EPIC Amicus Curiae Briefs

EPIC frequently files amicus curiae, or "friend of the court", briefs in federal and state appellate cases concerning emerging privacy and civil liberties issues.

We work closely with technical experts and legal scholars, members of the EPIC Advisory Board, on these briefs. EPIC's amicus briefs assist judges in their analyses of novel privacy issues, often involving new technology. Many of these cases are complex and technical. Judges often acknowledge EPIC's briefs in their opinions, and have expressed gratitude for EPIC's participation in important cases. EPIC's decision to participate as amicus in a particular case typically follows an extensive review of matters pending before federal and state courts.

Interested in potential amicus opportunities in pending privacy, civil liberties, and technology cases? Visit the EPIC Amicus Tracker.

EPIC Amicus Curiae Briefs

Upcoming EPIC Amicus Cases

  • Spokeo, Inc. v. Robins (U.S. ___) (Whether courts have jurisdiction to review cases brought by individuals based on violations of their federal privacy rights)

Pending Cases in Which EPIC Has Filed an Amicus Brief

  • United States v. Ganias (2d Cir ____) (Whether the Government violated the Fourth Amendment when they retained non-pertinent files for more than two years after the files were seized in an unrelated investigation)
  • In re Nickelodeon (3rd Cir ____) (Whether the Video Privacy Protection Act protects from disclosure personal information collected by the Nick.com website)
  • State v. Davis (N.M. ___) (Whether aerial surveillance within the super adjacent space surrounding a dependant's home is a search under the Fourth Amendment and the New Mexico Constitution)
  • FTC v. Wyndham (3rd Cir. ___) (Whether the FTC can enforce data security standards under its Section 5 "unfairness" authority)
  • Smith v. Obama (9th Cir. ___) (Whether the ongoing collection of all telephone call records of all Americans violates the Fourth Amendment)
  • Bass v. Aitkin County (8th Cir. ___) (Whether the statute of limitations under the DPPA accrues based on when the violation occurs or when it is discovered)
  • In re National Security Letter (9th Cir. ___) (Whether the nondisclosure provision in the National Security Letter statute violates the First Amendment)
  • Fraley v. Facebook (9th Cir. ____) (Whether Facebook's proposed settlement of privacy claims arising from "Sponsored Stories" advertisements is fair and sufficient for class members)

Previous Cases in Which EPIC Has Filed an Amicus Brief

Top News

  • Supreme Court to Hear Arguments in Case for Disclosure of Trump Tax Returns: The Supreme Court will hear arguments Tuesday morning in Trump v. Vance, a case concerning the release of President Trump's tax returns to a grand jury. EPIC filed an amicus brief in the case supporting disclosure. EPIC explained that President Trump broke with 40 years of precedent by concealing his tax records, even as he sought to collect sensitive voter and citizenship data from the public. "This is inverted liberty: privacy for the President and compelled disclosure of personal data for the public," EPIC argued. "That is antithetical to the structure and practice of modern democracies which safeguard the privacy of citizens and impose transparency obligations on political leaders, most notably the President." EPIC previously sought public release of President Trump's tax returns in EPIC v. IRS, arguing that disclosure was necessary to correct numerous factual misstatements made by the President. In EPIC v. IRS II, EPIC is seeking "offers-in-compromise" and related tax records of President Trump and his businesses. (May. 12, 2020)
  • Under Scrutiny, Clearview Plans to Cancel Accounts With Private Companies: In response to a lawsuit brought under the Illinois Biometric Information Privacy Act, Clearview AI—the controversial facial recognition company—committed to cancelling all accounts with private companies. The commitment comes as Clearview AI tries to stave off a temporary injunction that would prevent the company from using any information it has collected from Illinois residents. In an amicus brief before the ninth circuit, EPIC defended an individual's right to sue companies who violate the Illinois Biometric Information Privacy Act and other privacy laws. More recently, EPIC filed a Freedom of Information Act request to several government agencies seeking records about the government's use of Clearview AI technology. Earlier this year, EPIC and over 40 organizations urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. (May. 8, 2020)
  • Supreme Court Hears Oral Argument in Robocall Ban Case: Earlier today, the U.S. Supreme Court heard oral argument in Barr v. American Association of Political Consultants. The argument was livestreamed, with EPIC staff providing commentary on Twitter. The case asks whether an exemption to the Telephone Consumer Protection Act, a law that prohibits unwanted robocalls, is constitutional, and, if not, whether the exemption should be severed or the whole law struck down. EPIC defended the TCPA in an amicus brief. EPIC said that the robocall ban is "constitutionally permissible and serves important governmental interests." EPIC explained that cell phone adoption has made "the harm caused by unwanted automated calls" greater than when the robocall ban was enacted in 1991. EPIC said that "without the autodialer ban, the assault of unwanted calls could make cell phones unusable." EPIC also argued that "a minor amendment to an otherwise constitutional law, passed decades after the original enactment, should not take down an act of Congress." EPIC frequently files amicus briefs on the TCPA, including in the related case, Gallion v. Charter Communications. (May. 6, 2020)
    • More top news »
  • Appeals Court Greenlights Privacy Suit Over Facebook's Invasive Web Tracking » (Apr. 9, 2020)
    The Ninth Circuit Court of Appeals ruled today that Facebook users whose privacy was violated by Facebook's tracking of web browsing can bring suit against the social media platform. The court held that consumers had the legal right, or "standing," to sue Facebook and that most legal claims could go forward. Chief Judge Sidney Thomas wrote "that Facebook set an expectation that logged-out user data would not be collected, but then collected it anyway." EPIC filed an amicus brief in the case explaining that "Facebook's tracking techniques are designed to escape detection, and the company routinely ignores users' privacy protections." EPIC argued that Facebook's "cookie tracking practices" cause "harm to the privacy of the large and diffuse group of Facebook users." EPIC first identified the privacy risks of cookie tracking in a 1997 report "Surfer Beware: Personal Privacy and the Internet." EPIC frequently participates as amicus curiae in consumer privacy cases, including United States v. Facebook, Attias v. Carefirst, Frank v. Gaos, and Rosenbach v. Six Flags.
  • Supreme Court Won't Limit Vehicle Stops Based on Owner's License Status » (Apr. 6, 2020)
    The U.S. Supreme Court held today, 8-1, that police can stop a vehicle if a database says that the registered owner has a suspended license. Justice Sotomayor dissented. EPIC filed an amicus brief in the case, Kansas v. Glover, arguing that the Court should not allow the police to stop a vehicle simply because the registered owner's license is expired. EPIC described the growing use of Automated License Plate Readers, and warned the Court that permitting police stops based on the registered owner's status would "dramatically alter police practices" and "unfairly burden disadvantaged communities." EPIC provided empirical data for the Supreme Court which indicate that ALPRs are more widely used in disadvantaged communities and also that car sharing is more prevalent in these communities. Justice Kagan's concurrence noted that car sharing and database inaccuracies, issues that EPIC raised in its brief, could lead to unreasonable searches. EPIC routinely files amicus briefs in cases before federal and state courts concerning emerging privacy issues. In Herring v. United States (2012), EPIC explained to the Supreme Court that government databases are "filled with errors, according to the federal government's own reports."
  • EPIC to Supreme Court: Robocall Ban is Constitutional » (Mar. 2, 2020)
    In an amicus brief for the U.S. Supreme Court, EPIC today defended the Telephone Consumer Protection Act, a law that prohibits unwanted robocalls. EPIC said that the robocall ban is "constitutionally permissible and serves important governmental interests." EPIC explained in Barr v. American Association of Political Consultants that "the harm caused by unwanted automated calls" is more acute than when the robocall ban was enacted in 1991. EPIC said "without the autodialer ban, the assault of unwanted calls could make cell phones unusable." EPIC also argued that "a minor amendment to an otherwise constitutional law, passed decades after the original enactment, should not take down an act of Congress." Senator Markey, Representative Eshoo, and more than a dozen members of Congress also filed an amicus brief in support of the consumer privacy law. EPIC frequently files amicus briefs on the TCPA, including in the related case, Gallion v. Charter Communications.
  • Federal Appeals Court Rules Consumers Can Sue for Automated Texts—But Only If Calls Are Random » (Feb. 19, 2020)
    The Seventh Circuit has concluded that consumers who receive an automated text message can sue under the federal anti-robocall law, but only if the autodialer has a random number generator. The decision in Gadelhak v. AT&T Services deepens a split among federal appeals courts over the scope of federal robocall protections. EPIC and the National Consumer Law Center filed an amicus brief in the case, arguing that an autodialer need only dial numbers from a list, such as a customer contact database. EPIC and the NCLC explained that allowing telemarketers to robocall consumers from a list "would undermine the law's effectiveness by inviting easy circumvention and rendering the restriction obsolete." The EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA.
  • FCC Announces Enforcement Action on Location Privacy » (Jan. 31, 2020)
    FCC Chairman Pai has announced upcoming enforcement actions against wireless carriers that disclosed subscribers' location data. Last year Members of Congress called an emergency briefing with the FCC and urged the agency to investigate companies that were selling subscribers' location data. EPIC has long advocated for protection of location data. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. And EPIC filed a amicus brief in Carpenter v. US. The Supreme Court held in that case that the Fourth Amendment protects cell site location information. EPIC maintains detailed webpages on location privacy.
  • EPIC to Argue in Court Fifth Amendment Protects Cell Phone Passcodes » (Jan. 21, 2020)
    EPIC will present argument today in State v. Andrews, a New Jersey Supreme Court case about the compelled disclosure of a cell phone passcode. In its amicus brief, EPIC argued that the Fifth Amendment limits the ability of the government to obtain cellphone passcodes. Citing Riley v. California and Carpenter v. United States, EPIC said the U.S. Supreme Court has held that the vast troves of personal data stored in cell phones "justifies strong constitutional protections." EPIC also explained that limited exceptions to Fifth Amendment safeguards were adopted before personal information was "consolidated in one place." EPIC routinely files amicus briefs arguing that constitutional protections should keep pace with advances in technology. EPIC filed amicus briefs in Carpenter and Riley, which both involved the searches of cellphones. The Supreme Court cited EPIC's amicus brief in the Riley opinion.
  • Supreme Court Declines to Review Facebook Face Scan Case » (Jan. 21, 2020)
    The U.S. Supreme Court will leave in place a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition. EPIC recently launched a campaign and resource page to ban face surveillance.
  • Supreme Court to Review Constitutionality of Federal Robocall Ban » (Jan. 11, 2020)
    The Supreme Court has aqreed to hear a challenge to the constitutionality of the Telephone Consumer Protection Act, a federal law that prohibits unwanted robocalls. The law generally restricts the use of autodialers, but in 2015 Congress created an exception for robocalls to collect debts guaranteed by the federal government. Several groups have since challenged the law on First Amendment grounds, arguing that the TCPA discriminates against particular speakers. The Court will now consider the issue in Barr v. American Association of Political Consultants. EPIC filed an amicus brief in Gallion v. Charter Communications, a related case, arguing that “these challenges represent a systematic effort by companies to undermine the purpose of the TCPA and to inundates consumers with unwanted calls.” EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA.
  • EPIC to Congress: Strong Encryption Keeps Our Nation Secure » (Dec. 10, 2019)
    In advance of a hearing on "Encryption on Lawful Access," EPIC wrote to the Senate Judiciary Committee "now is not the time to undermine the systems that we all rely upon to secure our data and communications." EPIC cited growing problems of data breach and cyber attack. Leading computer scientists and security experts, including members of the EPIC Advisory Board, have found that proposals to add "backdoors" for law enforcement are "unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm." EPIC previously filed an amicus brief in Apple v. FBI in support of robust security safeguards for cellphone users. EPIC argued that the "security features in dispute in this case were adopted to protect consumers from crime." EPIC explained that an order to compel Apple to take extraordinary measures to undo these features places at risk millions of cell phone users across the United States. EPIC President Marc Rotenberg warned of the risk of NSA-mandated backdoors in a 1990 article, "The Only Locksmith in Town."
  • Facebook Asks Supreme Court to Review Face Scan Decision » (Dec. 5, 2019)
    Facebook has filed a petition asking the Supreme Court to review a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition. EPIC recently launched a campaign and resource page to ban face surveillance.
  • Supreme Court Hears Arguments in Public Access to Law Case » (Dec. 2, 2019)
    Today, the U.S. Supreme Court heard oral arguments in Georgia v. Public.Resource.Org, which concerns the copyright of a state's official law. EPIC filed an amicus brief in the case, signed by 35 experts in law and technology, stating that "free access to the law is guaranteed by our country's traditions and enabled by digital technologies." EPIC explained that "the federal government has worked to ensure that legal materials are broadly accessible to the public; the states should do the same." EPIC and its staff have long promoted online access to judicial opinions and open access to government information. EPIC routinely files amicus briefs in the US Supreme Court in cases concerning emerging privacy and civil liberties issues.
  • PA Supreme Court Rules Government Cannot Compel Suspect to Disclose Password » (Nov. 20, 2019)
    The Pennsylvania Supreme Court ruled today that the Fifth Amendment right against self-incrimination prevents the government from requiring a suspect to divulge their computer passcode. The court found that "compelling the disclosure of a password to a computer" is testimonial, and that a limited exception to the Fifth Amendment privilege does not apply to passwords. EPIC filed an amicus brief in a similar case in the New Jersey Supreme Court. EPIC argued in State v. Andrews that the Fifth Amendment exception should be limited because it predated the vast amounts of personal data stored on computers and telephones. EPIC cited the U.S. Supreme Court's recent decisions in Riley v. California and Carpenter v. United States. EPIC has long filed amicus briefs arguing that constitutional protections should keep pace with advances in technology.
  • Appeals Court Questions Government on Reliability of Google Scanning Algorithm » (Nov. 18, 2019)
    This week a federal appellate judge pressed the government about the reliability of a Google scanning algorithm that provided the basis for the warrantless search of a private email. EPIC raised concerns about the scanning technique in an amicus brief for the appeals court. In United States v. Wilson, EPIC argued that "because neither Google nor the Government explained how the image matching technique actually works or presented evidence establishing accuracy and reliability, the Government's search was unreasonable." Judge Watford told the government attorney that he "would like to hear your defense of the evidentiary record" because what we have "is this declaration from the Google person," and "I would need far more explanation of how reliable the hash matching technology is before I could validate this search." EPIC filed an amicus brief in a similar case in United States v. Miller. EPIC routinely submits amicus briefs on the privacy implications of new investigative techniques. EPIC has also long promoted algorithmic transparency to ensure accountability for AI-based decision making.
  • Following EPIC Suit, AccuWeather Changes Location Tracking Practices » (Nov. 12, 2019)
    Following a DC consumer protection suit that EPIC filed against AccuWeather in 2018, the company has stopped deceptively gathering users' location data. In its Complaint, EPIC charged that AccuWeather grabbed consumers' location data even when they expressly opted out of location tracking. EPIC also charged that AccuWeather failed to disclose that it transferred location data to advertisers. Now AccuWeather, following EPIC's case, has changed its business practices. Users can decline dvertising and other non-functional uses of their device information, and users can delete the information that AccuWeather collects about their device. EPIC has long advocated for the privacy of location data. EPIC filed a "friend of the court" brief with the US Supreme Court in, Carpenter v. US, a case concerning police surveillance and a complaint with the Federal Trade Commission concerning Uber's tracking of subscribers. EPIC also opposed Apple's tracking of iPhone users. EPIC also maintains detailed webpages on location privacy.
  • Supreme Court to Hear Arguments in Case Implicating License Plate Readers » (Oct. 31, 2019)
    Next week the Supreme Court will consider Kansas v. Glover, a case concerning car stops and the status of the registered owner's license. EPIC filed an amicus brief in the case which could lead to police stopping any vehicle if the registered owner's license is suspended. EPIC warned that the Court's decision, when combined with automated license plate readers, could "dramatically alter police practices" and "unfairly burden disadvantaged communities." EPIC provided empirical data for the Court that indicate that police use license plate readers more frequently in disadvantaged communities. EPIC also provided data that car sharing is more prevalent in these communities and therefore that many drivers whose license is not suspended will be stopped. EPIC noted that the Supreme Court has previously established legal safeguards in response to evolving policing techniques, such as GPS tracking devices, (US v. Jones), cell phones searches (Riley v. California), and location data collection (Carpenter v. United States). EPIC recommended that the Court recognize the role of automated license plate readers in police stops. EPIC routinely files amicus briefs in federal and state courts concerning emerging privacy issues.
  • Axon Ethics Board: No License Plate Readers Without Public Input » (Oct. 28, 2019)
    A new report from the Axon AI and Policing Technology Ethics Board details problems with automated license plate readers, including the disproportionate impact on communities of color and the long-term tracking of innocent drivers. The Axon report recommends public review prior to use of license plate readers. The report also recommends that license plate reader alerts should not be sufficient grounds to stop a vehicle. EPIC made a similar recommendation in an amicus brief for the U.S. Supreme Court for Kansas v. Glover, arguing against traffic stops based solely on alerts that a registered owner's license is suspended. EPIC previously obtained documents about the extensive use of license plate readers by the Department of Homeland Security and the Federal Bureau of Investigation. EPIC's Senior Counsel Jeramie Scott has warned about the risk of mass surveillance with technologies such as license plate readers.
  • Ninth Circuit Leaves in Place Case that Allows Users to Sue Facebook for Face-Scans » (Oct. 23, 2019)
    A federal appeals court has let stand a ruling that users can sue Facebook for collecting and using their facial images. The court previously held in Patel v. Facebook that an Illinois biometrics law protects "concrete privacy interests" and violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that the violation of a privacy law is sufficient for users to sue a company. EPIC has also long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition.
  • Federal Appeals Court Says LinkedIn Must Allow "Scraping" of Personal Data » (Sep. 9, 2019)
    A federal appeals court has ruled that LinkedIn must allow hiQ, a data analytics firm, to scrape user data from public profiles—at least, for now. The appeals court found that "hiQ's interest in continuing its business" outweighed users' privacy interests in their profile information. EPIC filed an amicus brief in the case. In 2017, a lower court permitted hiQ access to the user data of LinkedIn users. EPIC argued that "the lower court has undermined the fiduciary relationship between LinkedIn and its users." EPIC also said the order is "contrary to the interests of individual LinkedIn users" and contrary to the public interest "because it undermines the principles of modern privacy and data protection law." Siding with neither party, EPIC urged reversal to protect online privacy. EPIC routinely participates as amicus curiae in cases concerning consumer privacy.
  • In Amicus Brief, EPIC Urges Supreme Court to Limit Traffic Stops Based Solely on Owner's License Status » (Sep. 6, 2019)
    EPIC has submitted an amicus brief in Kansas v. Glover, urging the Supreme Court to limit traffic stops based solely on the status of the registered owner. EPIC warned that permitting police stops based on this factor, when combined with Automated License Plate Readers, would "dramatically alter police practices" and "unfairly burden disadvantaged communities." EPIC provided empirical data for the Court which indicate that ALPRs are more widely used in disadvantaged communities and also that car sharing is more prevalent in these communities. The Supreme Court has previously expanded Fourth Amendment protections for new technologies, such as GPS tracking devices, (US v. Jones), cell phones (Riley v. California), and location data (Carpenter v. United States), in response to evolving policing techniques. EPIC recommended that the Court do the same in this case. EPIC routinely files amicus briefs in cases before federal and state courts concerning emerging privacy issues.
  • Supreme Court Asked to Hear Donor Privacy Case » (Aug. 28, 2019)
    An advocacy group has asked the U.S. Supreme Court to hear a case concerning a California law requiring charitable organizations to disclose the names and addresses of their major donors. Last year, a federal appellate court found that the law does not violate the First Amendment "because the information is collected solely for nonpublic use, and the risk of inadvertent public disclosure is slight." EPIC filed an amicus brief in the case, arguing that the reporting requirement "infringes on several First Amendment interests, including the free exercise of religion, the freedom to express views without attribution, and the freedom to join in association with others without government monitoring." Citing several data breaches concerning state records, EPIC also explained that California had "failed to implement basic data protection standards" for donor information. EPIC has argued for donor privacy and similar constitutional rights of anonymity in Packingham v. North Carolina, Doe v. Reed, and Watchtower Bible v. Stratton.
