EPIC Alert 27.18

1. DOJ Releases New Sections of Mueller Report in EPIC Case

The Department of Justice, as part of EPIC v. DOJ, has released extensive new material from the Mueller Report that was previously withheld from the public. The disclosure marks the culmination of EPIC's 19-month legal effort to obtain the full, unredacted Special Counsel report on Russian interference in the 2016 election.

The newly disclosed passages concern decisions by Special Counsel Robert S. Mueller not to charge particular individuals with criminal offenses. Specifically, Mueller declined to bring charges against Roger Stone, Julian Assange, and Wikileaks for the hacking of Democratic National Committee servers and possible campaign finance violations.

Judge Reggie B. Walton ordered the disclosures based on an in camera review of the unredacted Report—a step that Walton deemed necessary after determining that Attorney General Bill Barr's redactions to the Report may have been "self-serving."

As a result of EPIC's suit, the DOJ has already twice released portions of the Report that it initially withheld from the public. In June, the DOJ published material concerning the Special Counsel's investigation of Roger Stone. In September, the DOJ released extensive new material from the Report, including an excerpt from a document that describes the Russian government's goal of "spread[ing] distrust towards the candidates and the political system" leading up to the 2016 election.

EPIC's Freedom of Information Act case—the first in the nation for the disclosure of the Mueller Report—is EPIC v. DOJ, No. 19-810.

2. EPIC, Coalition Release Data Protection Plan for Biden Administration

EPIC and a coalition of privacy, civil rights, and consumer organizations have released a policy framework for the Biden Administration to protect privacy and digital rights for all Americans.

"The United States is facing an unprecedented privacy and data justice crisis," the groups wrote. "We live in a world of constant data collection where companies track our every movement, monitor our most intimate and personal relationships, and create detailed, granular profiles on us. Those profiles are shared widely and used to predict and influence our future behaviors, including what we buy and how we vote."

To address this crisis, the groups called on the Biden administration to (1) recognize privacy and surveillance as racial justice issues; (2) establish algorithmic governance and accountability to advance fair and just data practices; (3) enact a baseline comprehensive federal privacy law; (4) establish a U.S. Data Protection Agency; and (5) bringing consumer, privacy, and civil rights experts into key government positions, among other recommendations.

"Without laws that limit how companies can collect, use, and share personal data, we end up with an information and power asymmetry that harms consumers and society at large," the groups wrote. "Individual, group and societal interests are diminished, and our privacy and other basic rights and freedoms are at risk."

EPIC has long advocated for the enactment of comprehensive privacy legislation and the creation of data protection agency. EPIC's report Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a modern privacy law.

3. EPIC Seeks Documents on Facial Recognition System Used to Identify D.C. Protester

EPIC has filed a series of open government requests seeking information on a previously undisclosed facial recognition system used by police departments in the Washington, D.C. region. EPIC sent requests to the Metropolitan Police Department, the Maryland National Capitol Park Police, and the Montgomery County Police Department.

The facial recognition system was first revealed by the Washington Post on November 2. A protester accused of assaulting a police officer during a June 1 protest at D.C.'s Lafayette square was identified when police ran an image of him from Twitter against the National Capitol Region Facial Recognition Investigative Leads System (NCR-FRILS). According to the Post, the system has been used over 12,000 times since 2017 to search a database of 1.4 million images.

EPIC recently filed suit against Immigration and Customs Enforcement to obtain documents about the agency's use of facial recognition. Earlier this year, an EPIC-led coalition called on the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

4. EPIC Renews Call for DHS Advisory Committee to Investigate Fusion Centers

EPIC has submitted comments urging the Department of Homeland Security's Data Privacy and Integrity Advisory Committee to investigate fusion centers and to call for a ban on the use of facial recognition at the centers. EPIC's comments followed an October meeting in which EPIC Law Fellow Jake Wiener spoke to the committee.

Fusion centers are centralized systems that pool and analyze intelligence from federal, state, local, and private sector entities. As EPIC explained, the centers are "poorly regulated, prone to Constitutional violations, and providing little if any actionable intelligence," while fusion center staff are "entirely unsupervised in their use of federal funds, minimally trained, and almost never held responsible for providing incorrect or irrelevant information."

EPIC urged the Advisory Committee to "(1) create a public report detailing the use of facial recognition technology by fusion centers, including the privacy and civil liberties risks created by this usage; (2) urge DHS to ban the use of facial recognition by fusion centers; (3) review data minimization and retention requirements at fusion centers and determine whether fusion centers are complying with those requirements; and (4) consider whether DHS's continued support of fusion centers is justified in light of the minimal amount of actionable intelligence they produce and the magnitude of privacy and civil liberties harms they create."

