EPIC Alert 26.11

1. EPIC Files Court Papers for Release of Complete Mueller Report

EPIC has moved for summary judgment in EPIC v. Department of Justice, EPIC's case for the release of the complete and unredacted Mueller Report. EPIC told the Court that "the nation's ability to fully assess the Report is hindered by the decision of the Justice Department to withhold critical information from the American public."

EPIC argued that the Justice Department had unlawfully redacted extensive material from the version of the Report released to EPIC. "The agency is concealing information about how foreign agents infiltrated U.S. political organizations and social networks, hacked e-mail accounts, and coordinated with persons in the United States to sow discord and sway the 2016 presidential election," EPIC wrote. "All of these topics are of immediate concern to Congressional oversight committees and the American public."

EPIC also urged Judge Reggie B. Walton to personally review the full Report. "The Attorney General's various statements about the Report have only underscored the need for an independent determination of the exemption claims," EPIC argued.

Judge Walton previously stated that EPIC's case should move forward "as expeditiously as humanly possible" and ordered the parties to brief the case on an accelerated schedule. EPIC will file a reply brief on July 15, and a hearing on EPIC's motion is set for August 5. Meanwhile, Judge Walton has ordered the Justice Department to identify other Special Counsel records requested by EPIC no later than August 8.

The case is EPIC v. Department of Justice, No. 19-810 (D.D.C.). Copies of the Mueller Report obtained by EPIC, related materials, and background on the case are available for purchase at the EPIC Bookstore. EPIC President Marc Rotenberg recently spoke with the Mueller Book Club, a national network committed to reading the Mueller Report, "cover to cover."

2. EU Adopts Comprehensive Drone Rules, Requires Realtime Remote ID

The European Union has established a comprehensive regulation for drone operators. The EU drone rules require the real-time broadcast of certain data about the drone, including the drone operator registration number, the geographical position of the drone, the drone course, and the position of the drone operator.

The EU drone rules apply to both professional and consumer drone users. Drone operators must now register with national authorities. The technology must also meet minimum safety and technical requirements based on the use of the drone.

The drone rules enter into law on July 1, 2019 and will become mandatory in 2020. The rules override European national laws and include registration and other requirements that must be implemented by member states within the next year.

In 2015, EPIC made very similar recommendations for remote ID to the FAA to improve drone safety in the United States. EPIC restated the remote ID recommendation proposal in a recent statement to the agency. In a letter to the FAA last month, Senators Edward Markey (D-MA) and John Thune (R-SD) also urged the FAA to establish a rule for the real-time, remote identification of drones.

Soon after the EU rules were adopted, EPIC sent a statement to a Senate committee for a hearing on drone security. EPIC urged the committee "to adopt standards for drone operation in the United States that provide at least as much protection as do the recently adopted standards for Europe."

3. D.C. Circuit Greenlights OPM Data Breach Case

The D.C. Circuit Court of Appeals has ruled that the OPM Data Breach case can move forward, reversing an earlier dismissal by a lower court. The case concerns the data breach at the U.S. Office of Personnel and Management in 2015 that affected 21.5 million federal employees, their friends, and their family members.

The personal data involved in the OPM data breach included all individuals' Social Security Numbers and over five million digitized fingerprints. Sen. John Boozman, former chairman of the House Committee on Oversight and Government Reform, noted that the OPM data breach "may have been the most devastating cyber-attack in our Nation's history."

The D.C. Circuit ruled that victims of the breach have the legal right, or "standing," to sue over the failure to protect their personal data. "It hardly takes a criminal mastermind to imagine how such information could be used to commit identity theft," the Court wrote.

EPIC filed an amicus brief supporting the victims' standing and arguing also that "when personal data is collected by a government agency, that agency has a constitutional obligation to protect the personal data it has obtained." The Court ruled that OPM did not violate the constitution in this particular case but left the door open to future lawsuits to enforce the right to information privacy.