  • Grindr User Asks Supreme Court to Hear Dating App Abuse Case » (Aug. 15, 2019)
    A Grindr user has asked the U.S. Supreme Court to review a federal appellate court's refusal to find the dating app liable for failing to remove a false profile that enabled abuse. EPIC filed an amicus brief in Herrick v. Grindr, arguing that Section 230, the law the appeals court found barred liability, was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if internet services are not accountable for harassment and abuse. EPIC routinely files friend of the court briefs in cases concerning emerging privacy and civil liberties issues. Herrick's attorney (and EPIC Champion of Freedom Award winner) Carrie Goldberg recently published "Nobody's Victim: Fighting Psychos, Stalkers, Pervs, and Trolls."
  • Federal Court: Georgia Must Replace DRE Voting Systems by 2020 » (Aug. 15, 2019)
    A federal court has ruled that Georgia must replace Direct Recording Electronic voting machines before the 2020 election. The court also ruled that Georgia must develop a contingency plan with hand-marked paper ballots with optical ballot scanners and voter-verifiable, audible ballot records. EPIC, in an amicus brief joined by 31 legal scholars and technical experts, urged the court to stop Georgia's use of Direct Recording Electronic voting machines. EPIC told the court, "the continued use of these systems poses a direct threat to personal privacy, election integrity, and democratic institutions." The court cited EPIC's brief, noting "almost from their inception, DREs have been plagued by warnings that the voting machines are unreliable, insecure, and unverifiable." Georgia's Secretary of State recently announced that the state would purchase Ballot Marking Devices but technical experts have said these devices have many of the same vulnerabilities as DRE voting machines. The case is Curling v. Raffensperger.
  • Federal Appeals Court Says Consumers Can Sue Facebook for Facial Recognition » (Aug. 8, 2019)
    A federal appeals court has ruled that users can sue Facebook for collecting and using their facial images. In Patel v. Facebook, users contend that Facebook violated an Illinois biometric privacy law by creating biometric templates of their faces without their consent. The court found that the Illinois law "protects the plaintiffs' concrete privacy interests" and violations of the law "pose a material risk of harm to those privacy interests." The court cited the common law roots of the right to privacy and also noted that "the Supreme Court has recognized that advances in technology can increase the potential for unreasonable intrusions into personal privacy." EPIC filed an amicus brief in the case, arguing that the violation of the privacy law was sufficient for Facebook users to sue the company. EPIC wrote the "Illinois Biometric Information Privacy Act imposes, by statute, legal obligations on companies that choose to collect and store individuals' biometric data." EPIC said that plaintiffs must only "demonstrate that a defendant has invaded a concrete interest protected by the law—nothing more." Last year, EPIC filed an amicus brief in Rosenbach v. Six Flags, where the Illinois Supreme Court unanimously decided that consumers can sue companies that violate the state's biometric privacy law. EPIC routinely submits briefs in support of consumers' right to sue in privacy case. EPIC has also long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software.
  • Following EPIC's Advice, Third Circuit Nixes Google Deal » (Aug. 7, 2019)
    A federal appeals court has rejected a proposed class action settlement in a case involving Google's tracking of internet users in violation of the users' privacy settings. The court was particularly "troubled" by the prior relationships between Google, class counsel, and the organizations selected to receive funds in the settlement. The court found that "if challenged by an objector, a district court must review the selected cy pres recipients to determine whether they have a significant prior affiliation with any party, counsel, or the court." EPIC had urged the court to reject the deal in an amicus brief. EPIC said the settlement was "fundamentally flawed" because "Google is allowed to continue its unlawful conduct and the class members receive no monetary relief." EPIC also explained that the selection of organizations awarded in the settlement "raise significant conflicts of interest concerns." EPIC has proposed an objective basis for courts to make determinations in consumer privacy cases that protect the interests of class members and avoid the risk of collusion between the parties in settlement.
  • EPIC Asks NJ Supreme Court to Apply Fifth Amendment to Cell Phone Searches » (Jul. 23, 2019)
    EPIC has submitted an amicus brief in State v. Andrews, a New Jersey Supreme Court case about the compelled disclosure of a cell phone passcode. In the brief, EPIC argued that the Fifth Amendment limits the ability of the government to obtain cellphone passcodes. EPIC explained that the U.S. Supreme Court's decisions in Riley v. California and Carpenter v. United States found that the vast amounts of personal data stored in cell phones "justifies strong constitutional protections." EPIC also explained that exceptions to the Fifth Amendment were adopted before personal information was "consolidated in one place." EPIC has long filed "friend of the court" briefs arguing that constitutional protections should keep pace with advances in technology. EPIC filed amicus briefs in Carpenter and Riley, which both involved the searches of cellphones. The U.S. Supreme Court cited EPIC's amicus brief in its opinion.
  • Proposed Cy-Pres Only Settlement Provides No Benefit to Class Members » (Jul. 22, 2019)
    A proposed settlement with Google concerning the Street View program will provide no actual benefit to class members. With Street View, Google not only captured digital images of streets but also intercepted private wifi communications, including passwords. Beginning in 2007, EPIC and other consumer groups spent several years urging federal and state regulators to act. In 2013, 38 State Attorneys General settled claims against Google. In that settlement, Google agreed to end the collection of network data and launch a public service campaign to help users install secure wireless networks. Six years later, lawyers have just put before a federal judge a settlement that proposes that the company again end the program and launch a public service campaign. Chief Justice Robert has raised "fundamental concerns" about settlements that provide no benefits to class members and no change in business practices. In a cy press case earlier this year, Justice Thomas opposed the Gaos settlement, which also involved Google, explaining "because the class members here received no settlement fund, no meaningful injunctive relief, and no other benefit whatsoever in exchange for the settlement of their claims." EPIC seeks to promote class action fairness and has proposed objective criteria that courts should consider to protect the interests of Internet users in class action settlements.
  • Trump Issues Executive Order To Seek Citizenship Information From All Federal Agencies » (Jul. 11, 2019)
    President Trump announced today that he will order federal agencies to transfer personal data to the Department of Commerce to determine the number of non-citizens in the United States. Trump stated, "We will utilize these vast federal databases to gain a full, complete, and accurate count of the non-citizen population including databases maintained by the Department of Homeland Security, and the Social Security Administration." President Trump has abandoned his quest to seek citizenship information on the 2020 Census after the Supreme Court ruled that the Commerce Department's decision to collect citizenship data "cannot be adequately explained" by the rationale provided by the agency. EPIC separately sought to block the Census Bureau's collection of citizenship data because the agency failed to complete required privacy impact assessments. Last month, the D.C. Circuit issued a decision in the case, ruling that EPIC did not have a legal basis to obtain Privacy Impact Assessments from the federal government. EPIC also filed an amicus brief in the Supreme Court case, joined by 23 legal scholars and technical experts, warning that "collecting citizenship status information from hundreds of millions of U.S. residents presents enormous privacy and security concerns." The federal Privacy Act also imposes limits on the ability of federal agencies to transfer personal data to other agencies. The DHS has previously stated that DACA applicant information would be used exclusively for the purposes for which it was provided.
  • Bi-Partisan Effort Underway to Reform FOIA » (Jul. 11, 2019)
    Senators from across the aisle have criticized recent changes to the Freedom of Information Act and vow to introduce legislation to reform the FOIA. In Food Marketing Institute v. Argus Leader Media, the Supreme Court recently narrowed public access to government records. A few days later, the Environmental Protection Agency changed its FOIA regulations without a public comment opportunity. The EPA's changes are similar to the Department of the Interior's "awareness review" that allows political appointees to decide whether to withhold information and issue a misleading "no records" response. Senators Ed Markey (D-MA) and Chuck Grassley (R-IA) are both considering legislation in response. Senator Grassley stated, "[the] recent Supreme Court ruling and even new regulations in the EPA and the Department of Interior are undermining access to public information. . . Americans deserve an accountable government, and transparency leads to accountability." EPIC wrote an amicus brief in Food Marketing Institute, warning the Court that a change in the FOIA "would deprive the public, and government watchdogs such as EPIC, of access to important information about 'what the government is up to.'" EPIC frequently uses the FOIA to promote government oversight.
  • Ninth Circuit Strikes Down Debt-Collection Exception to Robocall Ban » (Jul. 9, 2019)
    The Ninth Circuit has again found that the Telephone Consumer Protection Act limits the ability of government debt collectors to make robocalls. The law prohibits automated calls to cell phones, except in emergencies or with the consent of the called party. But in 2015 Congress created an exception for calls made to collect debts guaranteed by the federal government. In Duguid v. Facebook, the Ninth Circuit found that the exception violated the First Amendment because it preference debt collectors over other companies that could might use robocall technology. The outcome is favorable for consumer privacy. EPIC filed a "friend of the court" brief in Gallion v. Charter Communications, a similar case in the Ninth Circuit, arguing that "the TCPA prohibitions are needed now more than ever." EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA.
  • EPIC, NCLC Urge Federal Appeals Court to Limit Robocalls » (Jul. 9, 2019)
    EPIC and the National Consumer Law Center have filed an amicus brief in a case concerning the scope of the federal law, the Telephone Consumer Protection Act, that protects consumers against robocalls. In Gadelhak v. AT&T Services, EPIC and NCLC argued that list-based systems are included among the law's definition of "autodialers." To do otherwise, the brief explained, "would undermine the law's effectiveness by inviting easy circumvention and rendering the restriction obsolete." EPIC and NCLC further explained that the "mass texting from a list, such as the system used by AT&T in this case, is precisely the type of technology the TCPA sought to restrict." The amici warned that a narrow interpretation of the law "would accelerate the rising levels of robocalls and texts." EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA.
  • In Amicus, EPIC Proposes Duty to Protect Personal Data » (Jul. 3, 2019)
    In an amicus brief for the D.C. Circuit Court of Appeals, EPIC has recommended that courts recognize a common law obligation to protect the personal data that companies choose to collect. In Attias v. CareFirst, Inc., inadequate security practices allowed hackers to obtain 1.1 million customer records from D.C.'s largest health insurer. A lower court dismissed many of the privacy claims in the case. But EPIC argued to the appellate court that data breaches underscore the need for companies to be held liable for faulty security. EPIC said that courts should impose a duty of reasonable data protection on businesses to ensure that companies protect the personal data that they collect. EPIC previously filed an amicus brief in this case supporting data breach victims. EPIC regularly files briefs defending consumer privacy.
  • EPIC Amicus: Georgia's Electronic Voting Machines Unreliable, Fail to Safeguard Secret Ballot » (Jun. 28, 2019)
    In an amicus brief, joined by 31 legal scholars and technical experts, EPIC has asked a federal court to stop Georgia’s use of Direct Recording Electronic voting machines. Experts in election security have shown that DREs are insecure, vulnerable to attack, fail to provide a paper trail that enables auditing, and subject vote tallies to manipulation by remote adversaries. DREs systems also undermine the secret ballot as particular voters could be linked to particular votes. EPIC told the court, “the continued use of these systems poses a direct threat to personal privacy, election integrity, and democratic institutions.” In 2016, EPIC published "The Secret Ballot at Risk: Recommendations for Protecting Democracy," highlighting the importance of the secret ballot for American democracy.. The case is Curling v. Raffensperger.
  • Supreme Court Blocks Census Citizenship Question » (Jun. 27, 2019)
    The U.S. Supreme Court has blocked the citizenship question from inclusion on the 2020 Census, upholding the result reached in a lower court. The Court ruled that the Commerce Department's decision to collect citizenship data "cannot be adequately explained" by the rationale provided by the agency. "Altogether, the evidence tells a story that does not match the explanation the Secretary gave for his decision," Chief Justice John Roberts wrote. Although the Court gave the Commerce Department a second chance to provide a "reasoned explanation" for the citizenship question, the government has said that it must begin printing forms by July 1—four days from now. EPIC is separately seeking to block the Census Bureau's collection of citizenship data because the agency has failed to complete required privacy impact assessments. A decision is expected soon from the D.C. Circuit. EPIC's case is EPIC v. Commerce, No. 19-5031 (D.C. Cir). EPIC also filed an amicus brief in the Supreme Court case, joined by 23 legal scholars and technical experts, warning that "collecting citizenship status information from hundreds of millions of U.S. residents presents enormous privacy and security concerns." EPIC said further "in failing to assess the risks that would result from the collection of personal data regarding citizenship status, the Census Bureau has violated its obligations under the E-Government Act."
  • Supreme Court Limits Access to Government Records, Drops Harm Requirement for Withholding "Confidential" Information » (Jun. 24, 2019)
    The Supreme Court today narrowed public access to government documents by expanding the definition of "confidential" information. The 6-3 decision by Justice Gorsuch in Food Marketing Institute v. Argus Leader Media overturns four decades of caselaw which held that a company must show substantial competitive harm to block an open government request. Writing in dissent, Justice Breyer, joined by Justices Ginsburg and Sotomayor, emphasized that the FOIA required some showing of harm to prevent public release of business records collected by federal agencies. "The whole point of FOIA is to give the public access to information it cannot otherwise obtain." In an amicus brief, EPIC warned the Court that removing the harm requirement "would deprive the public, and government watchdogs such as EPIC, of access to important information about 'what the government is up to.'" EPIC described several of its own FOIA cases -- including the now defunct airport body scanner program and the ongoing probe of Facebook -- where access to commercial records made possible meaningful oversight and reform. Twenty members of the EPIC Advisory Board, distinguished experts in law, technology, and public policy, signed the amicus brief.
  • Supreme Court Sidesteps Merits in Junk Fax Case » (Jun. 20, 2019)
    The Supreme Court today directed a lower court to reexamine PDR Network v. Carlton & Harris Chiropractic, a case which concerns a company's efforts to disregard an FCC rule about junk faxes. The Court told the Fourth Circuit to resolve "preliminary" questions about the legal effect of the FCC rule and the company's ability to challenge the rule through the agency process. EPIC filed an amicus brief in the case. EPIC explained that permitting companies to challenge FCC rules outside the process Congress established "will exclude the voices of consumers" in agency decision-making. EPIC also explained that the company's efforts to sidestep agency rules will benefit those "who have resources to attack FCC rules." EPIC and other consumer organizations routinely provide comments to federal agencies through the federal agency rule making process. EPIC also contributed to the development of the robocall and junk fax laws. EPIC has since worked to ensure that telephone users are protected from invasive business practices through agency comments and amicus briefs in cases such as ACA International and Gallion v. Charter Communications.
  • Court: Government Can't Skimp on Attorney's Fees in Public Interest Cases » (May. 21, 2019)
    The D.C. Circuit Court of Appeals has rejected the government's attempt to pay a public interest plaintiff far less than what is owed in attorney's fees. When a plaintiff wins a public interest lawsuit, federal law often requires the defendant to reimburse the plaintiff for attorney's fees. Many defendants—including federal agencies—try to minimize those payments by using artificially low billing rates. But in D.L. v. D.C., the federal appeals court ruled that the government's calculation of attorney's fees was based on "irrelevant figures" and "wrong" assumptions that attempted to diminish the complexity and cost of public interest cases brought in Washington, DC. The decision will make it harder for the government to underpay successful public interest plaintiffs in the future. EPIC, which often recovers attorney's fees in Freedom of Information Act cases, joined in an amicus brief in the case.
  • EPIC Amicus: Public Employees Must Be Able to Speak Freely on Social Media, "the Modern Public Square" » (May. 7, 2019)
    In an amicus brief EPIC urged the Pennsylvania Supreme Court to protect the right of public employees to speak on matters of public concern on social media without fear of dismissal. The case, Carr v. Department of Transportation, concerns a state employee who was fired for comments posted to a Facebook group criticizing local school bus drivers. EPIC explained that "social media is 'the modern public square' for debate on issues of public concern," citing the U.S. Supreme Court's opinion in Packingham v. North Carolina, in which EPIC also filed an amicus. EPIC warned that "allowing the Government to fire a public employee for posts made in a private Facebook group would encourage government supervisors to surveil employees across social media." EPIC has frequently argued that the First Amendment protects the right of individuals to engage in activities free from government surveillance, in cases including City of Los Angeles v. Patel, Doe v. Reed, and Americans for Prosperity v. Becerra.
  • Appeals Court Strikes Down Debt Collector Exception to Robocall Ban » (Apr. 25, 2019)
    A federal appeals court ruled today that an amendment to the federal robocall ban is unconstitutional. The Telephone Consumer Protection Act prohibits automated calls to cell phones, except in emergencies or with the consent of the called party. But in 2015 Congress created an exception for calls made to collect debts guaranteed by the federal government. The court in AAPC v. FCC found that the debt-collection exemption "undercuts" the privacy protections in the law. So the court found the exception unconstitutional and struck it from the law. EPIC filed a "friend of the court" brief in Gallion v. Charter Communications, a similar case in the Ninth Circuit, arguing that "the TCPA prohibitions are needed now more than ever." EPIC has testified in support of the TCPA and has submitted extensive comments and amicus briefs on the consumer privacy law.
  • EPIC to Congress: Update Surveillance Safeguards » (Apr. 9, 2019)
    In a statement to the House Appropriations Committee, EPIC urged the panel to ensure that the Justice Department improves reporting on surveillance orders. "Even after the Supreme Court’s decision in Carpenter," EPIC said, "there is little to no information available to Congress or the public about how frequently the government is seeking this location data." EPIC asked the Committee to halt funding for wiretap programs until the Department of Justice improves the reporting procedures. For over 20 years, EPIC has reviewed the annual reports on the use of federal wiretap authority. EPIC also filed an amicus brief in the Carpenter case. The Supreme Court held that law enforcement must get a warrant to obtain cell site location information.
  • EPIC Warns Appellate Court of Google’s Flawed, Secretive, Massive File Scanning Program » (Mar. 29, 2019)
    EPIC has filed an amicus brief in United States v. Wilson, a case concerning Google’s scanning of billions of personal files for suspected unlawful content, at the behest of the federal government. EPIC argued that “because neither Google nor the Government explained how the image matching technique actually works or presented evidence establishing accuracy and reliability, the Government’s search was unreasonable.” EPIC also explained that “the lower court made a key mistake” by confusing file hashing, which uniquely identifies a file, and image matching, which is prone to false positives. Last year, EPIC filed an amicus brief in a similar case, United States v. Miller. EPIC has promoted algorithmic transparency for many years. EPIC routinely submits amicus briefs on the application of the Fourth Amendment to investigative techniques.
  • Appeals Court Refuses to Find Dating App Liable in Abuse Case » (Mar. 28, 2019)
    A federal appellate court has refused to find a dating app liable for failing to remove a false profile that enabled abusive conduct. EPIC filed an amicus brief in Herrick v. Grindr, arguing that the law Section 230 of the Communications Decency Act was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if internet services are not accountable for harassment and abuse. EPIC routinely files friend of the court briefs in cases concerning emerging privacy and civil liberties issues.
  • Senators Question DOJ About Surveillance of Americans' Location Data » (Mar. 26, 2019)
    A bipartisan group of Senators, including Senator Patrick Leahy, sent a series of questions last week to Attorney General William Barr about the government's surveillance of Americans' location data. The Senators specifically asked how the Supreme Court's decision in Carpenter v. United States has impacted government surveillance programs. In Carpenter, the Court ruled that the government could not collect cell phone location data without a warrant, even if that data was held by the phone company. The Senator's questions concern possible collection of location data by intelligence agencies as well as during criminal investigations. EPIC has sued the Department of Justice to obtain records of the number of surveillance applications for location data submitted by federal prosecutors in prior years. EPIC also filed a "friend of the court" brief in Carpenter, and urged the Court to extend Constitutional protection to cell phone data. EPIC also provides the public with access to and information about the federal wiretap reports, which provide important statistics about the use of other surveillance authorities. These reports have not yet been updated to address location data collection.
  • Supreme Court Hears Arguments in Case About FCC Privacy Rules » (Mar. 26, 2019)
    The Supreme Court has heard oral arguments in PDR Network v. Carlton & Harris Chiropractic, which concerns a company's efforts to disregard an FCC rule about junk faxes. EPIC filed an amicus brief in the case. In the brief, EPIC explained that permitting companies to avoid FCC rules "will exclude the voices of consumers" in agency decision making. EPIC also explained that the company's efforts to sidestep agency rules will benefit those "who have resources to attack FCC rules." EPIC contributed to the development of the robocall and junk fax laws. EPIC has since worked to ensure that telephone users are protected from invasive practices through agency comments and amicus briefs in cases such as ACA International and Gallion v. Charter Communications.
  • Supreme Court Won’t Disturb Data Breach Decision » (Mar. 25, 2019)
    The Supreme Court today declined to review Zappos.com, v. Stevens, a decision that allowed consumers to sue the online retailer following a breach of their personal data. More than 24 million Zappos customers were affected by the breach, which included account numbers and passwords. Zappos tried to block the lawsuit, claiming that consumers had to show additional damages. The Ninth Circuit rejected that argument, and the Supreme Court left the decision of the appeals court in place. EPIC has filed amicus briefs in similar data breach cases, including Attias v. Carefirst, arguing that if "companies fail to invest in reasonable security measures, then consumers will continue to face harm from data breaches.” EPIC regularly files amicus briefs defending consumer privacy and addressing emerging privacy challenges.
