatively impacted consumer privacy, such as Facebook-WhatsApp.
An EPIC Freedom of Information Act request recently revealed that there have been over 26,000 pending consumer complaints against Facebook made while under the consent order. In the eight years since the FTC entered the consent order barring Facebook from making any misrepresentation about user privacy, the FTC has not taken a single enforcement action against the company. EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook.
The hearing was twelfth in the Commission's hearing series on Competition and Consumer Protection in the 21st Century, launched last year. EPIC submitted extensive comments on the intersection between privacy, big data, and competition in advance of the hearings.
EPIC, through a Freedom of Information Act lawsuit, has obtained a Department of Homeland Security drone status report required by a Presidential Memorandum. The memorandum required federal agencies to detail drone policies and procedures to protect privacy, civil rights, and civil liberties.
Issued by President Obama in 2015, the memorandum orders the federal government to ensure that drone operations "are performed in a manner consistent with the Constitution and applicable laws." Specifically, the memorandum required federal agencies to adopt policies and procedures limiting the collection and use, retention, and dissemination of information.
The DHS report attempts to justify the use of drones by Customs and Border Protection, but a recent Inspector General report calls into question the CBP's policies and procedures. The Inspector General found that CBP failed to complete a required analysis for a drone surveillance system and failed to implement effective safeguards for information collected by drones.
EPIC has called on Congress to "establish drone privacy safeguards that limit the risk of public surveillance." EPIC recently urged the Federal Aviation Administration to mandate cybersecurity safeguards and privacy protections for populated areas subject to aerial surveillance.
In comments to U.S. Customs and Border Protection, EPIC recommended the adoption of the Universal Guidelines for Artificial Intelligence for a new border control program, the "21st Century Customs Framework." EPIC stressed the need for transparency, accountability, and fairness in automated decisionmaking. EPIC explained that "although CBP claims that risk scores are only used on cargo," the "impact falls on individuals."
The systems that make up CBP's customs control program process vast amounts of personally identifiable information. For example, the Automated Targeting System collects information from commercial sources and at least 25 government databases. The system then uses data mining and machine learning to flag people, shipments, and conveyance without any association to a previous law enforcement action.
CBP's Intelligence Records System uses biographic information, law enforcement information, and even news articles or social media information to "[i]dentify, apprehend, or prosecute individuals who pose a potential law enforcement or security risk[.]" As EPIC wrote, "[t]he use of leads for investigation gleaned from social media or traditional news media is particularly alarming, since these assumptions cannot easily be verified."
Given the use of AI and machine learning by CBP's "framework," EPIC wrote that the system "should be governed by clear policy rules" that incorporate the Universal Guidelines for Artificial Intelligence. The Universal Guidelines have been endorsed by over 300 organizations and experts and "are intended to maximize the benefits of AI, to minimize the risk, and to ensure the protection of human rights."
EPIC previously submitted comments to the CBP regarding the Automated Targeting System and the Intelligence Records System. Through FOIA, EPIC has obtained information on related agency data systems such as Analytical Framework for Intelligence, which assigns "risk assessments" to travelers.
Federal legislation introduced this month would require companies to conduct impact assessments to determine if the algorithms they use are "inaccurate, unfair, biased, or discriminatory." The Algorithmic Accountability Act is sponsored by Sen. Ron Wyden, Rep. Yvette Clarke, and Sen. Cory Booker.
The assessments required by the Act would include "a detailed description of the automated decision system, its design, its training, data, and its purpose; . . . an assessment of the risks posed by the automated decision system to the privacy or security of personal information of consumers and the risks that the automated decision system may result in or contribute to inaccurate, unfair, biased, or discriminatory decisions impacting consumers; and the measures the covered entity will employ to minimize [those] risks[.]"
EPIC has long advocated for algorithmic transparency, which can reduce bias and help ensure fairness in automated decisionmaking. Last year, EPIC proposed the Universal Guidelines for Artificial Intelligence as the basis for federal legislation. The Guidelines have been endorsed by more than 300 organizations and experts in 40 countries. The Guidelines include an "assessment and accountability obligation," calling for "an adequate evaluation of [the AI system's] purpose and objectives, its benefits, as well as its risks."
EPIC previously urged Congress to require "Algorithmic Fairness Assessments" before automated decision tools are adopted. Both the GDPR and the Council of Europe Privacy Convention require algorithmic accountability.