EPIC has filed amicus briefs in courts around the country supporting plaintiffs' right to sue when their data is collected or disclosed without consent. In a 2011 case, NASA v. Nelson, EPIC urged the Supreme Court to extend the constitutional right of informational privacy to federal agencies, citing the growing risk of data breach in the federal government.

4. EPIC Opposes Facebook's Intervention in FOIA Case for Release of FTC's Facebook Audits

In a recent court filing, EPIC opposed Facebook's attempt to intervene in EPIC's lawsuit against the Federal Trade Commission for the release of records concerning the company's compliance with the 2011 Consent Order.

Facebook asked the court for permission to become a party in EPIC v. FTC, claiming that EPIC's lawsuit would "threaten to impair Facebook's interest in maintaining confidentiality." But EPIC explained that Facebook did not have the legal right—or "standing"—to intervene because it has not established that it would be harmed as a result of public disclosure of the information EPIC is seeking. "In fact, there is every reason to doubt that Facebook faces actual competition related to the business practices discussed in the FTC records," EPIC wrote.

EPIC also explained that, under the Freedom of Information Act, companies do not decide for themselves what information they wish to withhold from the public. "Facebook cannot prevent disclosure of the redacted information simply to avoid more bad publicity on its privacy practices," EPIC wrote.

EPIC's FOIA lawsuit is one of several actions that EPIC is taking to hold Facebook accountable for compliance with the 2011 Consent Order. In a related FOIA lawsuit, EPIC determined that there are more than 26,000 complaints against Facebook currently pending at the FTC. EPIC also launched the #EnforcetheOrder campaign to pressure the FTC to take enforcement action against Facebook. The case is EPIC v. FTC, No. 18-942 (D.D.C).

5. EPIC to Congress: Suspend Facial Recognition at Airports

Earlier this month, the House Homeland Security Committee held a closed-door roundtable briefing on the use of facial recognition technology by the Department of Homeland Security. The Committee met with privacy and civil liberties advocates, including EPIC Senior Counsel, Jeramie Scott.

Mr. Scott highlighted EPIC's Freedom of Information Act work related to the use of face recognition at airports. Documents obtained by EPIC, and featured at Buzzfeed, revealed significant flaws in the technology. EPIC highlighted these problems in comments to the agency and in an op-ed.

The documents revealed that U.S. Customs and Border Protection is implementing a "biometric entry-exit system" with the goal of using facial recognition technology on more than 100 million passengers traveling on international flights out of the United States in as little as two years. The documents explicitly state that there are no limits on how partnering airlines can use this facial recognition data.

CBP is currently expanding pilot programs that test the use of facial recognition on travelers exiting the country. CBP is also partnering with airlines like JetBlue and Delta to implement face recognition technology at various points in airports.

Speaking to members of the Committee, Mr. Scott recommended that the facial recognition program be suspended and pointed to the recent breach of photos and other sensitive information collected by the agency. Mr. Scott said the use of facial recognition in airports "means the government, without consulting the public, a requirement by Congress, or consent from any individual, is using facial recognition to create a digital ID of millions of Americans."

There is still a lack of information about the DHS's biometric entry-exit program. The public does not know how expansive the program will become, whether these systems will expand beyond points of entry, or what the reports associated with the various pilot programs found.

News in Brief

EPIC to Lobby for U.S. Privacy Agency

In a recent statement, EPIC's Marc Rotenberg said the privacy organization would lobby for the creation a data protection agency in the United States. Criticizing the failure of the FTC to enforce the consent order against Facebook, Rotenberg said "the Commission has turned its back on the American public. ... Instead of going after the dominant tech firms that pose the greatest threats to privacy and competition, the FTC has chosen instead to go after small businesses." EPIC's President explained that EPIC had not previously lobbied Congress, but would do so now, "we have decided that EPIC can no longer stand on the sidelines." The statement concluded, "A data protection agency is the cornerstone of effective privacy protection. Data protection agencies act as ombudsmen for the public. They encourage innovation and good business practices. They identify emerging privacy challenges and pursue solutions. They take enforcement action when necessary and they impose penalties that are meaningful. Virtually every democratic country has created a privacy agency. But the United States has not. As a consequence, data breach and identity theft continue to rise in the United States. The pace of mergers is accelerating and the rate of innovation is slowing."