  • EPIC to Supreme Court: Access to Commercial Records is Critical for Government Oversight » (Mar. 22, 2019)
    EPIC has filed an amicus brief urging the Supreme Court to protect the public's right to access commercial information held by federal agencies. EPIC described several of its own FOIA case -- including the now defunct airport body scanner program and the ongoing probe of Facebook -- where access to commercial records made possible meaningful oversight and reform. EPIC also warned that private parties, "acting on behalf of public agencies and with public funding," often hide their activities. EPIC wrote, "The public must have access to commercial information in agency records to conduct effective oversight of government programs that implicate privacy." EPIC has filed several amicus briefs for the US Supreme Court and other federal courts in Freedom of Information Act cases. Twenty members of the EPIC Advisory Board, distinguished experts in law, technology, and public policy, signed the brief. The case is Food Marketing Institute v. Argus Leader Media, No. 18-481.
  • ANALYSIS: Justice Thomas Charts Path for Consumer Privacy Cases » (Mar. 21, 2019)
    In his dissenting opinion in Frank v. Gaos, Justice Thomas set out two key guidelines for future consumer privacy litigation. First, Justice Thomas said that consumer privacy cases could go forward when a "private right" is violated, such as when a violation of a federal privacy law is alleged. The Supreme Court adopted a somewhat more narrow standard in the Spokeo v. Robbins case. Second, Justice Thomas made clear that class action settlements must provide a "meaningful" benefit to class members, which could include monetary relief or a change in business practices. Justice Thomas opposed the settlement in Gaos, explaining "because the class members here received no settlement fund, no meaningful injunctive relief, and no other benefit whatsoever in exchange for the settlement of their claims...." Justice Thomas did not rule out cy pres remainder settlements for "disposing of unclaimed or undistributable class funds" or cy pres-only settlements that provide some actual benefit to class members. EPIC set out very similar views in an amicus brief for the Supreme Court in the Gaos case, in related amicus briefs on standing and in court filings on class action fairness, as well as an academic article calling for reform of cy pres settlements.
  • Supreme Court Remands Controversial Cy Pres Deal » (Mar. 20, 2019)
    The Supreme Court today sent Frank v. Gaos back to the lower courts because the Court could not decide if the proposed settlement in a privacy case was "fair, reasonable, and adequate" or if the case was properly before the Court. The case involves Google's disclosure of search histories to third parties without consent, a business practice that could violate several privacy laws. Under the terms of the settlement, there was no benefit to Internet users and Google was not prohibited from continuing the allegedly unlawful practice. In an amicus brief, EPIC stated, "the proposed settlement is bad for consumers and does nothing to change Google's business practices." EPIC and several organization objected to the original settlement on three separate occasions. EPIC routinely opposes settlements that fail to provide an actual benefit to Internet users. In this case, the Justices ordered the parties to address whether the Spokeo v. Robbins decision permits consumer privacy to go forward. EPIC filed a brief in Spokeo in support of consumers, and has filed similar briefs siding with consumers in several other cases.
  • Court Gives School Officials Immunity in Suit Over Search of Student's Cell Phone » (Mar. 13, 2019)
    The Eleventh Circuit has issued a decision in Jackson v. McCurry. A student's family filed the case after school officials searched her cell phone without probable cause. The appeals court ruled against the the student because the law limiting searches of student cell phones was not "clearly established." EPIC filed an amicus brief, arguing that searches of student phones should be "limited to those circumstances when it is strictly necessary" after the Supreme Court's decision in Riley v. California. EPIC wrote that "most teenagers today could not survive without a cellphone." The court recognized the need to limit school searches of cell phones, noting that "the reasoning of Riley treats cellphone searches as especially intrusive in comparison to searches incident to arrest of personal property" and that "a search of a student's cellphone might require a more compelling justification than that required to search a student's other personal effects." However, the court refused to hold that this right was "clearly established." EPIC routinely files amicus briefs in cases raising new privacy issues. EPIC has also long advocated for greater student privacy protections, including a Student Privacy Bill of Rights.
  • EPIC Files Opening Brief in Appeal to Block Census Citizenship Question » (Mar. 2, 2019)
    EPIC has filed an opening brief in the appeal to block the Census Bureau from collecting citizenship data in the 2020 Census. EPIC told the D.C. Circuit that the Census Bureau failed to complete privacy impact assessments required by law. “This uninformed data collection by a federal agency is precisely what the E-Government Act prohibits,” EPIC explained. The Bureau concedes that it must complete the impact assessments but has so far failed to do so. EPIC warned the federal appeals court that “major privacy risks have not been addressed by the agency.” EPIC has filed numerous successful lawsuits to require privacy impact assessments, including EPIC's case that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.).
  • Human Rights Court Accepts EPIC Intervention in Government Hacking Case » (Feb. 25, 2019)
    The European Court of Human Rights has accepted EPIC's request to intervene in a case concerning the legal standards for government remote hacking. Privacy International v. United Kingdom asks whether remote hacking or the use of malware by UK intelligence services violates the European Convention on Human Rights. Privacy International alleged that the hacking violates Articles 8 and 10 of the Convention, which protect right to privacy and the right to freedom of expression. EPIC previously filed a brief with the Court of Human Rights in Big Brother Watch v. UK, which found UK mass surveillance violated fundamental rights to privacy and freedom of expression. EPIC also participated as amici in Apple v. FBI, concerning a court order that would have required Apple to assist the FBI hack a seized iPhone.
  • EPIC Urges Supreme Court to Preserve Public Voice in Robocall and Junk Fax Law » (Feb. 14, 2019)
    EPIC has filed an amicus brief urging the Supreme Court to safeguard FCC rules that protect the public from robocalls and junk faxes. The case, PDR Network v. Carlton & Harris Chiropractic, concerns a company's efforts to disregard an FCC rule about junk faxes. EPIC explained that permitting companies to avoid FCC rules "will exclude the voices of consumers" in agency decision making. EPIC also explained that the company's efforts to sidestep agency rules will benefit those "who have resources to attack FCC rules." EPIC contributed to the development of the robocall and junk fax laws. EPIC has since worked to ensure that telephone users are protected from invasive practices through agency comments and amicus briefs in cases such as ACA International and Gallion v. Charter Communications.
  • Unanimous Decision in Illinois Supreme Court Ensures Strict Limits on Biometric Data Collection » (Jan. 25, 2019)
    The Illinois Supreme Court ruled today in Rosenbach v. Six Flags, a case about a state privacy law that protects biometric data. Parents sued the theme park after it collected a child's fingerprints, charging a violation of the Illinois biometric privacy law. The theme park claimed that it was necessary to show some additional harm, but the Illinois Court held that when companies violate the law, "the injury is real and significant." EPIC filed a "friend of the court" brief in the case, arguing that the biometric privacy law "imposes clear responsibilities on companies that collect biometric identifiers" and that if these provisions are "not enforced, the statute's subsequent provisions are of little consequence." EPIC has long advocated for strict limits on use of biometric data. EPIC also filed an amicus brief the OPM data breach, a case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case.
  • Federal Court Rules Police May Not Compel Passenger ID During Traffic Stop » (Jan. 22, 2019)
    The Ninth Circuit has ruled that the police violated the Fourth Amendment when they asked a passenger to provide identification. The Court found that "a demand for a passenger's identification is not part of the mission of a traffic stop." As the court explained, "The identity of a passenger...will ordinarily have no relation to a driver's safe operation of a vehicle." EPIC filed a "friend of the court" brief in a similar case before the Supreme Court in 2004. In Hiibel v. Sixth Judicial District, the Supreme Court narrowly upheld a state identification law for the driver of a vehicle. EPIC argued in Hiibel that "A name is now no longer a simple identifier: it is the key to a vast, cross-referenced system of public and private databases, which lay bare the most intimate features of an individual's life." EPIC also filed amicus brief in Watchtower Bible v. Stratton, concerning the right of anonymity. In that case the Supreme Court ruled that an ordinance requiring door-to-door petitioners to obtain a permit and identify themselves violated the First Amendment.
  • Senator Leahy Questions Barr about Carpenter Privacy Case » (Jan. 15, 2019)
    During the nomination hearing for the next Attorney General, Senator Leahy asked Mr. Barr whether the Supreme Court's recent decision in the Carpenter case affected his views on privacy. "You had said that a person has no Fourth Amendment right to these records left in the hands of third parties—the third-party doctrine—which seems to be undercut by Carpenter," observed Senator Leahy. Barr responded, somewhat surprisingly, that he had "not read that decision" but "it may modify [his] views." Senator Leahy said he would expect an answer from the nominee to a written question. EPIC filed an amicus brief in Carpenter. The Supreme Court ruled that the Fourth Amendment protects location records stored by telephone companies.
  • NY Court Blocks Citizenship Question in 2020 Census » (Jan. 15, 2019)
    A federal judge has ruled that the Secretary of Commerce's decision to add the citizenship question to 2020 Census was unlawful. EPIC filed an amicus brief in the case, arguing that "history has shown that personal data, collected by the government through the census, can threaten individual rights." EPIC has also sued the Department of Commerce (EPIC v. Commerce) because the agency failed to complete a Privacy Impact Assessment prior to collecting citizenship data. A 2004 EPIC FOIA lawsuit revealed that the Census Bureau provided DHS with data on Arab Americans after 9-11, leading the Census Bureau to revise its "sensitive data" policy for transfers to law enforcement and intelligence agencies.
  • EPIC Seeks to Intervene in Human Rights Case on Government Hacking » (Jan. 11, 2019)
    EPIC is requesting to intervene in a case before the European Court of Human Rights testing the human rights standards for government hacking of computers and other devices. Brought by international NGO Privacy International, Privacy International v. United Kingdom asks whether remote hacking of devices and the use of malware by UK intelligence services violate the European Convention on Human Rights. EPIC seeks to present information to the Court on the unique privacy risks of government hacking. EPIC previously filed a brief with the Court of Human Rights in Big Brother Watch v. UK, which found UK mass surveillance violated fundamental rights to privacy and freedom of expression. EPIC also participated as amici in Apple v. FBI, concerning a court order that would have required Apple to assist the FBI hack a seized iPhone.
  • Supreme Court to Consider Open Government and Fourth Amendment in 2019 » (Jan. 11, 2019)
    The Supreme Court agreed today to hear two cases of interest to privacy and open government advocates. One case concerns the withholding of "confidential" information requested under the Freedom of Information Act. EPIC recently sued the Federal Trade Commission for information about Facebook's privacy practices, but the FTC has claimed the records are confidential and therefore should not be released. The second case, Mitchell v. Wisconsin, concerns a state law that permits law enforcement officers to draw blood from unconscious motorists without a warrant. EPIC routinely participates as amicus in Supreme Court cases concerning open government and privacy issues. Both cases are expected to be decided by the end of the Court's term in June.
  • Appeals Court Hears Arguments in Dating App Abuse Case » (Jan. 9, 2019)
    A federal appeals court heard oral arguments in a case about whether a dating app is liable for failing to remove a false profile that enabled abusive conduct. EPIC filed an amicus brief in Herrick v. Grindr, arguing that the relevant law was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if internet services are not accountable for harassment and abuse. EPIC routinely files friend of the court briefs in cases concerning emerging privacy and civil liberties issues.
  • Federal Court: NYC Data Disclosure Law Violates Fourth Amendment » (Jan. 3, 2019)
    A federal court has blocked a New York City law requiring home-sharing platforms to disclose detailed personal information about users, ruling that the ordinance violates the Fourth Amendment. The law would have required companies such as Airbnb to disclose the names, contact information, financial data, and rental histories of hosts, even when no unlawful conduct was suspected. "An attempt by a municipality in an era before electronic data storage to compel an entire industry monthly to copy and produce its records as to all local customers would have been unthinkable under the Fourth Amendment," the court wrote. The court followed a Supreme Court case Los Angeles v. Patel, which prohibited the warrantless searches of hotel records. EPIC filed an amicus brief in Patel. The federal court also cited Carpenter v. United States, Byrd v. United States, Riley v. California, and United States v. Jones, Supreme Court cases in which EPIC also filed amicus briefs. The decision in Airbnb v. New York also has implications for the data collection practices of so-called Smart Cities.
  • EPIC Amicus: Unlawful Collection of Biometric Data Establishes Standing » (Dec. 18, 2018)
    EPIC has filed an amicus brief in a case concerning Facebook's collection of facial images in violation of the Illinois Biometric Information Privacy Act. In Patel v. Facebook, EPIC argued that the violation of the privacy law was sufficient for Facebook users to sue the company. EPIC said that that the legal doctrine of standing "simply requires plaintiffs to demonstrate that a defendant has invaded a concrete interest protected by the law—nothing more." Earlier in 2018, EPIC filed an amicus brief in Rosenbach v. Six Flags, another case about the Illinois biometric privacy law. EPIC routinely submits briefs in support of standing in privacy case. EPIC has also long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software.
  • In Facebook Case, Ninth Circuit Ignores Privacy Risks of Visits to Healthcare Websites » (Dec. 7, 2018)
    In a surprisingly brief opinion, the Ninth Circuit has upheld a decision to dismiss a privacy suit against Facebook concerning the collection of sensitive medical data. In Smith v. Facebook, users alleged that the company tracked their visits to healthcare websites, in violation of the websites' explicit privacy policies. In a little less than five pages, the Ninth Circuit decided that Facebook was not bound by the promises made not to disclose users' data to Facebook because Facebook has a provision, buried deep in its own policy, that allows Facebook to secretly collect such data. The court actually wrote that searches for medical information are not sensitive because the "data show only that Plaintiffs searched and viewed publicly available health information..." EPIC filed an amicus brief in the case, arguing that "consent is not an acid rinse that dissolves common sense." In 2011 Facebook settled charges with the FTC that it routinely changed the privacy settings of users to obtain sensitive personal data. The consent order resulted from detailed complaints brought by EPIC and several other consumer organizations.
  • EPIC Supports Constitutionality of "Robocall" Law » (Nov. 13, 2018)
    EPIC has filed a "friend of the court" brief in a case concerning the constitutionality of the Telephone Consumer Protection Act, the law the prohibits unwanted "robocalls." In Gallion v. Charter Communications, EPIC argued that "the TCPA prohibitions are needed now more than ever," citing the intrusiveness of marketing calls directed toward cell phones. EPIC also said the TCPA "protects important consumer privacy interests." EPIC testified in support of the TCPA and has submitted extensive comments and amicus briefs on the consumer privacy law.
  • Supreme Court Orders Additional Briefing in Consumer Privacy Case » (Nov. 6, 2018)
    The U.S. Supreme Court has ordered additional briefing in Frank v. Gaos, a case about a controversial class action settlement. Plaintiffs alleged that Google disclosed search histories to third parties in violation of various privacy laws, but settled the case with no change in business practice and no benefit to class members. Now the Supreme Court has ordered supplemental briefs to determine whether any named plaintiff has standing to pursue the dispute. EPIC filed an amicus brief about the settlement, arguing that the "proposed settlement is bad for consumers and does nothing to change Google's business practices." EPIC and several consumer privacy organizations objected to the original settlement on three separate occasions. EPIC has filed many briefs on standing in consumer privacy cases.
  • D.C. Circuit to Hear Arguments in Case on Right to Informational Privacy » (Nov. 1, 2018)
    The D.C. Circuit Court of Appeals will hear arguments Friday in a case about the 2015 data breach at the U.S. Office of Personnel and Management, which affected 22 million federal employees, their friends, and their family members. EPIC filed an amicus brief in the case, joined by forty-four technical experts and legal scholars (members of the EPIC Advisory Board). In the brief, EPIC said that "when personal data is collected by a government agency, that agency has a constitutional obligation to protect the personal data it has obtained." In the 2011 case NASA v. Nelson, EPIC urged the Supreme Court to limit data collection by federal agencies, citing the growing risk of data breach in the federal government. Arguments are scheduled to begin at 9:30 AM ET and will be streamed live.
  • Supreme Court to Hear Arguments about Controversial Consumer Privacy Settlement » (Oct. 30, 2018)
    The U.S. Supreme Court will hear arguments this week in Frank v. Gaos, a class action settlement that provided no benefit to Internet users. Google disclosed user search histories to third parties without consent, a practice that could violate federal and state privacy laws. But under the terms of the settlement, Google "will not be required or requested to make any changes" to its business practices. Also, no funds were provided to the Internet users on whose behalf the case was brought. EPIC filed an amicus brief arguing that the settlement was not "fair, reasonable, and adequate." EPIC stated, "The proposed settlement is bad for consumers and does nothing to change Google's business practices." A federal appeals court narrowly approved the settlement, 2-1, with the dissenting judge warning that courts must be on the lookout "not only for explicit collusion, but also for more subtle signs that class counsel have allowed pursuit of their own self-interests." EPIC and several consumer privacy organization objected to the original settlement on three separate occasions. EPIC routinely opposes class action settlements that fail to benefit consumers and Internet users.
  • EPIC Files Amicus in Case Concerning Government Searches and Google's Email Screening Practices » (Oct. 18, 2018)
    EPIC has filed an amicus brief with the U.S. Court of Appeals for the Sixth Circuit in United States v. Miller, arguing that the Government must prove the reliability of Google email screening technique. The lower court held that law enforcement could search any images that Google's algorithm had flagged as apparent child pornography. EPIC explained that a search is unreasonable when the government cannot establish the reliability of the technique. EPIC also warned that the government could use this technique "to determine if files contain religious viewpoints, political opinions, or banned books." EPIC has promoted algorithmic transparency for many years. EPIC routinely submits amicus briefs on the application of the Fourth Amendment to investigative techniques. EPIC previously urged the government to prove the reliability of investigative techniques in Florida v. Harris.
  • EPIC FOIA Docs Show FBI and CBP Accessed "Hemisphere" Records » (Sep. 18, 2018)
    The Drug Enforcement Agency has released to EPIC a new FOIA production about the AT&T "Hemisphere" program. Hemisphere is a massive call records database made available to government agents by the nation's largest telecommunication company. AT&T discloses to the government billions of detailed customer phone records, including location data, without judicial review. The new release to EPIC reveals that both the FBI and CBP obtained access to these call details records. EPIC filed suit against the DEA in 2013 after the agency failed to respond to EPIC's FOIA request for information about the Hemisphere program. EPIC previously argued that the names of other agencies with access to Hemisphere records should be released. In June, the Supreme Court held in Carpenter v US that government access to location data is a search subject to Fourth Amendment review. EPIC filed an amicus brief in the Carpenter case.
  • European Court of Human Rights Rules UK Surveillance Violated Human Rights » (Sep. 13, 2018)
    The European Court of Human Rights has ruled that the UK's surveillance regime, revealed by Edward Snowden, violates human rights set out in the European Convention. In consolidated cases Big Brother Watch v. UK, Bureau of Investigative Journalism v. UK, and 10 Human Rights Organizations v. UK, the Court ruled that the UK surveillance system violated Article 8, the right to privacy, because there were "inadequate" safeguards for selecting the data subject to surveillance. The Court also said "all interception regimes...have the potential to be abused," and that bulk surveillance include safeguards "to be sufficiently foreseeable to minimise the risk of abuses of power." The Court also ruled UK surveillance violated the right of free expression because the law did not sufficiently protect confidential journalistic material. EPIC filed a brief in the case explaining that the US, which transfers intelligence data to the UK, has "technological capacities" enabling "wide scale surveillance" and that US law do not restrict surveillance of non-U.S. persons abroad. EPIC casebook Privacy Law and Society explores a wide range of privacy issues, including recent decisions of the European Court of Human Rights.
  • Court: California Donor Disclosure Requirement Doesn't Violate First Amendment » (Sep. 11, 2018)
    A federal appeals court has ruled that a California law requiring nonprofit organizations to provide the state with an annual list of donors and donations does not violate the First Amendment. The Ninth Circuit concluded that the law does not significantly burden the free speech of nonprofits "because the information is collected solely for nonpublic use, and the risk of inadvertent public disclosure is slight." EPIC filed an amicus brief in the case, arguing that the reporting requirement "infringes on several First Amendment interests, including the free exercise of religion, the freedom to express views without attribution, and the freedom to join in association with others without government monitoring." EPIC also explained that California had "failed to implement basic data protection standards" for donor information. EPIC has argued for donor privacy and similar constitutional privacy rights in Packingham v. North Carolina, Doe v. Reed, and Watchtower Bible v. Stratton.