EPIC Names New Advisory Board Members
EPIC has announced the newest members of the EPIC Advisory Board. They are Professor Elizabeth Joh, Dr. Lorraine Kisselburgh, Travis LeBlanc, Dr. Bilyana Petkova, Jennifer Stoddart, Dr. Paul Vixie, and Professor Ari Waldman. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy who contribute to EPIC's work on privacy and civil liberties. The publication of the EPIC Advisory Board members are available at the EPIC Bookstore. The 2019 EPIC Champion of Freedom Awards will be presented on June 5, 2019 at the National Press Club. Press Release.
EPIC to FAA: Mandate Drones Broadcast ID and Location, Course
In response to Federal Aviation Administration request for comments regarding drone security and drones flying over people, EPIC urged the agency to mandate cybersecurity safeguards and privacy protections for populated areas subject to aerial surveillance. EPIC repeated the earlier recommendation that the agency require drones to broadcast identifying information, location, course, purpose, and surveillance capabilities. Earlier this year, Senator Edward Markey (D-MA) stated, "Privacy cannot be an afterthought as the FAA seeks to make it easier and safer for commercial drones to take flight." Starting with a 2012 petition, EPIC has recommended that the FAA establish drone privacy regulations and to ensure that drones broadcast ID.
IRS Refuses Congressional Demand for President's Tax Returns
The IRS has refused to comply with Rep. Richard Neal's deadline to turn over President Trump's tax returns. As Chairman of the House Ways and Means Committee, Rep. Neal has the authority under a section of the tax code to obtain the tax returns. Rep. Neal's letter demanded six years of tax returns from President Trump and his business entities. It is a well established tradition for Presidents and Presidential candidates to make public their tax returns. EPIC has sought the release of the President's returns in two lawsuits: EPIC v. IRS I and EPIC v. IRS II. EPIC also sent a request to the IRS for information about Rep. Richard Neal's request. EPIC previously urged Congress to obtain and publicly release of President Trump's tax returns. EPIC is seeking to determine the extent of Russian interference in the 2016 presidential election.
EPIC to Congress: Require Algorithmic Transparency for Dominant Internet Firms
In advance of a hearing regarding the filtering practices of internet companies, EPIC has sent a statement to the Senate Judiciary Committee. EPIC said that "algorithmic transparency" could help establish fairness, transparency, and accountability for much of what users see online. In 2011, EPIC sent a letter to the FTC stating that Google's acquisition of YouTube led to a skewing of search results after Google substituted its secret "relevance" ranking for the original objective ranking, based on hits and ratings. The FTC took no action on EPIC's complaint. But the European Commission found that Google rigged search results to give preference to its own shopping service. The European Commission required Google to change its algorithm to rank its own shopping comparison the same way it ranks its competitors.
EPIC Urges Congress to Press ICE on Surveillance Practices
In a statement to the House Appropriations committee on Immigration and Customs Enforcement. EPIC urged close examination of the agency's profiling algorithms, warrantless searches of mobile devices, social media profiling, and the use of DACA application data for investigative purposes. EPIC said the committee should "limit funding pending assurances that ICE takes specific steps" to improve privacy. EPIC has filed multiple FOIA lawsuits against ICE regarding theses surveillance programs.
EPIC to House Committee: Press FAA on Drone Privacy
As the House Appropriations Committee considers the Department of Transportation's FY2020 Budget, EPIC has urged the Committee to ensure that the FAA establish and publish drone privacy procedures as required by law. EPIC also said the FAA must require remote identification of drones. "Currently, individuals cannot hold drone operators accountable because it is essentially impossible to identify the drone or the operator of a drone," EPIC said. Last month, EPIC filed comments on the FAA's interim final rule for external ID for drones. In 2012 EPIC, backed by more than one hundred organizations and privacy experts, petitioned the agency to establish privacy safeguards for drones. EPIC also cited a 2012 law requiring the FAA to develop a "comprehensive plan" for drone deployment. EPIC subsequently filed suit against the FAA, challenging the 2016 rule authorizing commercial drone operations without any privacy safeguards.
After DOJ Concedes Expedited Processing, Court Sets May 2 Deadline for Review of Mueller Report Release
Judge Reggie B. Walton has set a May 2 hearing date to review the release of the Mueller Report and other records sought by EPIC in a Freedom of Information Act lawsuit against the Department of Justice. During an hour-long hearing, Judge Walton emphasized that the contents of the Mueller Report are an "extremely important subject matter to the nation." Judge Walton said the Justice Department should disclose the records sought by EPIC "as expeditiously as humanly possible," though he declined to set a fixed date for release. Attorney General Barr has said he will release the report by "mid-April, if not sooner." EPIC filed the first lawsuit in the nation for the release of the Special Counsel's report on Russian interference in the 2016 election. As a result of EPIC's lawsuit, the Justice Department agreed to expedite EPIC's FOIA request. EPIC's case is EPIC v. DOJ, No. 19-810 (D.D.C.).