EPIC previously urged the Advisory Committee to recommend that Customs and Border Protection halt the use of facial recognition.

5. FTC Settles With Zoom, Ignores EPIC’s Calls to Address Privacy

The FTC has reached a settlement with Zoom, Inc. that requires the videoconferencing platform to address data security issues—but fails to address user privacy as EPIC had urged.

In July 2019, EPIC sent a detailed complaint to the FTC citing major flaws with Zoom and warning that the company had "exposed users to the risk of remote surveillance, unwanted video calls, and denial-of-service attack." Among other recommendations, EPIC told the Commission to require Zoom give its users "more control over their privacy settings." EPIC later wrote to Chairman Simons in April 2020 urging the FTC to open an investigation.

Writing in dissent, two members of the FTC highlighted the Commission's failure to address Zoom's privacy issues in the settlement. "When companies offer services with serious security and privacy implications for their users, the Commission must make sure that its orders address not only security but also privacy," Commissioner Slaughter explained. Commissioner Chopra wrote that "[t]he FTC's status quo approach to privacy, security, and other data protection law violations is ineffective."

The FTC is accepting comments on the proposed settlement through December 14, 2020. EPIC regularly makes submissions to the FTC concerning consumer privacy and artificial intelligence, including recent complaints against Hirevue and Airbnb and a petition for a rulemaking on the use of AI.

News in Brief

Divided Court Rules Baltimore's Continuous Aerial Surveillance is Constitutional

A divided federal appeals court has ruled that Baltimore's use of spy planes to continuously surveil the city does not violate the Fourth Amendment. The technology, known as wide-area aerial surveillance, allows police to capture high-definition video and track the movements of pedestrians and vehicles over a 32-square mile area. Although the Fourth Circuit U.S. Court of Appeals acknowledged "that there are aerial surveillance programs that would transgress basic Fourth Amendment protections," the court concluded that Baltimore's program "does not violate the Constitution" and "burdens privacy substantially less than a well-established staple of existing surveillance: security cameras." Chief Judge Roger L. Gregory dissented, concluding that the Supreme Court's decision in Carpenter v. United States requiring a warrant for cell phone location data also requires police to obtain a warrant for persistent aerial surveillance. Gregory explained that "Long-term, recorded surveillance of public movements uncovers more than temporary trailing by a suspecting officer; it reveals a person's most intimate associations and activities." EPIC filed an amicus brief in Carpenter v. United States and has long fought to limit drone surveillance and other forms of aerial spying.

California Voters Pass California Privacy Rights Act

California voters this month approved Proposition 24, the California Privacy Rights Act, with 56% supporting the measure. EPIC previously published an analysis of Proposition 24, nothing that the measure "would make some important improvements to privacy protections for California residents, particularly through the establishment of a California Privacy Protection Agency." In 2018, the State of California enacted the California Consumer Privacy Act of 2018, the first comprehensive consumer privacy law enacted in the United States. Proposition 24 significantly changes the CCPA. EPIC has also published a resource to help California residents exercise their rights under the CCPA.

Voters in Portland, Maine Add Teeth to Facial Recognition Ban

Voters in Portland, Maine passed a ballot initiative that strengthens the city's ban on the use of facial recognition by law enforcement and city agencies. The City Council previously passed an order prohibiting face surveillance, but the initiative strengthens the ban with a private right of action and penalties for violations of the law. A growing list of cities have banned facial recognition technology, including Boston, Oakland, San Francisco, and Portland, Oregon. EPIC has launched a campaign to Ban Face Surveillance and through the Public Voice coalition gathered the support of over 100 organizations and many leading experts across 30-plus countries. Earlier this year, an EPIC-led coalition called on the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.

California Voters Reject Proposition to Mandate Pretrial Risk Assessment Use

Proposition 25, which would have abolished cash bail in California but replaced it with the mandatory use of controversial pretrial risk assessment tools, was rejected by 56% of the state's voters earlier this month. Pretrial risk assessments attempt to predict the likelihood that a person will fail to appear at trial or be arrested again. Research has shown that these tools reflect and encode biases based on race, age, ethnicity, and socioeconomic status. Although pretrial risk assessments are widely used throughout the country and parts of California, Proposition 25 would have mandated their use in the state. EPIC recently published Liberty At Risk, a report on pretrial risk assessment tools, and maintains a resource on algorithms in the criminal justice system.