  • Appeals Court Finds Smart Meters Trigger Constitutional Scrutiny, But Data Logging is Reasonable » (Aug. 23, 2018)
    A federal appeals court has ruled that smart meters perform a "search" under the Fourth Amendment but found that their collection of household energy data is "reasonable." Smart meters periodically transmit information to public utilities about home energy consumption, which can reveal personal behavior patterns and enable real-time surveillance. "The ever-accelerating pace of technological development carries serious privacy implications," the Seventh Circuit wrote. "Smart meters are no exception." The Court held that the searches performed by smart meters are justified by cost reductions and service improvements, but the Court warned that "our conclusion could change" if the meters sent data more frequently or if law enforcement were given easier access to the data. EPIC has long warned about the privacy implications of the smart grid and filed an amicus brief in United States v. Carpenter, a recent Supreme Court case that recognized Fourth Amendment protections for cell phone location data.
  • International Privacy Experts Adopt Recommendations for Cross-Border Law Enforcement Requests for Data » (Aug. 14, 2018)
    The International Working Group on Data Protection in Telecommunications has adopted new recommendations to protect individual rights during criminal cross-border law enforcement. The Berlin-based Working Group includes Data Protection Authorities and experts who assess emerging privacy challenges. The Working Group on Data Protection calls on governments and international organisations to ensure law enforcement requests accord with international human rights norms. The Working Group recommends specific safeguards for data protection and privacy, including accountability, procedural fairness, notice and an opportunity to challenge. EPIC addressed similar issues in an amicus brief for the US Supreme Court in the Microsoft case. EPIC and a coalition of civil society organizations recently urged the Council of Europe to protect human rights in the proposed revision to the Convention on Cybercrime. In April 2017, EPIC hosted the 61st meeting of the IWG in Washington, D.C. at the Goethe-Institut, Germany's cultural institute.
  • EPIC Urges Supreme Court to Protect Internet Users in Controversial Class Action Settlement » (Jul. 16, 2018)
    EPIC has filed an amicus brief in Frank v. Gaos, concerning a class action settlement that provided no benefit to Internet users and no change in the business practices of defendant Google. EPIC said the settlement was not "fair, reasonable, and adequate." The case involves Google's disclosure of Internet user search histories to third parties without user consent, a business practice that could violate federal and state privacy law. EPIC stated, "The proposed settlement is bad for consumers and does nothing to change Google's business practices." A federal appeals court narrowly approved that settlement, 2-1, with the dissenting judge warning that courts must be on the lookout "not only for explicit collusion, but also for more subtle signs that class counsel have allowed pursuit of their own self-interests." EPIC said that, "cy pres requires vigilant judicial oversight to guard against the risks of collusion and ensure that judges are not rubber-stamping settlements that pay attorneys while failing to benefit class members." EPIC and several consumer privacy organization objected to the original settlement on three separate occasions. EPIC routinely opposes class action settlements that fail to provided a benefit to Internet users.
  • EPIC Urges Illinois Supreme Court to Uphold Strict Limits on Biometric Data Collection » (Jul. 5, 2018)
    EPIC has filed an amicus brief with the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corp, about the collection of a child's biometric data in violation of the Illinois Biometric Information Privacy Act. EPIC explained that the Illinois biometric law "imposes clear responsibilities on companies that collect biometric identifiers" and said the company had failed to comply with the state law. EPIC made clear that "collection is the threshold safeguard in privacy law" and if corresponding provisions are "not enforced, the statute’s subsequent provisions are of little consequence." EPIC first identified the risk of collecting biometric data from children entering amusement parks in a 2005 report "Theme Parks and Your Privacy." The state of Illinois adopted the nation's first biometric privacy law in 2008. EPIC has long advocated for strict limits on use of biometric data. EPIC also routinely submits amicus briefs, including in the recent OPM data breach case that concerned the breach of 5.1 million fingerprints, precisely the same biometric data at issue in this case.
  • EPIC Advises FCC on Robocalls Regulation » (Jun. 29, 2018)
    EPIC advised the FCC on how to interpret the Telephone Communications Protection Act to best protect consumers in light of the recent decision in ACA Int'l v. FCC. EPIC filed a friend of the court brief in that case arguing that consumers could revoke consent by any "reasonable means." The court agreed but vacated other aspects of the rule. Many industry groups urged the Commission to make a rule that if "any" human intervention is involved in the dialing or sorting of the list of numbers a calling system would not be considered an "automatic telephone dialing system." EPIC opposed that recommendation, explaining that such a definition would allow autodialers to use deceptive tactics to evade regulation. EPIC contributed to the development of the Telephone Communications Protection Act and regularly submits comments to the FCC.
  • EPIC Urges Appeals Court to Protect Consumers Against Invasive Cookie Tracking Practices » (Jun. 27, 2018)
    EPIC has filed an amicus brief with the Ninth Circuit Court of Appeals in In re: Facebook, Inc. Internet Tracking Litigation. At issue is whether Facebook violated the privacy rights of users by tracking their web browsing even after they logged out of the platform. EPIC explained that cookies "no longer serve the interests of users" and instead "tag, track, and monitor users across the Internet." EPIC said a lower court wrongly concluded that users should develop countermeasures to assert their privacy rights. EPIC responded that it would be absurd to expect users to compete in a "technical arms race" when "Facebook's tracking techniques are designed to escape detection and the company routinely ignores users' privacy protections." EPIC first identified the privacy risks of cookie tracking in a 1997 report "Surfer Beware: Personal Privacy and the Internet." EPIC frequently participates as amicus curiae in consumer privacy cases, including hiQ Labs v. LinkedIn and Eichenberger v. ESPN.
  • Victory for Privacy: Supreme Court Says Cell Phone Location Records Protected Under Fourth Amendment » (Jun. 22, 2018)
    In a landmark ruling, the U.S. Supreme Court held that the Fourth Amendment protects location records generated by mobile phones. The government in Carpenter v. United States had obtained more than 6 months of location records without a warrant. EPIC filed a "friend-of-the-court" brief in Carpenter, signed by thirty-six technical experts and legal scholars, urging the Court to recognize that the "world has changed since Smith v. Maryland" was decided. EPIC argued that "Cell phones are now as necessary to the life of Americans as they are ubiquitous" and that users expect their location data will remain private. The Court agreed, in a decision by the Chief Justice, emphasizing the importance of protecting privacy as technology advances: "As technology has enhanced the Government's capacity to encroach upon areas normally guarded from inquisitive eyes, this Court has sought to 'assure[ ] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.'" The Court held that "an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through" a cell phone. Dissenting opinions were filed by Justices Kennedy, Thomas, Alito, and Gorsuch.
  • Apple Will Bolster Encryption Of Devices, Prevent Apps From Selling Contact Lists » (Jun. 14, 2018)
    Apple announced two measures to strengthen the privacy and security of its devices: it will close a loophole that allowed law enforcement to access devices and it will prevent apps from secretly selling contact lists. In 2016, Apple refused a demand by the FBI to build backdoor access to iPhones to allow the FBI to unlock the phone of a criminal suspect. The FBI sued Apple, and EPIC filed an amicus brief in support of Apple, arguing that the FBI's demand "places at risk millions of cell phone users across the United States." The FBI eventually dropped the case. In a privacy complaint to the FTC, EPIC also opposed Google's plan to launch "Buzz," a social networking service, with private address book information. Google later backed off the plan and shuttered Buzz. In 2015, EPIC gave the Champion of Freedom Award to Apple CEO, Tim Cook, for his work protecting privacy and promoting encryption.
  • EPIC Advises FCC on Robocalls Regulation » (Jun. 13, 2018)
    EPIC advised the FCC on how to interpret the Telephone Communications Protection Act to best protect consumers in light of a recent decision in ACA Int'l v. FCC. EPIC filed a friend of the court brief in that case arguing that consumers could revoke consent by any "reasonable means." The court agreed but vacated other aspects of the rule. EPIC's comments argue that the FCC should require callers to meet three conditions to simplify the revocation of consent: (1) inform consumers of their right to revoke, (2) provide a simple means of revocation, and (3) comply in a timely manner. EPIC contributed to the development of the Telephone Communications Protection Act and regularly submits comments to the FCC.
  • EPIC Urges Appeals Court to Deny Immunity for Dating App that Ignores Egregious Abuse » (Jun. 1, 2018)
    EPIC has filed an amicus brief in a case about whether a dating app should be liable for failing to remove false profiles, including name and likeness, that posed a danger to personal safety. In Herrick v. Grindr, LLC, EPIC told the Second Circuit Court of Appeals that Section 230, a provision in the Communication Decency Act, was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC emphasized that a lower court opinion "would not advance the speech-promoting policy of the statute." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if Internet services are not accountable for harassment and abuse. EPIC frequently participates as amicus curiae in cases concerning emerging privacy and civil liberties issues, including hiQ Labs v. LinkedIn and Eichenberger v. ESPN.
  • EPIC to DC Circuit: Informational Privacy is a Constitutional Right » (May. 18, 2018)
    EPIC has filed a "friend of the court" brief, joined by forty-four technical experts and legal scholars (members of the EPIC Advisory Board), in the OPM Data Breach case. The case concerns the data breach at the US Office of Personnel and Management in 2015 that affected 22 million federal employees, their friends, and family members. In the brief to the federal appeals court, EPIC said that "when personal data is collected by a government agency, that agency has a constitutional obligation to protect the personal data it has obtained." In a 2011 case NASA v. Nelson, EPIC urged the Supreme Court to limit data collection by federal agencies, citing the growing risk of data breach in the federal government.
  • Supreme Court: Fourth Amendment for Lawful Driver of Vehicle Regardless of Rental Agreement » (May. 14, 2018)
    The U.S. Supreme Court ruled today that a driver in lawful possession of a rental car has a reasonable expectation of privacy regardless of a rental car agreement. The Court held in Byrd v. United States that, "the mere fact that a driver in lawful possession or control of a rental car is not listed on the rental agreement will not defeat his or her otherwise reasonable expectation of privacy." EPIC filed an amicus brief in the case, joined by 23 technical experts and legal scholars members of the EPIC Advisory Board, which stated that "relying on rental contracts to negate Fourth Amendment standing would undermine legitimate expectations of privacy." EPIC also urged the Court to recognize that a modern car collects vast troves of personal data and "make little distinction between driver and occupant, those on a rental agreement and those who are not." EPIC routinely participates as amicus curiae in cases before the Supreme Court, such as in United States v. Microsoft Corp., Dahda v. United States, and United States v. Jones.
  • Supreme Court: Government's Reading of Wiretap Act 'Makes Little Sense' » (May. 14, 2018)
    The Supreme Court has ruled in Dahda v. United States, a case about the federal Wiretap Act and the suppression of evidence obtained under an overly broad wiretap order. A lower court permitted the evidence, relying on a novel interpretation of the Act. EPIC filed an amicus brief in the case, arguing that "it is not for the courts to create textual exceptions" to federal privacy laws. The Supreme Court agreed with EPIC that it "makes little sense" for the court to rewrite the statute. However, the Court declined to suppress the evidence, finding that it was a lawful search under a narrow interpretation of the Wiretap Act. EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, including Byrd v. United States (a case in which the Court rejected suspicionless searches of rental cars) and Carpenter v. United States (a case about warrantless searches of cellphone location records).
  • Appeals Court: Border Searches of Cell Phones Require 'Reasonable Suspicion' » (May. 10, 2018)
    A federal appeals court has ruled that U.S. border officials may not conduct a forensic search of a mobile device without a "reasonable suspicion" that the device contains evidence of a crime. The court's decision followed Riley v. California, a 2014 Supreme Court case holding that the Fourth Amendment requires police to obtain a warrant to search a cell phone. EPIC filed an amicus brief in the Riley case, cited by the Supreme Court, about the detailed personal data stored in cell phones. EPIC's Alan Butler predicted that the Riley decision would lead courts to require "reasonable suspicion" for border searches. EPIC recently filed a FOIA suit against against a federal agency for information about the warrantless searches of cell phones. Senator Patrick Leahy (D-VT) and Senator Steve Daines (R-MT) have introduced legislation to place restrictions on searches and seizures of electronic devices at the border.
  • Supreme Court To Review Fairness of Cy Pres Awards In Class Action Settlements » (Apr. 30, 2018)
    The Supreme Court today granted certiorari to address for the first time whether a class action settlement that awards cy pres but provides no direct relief to class members is "fair, reasonable, and adequate." The case, Frank v. Gaos, involves a settlement arising from Google's tracking of Internet users by circumventing their browsers' privacy settings. The settlement awarded cy pres funds to several organizations but resulted in no change in Google's business practices nor payments to class members. EPIC objected to the proposed settlement on three separate occasions, arguing that, "The proposed settlement is bad for consumers and does nothing to change Google's business practices. The company will simply revise its notice so that it may continue to engage in the privacy-invading practice that class counsel claimed at one time provided the basis for class action certification and monetary relief." EPIC has routinely opposed class action settlements that fail to compensate class members or change business practices. In 2013, Chief Justice John Roberts wrote that the Court would soon need to address "fundamental concerns" surrounding the use of cy pres in class action settlements. EPIC has proposed an objective basis to evaluate cy pres awards.
  • Supreme Court Vacates Microsoft Email Privacy Case » (Apr. 17, 2018)
    The Supreme Court has vacated United States v. Microsoft, a case concerning whether a U.S. communications law can be used by a U.S. law enforcement agency to obtain personal data stored outside of the U.S. While the case was pending, the Congress quickly passed the CLOUD Act, which requires internet companies to hand over personal data to U.S. law enforcement agencies, no matter where that data is stored. The Court then determined that there was no longer a matter to adjudicate and ended the proceeding. EPIC's amicus brief to the Supreme Court argued that human rights law and privacy standard should govern law enforcement access to personal data stored abroad. In recent comments to the UN, EPIC explained that the CLOUD Act "undermines communications privacy protections."
  • DC Circuit Sets Briefing Schedule in Information Privacy Case » (Mar. 26, 2018)
    The D.C. Circuit has set the briefing schedule for the OPM Data Security Breach case, concerning a pair of data breaches in 2015 that affected 22 million federal employees, their friends, and family members. EPIC recently informed the Court that it will file an amicus brief, which will now be due on May 17, 2018. EPIC has long warned that federal agencies collect far too much personal data that they fail to protect. In the 2012 case NASA v. Nelson, concerning repeated data breaches at the space agency, EPIC urged the Supreme Court to recognize a right to "informational privacy" that would limit data collection by federal agencies.
  • CLOUD Act Enacted, Allows Law Enforcement Access to Data Stored Abroad » (Mar. 26, 2018)
    President Trump has signed the CLOUD Act, requiring internet companies to hand over personal data to U.S. law enforcement agencies, no matter where that data is stored. The Act also allows the executive branch to create agreements with foreign countries to provide direct access to personal data stored in the United States. EPIC submitted an amicus brief in United States v. Microsoft arguing that law enforcement access to data abroad should be resolved by international consensus and comply with human rights norms. Many organizations and privacy experts have endorsed the Madrid Privacy Declaration, which would establish international protections for personal data.
  • D.C. Circuit Affirms "Consent" Protection in FCC Robocall Rule » (Mar. 16, 2018)
    A federal appeals court ruled today in a closely watched case concerning robocalls. The rule under review in ACA International v. FCC concerned the FCC's regulations for the Telephone Consumer Protection Act. EPIC filed a friend of the court brief in the case in support of the FCC regulations. EPIC said that companies "seeking to engage in privacy-invading business practices" bear "the burden of proving consent." The court agreed that consumers could withdraw consent by all "reasonable means." However, the court vacated other aspects of the rule, including the definition of automated telephone dialing system and proposed procedures for calls to reassigned numbers.
  • EPIC to File Brief in D.C. Circuit on Right to Information Privacy » (Mar. 15, 2018)
    EPIC has informed the D.C. Circuit Court of Appeals that it will file an amicus brief in the OPM Data Security Breach case. The case concerns a pair of data breaches in 2015 that affected 22 million federal employees, their friends, and family members. EPIC has long warned that federal agencies collect far too much personal data that they fail to protect. In the 2012 case NASA v. Nelson, concerning repeated data breaches at the space agency, EPIC urged the Supreme Court to recognize a right to "informational privacy" that would limit data collection by federal agencies.
  • EPIC Urges Appeals Court to Uphold Fourth Amendment Protections for Searches of Students' Cell Phones » (Mar. 13, 2018)
    EPIC has filed an amicus brief with the Eleventh Circuit Court of Appeals in Jackson v. McCurry, stating that teachers may not search a student's cell phone unless they have followed an explicit school policy that complies with Fourth Amendment requirements. Citing a recent Supreme Court opinion, EPIC explained, "after Riley, searches of students' cell phones require heightened privacy protections." Noting that "most teenagers today could not survive without a cellphone," EPIC wrote that searches of cell phones should be "limited to those circumstances when it is strictly necessary." EPIC previously participated as amicus curiae in Riley v. California, arguing that the search of a cellphone requires a warrant, and Commonwealth v. White, a case before the Massachusetts Supreme Judicial Court, arguing that a warrant is required before a school may turn over a student's cell phone to the police. Both cases produced favorable outcomes.
  • Appeals Court Revives Data Breach Suit Against Zappos » (Mar. 9, 2018)
    A federal appeals court has ruled that consumers affected by a Zappos.com data breach have the right to sue the online retailer. The 2012 breach exposed the personal data of more than 24 million Zappos customers. A lower court previously held that the consumers lacked "standing" to bring a lawsuit against Zappos because their injuries were merely "conjectural." But the Ninth Circuit Court of Appeals reversed that decision and allowed the case to continue. "With each new hack comes a new hacker, each of whom independently could choose to use the data to commit identity theft," the court wrote. EPIC regularly files amicus briefs defending standing in consumer privacy cases, most recently in Eichenberger v. ESPN (where the Ninth Circuit also held for consumers), Gubala v. Time Warner Cable, and In re SuperValu Customer Data Security Breach Litigation.
  • EPIC Amicus: Supreme Court Divided Over Microsoft Stored Communications Case » (Feb. 28, 2018)
    This week, the Supreme Court heard arguments in United States v. Microsoft Corps., a case concerning law enforcement access to personal data stored in Ireland. The Court appeared divided during the argument, but both Justice Ginsburg and Justice Alito appeared to agree that Congress and not the Court was better positioned to find a solution. In an amicus brief, EPIC urged the Supreme Court to respect international privacy standards. EPIC wrote, the "Supreme Court should not authorize searches in foreign jurisdictions that violate international human rights norms." EPIC cited important cases from the European Court of Human Rights and the European Court of Justice. EPIC warned that "a ruling for the government would also invite other countries to disregard sovereign authority." EPIC has long supported international standards for privacy protection, and EPIC has urged U.S. ratification of the Council of Europe Privacy Convention. EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, most recently in Carpenter v. United States (privacy of cellphone data), Byrd v. United States (searches of rental cars), and Dahda v. United States (wiretapping).
  • Court Rules that Users have Standing to Sue Facebook about Facial Recognition » (Feb. 27, 2018)
    The Northern District of California has ruled that Facebook users have standing to pursue a class action challenging Facebook's use of facial recognition software. The court said that the Illinois Biometric Information Privacy Act requires plaintiffs only to show that Facebook has unlawfully collected their biometric data without their consent. Facebook sought to dismiss the suit by arguing that the Supreme Court's decision in Spokeo v. Robins required the plaintiffs to show additional harm. EPIC submitted a friend-of-the-court brief in Spokeo, arguing that courts should not second-guess privacy laws. The Ninth Circuit Court of Appeals recently agreed with EPIC that internet users have standing when a company has disclosed their personal information in violation of the Video Privacy Protection Act.
  • Court of Appeals Restores FTC's Authority Over "Common Carriers" » (Feb. 26, 2018)
    The Ninth Circuit Court of Appeals has ruled in FTC v. AT&T that the Federal Trade Commission can regulate telephone and internet companies, reversing an earlier decision by a three-judge panel that stripped the FTC of its authority over "common carriers." The full Ninth Circuit held that the common carrier exemption to the FTC Act is activity-based, not status-based. This means that the FTC can regulate AT&T's data-throttling practices. The Ninth Circuit reached the result that EPIC and a coalition of consumer advocates had urged in a friend-of-the-court brief. EPIC also vigorously defended the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards" in an amicus brief in FTC v. Wyndham.