EPIC to Congress: Update Surveillance Safeguards
In a statement to the House Appropriations Committee, EPIC urged the panel to ensure that the Justice Department improves reporting on surveillance orders. "Even after the Supreme Court's decision in Carpenter," EPIC said, "there is little to no information available to Congress or the public about how frequently the government is seeking this location data." EPIC asked the Committee to halt funding for wiretap programs until the Department of Justice improves the reporting procedures. For over 20 years, EPIC has reviewed the annual reports on the use of federal wiretap authority. EPIC also filed an amicus brief in the Carpenter case. The Supreme Court heldthat law enforcement must get a warrant to obtain cell site location information.
European Commission Releases AI Policy Report
The European Commission's Expert Group on Artificial Intelligence has released Guidelines for Trustworthy AI. The EU Guidelines identify seven principles for ethical AI: (1) Human agency and oversight; (2) Robustness and safety; (3) Privacy and data governance (4) Transparency; (5) Diversity, non-discrimination and fairness; (6) Societal and environmental well-being; and (7) Accountability. The European Commission will open a pilot program to test implementation of the Guidelines for Trustworthy AI this summer. The EU Guidelines reflect several principles from the Universal Guidelines for Artificial Intelligence, which have been endorsed by more than 260 experts and 60 organizations in 40 countries. The Universal Guidelines are designed to protect human rights in the development and use of AI systems.
EPIC Makes Final Arguments for Release of Mueller Report
EPIC has filed a reply brief in its case for the the Mueller Report. EPIC explained that the public interest in the report is "overwhelming." EPIC wrote "there is no government document in recent memory that has generated more public interest." EPIC filed the first lawsuit in the nation for the release of the Special Counsel's report on Russian interference in the 2016 election. EPIC's case is EPIC v. DOJ, No. 19-810 (D.D.C.). Press release.
In EPIC Case, Justice Department Seeks to Delay Release of Mueller Report
In response to EPIC's lawsuit seeking the Special Counsel Report—the Mueller Report—on Russian interference in the 2016 election, the Justice Department has filed an opposition to delay release of the report. EPIC filed the first lawsuit in the nation for the release of the Report. In EPIC's motion for an injunction, EPIC explained that the public "remains in the dark as to the most consequential government investigation in recent history." After filing the lawsuit, EPIC offered to withdraw its motion if the Justice Department would promptly release the Mueller Report. The Justice Department agreed to expedite processing but declined to release the Report. In the court filing, the Justice Department acknowledged that there are over 400 pending FOIA requests related to the report of the Special Counsel. EPIC's case for the release of the Mueller Report is EPIC v. DOJ, No. 19-810 (D.D.C.).
EPIC Seeks Records About Rep. Neal's Request for Trump's Tax Returns
EPIC has submitted a Freedom of Information Act request to the Internal Revenue Service for records related to Rep. Richard Neal's request for President Trump's tax returns. As Chairman of the House Ways and Means Committee, Rep. Neal has the authority under a section of the tax code to request and receive tax returns. Rep. Neal's letter demanded the IRS to turn over six years of tax returns from President Trump and his business entities and gave the agency until April 10, 2019 to comply with the committee's request. EPIC previously urged Congress to obtain the public release of President Trump's tax returns. EPIC has also sought the release of the president's returns in two lawsuits: EPIC v. IRS I (President Trump's personal tax records) and EPIC v. IRS II (President Trump's business tax records).
EPIC to Congress: Safety Commission Must Regulate Internet-connected Devices
In advance of a hearing on "Protecting Americans from Dangerous Products," EPIC wrote to the House Commerce Committee that the Consumer Product and Safety Commission must do more to protect consumers and ensure security of IoT devices. In recent comments to the CPSC, EPIC urged the agency to regulate Internet of Things devices, pointing to weak privacy and security safeguards. EPIC advised the Commission to require manufacturers to (1) minimize data collection, (2) conduct privacy impact assessments, and (3) implement Privacy Enhancing Techniques. EPIC told the House committee that "CPSC should establish mandatory privacy and security standards, and require certification to these standards before IoT devices are allowed into the market stream."
EPIC Urges House Appropriations to Examine FBI Response to Russian Cyber Attacks
EPIC has asked the House Appropriations Committee to explore the FBI's failure to respond to cyberattacks. According to documents obtained by EPIC, the FBI is to notify victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." But an AP investigation found that the FBI failed to notify hundreds of officials whose email was hacked during the 2016 election. Earlier this month, the Inspector General also found that the DOJ guidelines "do not consider the needs of victims of cybercrime." EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act lawsuit, EPIC v. FBI.