Supreme Court Limits Access to Government Records, Drops Harm Requirement for Withholding 'Confidential' Information

The Supreme Court this week narrowed public access to government documents by expanding the definition of "confidential" information. The 6-3 decision by Justice Gorsuch in Food Marketing Institute v. Argus Leader Media overturns four decades of caselaw which held that a company must show substantial competitive harm to block an open government request. Writing in dissent, Justice Breyer, joined by Justices Ginsburg and Sotomayor, emphasized that the FOIA required some showing of harm to prevent public release of business records collected by federal agencies. "The whole point of FOIA is to give the public access to information it cannot otherwise obtain." In an amicus brief, EPIC warned the Court that removing the harm requirement "would deprive the public, and government watchdogs such as EPIC, of access to important information about 'what the government is up to.'" EPIC described several of its own FOIA cases—including the now defunct airport body scanner program and the ongoing probe of Facebook—where access to commercial records made possible meaningful oversight and reform. Twenty members of the EPIC Advisory Board, distinguished experts in law, technology, and public policy, signed the amicus brief.

Supreme Court Sidesteps Merits in Junk Fax Case

The Supreme Court has directed a lower court to reexamine PDR Network v. Carlton & Harris Chiropractic, a case which concerns a company's efforts to disregard an FCC rule about junk faxes. The Court told the Fourth Circuit to resolve "preliminary" questions about the legal effect of the FCC rule and the company's ability to challenge the rule through the agency process. EPIC filed an amicus brief in the case. EPIC explained that permitting companies to challenge FCC rules outside the process Congress established "will exclude the voices of consumers" in agency decision-making. EPIC also explained that the company's efforts to sidestep agency rules will benefit those "who have resources to attack FCC rules." EPIC and other consumer organizations routinely provide comments to federal agencies through the federal agency rule making process. EPIC also contributed to the development of the robocall and junk fax laws. EPIC has since worked to ensure that telephone users are protected from invasive business practices through agency comments and amicus briefs in cases such as ACA International and Gallion v. Charter Communications.

Senator Hawley Bill Would Mandate Algorithmic Transparency, Limit 230 Immunity

Senator Hawley (R-MO) has introduced the "Ending Support for Internet Censorship Act." The Act would require big tech companies to submit to an external audit that proves that their algorithms and content-removal practices are politically neutral. The bill would remove the immunity big tech companies receive under Section 230 of the Communications Decency Act if the FTC found that the algorithms and content-removal practices were not neutral. In 2007 EPIC explained to the Senate Judiciary Committee that after Google acquired YouTube, Google substituted its own subjective algorithm based on "relevance" for objective criteria, such as number of hits and user ratings. The practical consequence was to elevate the rankings of Google's own web pages and to demote the ranking of other web pages, including EPIC's. EPIC subsequently launched a campaign for algorithmic transparency and urged federal agencies and Congress to mandate algorithmic transparency.

White House Updates National AI Research and Development Plan

The White House has published the 2019 update of the National Artificial Intelligence Research and Development Strategic Plan. The report sets out priorities for U.S. AI policy. The 2019 report carries forward seven recommendations from the 2016 plan. The plan underscores the need to address the ethical, legal, and societal implications of AI (Strategy #3), emphasizes safety and security (Strategy #4), and the development of standards and benchmarks (Strategy #6). A new recommendation "focuses on the increasing importance of effective partnerships between the Federal Government and academia, industry, other non-Federal entities, and international allies to generate technological breakthroughs in AI." The 2019 report acknowledges input from "researchers, research organizations, professional societies, civil society organizations and individuals." Common themes included "the importance of developing trustworthy AI systems, including fairness, ethics, accountability, and transparency of AI systems." EPIC also recommended that the US AI strategy incorporate the Universal Guidelines for Artificial Intelligence in national policy. As the report notes, "beyond purely data-related issues, however, larger questions arise about the design of AI to be inherently just, fair, transparent, and accountable."