  • EPIC Amicus: Supreme Court to Hear Arguments in Wiretap Act Case » (Feb. 20, 2018)
    The Supreme Court will hear arguments this week in Dahda v. United States, a case concerning the federal Wiretap Act and the suppression of evidence obtained following an invalid wiretap order. The Wiretap Act requires exclusion of evidence obtained as a result of an invalid order, but a lower court denied suppression in the case even though the order was unlawfully broad. In an amicus brief, EPIC wrote that "it is not for the courts to create textual exceptions" to federal privacy laws. EPIC explained that Congress enacted strict and unambiguous privacy provisions in the Wiretap Act. "If the government wishes a different outcome," EPIC wrote, "then it should go to Congress to revise the statute." EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, most recently in Byrd v. United States (suspicionless searches of rental cars) and Carpenter v. United States (warrantless searches of cellphone location records).
  • Supreme Court Leaves Data Breach Decision In Place » (Feb. 20, 2018)
    The Supreme Court has denied a petition for a writ of certiorari in Carefirst, Inc. v. Attias, a case concerning standing to sue in data breach cases. Consumers had sued health insurer Carefirst after faulty security practices allowed hackers to obtain 1.1 million customer records. EPIC filed an amicus brief backing the consumers, arguing that if "companies fail to invest in reasonable security measures, then consumers will continue to face harm from data breaches." The federal appeals court agreed with EPIC and held that consumers may sue companies that fail to safeguard their personal data. Carefirst appealed the decision, but the Supreme Court chose not to take the case. EPIC regularly files amicus briefs defending standing in consumer privacy cases, most recently in Eichenberger v. ESPN, where the Ninth Circuit also held for consumers, as well as Gubala v. Time Warner Cable and In re SuperValu Customer Data Security Breach Litigation.
  • EPIC Challenges Facebook Privacy Settlement » (Feb. 2, 2018)
    EPIC has filed an amicus brief with a federal appeals court urging the court to reject a proposed class action settlement over Facebook's practice of scanning private messages. EPIC challenged the settlement because it did not require Facebook to stop scanning private messages. In fact, the company can continue scanning messages by simply burying a notice on its website. Also, there was no compensation to Internet users for the prior violation of federal and state laws. EPIC is dedicated to class action fairness in privacy cases and has objected to many similar settlements that failed to provide actual benefits to Internet users. EPIC recently opposed a settlement with Google that allows the company to continue tracking web users. EPIC also opposed a settlement with Facebook in 2014 that allowed the company to continue an unlawful practice.
  • In Supreme Court Brief, EPIC Backs International Privacy Standards » (Jan. 18, 2018)
    EPIC has filed an amicus brief in United States v. Microsoft, a case before the US Supreme Court concerning law enforcement access to personal data stored in Ireland. EPIC urged the Supreme Court to respect international privacy standards and not to extend U.S. domestic law to foreign jurisdictions. EPIC wrote, the "Supreme Court should not authorize searches in foreign jurisdictions that violate international human rights norms." EPIC cited important cases from the European Court of Human Rights and the European Court of Justice. EPIC has long supported international standards for privacy protection, and EPIC has urged U.S. ratification of the Council of Europe Privacy Convention. EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, most recently in Carpenter v. United States (privacy of cellphone data), Byrd v. United States (searches of rental cars), and Dahda v. United States (wiretapping).
  • Supreme Court to Hear Arguments in Rental Car Search Case » (Jan. 8, 2018)
    The Supreme Court will hear arguments in Byrd v. United States, concerning the warrantless search of a rental vehicle. EPIC filed an amicus brief in the case urging the Supreme Court to recognize that a modern car collects vast troves of personal data. EPIC explained cars today "make little distinction between driver and occupant, those on a rental agreement and those who are not." EPIC pointed to the routine collection of cell phone contents with a Bluetooth connection, data which is stored in the car even after "deletion." EPIC also emphasized that the status of the driver has no bearing on Fourth Amendment privacy interests. EPIC's Natasha Babazadeh prepared an explainer video of the case.
  • Group Asks Supreme Court to Weigh In on Fairness of Google Tracking Settlement » (Jan. 8, 2018)
    The Center for Class Action Fairness has asked the U.S. Supreme Court to decide whether a settlement that awards funds to certain organizations and fails to compensate injured class members is fair. The settlement involved Google's tracking of Internet users in violation of users' privacy settings but resulted in no change in business practices or payment to class members. Some of the organizations that received class settlement funds are separately funded by Google. EPIC recently filed an amicus brief opposing a similar settlement in a related class action against Google. EPIC has also opposed settlements against Facebook and Google that failed to compensate class members or change business practices. EPIC President Marc Rotenberg has proposed an objective basis to evaluate settlement proposals. The Supreme Court has yet to address cy pres fairness, but Chief Justice John Roberts, in Marek v. Lane concerning Facebook's Beacon program, echoed the concerns of EPIC when he wrote that the "vast majority of Beacon's victims" got nothing.
  • Federal Appeals Court Dismisses Privacy Case Against Connected Car Makers » (Dec. 21, 2017)
    A federal appeals court has ruled that consumers don't have the right to seek legal relief from automakers whose connected cars endanger their privacy because the risk of remote hacking is "speculative." EPIC filed an amicus brief in the case warning that connected cars "expose American drivers to the risks of data breach, auto theft, and physical injury." EPIC urged the court to allow consumers to "the opportunity to present legal claims stemming from the defendants' sale of vehicles that place them at risk." But the court wrongly downplayed the consumers' privacy injuries and dismissed the case. EPIC recently urged the Supreme Court to reject warrantless searches of rental cars, which today collect vast troves of personal data. EPIC has filed numerous other amicus briefs defending consumer privacy rights, and EPIC has repeatedly warned the National Highway Traffic Safety Administration, the Federal Trade Commission, and the U.S. Congress about the privacy and consumer safety risks posed by connected vehicles.
  • EPIC Urges Supreme Court to Preserve Wiretap Act Suppression Remedy » (Dec. 7, 2017)
    EPIC has filed an amicus brief in Dahda v. United States, a case concerning the federal Wiretap Act and the suppression of evidence obtained following an invalid wiretap order. The Wiretap Act requires exclusion of evidence obtained as a result of an invalid order. However, the lower court denied suppression even though the order was invalid. EPIC wrote that “it is not for the courts to create atextual exceptions” to federal privacy laws. EPIC explained that Congress enacted broad and unambiguous privacy provisions in the Wiretap Act. “If the government wishes a different outcome,” EPIC wrote, “then it should go to Congress to revise the statute.” EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, most recently in Byrd v. United States (suspicionless searches of rental cars) and Carpenter v. United States (warrantless searches of cellphone location records).]
  • EPIC Amicus - Ninth Circuit Holds Violation of Video Privacy Law Establishes 'Standing' » (Nov. 29, 2017)
    The Ninth Circuit issued an opinion today that addressed standing — the right to bring a lawsuit — under the Video Privacy Protection Act. The court found that the law protects a "substantive right to privacy that suffers any time a video service provider discloses otherwise private information." The court stated that a "plaintiff need not allege any further harm to have standing." EPIC filed an amicus letter brief in response to the court's request for parties to discuss standing following the Supreme Court decision in Spokeo v. Robbins. EPIC urged the court to recognize that "Congress intended to protect consumers' concrete interests in the confidentiality of their video viewing records." Contrasting with the Spokeo decision concerning the Fair Credit Reporting Act, the federal appeals court agreed that the video privacy law protects a "substantive interest." However, the court found that "personally identifiable information" was not disclosed by ESPN. EPIC has filed amicus briefs defending consumers in several cases after the Spokeo decision, including in Attias v. Carefirst, Gubala v. Time Warner Cable, and In re SuperValu Customer Data Security Breach Litigation.
  • EPIC Challenges Google Cookie Tracking Settlement as Unfair to Class Members » (Nov. 22, 2017)
    EPIC filed an amicus with a federal appeals court urging the court to reject a proposed class action settlement in a consumer privacy case. The case involved Google tracking internet users in violation of the users' privacy settings. EPIC said the settlement resulted in no change in business practices and wrongly awarded cy pres funds to organizations that Google would otherwise support. The settlement was also opposed by the Attorneys General of thirteen states. EPIC, the Center for Digital Democracy, and US PIRG were the groups that warned the FTC in 2007 that the Google-DoubleClick merger would lead to the internet tracking practices at issue in the settlement. EPIC's 2010 FTC complaint regarding Google Buzz also led to the FTC's Consent Order with Google that enabled the Commission to pursue related charges against Google. EPIC has proposed an objective basis for courts to make determinations in consumer privacy cases that protect the interests of class members and avoid the risk of collusion between the parties in settlement.
  • EPIC Urges Supreme Court to Steer Clear of Warrantless Vehicle Searches » (Nov. 20, 2017)
    EPIC has filed an amicus brief in Byrd v. United States, a case about warrantless searches of rental vehicles. EPIC urged the Supreme Court to recognize that a modern car collects vast troves of personal data. EPIC explained cars today "make little distinction between driver and occupant, those on a rental agreement and those who are not." EPIC pointed to the routine collection of cell phone contents with a Bluetooth connection, data which is stored in the car even after "deletion." EPIC also emphasized that the status of the driver has no bearing on Fourth Amendment privacy interests. The lower court held that because the driver was not an authorized renter, he was not entitled to privacy protection. EPIC has filed extensive comments with the National Highway Traffic Safety Administration, the Federal Trade Commission and the Department of Transportation, and testified before the U.S. Congress regarding the privacy and consumer safety risks posed by connected vehicles. EPIC also routinely participates as amicus curiae in cases before the Supreme Court, such as in United States v. Jones, Riley v. California, and Florida v. Harris.
  • European Court of Human Rights Hears Key Surveillance Challenge » (Nov. 7, 2017)
    European Court of Human Rights has heard 10 Human Rights Organizations v. UK, a legal challenge which will impact surveillance practices around the world. The organizations who brought the case argue that surveillance by UK and US intelligence services violated their fundamental rights. In today's hearing, the groups' legal representative characterized the government's position as "trust us and we will keep you safe." Instead, she called for a "framework to ensure...public authorities are doing no more than is truly proportionate and are only using these very intrusive powers when they're necessary." EPIC filed a brief in the case explaining that the NSA's "technological capacities" enable "wide scale surveillance" and that U.S. statutes do not restrict surveillance of non-U.S. persons abroad. EPIC casebook Privacy Law and Society explores a wide range of privacy issues, including recent decisions of the European Court of Human Rights.
  • EPIC Defends User Privacy in Case Concerning hiQ Labs "Scraping" of Personal Data » (Oct. 11, 2017)
    EPIC has filed an amicus brief in hiQ Labs, Inc. v. LinkedIn Corp., a case concerning the use of personal data provided by Internet users to LinkedIn. A lower court ordered LinkedIn to provide LinkedIn user data to hiQ Labs, a data analytics firm that scores employees and provides secret intelligence to employers about "flight risk." EPIC argued that, "the lower court has undermined the fiduciary relationship between LinkedIn and its users." EPIC also said the order is "contrary to the interests of individual LinkedIn users" and contrary to the public interest "because it undermines the principles of modern privacy and data protection law." Siding with neither party, EPIC urged reversal to protect online privacy. EPIC routinely participates as amicus curiae in cases concerning consumer privacy.
  • Supreme Court to Hear Two Fourth Amendment Cases » (Sep. 28, 2017)
    The Supreme Court has agreed to review two Fourth Amendment car search cases. In Collins v. Virginia, the Court will decide whether police can search a vehicle parked in the driveway of a private home without first obtaining a warrant. In Byrd v. United States, the Court will decide whether a person driving a rental car loses their expectation of privacy in the vehicle solely because they are not the official driver on the rental agreement. The Court is already set to hear Carpenter v. United States this fall, a major Fourth Amendment case about warrantless searches of cell phone location data. EPIC filed a "friend-of-the-court" brief in that case urging the Court to extend Constitutional protection to cell phone data. EPIC regularly files briefs with the Supreme Court arguing for greater Fourth Amendment protections, including in Utah v. Strieff, Los Angeles v. Patel, and Riley v. California.
  • DC Court: Warrantless Tracking with "Stingray" Violates Fourth Amendment » (Sep. 22, 2017)
    The D.C. Court of Appeals has ruled that warrantless use of a cell-site simulator or "stingray" violates the Fourth Amendment. The court found that Stingray devices enable "officers who possess a person's telephone number to discover that person's precise location remotely and at will." The court held that the use of a Stingray invaded a reasonable expectation of privacy and thus, was a Fourth Amendment search. EPIC recently filed a brief in a U.S. Supreme Court case arguing that warrantless location tracking violates the Fourth Amendment. EPIC has also promoted oversight of Stingrays by law enforcement agencies. An EPIC FOIA lawsuit in 2012 revealed that the FBI was using stingrays without a warrant, and that the FBI provided Stingrays to other law enforcement agencies. EPIC has also filed amicus briefs in federal and states courts arguing that cell phone location data is protected by the Fourth Amendment.
  • Court Rules California Police Can't Avoid Public Scrutiny of License Plate Reader Program » (Aug. 31, 2017)
    The California Supreme Court ruled that the mass, indiscriminate collection of license plate data by California police cannot be shielded from public scrutiny. In response to an open records request by EFF and the ACLU of Southern California, Los Angeles area law enforcement attempted to prevent disclosure by claiming all license plate data were "investigative records." The court ruled that the license plate data of millions of law-abiding citizens was not an "investigative record." The Court stated, "It is hard to imagine that the Legislature intended for the records of investigations exemption to reach the large volume of data that plate scanners and other similar technologies now enable agencies to collect indiscriminately." EPIC filed an amicus brief in the public records case stating, "Public scrutiny is essential to counter the unique threats posed by these programs of broad-scale surveillance." Documents obtained by EPIC about the FBI's use of license plate readers showed the agency failed to address the system's privacy implications.
  • Federal Appeals Court Rules Data Breach Case May Proceed » (Aug. 30, 2017)
    A federal appeals court has ruled that a major data breach case concerning Supervalu can move forward, rejecting the grocery chain's attempt to have the lawsuit dismissed. EPIC filed an amicus brief in the case, in support of the consumers, arguing that if "companies fail to invest in reasonable security measures, then consumers will continue to face harm from data breaches." The appeals court agreed with EPIC that the lower court was wrong to dismiss the case. However, the court held that only a consumer who could demonstrate actual financial fraud could proceed with legal claims. EPIC regularly files amicus briefs defending consumers' right to sue companies that violate their privacy, including in Attias v. Carefirst, Gubala v. Time Warner Cable, and Spokeo v. Robins.
  • Supreme Court of India Rules Privacy is a Fundamental Right » (Aug. 24, 2017)
    India's Supreme Court has ruled that privacy is a fundamental right under the Indian Constitution. In a unanimous ruling, the Court explained the "right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution." The Court also recognized that "Informational privacy is a facet of the right to privacy" and modern privacy risks are caused by both the public and private sector. The ruling may impact significant cases pending in India, including a challenge to Aadhaar, India's massive biometric identification system, and WhatsApp's privacy policy change. In 2009 NGOs and privacy experts set out the Madrid Privacy Declaration, which affirmed privacy as a fundamental human right. In 2010, EPIC urged the US Supreme Court to recognize the right of "informational privacy." EPIC explained that the Whalen decision and a famous German census case, "influenced international privacy jurisprudence, resulting in the widespread recognition of the right to informational privacy." EPIC's report Privacy and Human Rights provides an overview of privacy frameworks around the world.
  • Justice Department Withdraws Demand for Disruptj20 Visitor Logs » (Aug. 23, 2017)
    Facing public outrage, the Department of Justice has rescinded a demand for over 1.3 million IP logs associated with Inauguration Day protests. DreamHost challenged the warrant, which required the web hosting service to turn over practically all records about disruptj20.org, a protest website. The Justice Department warrant could have identified protestors, threatened First Amendment protections, and violated the Fourth Amendment. After widespread opposition, the DOJ narrowed the demand to exclude visitor logs and unpublished content, such as posts and emails. EPIC opposed the DOJ's demand as it had in an earlier case involving Google search histories. EPIC also recently an amicus brief in the Supreme Court urging the Court to safeguard the First Amendment right to access information online free of government surveillance.
  • Justice Department Demands 1.3 Million IP Logs From Inauguration Protest Website » (Aug. 15, 2017)
    Federal prosecutors in Washington, DC are demanding that an internet hosting service turn over vast amounts of personally identifying data from a website used to organize Inauguration Day protests, including a reported 1.3 million IP logs. DreamHost, the hosting service, has refused to comply with the government's warrant. In a court filing DreamHost argued that prosecutors are attempting "to identify the political dissidents of the current administration" and that the government's data demand is far too broad. In 2006, EPIC opposed a similar government demand—later dropped—for week's worth of search queries entered into Google. EPIC recently filed an amicus brief in the Supreme Court urging the Court to safeguard the First Amendment right to read in the digital era.
  • EPIC Amicus - DC Circuit Upholds Right of Data Breach Victims to Seek Legal Relief » (Aug. 1, 2017)
    A federal appeals court in Washington, D.C. has ruled that consumers may sue companies that fail to safeguard their personal data. Consumers sued health insurer Carefirst after faulty security practices allowed hackers to obtain 1.1 million customer records. EPIC filed an amicus brief in the case, in support of the consumers, arguing that if "companies fail to invest in reasonable security measures, then consumers will continue to face harm from data breaches." The appeals court agreed with EPIC that the lower court was wrong to dismiss the case. "No long sequence of uncertain contingencies involving multiple independent actors has to occur before the plaintiffs in this case will suffer any harm," the Court wrote. EPIC regularly files amicus briefs defending consumer privacy and addressing emerging privacy challenges.
  • Appeals Court Considers Case that Aligns Privacy and FOI » (Jul. 13, 2017)
    The Ninth Circuit U.S. Court of Appeals heard oral arguments today in an open government case with implications for informational privacy. A group of anonymous medical employees challenged the release of personal information sought under a state public records act. EPIC filed a "friend-of-the-court" brief in the case arguing that withholding personal information is consistent with open government and constitutionally required. "Open government laws and privacy laws are complimentary: the aim is to maximize both the public's access to information about the government and to safeguard personal privacy to the greatest extent feasible," EPIC wrote. EPIC has argued for similar privacy protections in ATF v. Chicago, Chicago Tribune v. University of Illinois, Ostergren v. Cuccinelli, NASA v. Nelson, and FCC v. AT&T.
  • Google to End Email Content Scanning » (Jun. 23, 2017)
    After a decade of controversy, Google announced that it will stop scanning the content of all Gmail. Google stopped scanning e-mails for education in 2014 after a lawsuit charged that it violated wiretap laws. Google faced similar allegations in many other cases in the United States and around the world. EPIC warned about Google's e-mail scanning practices back in 2005 and filed a complaint with the FTC in 2009 over the privacy risks in Google's insecure cloud computing services, including Gmail. In 2014, EPIC led a successful campaign to stop Google from scanning student emails for commercial advertising. Last year, EPIC filed a friend-of-the-court brief in a Massachusetts case, again objecting to Google's Gmail scanning. EPIC explained in 2005 that Google's email service undermined online privacy and prevented the adoption of important security methods, such as end-to-end encryption.
  • Supreme Court: Social Media Ban Violates First Amendment » (Jun. 19, 2017)
    The U.S. Supreme Court ruled today in Packingham v. North Carolina, striking down a state law that barred people listed on a sex offender registry from accessing commercial websites that allow minors to register and communicate. The North Carolina ban covered major news sites such as the Washington Post and CNN. "[T]o foreclose access to social media altogether is to prevent the user from engaging in the legitimate exercise of First Amendment rights," the Court wrote. "Even convicted criminals—and in some instances especially convicted criminals—might receive legitimate benefits from these means for access to the world of ideas, in particular if they seek to reform and to pursue lawful and rewarding lives." EPIC filed an amicus brief in the case, joined by 30 technical experts and legal scholars, explaining that the state law violated the right to receive information, censored vast amounts of speech unrelated to protecting minors, and encouraged widespread government monitoring of all internet users. Justice Ginsburg quoted EPIC's brief at oral argument, and the justices' written opinions noted policies and studies cited in the EPIC brief. EPIC frequently files amicus briefs on emerging privacy and civil liberties issues.
  • FBI Postpones Insider Threat Database » (May. 31, 2017)
    The FBI has postponed a plan to establish an "insider threat database" of FBI employees that would have included vast amounts of personal data, such as medical diagnostics and biometric data, on FBI employees, family members, dependents, relatives, and other personal associations. EPIC submitted comments critical of the agency plan that would have also removed important Privacy Act safeguards. The Department of Justice suggested that the delay is temporary and that a similar database may still be established for Department of Justice components. EPIC has consistently warned against inaccurate, insecure, and overly intrusive government databases.