- Marc Rotenberg, The Battle Over Artificial Intelligence, New York Times, Apr. 19, 2019
- EPIC Alleges Google May Be Helping U.S. Government Conduct Warrantless Searches, CPO Magazine, Apr. 19, 2019
- Facebook Poised to Fight Disclosure of U.S. Privacy Assessments, Bloomberg, Apr. 18, 2019
- Facebook Slips After Admitting Email Contact Upload in Latest Privacy Glitch, The Street, Apr. 18, 2019
- Report Release, Law.com, Apr. 18, 2019
- 'Unjustified and Unnecessary': DHS Could Use Facial Recognition on 97% of Departing Airline Passengers, Common Dreams, Apr. 18, 2019
- Here's a Searchable Version of the Mueller Report, Reason.com, Apr. 18, 2019
- Barr's reputation in peril with Mueller report rollout, Washington Examiner, Apr. 18, 2019
- Judge: Barr sowing public mistrust with Mueller report handling, POLITICO, Apr. 17, 2019
- Federal judge criticizes Barr over transparency concerns for the Mueller report, Washington Examiner, Apr. 17, 2019
- Full Mueller Report Leak May Be 'Mandatory' to Ensure Its Release, Says Pentagon Papers Whistleblower, Newsweek, Apr. 17, 2019
- The Technology 202: James Comey is offering a mea culpa on encryption. But his views haven't really changed., Washington Post, Apr. 17, 2019
- Judge in FOIA case says he may want to review DOJ redactions of Mueller report after release, CNN, Apr. 16, 2019
- FTC Hearings #12: The FTC's Approach to Consumer Privacy Day 2, Disruptive Competition Project, Apr. 16, 2019
- Amazon employees listen to customers through Echo products, report finds, USA TODAY, Apr. 12, 2019
- FTC Urged To Scrutinize Google, Facebook, Other Platforms, MediaPost, Apr. 12, 2019
- Judge denies request for speedy release of Mueller report, POLITICO, Apr. 9, 2019
- Everyone is asking for the Mueller report, and you can too, ThinkProgress, Apr. 9, 2019
- Meanwhile in court, the Justice Department says the redaction process is "well along", CNN, Apr. 9, 2019
- A Judge Won't Order The Justice Department To Speed Up Releasing The Mueller Report, BuzzFeed, Apr. 9, 2019
- DOJ attorney: Agency is 'well along' in its redactions of Mueller report, The Hill, Apr. 9, 2019
- Mueller Report Buzz, POLITICO Morning Tech, Apr. 9, 2019
- Lawyers File New Yahoo Data Breach Settlement, Boosting Its Value to $117.5M, Law.com, Apr. 9, 2019
- AG Barr Briefs Congress on Mueller-Report Redactions, National Review, Apr. 9, 2019
- Congress to Zuckerberg: Facebook doesn't get to make the rules, Washington Examiner, Apr. 5, 2019
- DOJ says lawsuit seeking Mueller report shouldn't 'circumvent this orderly process' of Barr's planned release, CNN, Apr. 5, 2019
EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.
Recent EPIC Publications
The Privacy Law Sourcebook 2018, edited by Marc Rotenberg (2018)
The Privacy Law Sourcebook is the leading resource for students, attorneys, and policymakers interested in privacy law in the United States and around the world. The Sourcebook includes major US privacy laws such as the Fair Credit Reporting Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act. The Sourcebook also includes key international privacy frameworks such as the EU General Data Protection Regulation and the revised OECD Privacy Guidelines. The Privacy Law Sourcebook 2018 has been updated and expanded to include the modernized Council of Europe Convention on Privacy, the Judicial Redress Act, the CLOUD Act, and new materials from the United Nations. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.
Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).
This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.
Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).
The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.
Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.
The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.
The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.
Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.
PKU Law School and Jones Day Conference on Privacy Protection, Cybersecurity and Data Governance. Apr. 30, 2019. Jones Day, Washington, DC. Eleni Kyriakides, EPIC International Counsel.
AI World Society. May 25, 2019. Washington, DC. Marc Rotenberg, EPIC President.
EPIC Champions of Freedom Awards Dinner: 'Data Protection and Democracy'. June 5, 2019. National Press Club, Washington, DC. REGISTRATION NOW OPEN.
Cyber Crime Review. Aug. 8, 2019. ABA Annual Meeting, San Francisco, CA. Alan Butler, EPIC Senior Counsel.
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.