EPIC Urges Accountability for REAL ID Data Collection

In response to a Department of Homeland Security request for comments on REAL ID, EPIC urged the agency to limit data collection and ensure transparency. EPIC recommended that the agency disclose the data it collects from the states. The REAL ID Act requires the states to gather certain personal information to create identity documents that will be accepted by the federal government. Many states opposed the plan. EPIC, supported by a broad coalition, opposed REAL ID because it created a de facto national identity system and exposed Americans to data breaches by criminal hackers who compromised the authenticating documents in state DMVs. EPIC detailed the problems with REAL ID in comments to DHS on the original proposal.

EPIC v. DOJ: Court Orders Justice Department to Complete Search for Mueller Records by August 8

In EPIC's lawsuit against the Department of Justice concerning the Mueller investigation, a federal court has ordered the agency to "complete its searches for records responsive" to EPIC's Freedom of Information Act request by August 8. The Court also ordered the parties to appear at a hearing on August 9 to determine a schedule for the production of records to EPIC. The Court had earlier set a hearing on August 5 to consider EPIC's challenges to the many redactions in the Mueller report. Judge Walton stated that the justice Department should process EPIC's open government request as "expeditiously as humanly possible." The case is EPIC v. DOJ, No. 19-810 (D.D.C.).

EPIC's Rotenberg Speaks with Mueller Book Club

EPIC President Marc Rotenberg spoke recently with the Mueller Book Club, a national network committed to reading the Mueller Report, "cover to cover." Marc described EPIC's lawsuit to obtain the public release of the complete Mueller Report, and also EPIC's publication of the EPIC v. DOJ version of the Mueller Report, complete with the FOIA redactions and additional materials, available both in print and Kindle formats. Other speakers for the Mueller Book Club have included Eva Patterson, Gloria Steinem, Rep. Jerry Nadler, Ryan Goodman, and Neal Katyal.

EPIC Tells Senate Consumer Safety Commission Responsible for IoT Safety

In advance of an oversight hearing for the Consumer Product Safety Commission, EPIC wrote to the Senate Commerce Committee to say that the CPSC must do more to protect consumers and ensure security of IoT devices. EPIC advised the Commission to require manufacturers to (1) minimize data collection, (2) conduct privacy impact assessments, and (3) implement Privacy Enhancing Techniques. EPIC told the Senate committee that "CPSC should establish mandatory privacy and security standards, and require certification to these standards before IoT devices are allowed into the market stream." In 2017, EPIC and other consumer privacy groups petitioned the CPSC to recall Google Home Mini after it became known that a defect in the product set record to always on. In recent comments to the CPSC, EPIC urged the agency to regulate Internet of Things devices.

EPIC to Senate Committee: Americans Should Have At Least As Much Protection from Drones as Europeans

EPIC has sent a statement to a Senate committee in advance of a hearing on drone security. EPIC pointed to the new rules for drone operators in Europe. The EU drone rules require real-time drone identification. In 2015, EPIC made very similar recommendations to the FAA to improve drone safety in the United States. EPIC pointed to widely available technology for boats and planes and said that an app should allow anyone to determine the course, location, operator, and purpose of a nearby drone. EPIC restated the remote ID recommendation proposal in a recent statement to the agency. In a letter to the FAA last month, Senators Edward Markey (D-MA) and John Thune (R-SD) also urged the FAA to establish a rule for the real-time, remote identification of drones. During the hearing, an FAA official said the agency will issue a rule on remote drone identification later this year.