  • Court of Appeals Grants Rehearing in FTC v. AT&T Mobility » (May. 15, 2017)
    The Ninth Circuit Court of Appeals has granted rehearing of a decision that stripped the FTC of its authority over companies engaged in "common carrier" activities. The grant of rehearing vacates the court's earlier holding that the common carrier exemption to FTC authority is status-based, not activity-based. EPIC and a coalition of consumer advocates had filed a friend-of-the-court brief urging reconsideration of the court's decision, warning that the decision "could immunize from FTC oversight a vast swath of companies that engage in some degree in common carrier activity." EPIC previously filed an amicus brief in FTC v. Wyndham to defend the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards."
  • Appeals Court Rules in Video App Privacy Case » (Apr. 27, 2017)
    A Federal Court of Appeals has ruled in Perry v. CNN, a case concerning the disclosure of video viewing records. EPIC filed an amicus brief and explained that the Video Privacy Protection Act applies to all companies that collect video records, including app companies. The Appeals Court held that the plaintiff, a mobile app user, wasn't a "subscriber" under the video privacy law, following an earlier similar decision by the same court. However, the appeals court made clear that federal privacy laws, such as the Video Privacy Protection Act, provide a sufficient basis for a lawsuit without the need to show additional harm.
  • EPIC: Enhanced Surveillance at Border Will Sweep Up U.S. Citizens » (Apr. 26, 2017)
    A statement from EPIC to the House Oversight Committee for a hearing on border security warns that enhanced surveillance will impact citizens' rights. "The use of drones in border security will place U.S. citizens living on the border under ceaseless surveillance by the government." said EPIC. EPIC noted that Customs and Border Protection is already deploying drones with facial recognition technology on U.S. communities. In 2013, EPIC obtained records under the Freedom of Information Act which revealed that CBP drones could also intercept electronic communications in the United States. State laws in some border states prohibit warrantless aerial surveillance but the United States has failed to enact laws to limit drone surveillance. EPIC has sued the FAA for the agency's failure to create drone privacy safegruards as required by Congress.
  • D.C. Circuit Hears Arguments in Data Breach Case » (Mar. 31, 2017)
    A federal appeals court in Washington, D.C. heard arguments today in a major data breach suit. The faulty security practices of Carefirst, a health insurer, allowed hackers to obtain the personal information of more than 1,100,000 customers. But a lower court dismissed the case because the judge believed that consumers must suffer actual identity theft before before filing a lawsuit. EPIC's amicus brief explained that the judge misunderstood the law and confused the harm consumers eventually suffer with the failure of companies to uphold obligations to safeguard the data they choose to collect. The appellate judges today voiced similar doubts about the lower court's decision, suggesting that consumers don't have to wait until their identity is stolen to bring a lawsuit. One judge compared the case to a person putting down her driver's license to rent a Segway, only to have it stolen from the rental company. EPIC regularly files briefs defending the privacy rights of consumers.
  • EPIC Urges Court to Protect Individual Privacy in Releases of Government Docs » (Mar. 16, 2017)
    EPIC has filed a "friend-of-the-court" brief in an open government case with implications for informational privacy. A group of anonymous medical employees challenged the release of personal information sought under a state public records act. EPIC argued that withholding personal information is consistent with open government and constitutionally required. "Open government laws and privacy laws are complimentary: the aim is to maximize both the public's access to information about the government and to safeguard personal privacy to the greatest extent feasible," EPIC wrote. EPIC has argued for similar privacy protections in ATF v. Chicago, Chicago Tribune v. University of Illinois, Ostergren v. Cuccinelli, NASA v. Nelson, and FCC v. AT&T.
  • Yahoo Responds to Senators About Data Breach » (Feb. 24, 2017)
    Yahoo has responded to a letter from Senators John Thune (R-SD) and Jerry Moran (R-KS) inquiring into data breaches that exposed over a billion user records in 2013 and 2014. Yahoo said in its response that it has notified users affected by the breaches, required users who had not changed their passwords since 2014 to do so, and encouraged all users to review their passwords and security questions. Yahoo's letter also discussed the steps the company has taken to improve its security program. EPIC testified in support of strong data breach notification laws in 2009 and 2011, launched "Data Protection 2016" to make privacy a campaign issue and recently filed an amicus brief to protect the ability of consumer to sue companies that fail to protect their personal information.
  • Supreme Court to Consider Internet Censorship, EPIC Files Amicus Brief » (Feb. 24, 2017)
    The U.S. Supreme Court will hear arguments Monday in Packingham v. North Carolina. At issue is a state law that bars people listed in a sex offender registry from accessing any commercial website that allows users under 18 to create profiles and communicate online. The North Carolina ban covers major news sites such as the New York Times and CNN. Packingham was convicted for posting "Good is God" on Facebook after a traffic ticket was dismissed. EPIC filed a "friend-of-the-court" brief joined by thirty-five technical experts, legal scholars, and civil liberties organizations, EPIC explained that the law violates the First Amendment right to receive information, censors vast amounts of speech unrelated to protecting minors, and will lead to widespread government monitoring of all internet users. "The state can no more criminalize what an individual chooses to read on a personal electronic device than it can restrict the contents of a home library: the privacy of both is sacrosanct," EPIC wrote. EPIC regularly files amicus briefs with the US Supreme Court on emerging privacy and civil liberties issues. EPIC previously argued for First Amendment privacy protections in Doe v. Reed, Watchtower Bible v. Stratton, and Los Angeles v. Patel.
  • Aspen Institute Report Explores Artificial Intelligence » (Jan. 30, 2017)
    The Aspen institute released a report on the Artificial Intelligence workshop on connected cars, healthcare, and journalism. "Artificial Intelligence Comes of Age" explored issues at "the intersection of AI technologies, society, economy, ethics and regulation." The Aspen report notes that "malicious hacks are likely to be an ongoing risk of self-driving cars" and that "because self-driving cars will generate and store vast quantities of data about driving behavior, control over this data will become a major issue." The Aspen report discusses the tension between privacy and diagnostic benefits in healthcare AI and describes "some of the alarming possible uses of AI in news media." EPIC has promoted Algorithmic Transparency and has been at the forefront of vehicle privacy through testimony before Congress, amicus briefs, and comments to the NHTSA.
  • EPIC Urges Federal Appeals Court to Safeguard Donor Privacy » (Jan. 27, 2017)
    EPIC has filed a "friend-of-the-court" brief in a donor privacy case before the Ninth Circuit Court of Appeals. Under California law, nonprofit organizations are required to send the state each year a list of donors and their donations. EPIC said this reporting requirement "infringes on several First Amendment interests, including the free exercise of religion, the freedom to express views without attribution, and the freedom to join in association with others without government monitoring." EPIC traced the history of anonymous giving in Christianity, Islam, and Judaism. EPIC also explained that California has "failed to implement basic data protection standards" for donor information. In amicus briefs for the U.S. Supreme Court, EPIC has argued for similar Constitutional privacy rights in Packingham v. North Carolina, Doe v. Reed, Watchtower Bible v. Stratton, and Patel v. Los Angeles.
  • Supreme Court Won't Review Decision That Struck Down Texas Voter ID Law » (Jan. 24, 2017)
    The U.S. Supreme Court has declined to review a ruling by the Fifth Circuit Court of Appeals that a Texas voter ID law violates the Voting Right Act. The decision means that Texas won't be able to enforce the law, which poses a significant threat to voter privacy and could discourage legal voters. Last summer, the appeals court held that the Texas Law had a "discriminatory effect" on minorities' voting rights and remanded the case to the lower court. Texas petitioned the Supreme Court to review the decision, but the court refused to do so Monday. EPIC filed an amicus brief arguing that that the Texas law places an unconstitutional burden on voters' rights to informational privacy because of the excessive collection of personal data. Such bills "disenfranchise individuals who seek to protect their personal information from data breach, cybercrime, and commercial exploitation," EPIC told the court.
  • EPIC Defends Right of Data Breach Victims to Seek Legal Relief » (Jan. 18, 2017)
    EPIC has filed a "friend-of-the-court" brief urging a federal appeals court to protect consumers' ability to sue companies that fail to safeguard personal information. A group of consumers sued health insurer Carefirst after the company's faulty security practices allowed hackers to obtain the personal information of 1,100,000 customers. A lower court wrongly dismissed the case because the judge believed that consumers must suffer identity theft before a court can consider violations of legal obligations. In the amicus brief, EPIC explained that the court misunderstood the relevant law, and confused the legal responsibility of companies to maintain good security with the harms that consumers eventually suffer. EPIC said courts should focus on whether companies have breached a legal obligation to safeguard personal data. EPIC regularly files briefs defending consumer privacy.
  • Supreme Court Declines to Review Video Privacy Violations by Google, Viacom » (Jan. 9, 2017)
    The U.S. Supreme Court declined today to review In re Nickelodeon, a class action suit concerning privacy protections for Internet users under the Video Privacy Protection Act. Last year, a federal appeals court rejected claims that Google and Viacom had violated the statute, holding that static IP and MAC addresses are not "personally identifiable information." That opinion contradicted a previous ruling from a different federal appeals court, which held that unique IDs are personally identifiable under the video privacy law. EPIC filed an amicus brief in the Nickelodeon case, explaining that Congress defined personal information broadly "to ensure that the underlying intent of the Act-to safeguard personal information against unlawful disclosure-is preserved as technology evolves."
  • EPIC Urges Supreme Court to Protect Online Privacy, Right to Read » (Dec. 22, 2016)
    EPIC has filed a "friend-of-the-court" brief in Packingham v. North Carolina, a U.S. Supreme Court case about a state law that bars access to certain websites. Under a North Carolina law, released sex offenders are barred from accessing any website that allows people under 18 to create profiles and communicate online, including major news sites, such as the New York Times and CNN. In a brief joined by thirty-five technical experts, legal scholars, and civil liberties organizations, EPIC explained that North Carolina laws violates the First Amendment right to receive information, censors vast amounts of speech unrelated to protecting minors, and will lead to widespread police monitoring of all internet users. "The state can no more criminalize what an individual chooses to read on a personal electronic device than it can restrict the contents of a home library: the privacy of both is sacrosanct," EPIC wrote. EPIC regularly files amicus briefs with the US Supreme Court on emerging privacy and civil liberties issues. EPIC previously argued for First Amendment privacy protections in Doe v. ReedWatchtower Bible v. Stratton, and Patel v. Los Angeles.
  • Government Breaches Continue, Hacker Compromises more than 130,000 Navy Records » (Nov. 29, 2016)
    In the latest government data breach, the Navy reported that a hacker gathered the personal data of more than 130,000 current and former sailors from a laptop that belonged to a government contractor. Government security vulnerabilities are on the rise. In 2015, the records of more than 21 million federal workers, friends and family members were breached. In 2016, EPIC urged candidates for office to focus on "data protection." EPIC has warned that inaccurate, insecure, and overbroad government databases pose a risks to the safety of Americans. Earlier this year, EPIC urged the Dept. of Defense and Dept. of Homeland Security to drop proposals to expand government databases that lacked adequate privacy safeguards.
  • EPIC Urges OMB to Strengthen Privacy Act Safeguards » (Nov. 7, 2016)
    EPIC has submitted comments on Circular A-108, guidelines proposed by the Office of Management and Budget for federal agency compliance with the Privacy Act. EPIC warned that agencies frequently misuse exceptions to the Privacy Act to circumvent important safeguards required by law. EPIC urged the OMB to "strengthen its guidance on federal agency implementation of the Privacy Act" and to limit the 'routine use' exemption. EPIC regularly comments on privacy safeguards for federal databases and has urged Congress to modernize the Privacy Act.
  • UN Report Cites Threats to Freedom of Expression » (Oct. 25, 2016)
    A top United Nations official on the freedom of expression released a report citing "severe" threats to freedom of expression worldwide. The report flagged governments cracking down on encryption, blocking websites, suspending communications services, and over-classifying information as key concerns. EPIC described the importance of strong encryption in an amicus brief earlier this year and regularly litigates Freedom of Information Act cases to improve transparency about government surveillance. A new EPIC publication — The Privacy Law Sourcebook 2016 — provides an overview of legal instruments for privacy protection, as well as information about privacy agencies, organizations, and publications.
  • EPIC to Testify Before Maryland House of Delegates on Cell Site Simulators » (Oct. 25, 2016)
    EPIC Senior Counsel Alan Butler will testify today before the Maryland House of Delegates concerning "Cell Site Simulator Technology, Historical Location Information, and Aerial Surveillance by Police." The hearing follows a recent complaint to the FCC regarding the use of "Stingrays," fake cell phone towers, by the Baltimore Police Department to intercept private communication. In a 2013 Freedom of Information Act suit against the FBI, EPIC uncovered plans involving federal and state law enforcement agencies to keep the use of Stingrays secret. EPIC has since argued in amicus briefs that cell phone location data is protected by the Fourth Amendment. Baltimore Police used Stingrays to track more than 1,700 individuals between 2007 and 2014.
  • EPIC Urges Massachusetts High Court to Protect Email Privacy » (Oct. 24, 2016)
    EPIC has filed an amicus brief in the Massachusetts Supreme Judicial Court regarding email privacy. At issue is Google's scanning of the email of non-Gmail users. EPIC argued that this is prohibited by the Massachusetts Wiretap Act. EPIC described Google's complex scanning and analysis of private communications, concluding that it was far more invasive than the interception of a telephone communications, prohibited by state law. A federal court in California recently ruled that non-Gmail users may sue Google for violation of the state wiretap law. EPIC has filed many amicus briefs in federal and state courts and participated in the successful litigation of a cellphone privacy case before the Massachusetts Judicial Court. The EPIC State Policy Project is based in Somerville, Massachusetts.
  • DC Appeals Court Hears Arguments in Telemarketing Privacy Case » (Oct. 20, 2016)
    The federal appeals court in Washington, D.C. heard oral arguments Wednesday in a case with major implications for telephone privacy. The suit, ACA International v. FCC, was brought against the Federal Communications Commission by telemarketing companies and others challenging rules adopted under the Telephone Consumer Protection Act that prohibit automated calls made to cell phones without their consent. EPIC and six consumer privacy groups filed an amicus brief in the case, stressing the importance of privacy protections for cell phone users. EPIC also challenged a claim made by the telemarketers that "37 million" numbers were reassigned each year, making it difficult, the companies claimed, to comply with the privacy law. During the argument, one of the judges pressed the telemarketers' attorney on the point (audio), citing research in the EPIC amicus brief. EPIC frequently participates as amicus curiae in cases that raises novel privacy issues.
  • EPIC, Consumer Coalition Tells FCC to Limit Health Care Robocalls » (Oct. 19, 2016)
    EPIC and a coalition of consumer privacy advocates have urged the Federal Communications Commission to reject a request by health insurance companies to make unlimited health-related robocalls to consumers under the Telephone Consumer Protection Act. The insurance companies asked the FCC to amend the TCPA so that once a consumer provides her phone number to her doctor, she has "consented" to receiving telemarketing calls from other health care providers on anything medically related. The coalition comments, led by the National Consumer Law Center, urge the FCC to limit the scope of consumers' consent to medical robocalls by exclude telemarketing calls and allowing only calls related to the original reason the consumer provided her phone number. EPIC supports robust telephone privacy protections and filed an amicus brief in support of the FCC's 2015 order that strengthened consumer protections under the TCPA.
  • European High Court Rules that Dynamic IP Addresses are Personal Data » (Oct. 19, 2016)
    The Court of Justice for the European Union has ruled that dynamic IP addresses are personal data subject to protection under data protection law. The Court said that user's identity can still be revealed through use of legal process, even though the numeric address may not be unique to the user. The Court also said that the collection of IP addresses must be limited to the purposes for which they were collected. The Court noted that personal data can be lawfully collected if it is necessary to protect cybersecurity. The European Court of Justice opinion is aligned with EPIC's recommendation for Privacy Enhancing Technologies that minimize or eliminate the collection of personally identifiable information. Internet services that do not retain IP addresses or adopt techniques that are unable to link IP addresses to a particular user may not be subject to the decision, which is binding across Europe. EPIC has made similar arguments about the scope of personal information to US courts as amicus curiae. EPIC argued in the Nickelodeon case that IP addresses and unique devices IDs are personally identifiable information subject to protection under US privacy law. Federal courts are now split on the issue and the US Supreme Court may soon resolve the matter.
  • EPIC Defends Consumers' Right to Sue Cable Providers for Illegal Data Retention » (Oct. 13, 2016)
    EPIC has filed an amicus brief urging a federal appeals court to preserve consumers' right to sue cable providers that illegally retain their data. A former Time Warner Cable subscriber brought a privacy lawsuit alleging that Time Warner held onto his personal information long after he had canceled the service, a clear violation of a provision in a federal privacy law. But a lower court wrongly dismissed the suit, concluding that there had been no "injury." In the amicus brief, EPIC said that the lower court confused "injury" with "harm." When a company violates a federal law, EPIC explained, that is a "legal injury" and the reason that the court must hear the case. EPIC filed an amicus brief in a similar case in July and regularly files briefs defending consumer privacy.
  • Nickelodeon Plaintiffs Ask Supreme Court to Hear Video Privacy Case » (Sep. 28, 2016)
    The plaintiffs in the In re Nickelodeon class action recently asked the Supreme Court to hear their case.  In June, a federal appeals court rejected claims that Viacom and Google violated the Video Privacy Protection Act, holding that static IP and MAC addresses are not “personally identifiable information.” The opinion contradicted a ruling from a different federal appeals court which held that  unique IDs are personally identifiable under the video privacy law.  EPIC filed an amicus brief in the Nickelodeon case, explaining that Congress defined personal information broadly “to ensure that the underlying intent of the Act—to safeguard personal information against unlawful disclosure—is preserved as technology evolves.”   The petition is C.A.F. v. Viacom, case number 16-346.
  • EPIC Launches EPIC Amicus Tracker to Assist Public Interest Litigators » (Aug. 19, 2016)
    Today EPIC launched the EPIC Amicus Tracker, a public resource designed to help public interest litigators pursue significant privacy and civil liberties cases. The EPIC Amicus Tracker highlights cases with upcoming amicus opportunities and links to related EPIC amicus briefs. Over twenty years, EPIC has filed nearly 100 amicus briefs, often with the participation of technical experts and legal scholars, in federal and state cases concerning emerging privacy and civil liberties issues and EPIC is frequently cited in judicial opinions. EPIC hopes the EPIC Amicus Tracker will inspire other public interest litigators.
  • Appeals Court Affirms Consumers May Sue for Violations of Federal Law » (Aug. 5, 2016)
    A federal appeals court has held that consumers can sue when companies fail to comply with legal obligations established by Congress. The case concerned a hospital that sent debt collection letters to consumers without disclosures required by the Fair Debt Collections Practices Act. The court concluded that “Congress has created a new right—the right to receive the required disclosures.” As a result, the consumer can bring a lawsuit when a company fails to comply with the law. EPIC has filed several amicus briefs defending the right of consumers to sue for violations of federal privacy laws.
  • EPIC Defends Drivers’ Right to Sue for Safety, Privacy Risks As Congress Warns of Risks to Public » (Aug. 5, 2016)
    EPIC has filed an amicus brief in a case concerning the privacy and public safety risks of “connected” cars. EPIC warned that connected cars "expose American drivers to the risks of data breach, auto theft, and physical injury.” EPIC said a lower court was wrong to dismiss the case. EPIC urged a federal appeals court to allow consumers to "the opportunity to present legal claims stemming from the defendants’ sale of vehicles that place them at risk." This week researchers at Black Hat revealed new vulnerabilities in networked vehicles as Senators Blumenthal and Markey urged the FCC to establish “robust safety, cybersecurity, and privacy protections  before automakers deploy vehicle-2-vehicle . . . communication technologies.” EPIC has filed several amicus briefs defending consumers' rights to enforce their privacy rights.
  • FTC Finds Unauthorized Data Disclosure is "Substantial Injury" to Consumers » (Aug. 2, 2016)
    The Federal Trade Commission unanimously reversed an administrative law judge's dismissal of the FTC's complaint against LabMD, finding that LabMD's poor data security practices are "unfair" under the FTC Act. The Commission concluded that the judge had "applied the wrong legal standard for unfairness." The FTC's opinion explained that "the privacy harm resulting from the unauthorized disclosure of sensitive health or medical information is in and of itself a substantial injury." The FTC's authority to enforce data security standards was upheld last year in FTC v. Wyndham. EPIC filed an amicus brief in Wyndham, defending the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards."