#ReclaimYourFace: European Civil Society Groups Oppose Biometric Surveillance

A coalition of twelve European civil society groups launched a new campaign this month calling for a ban on "biometric mass surveillance." To date the campaign has gathered over 5,000 signatures. EPIC has launched a campaign to Ban Face Surveillance and through the Public Voice coalition gathered the support of over 100 organizations and many leading experts across 30 plus countries. In October, EPIC urged the Department of Homeland Security to rescind a proposed rule allowing broad biometric data collection and suspend the Department's use of facial recognition.

EPIC in the News

• Meadows says Trump did not order a declassification of Russian documents, The Washington Newsday, Nov. 15, 2020
• Pace of EU live biometric surveillance regulation prompts Reclaim Your Face movement, Biometric Update, Nov. 13, 2020
• How Private Is My Pay App?, The Markup, Nov. 12, 2020
• How private is my pay app?, CNN, Nov. 12, 2020
• Four major tech issues facing the Biden administration, The Hill, Nov. 11, 2020
• Trump's out, but his FCC nominee is up for consideration, Politico, Nov. 10, 2020
• A Rough Patch for Zoom, POLITICO Morning Tech, Nov. 10, 2020
• Robbins Geller Nabs Lead In Zoom Shareholder Litigation, Law360, Nov. 6, 2020
• Mueller investigated -- but didn't charge -- Stone, WikiLeaks and Assange for Russian hack of Democrats in 2016, less-redacted report shows, CNN, Nov. 3, 2020
• READ: Mueller report issued with fewer redactions released on eve of election, CNN, Nov. 3, 2020
• In California, voters must choose between cash bail and algorithms, CNN, Nov. 2, 2020
• New: Mueller Investigated Julian Assange, WikiLeaks, And Roger Stone For DNC Hacks, BuzzFeed, Nov. 2, 2020

More EPIC in the News »

EPIC Bookstore

EPIC publications and books by members of the EPIC Advisory Board, distinguished experts in law, technology and public policy are available at the EPIC Bookstore.

Recent EPIC Publications

Communications Law and Policy: Cases and Materials, 7th Edition, by Jerry Kang and Alan Butler (Direct Injection Press 2020)

This teachable casebook provides an introduction to the law and policy of modern communications. The book is organized by analytic concepts instead of current industry lines, which are constantly made out-of-date by technological convergence. The basic ideas—power, entry, pricing, access, classification, (indecent) content, privacy, and intermediary liability—equip students with a durable and yet flexible intellectual structure that can help parse a complex and ever-changing field. This book includes concise technological and legal summaries and carefully edited opinions and FCC reports. It also includes "just-in-time" delivery of the text of statutes and regulations so that students get accustomed to parsing statutory material as they analyze legal questions.

The AI Policy Sourcebook 2020, edited by Marc Rotenberg (EPIC 2020).

The AI Policy Sourcebook includes global AI frameworks such as the OECD AI Principles and the Universal Guidelines for AI. The Sourcebook also includes AI materials from the European Union and the Council of Europe, national AI initiatives, as well as recommendations from professional societies, including the ACM and the IEEE. The Sourcebook also includes an extensive resources section on AI, including reports, articles, and books from around the world.

The Privacy Law Sourcebook 2020, edited by Marc Rotenberg (EPIC 2020).

The Privacy Law Sourcebook is the leading resource for students, attorneys, and policymakers interested in privacy law in the United States and around the world. The Sourcebook includes major U.S. privacy laws. The Sourcebook also includes key international privacy frameworks such as the EU General Data Protection Regulation and the modernized Council of Europe Convention on Privacy. The Privacy Law Sourcebook 2020 includes the new California Consumer Privacy Act, the Illinois Biometric Information Privacy Act, the Public Voice Declaration for a Moratorium on Facial Recognition, and updates on GDPR implementation. The Sourcebook also includes an extensive resources section with information on privacy agencies, organizations, and publications.

EPIC v. Department of Justice: The Mueller Report, edited by Marc Rotenberg (EPIC 2019).

EPIC v. Department of Justice: The Mueller Report chronicles the efforts to obtain a full account of Russian interference in the 2016 presidential election. EPIC filed the first lawsuit in the country for the release of the full and unredacted Mueller Report and obtained a newly redacted version in early May 2019. EPIC is now challenging the redactions made by the Department of Justice in federal court. This volume is an essential guide to the legal arguments about the redactions, the dispute between the Attorney General and the Special Counsel, and EPIC's request for the Mueller Report and other records about Russian interference in the 2016 presidential election.