EPIC to Congress: FCC Must Protect Consumers From Location Tracking and Phone Record Surveillance

Prior to an FCC oversight hearing, EPIC sent a statement to the Senate Commerce Committee outlining priorities for the agency: ending the data retention regulation and protecting location data. In 2015, EPIC petitioned the FCC to repeal the data retention regulation, which requires telephone companies to keep all telephone customer records for 18 months. Every comment received by the FCC favored the EPIC petition, yet the agency has failed to withdraw the regulation. EPIC has long worked to ensure that telephone users are protected from invasive practices through agency comments and amicus briefs in cases such as ACA International and Gallion v. Charter Communications.

EPIC to House Committee: The Internet Advertising System is Not Healthy

EPIC recently submitted a statement to the House Judiciary Committee regarding a hearing on "Online Platforms and Market Power, Part 1: The Free and Diverse Press." EPIC told the Committee "The internet advertising system today is not healthy. Two companies dominate the market. The privacy of Internet users is under assault. The revenue model that sustained journalism is broken. The current model is not sustainable. Privacy rules can help level the playing field." In 2000, EPIC opposed Doubleclick's acquisition of Abacus. In 2007, EPIC told the FTC that Google's proposed acquisition of DoubleClick would lead to consumers being tracked and profiled by advertisers across the web.

Supreme Court to Review Decision Prohibiting Copyright for Public Law

The Supreme Court has decided to review Georgia v. Public.Resource.Org, a case in which a federal appeals court ruled that Georgia cannot copyright any part of the state's code of laws. Georgia had previously charged citizens as much as $400 to access official "annotations" to the code, which establish the meaning of the state's laws. But the appeals court concluded that "the People are the owners of these works, meaning that the works are intrinsically public domain material and, therefore, uncopyrightable." The case will likely be argued before the Supreme Court in the fall. EPIC has long advocated for public access to court documents and other sources of law. In 2015, EPIC called on federal agencies to make statutes, regulations, adjudications, and relevant court documents freely available on agency websites.

Privacy of Hospital Records at Issue in Hong Kong Protests

A member of the Hong Kong Legislative Council has reported that the Hospital Authority has disclosed the patient information of political protestors to law enforcement agencies. The Hospital Authority is the statutory body governing all Hong Kong public hospitals. The Authority has denied the allegation, but Council Member Dr. Chan produced the hospital records of 76 patients, containing their names, ID numbers, and time, date, and location of admission. On a page marked "For Police," the patients were listed as "mass gathering outside Legco." Legco is the Legislative Council of Hong Kong. So far, four protesters identified in the hospital records have been arrested. EPIC has long advocated for strong confidentiality protections for medical records. EPIC has also warned that data collection programs can stifle freedom of expression.

IoT Security Bill Moves Forward in Senate

The Senate Homeland Security Committee has advanced a bill governing the security of the Internet of Things. The "Internet of Things Cybersecurity Improvement Act of 2019" sets baseline cybersecurity standards for IoT devices purchased by the federal government. "This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices," said sponsor Senator Mark Warner (D-VA). EPIC recently told Congress that "the IoT network is the weak link in consumer products" and urged the establishment of mandatory privacy and security standards. The Committee also advanced a bill by Senators Gary Peters (D-MI) and Rob Portman (R-OH) that would promote coordination between the Department of Homeland Security and state and local governments in protecting against cyber threats.

Digital Privacy at Issue in Hong Kong Protests

In the midst of widespread protests in Hong Kong over a proposed law for extradition, several news organizations have noted that protesters have purchased transportation services in cash rather than use the contactless payment Octopus card. Each Octopus card has a unique serial number and stores transaction records. The Octopus cards are also used for school attendance and building access. The card easily tracks the location of users. The Octopus card was the subject of privacy investigations back in 2010. EPIC has long argued that government data collection programs can stifle freedom of expression and association. EPIC presented the 2019 Champion of Freedom award to Dr. Sophie Richardson for the work of Human Rights Watch concerning surveillance in China.