  • Irish Court Approves EPIC as Amicus in Schrems Case » (Jul. 19, 2016)
    The Irish High Court has accepted EPIC's application to participate in a case about data protection rights and Facebook's contractual clauses. The case follows Max Schrems' complaint to the Irish Data Protection Commissioner after the European Court of Justice's decision to strike down the Safe Harbor arrangement. EPIC will provide the Irish Court, and perhaps also the Court of Justice, expert opinion on U.S. surveillance law. EPIC recently joined a case before the European Court of Human Rights concerning the activities of British and U.S. intelligence organizations. EPIC has appeared as a "friend of the court" in almost 100 cases in the United States concerning emerging privacy and civil liberties issues.
  • Supreme Court Weakens Fourth Amendment Protections During Police Stops » (Jun. 20, 2016)
    In Utah v. Strieff, the U.S. Supreme Court held today that an outstanding arrest warrant can attenuate “the connection between an unlawful stop and the evidence seized incident to arrest.” The holding reverses the Utah Supreme Court, which had suppressed evidence obtained by an officer who stopped Strieff illegally and ran his ID to look for outstanding warrants. EPIC and 22 technical experts filed an amicus brief, warning the Court that reversing the Utah court would allow vast amounts of personal data stored in government databases—much of it inaccurate—to provide post hoc justification for unlawful seizures.
  • Federal Court Leaves Digital Search Law Unresolved » (May. 27, 2016)
    A federal appeals court ruled today that the government did not violate the Fourth Amendment by keeping a copy of files for more than two years after an investigation because it acted in "good faith." EPIC argued that the government must adopt data minimization practices and that the use of evidence was unlawful. In a dissenting opinion, Judge Chin wrote  that the search violated the Fourth Amendment.
  • EPIC Urges California Supreme Court to Protect Open Records Law » (May. 6, 2016)
    EPIC has urged the California Supreme Court to reverse a lower court decision that blocked public release of records about "automated license plate readers" operated by the state police. The lower court held that information about the public surveillance system was an “investigative record” under California law. EPIC’s amicus brief stated, "Public scrutiny is essential to counter the unique threats posed by these programs of broad-scale surveillance." EPIC had obtained documents about the FBI’s license plate reader program under the FOI law. Those records revealed that the FBI failed to address the system's privacy implications.
  • EPIC Defends Right of Data Breach Victims to Bring Suit » (Apr. 19, 2016)
    EPIC has filed an amicus brief urging a federal appeals court to overturn a decision that limits the ability of data breach victims to sue. The plaintiffs sued a payroll company after their Social Security Numbers and other identifying information were exposed. A lower court dismissed the case because fraudulent transactions had not yet occurred. EPIC argued that data breach victims can sue without having to wait for specific damages. EPIC cataloged the epidemic of data breaches in the US, and explained why companies should be liable when they fail to protect the consumer data they collect. EPIC regularly files briefs defending consumer privacy.
  • EPIC Intervenes in Privacy Case before European Court of Human Rights » (Mar. 18, 2016)
    Today EPIC filed a brief in a case before the European Court of Human Rights. The case involves a challenge brought by 10 human rights organizations arguing that surveillance by British and U.S. intelligence organizations violated their fundamental rights. In its brief, EPIC explained that the NSA's "technological capacities" enable "wide scale surveillance" and that U.S. statutes do not restrict surveillance of non-U.S. persons abroad. "The NSA collects personal data from around the world and transfer that data without adequate legal protections." EPIC routinely files amicus briefs in federal and state cases that raise novel privacy issues. This is EPIC's first brief for the Court of Human Rights in Strasbourg.
  • EPIC Files Brief in Support of Apple and Consumers in FBI iPhone Case » (Mar. 3, 2016)
    Today EPIC filed a "friend of the court" brief, joined by eight other consumer privacy organizations, in support of Apple's challenge in the FBI iPhone case. In Apple v. FBI, EPIC argued that the "security features in dispute in this case were adopted to protect consumers from crime." EPIC explained that an order to compel Apple to take extraordinary measures to undo these features places at risk millions of cell phone users across the United States. EPIC routinely files amicus briefs in cases that raise novel privacy and civil liberties issues. EPIC has filed two briefs in the United States Supreme Court in the past year in cases concerning consumer privacy and also the Fourth Amendment.
  • EPIC Urges Supreme Court to Uphold Fourth Amendment Safeguards for Police Stops » (Jan. 29, 2016)
    EPIC has filed a "friend-of-the-court" brief in Utah v. Strieff, a U.S. Supreme Court case about whether the Fourth Amendment allows evidence to be admitted after an illegal stop. Mr. Strieff was unlawfully detained by an officer, who checked his ID and then arrested him on an unrelated outstanding warrant. In a brief, signed by twenty-one technical experts and legal scholars, EPIC detailed a number of sweeping government databases that contain inaccurate and detailed records about Americans' noncriminal activity. EPIC argued that "a diminished Fourth Amendment standard coupled with a weakened Privacy Act is truly a recipe for a loss of liberty in America." EPIC previously argued against compelled identification during police stops in Hiibel v. Sixth Judicial District and Tolentino v. New York.
  • EPIC and Consumer Privacy Groups File Brief Supporting FCC in Telephone Privacy Case » (Jan. 25, 2016)
    EPIC and six consumer privacy organizations have filed a "friend-of-the-court" brief in support of the Federal Communications Commission in ACA International v. FCC. The case was brought against the FCC by industry groups charged with violating the Telephone Consumer Protection Act. The FCC had made clear that companies cannot make automated or prerecorded calls to consumers without their consent. EPIC argued in its brief that widespread adoption of cell phones "has amplified the nuisance and privacy invasion caused by unwanted calls and text messages." EPIC and the consumer organizations urged the federal court to uphold the FCC order safeguarding consumers.
  • In Court: EPIC Urges Massachusetts to Protect Student Privacy » (Nov. 23, 2015)
    EPIC has filed an amicus brief in the Massachusetts Supreme Judicial Court regarding a student privacy case. EPIC said that the police should obtain a warrant before seizing a student's cell phone. Citing a recent Supreme Court case, EPIC explained "Modern cell phones . . . implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse. In Riley v. California, a unanimous Supreme Court held that a search of cell phone required a warrant. EPIC previously filed an amicus brief in Commonwealth v. Connolly, a Massachusetts case concerning GPS tracking. The EPIC State Policy Project is based in Cambridge, Massachusetts.
  • EPIC Defends Privacy Laws in Supreme Court Brief » (Sep. 8, 2015)
    In an amicus brief for the Supreme Court EPIC defended Congress's authority to enact laws that safeguard the privacy of American consumers. EPIC explained that "Congress enacted laws that establish rights for individuals and imposed obligations on the companies that profit from the collection and use of this data." Spokeo v. Robins arises from a data broker's publication of inaccurate, personal information in violation of the Fair Credit Reporting Act. The data broker charged that, in addition to the violation of federal law, Mr. Robbins must also show that he was specifically harmed. Citing the current epidemic of privacy risks in the United States, including data breaches, identity theft, and financial fraud, EPIC wrote in the brief that this is "not the time for the Supreme Court to limit the ability of individuals to seek redress for violations of privacy rights set out by Congress." The EPIC amicus brief in Spokeo was endorsed by thirty-one technical experts and legal scholars, members of the EPIC Advisory Board.
  • Appeals Court Upholds Fourth Amendment Protection of Location Data » (Aug. 6, 2015)
    The U.S. Court of Appeals for the Fourth Circuit ruled that the Fourth Amendment protects a cell phone user's location records and that officers must get a warrant to inspect them. The Fourth Circuit is the first federal appeals court to hold that the Fourth Amendment warrant requirement applies to location data following the decision by the Eleventh Circuit earlier this year permitting warrantless searches. The Supreme Court will likely review one of these two cases to resolve the split between federal appeals courts. EPIC has filed amicus curiae briefs in the New Jersey Supreme Court and the Fifth Circuit arguing that the Fourth Amendment protects an individual's location privacy.
  • Federal Court Strikes Down Texas Voter ID Law » (Aug. 6, 2015)
    The U.S. Court of Appeals for the Fifth Circuit has ruled that the strict Texas Voter ID requirement is unlawful because it would disproportionately burden minority voters, in violation of the Voting Rights Act. EPIC has previously raised similar arguments about voter privacy in its amicus brief in the Supreme Court case Crawford v. Marion County Election Board. EPIC argued in Crawford that "Not only has the state failed to establish the need for the voter identification law or to address the disparate impact of the law, the state's voter ID system is imperfect, and relies on a flawed federal identification system." EPIC also presented a statement to the House Judiciary Committee in 2007 highlighting the importance of the secret ballot.
  • Federal Court Finds Fourth Amendment Protects Cell Phone Location Data » (Aug. 4, 2015)
    A federal court in California ruled that police must get a warrant before obtaining a user's location records. The court found individuals have a "reasonable expectation of privacy" in their cell phone location data, based on the Supreme Court's recent decisions in United States v. Jones and Riley v. California. These records, the court found, can be even "more invasive" than the "GPS device attached to the defendant's car in Jones." EPIC has filed amicus curiae briefs in the New Jersey Supreme Court and the Fifth Circuit Court of Appeals arguing that the Fourth Amendment protects an individual's locational privacy.
  • Supreme Court Strikes Down Warrantless Searches of Hotel Guest Registries » (Jun. 22, 2015)
    The Supreme Court ruled today that a Los Angeles ordinance authorizing warrantless inspections of hotel guest registries is unconstitutional because it failed to provide for judicial review. The ordinance required all hotels in Los Angeles to collect detailed information on their guests for police inspection. Writing for the Court in Los Angeles v. Patel, Justice Sonia Sotomayor explained that with only a few exceptions, "searches conducted outside the judicial process" are "per se unreasonable." EPIC filed an amicus brief in the case, joined by thirty-six technical experts and legal scholars, arguing that "guest registries should not be made routinely available to the police for inspection, and they should not be collected or retained for that purpose." EPIC traced the history of US hotels as meetings places for organizations and cited the landmark Supreme Court case NAACP v. Alabama.
  • Supreme Court to Hear Privacy Case Against Spokeo » (Apr. 27, 2015)
    The Supreme Court will hear an important privacy case concerning the disclosure of personal information in violation of the Fair Credit Reporting Act. Spokeo claimed that the plaintiff's lacked lacked "standing" to sue after the company disclosed data protected by the FCRA. The Ninth Circuit disagreed and ruled for the plaintiffs. In the Spokeo case, the Solicitor General has filed a brief in support of the plaintiffs. EPIC filed an amicus curiae brief in First American v. Edwards, a similar case before the Court in 2011.
  • U.S. Supreme Court Tosses Out North Carolina Lifetime GPS Tracking » (Mar. 30, 2015)
    Today the U.S. Supreme Court issued a per curium opinion vacating the decision of the North Carolina Supreme Court in Grady v. North Carolina. Grady challenged a court order requiring a "satellite-based [GPS] monitoring program for the duration of his natural life." The North Carolina court ruled that this was not a Fourth Amendment search. However, the U.S. Supreme Court tossed that ruling aside, finding it contrary to recent decisions in United States v. Jones and Florida v. Jardines. EPIC filed an amicus brief in Jones, joined by many leading technical experts and legal scholars. The Court held in that case that continuous GPS tracking constituted a search.
  • Federal Courts Considers FTC's Data Protection Authority » (Mar. 3, 2015)
    A federal appeals court heard arguments today in FTC v. Wyndham, an important data privacy case. Wyndham Hotels, which revealed hundreds of thousands of customer records following a data breach, is challenging the FTC's authority to enforce data security standards. In an amicus brief joined by legal scholars and technical experts, EPIC defended the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards." EPIC explained that the damage caused by data breaches - more than $500 million last year - makes data security one of the top concerns of American consumers. EPIC warned the court that "removing the FTC's authority to regulate data security would be to bring dynamite to the dam."
  • Supreme Court to Consider Hotel Records Privacy Case, EPIC Amicus Cites Constitutional Interests » (Mar. 2, 2015)
    The Supreme Court will hear arguments this week in Los Angeles v. Patel, concerning the warrantless inspection of hotel records by the police. Hotel operators are challenging a city ordinance that requires the collection for police inspection of names, drivers licenses, vehicle information, payment information, and length of stay for every hotel guest. EPIC's brief, joined with thirty-six technical experts and legal scholars, argued that “individuals have a constitutional right to gather at hotels for political and religious purposes without being subject to police inspection.” EPIC traced the history of US hotels as meetings places for organizations and cited the landmark Supreme Court case NAACP v. Alabama.
  • EPIC Defends Political Gatherings at Hotels in Brief for Supreme Court » (Jan. 30, 2015)
    In an amicus brief to the Supreme Court for Los Angeles v. Patel, EPIC said the issue is "whether a city can authorize the police to routinely inspect hotel guest registries without any individualized suspicion or judicial supervision." Citing the famous civil rights case NAACP v. Alabama, EPIC noted the long history of political and religious organizations gathering at hotels in the United States. EPIC wrote, "individuals have a constitutional right to gather at hotels for political and religious purposes without being subject to police inspection." EPIC said, "guest registries should not be made routinely available to the police for inspection, and they should not be collected or retained for that purpose." Thirty-six legal scholars and technical experts supported the EPIC amicus. EPIC is a leading expert in privacy and technology, and regularly files amicus briefs in appellate cases concerning emerging civil liberties issues.
  • DOJ Reverses Course on Forensic Evidence Committee After Federal Judge Resigns in Protest » (Jan. 30, 2015)
    The Department of Justice has reversed a decision to limit oversight of scientific evidence after a federal judge threatened to resign in protest. The National Commission on Forensic Science, established by the DOJ, was charged with improving the reliability of forensic science but the Justice Department appeared ready to make a recommendation contrary to the Commission's purpose. Senator Patrick Leahy (D-VT) has urged better oversight of forensic evidence in the criminal justice system. EPIC also asked the Supreme Court in an amicus curiae brief in Florida v. Harris to look more closely at investigative techniques that help establish probable cause. EPIC argued that courts should ensure that techniques are adequately tested to ensure the accuracy and validity of results. The dispute over the recommendations of the National Commission on Forensic Science reflect a similar concern.
  • EPIC Urges Federal Court to Uphold FTC Authority to Protect Data Security » (Nov. 13, 2014)
    EPIC, joined by thirty-three technical experts and legal scholars, has filed an amicus brief in support of the Federal Trade Commission's authority to establish data security standards. EPIC described the extent of the data security risks in the United States, the important role of the FTC, and the danger of removing FTC authority to safeguard consumer data. EPIC said, "The FTC's authority to regulate business practices impacting consumer privacy is well established, the problem is obvious, and the agency has a clear record of success." EPIC cited 50 successful enforcement actions against companies that failed to safeguard customer data. EPIC also detailed the ongoing risks of identity theft and financial fraud facing American consumers. EPIC warned, "Removing the FTC's authority to regulate data security would be to bring dynamite to the dam." For more information, see EPIC: FTC v. Wyndham, EPIC: EPIC Amicus Curiae Briefs.
  • Supreme Court to Rule on Privacy of Hotel Records » (Oct. 20, 2014)
    Today the Supreme Court agreed to hear Los Angeles v. Patel, a challenge to a local ordinance that allows police to inspect hotel guest registries without a warrant or judicial supervision. A federal appeals court ruled that the LA law was "facially" unconstitutional because the authority could violate the Fourth Amendment. The Supreme Court will consider both the scope of privacy protections for hotel guests and also whether the Fourth Amendment prohibits laws that allow unlawful searches. The second issue has far-reaching consequences because many recent laws authorize the police searches without judicial review. Thus far, courts have only considered "as applied" challenges on a case-by-case basis. EPIC will likely file an amicus brief in the Supreme Court case in support of the decision of the federal appeals court. For more information, see EPIC: Los Angeles v. Patel and EPIC: Amicus Briefs.
  • Unanimous Supreme Court Upholds Privacy Rights of Cell Phone Users » (Jun. 25, 2014)
    The Supreme Court ruled today that a warrantless search of a cell phone violates the Fourth Amendment, even when it occurs during a lawful arrest. The Court's decision in Riley v. California makes clear that "a search of the information on a cell phone bears little resemblance to the type of brief physical search" allowed in the past. The Court said "Cell phones differ in both a quantitative and a qualitative sense from other objects that might be kept on an arrestee's person." EPIC, joined by 24 legal scholars and technical experts on the EPIC Advisory Board, filed a friend of the court brief, arguing that cell phones contain a wealth of sensitive personal data, and that officers can reasonably secure phones while they apply for a warrant to search them. EPIC wrote, "Allowing police officers to search a person's cell phone without a warrant following an arrest would be a substantial infringement on privacy, is unnecessary, and unreasonable under the Fourth Amendment." The EPIC brief was cited by the Supreme Court in its decision. For more information, see EPIC: Riley v. California.
  • Supreme Court to Hear Cell Phone Privacy Cases » (Apr. 24, 2014)
    The Supreme Court is set to hear oral arguments next week in two cases concerning the warrantless search of a cell phone following an arrest. EPIC filed a "friend of the court" brief, signed by twenty-four technical experts and legal scholars, arguing that the Fourth Amendment requires a warrant because of the vast amount of personal information available on a cellphone. EPIC wrote, "Allowing police officers to search a person's cell phone without a warrant following an arrest would be a substantial infringement on privacy, is unnecessary, and unreasonable under the Fourth Amendment." Also the Supreme Court this week agreed to review a case considering whether the police may detain a person based on a mistaken interpretation of the law. In Heien v. North Carolina, the person was detained by the police because of a broken taillight. EPIC routinely files amicus briefs in cases raising novel privacy issues. For more information, see EPIC: Riley v. California and EPIC: Amicus Curiae Briefs.
  • EPIC Asks Supreme Court to Protect Cellphone Privacy » (Mar. 7, 2014)
    EPIC, joined by twenty-four technical experts and legal scholars, has filed a "friend of the court" brief in a Supreme Court case concerning the warrantless search of a cell phone. In Riley v. California, the Court will determine whether the search of a phone following an arrest violates the Fourth Amendment if no warrant is obtained. Lower courts are currently divided on this issue. EPIC's amicus brief explains that "modern cell phone technology provides access to an extraordinary amount of personal data . . . Allowing police officers to search a person's cell phone without a warrant following an arrest would be a substantial infringement on privacy, is unnecessary, and unreasonable under the Fourth Amendment." EPIC's brief describes the vast amount of personal information available on the phone and from the phone. "From a cellphone," EPIC explains "users can even see into their homes and control devices and appliances." EPIC points out that "there is no need to allow warrantless searches when currently available techniques allow law enforcement to secure the cell phone data pending a judicial determination of probable cause." EPIC routinely participates in privacy cases before the US Supreme Court. For more information, see EPIC: Riley v. California, EPIC: EPIC Amicus Curiae Briefs.
  • Supreme Court Allows Warrantless Search of Home » (Feb. 26, 2014)
    In a case that narrows the warrant requirement for searches of homes, the Supreme Court upheld the warrantless search of a suspect's home by the LAPD after the person objected. In Fernandez v. California, the officers returned to the apartment of the resident after he had been arrested, and obtained consent from a roommate to conduct a search. Justice Alito, writing for the 6-3 majority, found that the roommate's consent was sufficient once the defendant was no longer present. Justice Ginsburg, writing in a dissent joined by Justices Sotomayor and Kagan, argued that the decision "tells the police they may dodge" the warrant requirement and is contrary to a prior a decision of the Court. In Georgia v. Randolph, the Supreme Court previously ruled that when one occupant refuses to consent to a search, the other's consent is not sufficient to permit a search. EPIC has previously filed amicus briefs in a number of important Supreme Court Fourth Amendment cases. For more information, see EPIC: United States v. Jones, EPIC: Maryland v. King, EPIC: Amicus Curiae Briefs.
  • Supreme Court to Rule on Cellphone Privacy » (Jan. 17, 2014)
    Today the U.S. Supreme Court granted certiorari in Riley v. California and United States v. Wurie, two cases involving the warrantless search of an individual's cell phone incident to arrest. The Court will need to determine whether the Fourth Amendment limits a law enforcement officer from searching through the troves of data that are stored on an individual's cell phone when that individual is arrested. Courts have previously held that officers can search an individual's person and effects when they place them under arrest. But modern cell phones enable access to a wealth of personal data, which is unrelated to the Government’s reason for securing an arrestee. For more information, see EPIC: Riley v. California and EPIC: Amicus Curiae Briefs.