With Complaints Against Facebook Piling Up, FTC Goes After Small Businesses

The FTC recently announced a minor settlement with a company called SecurTest over its claims concerning the EU-U.S. Privacy Shield program. The Commission also sent letters to 13 small companies for falsely claiming participation in various privacy programs. The FTC issued no fines and took no further action. The proposed consent agreement is subject to public comment after publication in the Federal Register. The announcement comes more than a year after the Commission said it would reopen the investigation of Facebook, following the Cambridge Analytica scandal. Earlier this year, an EPIC Freedom of Information Act request uncovered more than 26,000 complaints against Facebook pending at the Commission. EPIC brought the original complaint to the FTC in 2009 that led to the 2011 consent order. EPIC has repeatedly urged the FTC to #EnforceTheOrder against Facebook.

Austrian Supreme Court: GDPR Lawsuits Can Be Filed Throughout EU

The Austrian Supreme Court has ruled that complaints concerning the EU General Data Protection Regulation can be brought anywhere in the EU. The decision overturned a ruling by a lower Austrian court which held that a privacy lawsuit against Facebook had to be brought in Ireland, where the company is headquartered. Initiated by Austrian privacy activist Max Schrems, the case alleges that Facebook failed to comply with the GDPR, relying on invalid privacy policies and unlawfully processing data. Schrems recently launched the civil society organization NOYB to pursue collective actions under the GDPR. EPIC is currently participating in DPC v. Facebook before the Court of Justice for the European Union. The European high court will consider whether the transfer of data to the U.S. using standard contract clauses violates fundamental rights. EPIC Senior Counsel Alan Butler will appear before the Court of Justice on July 9th.

Professor Citron Testifies Before Congress on 'Deep Fakes'

EPIC Board Member Danielle Citron recently testified before the House Intelligence Committee on "The National Security Challenge of Artificial Intelligence, Manipulated Media, and Deepfakes." Professor Citron told Congress "we need a combination of law, markets, and societal resistance" to combat deep fakes and "the phenomenon is going to be increasingly felt by women and minorities." To address the manipulation of online news, EPIC has backed Algorithmic Transparency. EPIC also proposed the Universal Guidelines for Artificial Intelligence as the basis for federal legislation. The Universal Guidelines have been endorsed by more than 250 experts and 60 organizations in 40 countries.

Intelligence Agencies Inspector General Calls for AI Oversight

A new report from the Inspector General urges oversight of the use of Artificial Intelligence techniques by the U.S. intelligence agencies. "Reassuring statements that the [intelligence community] is currently using AI technologies - and will use AI technologies in the future - in ways consistent with the rule of law and American values will not be sufficient. The [agencies] will need to validate those statements for the American people," the Inspector General said. "Investment asymmetry between mission performance and intelligence oversight in AI efforts could lead to an accountability deficit," the statement continues, "there is little indication that investments in oversight of AI are currently a high priority." EPIC recently urged the federal government to implement the OECD Principles on Artificial Intelligence and the Universal Guidelines for AI as primary standards for U.S. AI policy.

As State AGs Gather at FTC Event, Still No Action on Facebook

The FTC hosted a roundtable with state attorneys general in Nebraska as the final hearing on competition and consumer protection in the 21st century. More than a year has passed since the FTC reopened the investigation of Facebook after the Cambridge Analytica scandal, but the FTC has not issued a fine, imposed penalties, or even updated the public about the status of the investigation. EPIC Consumer Protection Counsel Christine Bannan testified at an earlier FTC hearing that the FTC's success should be measured by the enforcement of its orders. EPIC launched the #EnforceTheOrder campaign to pressure the FTC to take enforcement action against Facebook. EPIC brought the original complaint to the FTC in 2009 that led to the consent order. Facebook anticipates a $3-5 billion fine from the FTC, but EPIC, Color of Change, and the Open Markets Institute have urged the Commission to use its equitable authorities to improve privacy protection and governance, reform hiring practices, and to spin off WhatsApp and Instagram.

EPIC in the News

• The Supreme Court stamps on freedom of information, Columbia Journalism Review, June 25, 2019
• Senate confirms Krach as long-awaited EU-U.S. data sharing ombudsperson, POLITICO Pro, June 21, 2019
• Facebook's new cryptocurrency raises red flags for critics, The Hill, June 20, 2019
• DHS pushes on centralizing access to biometric data, FCW, June 20, 2019
• Why 'we can't stop' with just making Facebook split up, Yahoo, June 18, 2019
• Pressure mounts on Facebook over Mark Zuckerberg's emails on privacy practices, ongoing FTC investigation, Fox News, June 15, 2019
• Hackers Stole a Border Agency Database of Traveler Photos, WIRED, June 11, 2019
• Ask the experts: Should the US have a data privacy law similar to GDPR?, Security Boulevard, June 11, 2019

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

EPIC v. Department of Justice: The Mueller Report, edited by Marc Rotenberg (2019)

EPIC v. Department of Justice: The Mueller Report chronicles the efforts to obtain a full account of Russian interference in the 2016 presidential election. EPIC filed the first lawsuit in the country for the release of the full and unredacted Mueller Report and obtained a newly redacted version in early May 2019. EPIC is now challenging the redactions made by the Department of Justice in federal court. This volume is an essential guide to the legal arguments about the redactions, the dispute between the Attorney General and the Special Counsel, and EPIC's request for the Mueller Report and other records about Russian interference in the 2016 presidential election.

The Privacy Law Sourcebook 2018, edited by Marc Rotenberg (2018)

The Privacy Law Sourcebook is the leading resource for students, attorneys, and policymakers interested in privacy law in the United States and around the world. The Sourcebook includes major US privacy laws such as the Fair Credit Reporting Act, the Privacy Act, the Family Educational Rights and Privacy Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act. The Sourcebook also includes key international privacy frameworks such as the EU General Data Protection Regulation and the revised OECD Privacy Guidelines. The Privacy Law Sourcebook 2018 has been updated and expanded to include the modernized Council of Europe Convention on Privacy, the Judicial Redress Act, the CLOUD Act, and new materials from the United Nations. The Sourcebook also includes an extensive resources section with useful websites and contact information for privacy agencies, organizations, and publications.

Communications Law and Policy: Cases and Materials, 5th Edition, by Jerry Kang and Alan Butler. Direct Injection Press (2016).

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, bad content, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field.

Privacy Law and Society, 3rd Edition, by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (2015).

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy—they propose solutions.

Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf.

Upcoming Conferences and Events

'AI World Society Standards.' AI World, Washington, DC. June 25, 2019. Marc Rotenberg, EPIC President.

'Privacy in the Digital Age.' The Washington Center, Washington, DC. July 12, 2019. Marc Rotenberg, EPIC President.

Cyber Crime Review. Aug. 8, 2019. ABA Annual Meeting, San Francisco, CA. Alan Butler, EPIC Senior Counsel.

'Designing New Digital Divides: Tech Platforms' Myth of Inclusion Drives Exclusion.' Aug. 11, 2019. Academy of Management, Boston, MA. Marc Rotenberg, EPIC President.

'In Harm's Way: Smart Regulation of Digital & Network Technology.'Aug. 12–14, 2019. Conference on Communications Policy, Aspen, CO. Marc Rotenberg, EPIC President.

41st International Data Protection and Privacy Commissioners Conference. Oct. 21–24, 2019. Tirana, Albania. Marc Rotenberg, EPIC President.

CPDP 2020: Data Protection and Artificial Intelligence. Jan. 22–24, 2020. Brussels, Belgium. Marc Rotenberg, EPIC President.