  • Supreme Court Lets Stand Fourth Amendment Protections At the Border » (Jan. 15, 2014)
    This week the Supreme Court declined to review the decision of the Ninth Circuit in United States v. Cotterman, leaving in place expanded Fourth Amendment protections for searches occurring at the U.S. border. In Cotterman, the federal appeals court held that the Fourth Amendment requires a border agent to have reasonable suspicion before using forensic tools to search laptops, cameras, and other digital devices. The court emphasized that the "comprehensive and intrusive nature of the forensic examination" is the key factor in triggering greater Fourth Amendment scrutiny. EPIC has previously argued that advanced traveler screening methods should only be employed subject to privacy protections. For more information, see EPIC: Traveler Privacy, EPIC: Florida v. Jardines, and EPIC: Amicus Curiae briefs.
  • EPIC Argues for Privacy of Driver's Records in Supreme Court Case » (Nov. 16, 2012)
    In a "friend of the court" brief, EPIC has urged the U.S. Supreme Court to limit the disclosure of personal information covered by the Driver's Privacy Protection Act. At issue in Maracich v. Spears is a lower court's decision to allow disclosure of information stored in state departments of motor vehicles. EPIC's amicus brief details the staggering amount of personal information in driver's records, particularly as a consequence of the REAL ID regulations. In Reno v. Condon, the Supreme Court upheld the Constitutionality of the federal law. EPIC filed an amicus brief in that case and said "The Drivers Privacy Protection Act safeguards the personal information of licensed drivers from improper use or disclosure. It is a valid exercise of federal authority in that it seeks to protect a fundamental privacy interest." For more information, see EPIC: Maracich v. Spears and EPIC: The Driver's Privacy Protection Act.
  • Justices Hear Arguments in Surveillance Standing Case » (Oct. 29, 2012)
    The Supreme Court heard oral arguments in Clapper v. Amnesty International, a case concerning the right to challenge illegal surveillance. A federal appeals court ruled in favor of a group of plaintiffs, including human rights advocates, journalists and attorneys, and held that their costs incurred to avoid surveillance were sufficient to establish a live controversy under the Constitution. Solicitor General Donald Verilli, arguing on behalf of the United States and the Director of National Intelligence, claimed that plaintiffs could not establish a sufficiently concrete injury because they do not know if they had been subject to surveillance. The Justices, including Justice Kennedy, seemed concerned about the possibility of government surveillance of privileged attorney-client communications. EPIC filed an amicus brief, joined by thirty-two legal scholars and technical experts, and six privacy and open government organizations, arguing that the plaintiffs concerns were well founded considering the surveillance capabilities of the NSA and the failure to establish sufficient public reporting requirements for lawful surveillance. For more information, see: EPIC: Clapper v. Amnesty Int'l USA and EPIC: Foreign Intelligence Surveillance Act.
  • New Jersey Supreme Court Considers Cellphone Tracking Case » (Oct. 22, 2012)
    In State v. Earls, the New Jersey Supreme Court is today hearing arguments on whether the police may use cellphone tracking techniques without court approval. Earlier this year, the US Supreme Court ruled that the police must obtain a court order if they attach a GPS tracking device to a vehicle. EPIC filed a "friend of the court" brief in Earls, urging the New Jersey court to uphold Fourth Amendment protections. The cell phone tracking techniques at issue in the New Jersey case, EPIC argued, "is more invasive than the GPS tracking in Jones." Princeton attorney Grayson Barber is arguing for EPIC as amicus before the New Jersey court.
  • EPIC Urges Supreme Court to Uphold Review of Wiretapping Programs » (Sep. 24, 2012)
    Today EPIC filed an amicus brief with the US Supreme Court in Clapper v. Amnesty International USA, a case challenging the interception of communications of US persons under foreign intelligence surveillance laws. This case presents the issue of constitutional "standing," whether the journalists and human rights organizations who brought he lawsuit can establish an imminent threat or reasonable fear that their communications will be collected. The federal appeals court found in their favor. In urging affirmance, EPIC argued that the capacity of National Security Agency to intercept private communications combined with the failure to establish meaningful oversight underscores the concern that the interception of private communications would occur. The EPIC brief is supported by 32 legal scholars and technical experts, and six organizations devoted to privacy and open government. For more information, see EPIC: Clapper v. Amnesty, EPIC: Foreign Intelligence Surveillance Act (FISA).
  • EPIC Supreme Court Brief: Investigative Techniques are Not Infallible » (Aug. 30, 2012)
    EPIC has filed an amicus brief with the US Supreme Court, arguing that new "investigative techniques should be subject to close scrutiny by the courts." EPIC submitted the brief in Florida v. Harris, a case involving a car search in response to an "alert" by a drug detection dog. The Florida Supreme Court held that a law enforcement agent relying on such an "alert" must produce evidence to support the reliability of the detection technique. Filing in support of the Florida decision, EPIC argued that new investigative techniques, such as terahertz scanners, airport body scanners, and digital intercept devices, raise similar concerns about reliability. EPIC described a growing consensus among legal scholars and technical experts about the need to improve the reliability of many forensic techniques.  "The 'perfect search,'" EPIC wrote, "like the 'infallible dog,' is a null set." For more information, see EPIC: Florida v. Harris and EPIC: Florida v. Jardines.
  • EPIC and Others Ask Supreme Court to Review Controversial State FOI Law » (Aug. 30, 2012)
    EPIC, and several other leading open government organizations, have filed an amicus brief in support of a petition for Supreme Court review challenging the Virginia Freedom of Information law, which allows only Virginia residents and news media representatives to access state public records. The amicus brief argues that Virginia's "citizens-only" provision is constitutionally impermissible as it unecessarily burdens the rights of individuals and organizations outside of Virginia. This case is of particular interest to EPIC because state FOI laws are often necessary for oversight of new surveiilance programs. In 2008, EPIC brought a successful FOIA lawsuit in Virginia and obtained documents revealing an agreement to limit oversight of a State Fusion Center. For more information, see EPIC: v Virginia Department of State Police: Fusion Center Secrecy Bill.
  • Supreme Court Dismisses Challenge to Congress's Ability to Define Harm » (Jun. 28, 2012)
    The Supreme Court today dismissed First American v. Edwards, a challenge to the ability of plaintiffs to sue for a violation of statutory rights established by Congress. The lower court ruled that the plaintiffs had standing because "[t]he injury required by Article III can exist solely by virtue of statutes creating legal rights, . . .." The Supreme Court held that its decision to review the case was "improvidently granted," which means that the lower court opinion stands. EPIC filed a "friend of the court" brief, responding to briefs from several prominent Internet companies that supported the challenge. EPIC argued that Congress must maintain the power to define injuries and provide remedies, and that this was particularly important for privacy protection. For more information, see EPIC: First American v. Edwards.
  • Supreme Court Says Federal Immigration Law Trumps Arizona Law, But Upholds Narrow Application of "Papers Please" Provision » (Jun. 25, 2012)
    In Arizona v. United States, the Supreme Court invalidated much of SB 1070, the controversial Arizona state law. However, the Court upheld a new identification requirement though cautioned that it could be subject to preemption and constitutional challenges after it goes into effect. The provision allows state officers to make a "reasonable attempt" to determine immigration status during the course of "an authorized, lawful detention." Justice Kennedy, writing for the Court, cautioned that the provision might "raise constitutional concerns" as applied, but said that the law "could be read to avoid these concerns." EPIC argued in Hiibel v. Sixth Judicial District Court of Nevada that "stop and identify" statutes are unconstitutional. The Supreme Court upheld the state law in that case in a 5-4 opinion by Justice Kennedy. For more information, see: EPIC: Hiibel v. Sixth Judicial District Court of Nevada and EPIC: Your Papers, Please.
  • EPIC Urges Federal Appeals Court Court to Uphold Workplace Privacy » (Apr. 9, 2012)
    EPIC has filed an amicus brief in United States v. Hamilton, urging the Fourth Circuit Court of Appeals to uphold employee privacy interests in personal e-mails. The Government contends that it may obtain private emails from an employer even when they are privileged communications between spouses and there is no use policy in place, explaining that communications are subject to disclosure. The district court agreed. EPIC argued that employees in the modern workplace routinely communicate about private matters with spouses and that an employee's privacy interest cannot be retroactively waived by a use policy implemented a year later, as the lower court suggested. For more information, see EPIC: Workplace Privacy and EPIC: United States v. Hamilton.
  • EPIC Urges Court to Affirm Privacy Protections for Home Wi-Fi Networks » (Apr. 2, 2012)
    EPIC has filed an amicus brief in the Ninth Circuit urging the court to affirm legal protections for users of home Wi-Fi networks. In Joffe v. Google, the plaintiffs sued Google for the interception and capture of private communications transferred over residential Wi-Fi networks. Google argued that it should be exempt from liability under the federal Wiretap Act because Wi-Fi communications are "readily accessible to the general public." However, a lower court held that saying "that a network is unencrypted does not render that network readily accessible to the general public and serve to remove the intentional interception of electronic communications from that network from liability under the ECPA." EPIC's brief for the Court of Appeals, which contains a detailed technical discussion of Wi-Fi technology, explains that residential Wi-Fi networks are unlike traditional radio broadcasts and should be protected Electronic Communications Privacy Act. EPIC also said that consumers should not bear the burden of securing their networks against sophisticated eavesdroppers when the purpose of the ECPA is to protect communications from such interception. For more information, see EPIC: Investigation of Google Street View, EPIC: Ben Joffe v. Google.
  • Supreme Court Limits Privacy Act Remedies » (Mar. 28, 2012)
    In a 5-3 opinion, the Supreme Court held today that the Privacy Act does not allow recovery of mental and emotional damages suffered as a result of the Government's "willful and intentional violation" of the Act. Justice Alito, writing for the Court in FAA v. Cooper, said that the key term "actual damages" was ambiguous, and should be narrowly construed to limit Government liability. In a dissenting opinion, joined by two other Justices, Justice Sotomayor argued that the purpose of the Privacy Act is unambiguous: to protect individuals from "substantial harm, embarrassment, inconvenience, or unfairness" that result from Government privacy violations. EPIC filed an amicus curiae brief in the case, stating that privacy laws routinely provide recovery for mental and emotional harm, that such damages are the most common result of privacy violations, and that civil remedies are necessary to ensure enforcement of the Privacy Act. Congress is currently considering amendments to the Privacy Act. For more information, see EPIC: FAA v. Cooper and EPIC to Congress: Privacy Act Modernization Bill Should be Stronger.
  • EPIC Urges Court to Uphold Location Privacy in Cell Phone Tracking Case » (Mar. 19, 2012)
    EPIC filed a "Friend of the Court" brief in the Fifth Circuit urging the court to uphold Fourth Amendment protections for cell phone users. In the case, In re US for Historical Cell-Site Data, the lower court held that the disclosure of historical cell phone location records without a warrant would violate the Fourth Amendment. EPIC argued that this opinion should be upheld in light of the Supreme Court's recent decision in United States v. Jones, because cell phone location records are collected without the knowledge or consent of users. The records in this case, EPIC argued, create a "comprehensive map of an individual’s movements, activities, and relationships, . . . precisely the type of information that individuals reasonably and justifiably believe will remain private." For more information, see In re Historical Cell-Site Location Information, EPIC: State v. Earls, and EPIC: US v. Jones.
  • EPIC Urges Court to Uphold Location Privacy in Cell Phone Tracking Case » (Feb. 29, 2012)
    EPIC filed a "friend of the court" brief in the New Jersey Supreme Court urging the court to uphold Fourth Amendment protections for cell phone users. In State of New Jersey v. Thomas W. Earls, the lower court held that an individual has no legitimate expectation of privacy in the location of their cell phone. EPIC argued that the lower court opinion should be overturned in light of the Supreme Court's recent decision in United States v. Jones. The cell phone tracking techniques in this case, EPIC argued, "is more invasive than the GPS tracking in Jones." For more information, see EPIC: State v. Earls, and EPIC: US v. Jones.
  • Supreme Court Upholds Fourth Amendment in GPS Tracking Case » (Jan. 23, 2012)
    Today the Supreme Court unanimously held in U.S. v. Jones that the warrantless use of a GPS tracking device by the police violated the Fourth Amendment. The Court said that a warrant is required "[w]here, as here, the government obtains information by physically intruding on a constitutionally protected area," like a car. Concurring opinions by Justices Sotomayor and Alito urged the court to focus on the reasonableness of the suspect's expectation of privacy because physical intrusion is unnecessary to surveillance in the digital age. EPIC, joined by 30 legal and technical experts,filed a "friend of the court" brief. EPIC warned that, "it is critical that police access to GPS tracking be subject to a warrant requirement." For more information, see EPIC: US v. Jones, and EPIC: Location Privacy.
  • Federal Court Revives Suit Over NSA Dragnet Surveillance » (Jan. 5, 2012)
    A federal appeals recently revived a lawsuit, Jewel v. NSA, challenging the NSA's use of the nation's largest telecommunication providers to conduct suspicionless surveillance of Americans. The three-judge panel reversed a lower court decision that rejected claims based on lack of standing. The case will now return to the district court for a decision on the merits. The same three-judge panel also rejected a related suit against the telecommunications providers, Hepting v. AT&T, based on the "retroactive immunity" provided by Congress in 2008. EPIC, in cooperation with the Stanford Constitutional Law Center, filed a "Friend of the Court" brief in support of the plaintiffs in these cases, arguing that statutory and constitutional privacy violations are sufficient to establish standing, and that the state secrets doctrine should not bar adjudication. For more information, see EPIC: Hepting v. AT&T and EPIC: NSA Warrantless Surveillance.
  • Supreme Court Hears Arguments in Privacy Act Damages Case » (Dec. 1, 2011)
    The US Supreme Court heard arguments on Wednesday in FAA v. Cooper. At issue is whether "actual damages" recoverable for "willful and intentional" violations of the Privacy Act include mental and emotional damages. A federal appeals court held that Congress "unambiguously" intended to allow recovery of such non-pecuniary damages when it drafted the Privacy Act. The Government argued that the term "actual damages" is ambiguous, and that the Court should adopt a narrower interpretation in light of the Privacy Act's waiver of sovereign immunity. EPIC filed a brief in support of respondent Cooper and argued that proper enforcement of the Privacy Act requires recovery of a broad range of provable damages, including mental and emotional distress, which are the common and expected injuries resulting from privacy violations. For more information, see EPIC: FAA v. Cooper.
  • Supreme Court Hears Arguments in Constitutional "Standing" Case » (Nov. 28, 2011)
    The US Supreme Court heard arguments on Monday in First American Financial Corp. v. Edwards. At issue is whether Congress can pass a law that gives customers the ability to sue companies that engage in illegal kickback schemes for mortgage settlement services, or whether those customers must also show additional injury. A federal appeals court held that the existence of the kickback arrangement violated the Real Estate Settlement Procedures Act of 1974, and was an "injury in fact" for the Constitutional standing requirement. After several Internet firms filed a brief in support of First American Financial, arguing that privacy laws with similar enforcement provisions result in "no injury" claims, EPIC filed a brief in support of respondent and argued that enforcement provisions in federal statues are the cornerstone of federal privacy law. For more information, see EPIC: First American v. Edwards.
  • Supreme Court to Hear Arguments in GPS Tracking Case » (Nov. 4, 2011)
    The United States Supreme Court will hear arguments on November 8 to determine whether the warrantless use of a GPS tracking device by the police violates the Fourth Amendment. EPIC filed a "friend of the court" brief in US v. Jones, urging the Supreme Court to uphold robust Fourth Amendment protections. Along with 30 legal and technical experts, EPIC argued that 24-hour GPS surveillance by law enforcement constitutes a "search" under the Fourth Amendment and requires judicial oversight. Arguing in support of a lower court decision, EPIC warned that, "it is critical that police access to GPS tracking be subject to a warrant requirement." The Supreme Court will consider both whether persistent GPS tracking constitutes a "search" and also whether the installation of a GPS tracking device on a private vehicle is a "seizure." For more information, see EPIC: US v. Jones, and EPIC: Location Privacy.
  • EPIC Urges Supreme Court to Affirm Congress' Power to Pass Effective Privacy Laws » (Oct. 17, 2011)
    EPIC filed a "friend of the court" brief in the United States Supreme Court urging the Court to affirm Congress' power to enact strong statutes that protect consumer privacy. First American v. Edwards presents the question of whether a person can sue to enforce a provision of the Real Estate Settlement Procedures Act (RESPA), which gives individuals a right to untainted real estate referral services, and enforces this right by specifying an amount of damages for which violators are liable. Surprisingly, Facebook, Linkedin, Yahoo, and Zynga filed a brief in support of the bank First American and arguing against enforcement of privacy statutes in certain circumstances. EPIC then filed a brief in support of the consumer Edwards and argued that if the Court did not uphold statutory damage provisions, "it would become virtually impossible to enforce privacy safeguards in the United States." Statutory damage provisions help ensure compliance with Fair Information Practices, the foundation of modern privacy law. For more information, see EPIC: First American v. Edwards, and EPIC: Privacy Act.
  • Federal Appeals Court Protects Employees from Covert Video Recording » (Oct. 12, 2011)
    The Third Circuit Court of Appeals ruled that a police deputy's privacy claims against her employer can proceed despite the government's objections. The case involves Jane Doe, who was secretly videotaped by a co-worker during a mandatory decontamination shower. The digital footage was uploaded onto a government computer and disclosed over the municipal network. The appeals court held that Ms. Doe had a reasonable expectation of privacy in remaining free from videotaping during the shower, and wrote "the potential harm of nonconsensual disclosure [of the video] is exacerbated by the existence of the Internet, where one can upload image and video files and irretrievably share them with the world in a matter of moments." EPIC filed a brief and presented oral argument in the case, stating that the case "presents novel privacy issues involving new technology" and that "the District Court failed to appreciate the unique damage caused by unlawful disclosures over computer networks." For more, see EPIC: Doe v. Luzerne.
  • EPIC Urges Supreme Court to Affirm Privacy Act Remedies » (Oct. 4, 2011)
    EPIC filed a "friend of the court" brief in the United States Supreme Court urging the Court to enforce the rights granted under the Privacy Act, which regulates the use of personal information held by federal agencies. EPIC argued that the government should not be allowed to avoid liability by asserting that it caused only mental and emotional harm when it intentionally and willfully violated the federal statute. FAA v. Cooper involves the Social Security Administration's disclosure of a pilot’s HIV status. The lower court held that "the term 'actual damages'" in the Privacy Act "unequivocally encompasses nonpecuinary damages." EPIC urged affirmance of the decision, stating that the Privacy Act "provides compensation for harm suffered" and aims to "ensure compliance with statutory obligations." For more information, see EPIC: US v. Cooper, and EPIC: Privacy Act.
  • EPIC Urges Supreme Court to Uphold Fourth Amendment in GPS Case » (Oct. 3, 2011)
    EPIC filed a "friend of the court" brief in the United States Supreme Court urging the Court to limit the scope of pervasive GPS surveillance by upholding robust Fourth Amendment protections. Along with 30 legal and technical experts, EPIC argued that 24-hour GPS surveillance by law enforcement constitutes a "search" under the Fourth Amendment. US v. Jones involves the government's use, without a judicial warrant, of a GPS device to track a person "24/7." The lower court held that "the use of the GPS device violated [Jones'] 'reasonable expectation of privacy,' and was therefore a search subject to the reasonableness requirement of the Fourth Amendment." Arguing in support of the earlier decision, EPIC said "it is critical that police access to GPS tracking be subject to a warrant requirement." For more information, see EPIC: US v. Jones, and EPIC: Locational Privacy.
  • Seventh Circuit Court Hears Oral Argument in Students' Privacy Case » (Sep. 30, 2011)
    The US Court of Appeals for the Seventh Circuit heard oral arguments today in Chicago Tribune v. University of Illinois. EPIC filed a "friend of the court" brief in the case, which concerns student privacy rights protected by the Family Educational Rights and Privacy Act ("FERPA"). EPIC's brief argued that Congress intended to protect student records, including admissions files, from unauthorized release and that Illinois' open government law must yield to the federal privacy law. In this case, the Tribune requested documents from the University of Illinois, under Illinois' open government law, while investigating alleged corruption in the admissions practices of the University. The University denied the Tribune's request, stating that the requested documents contained the personally identifiable information of students and were thereby protected by federal law. A lower federal court found that Illinois law required the documents to be released. The Depart of Justice also filed a brief in support of student privacy in the case. For more information, see EPIC: Chicago Tribune v. University of Illinois and EPIC: Student Privacy.
  • EPIC Urges Federal Appeals Court to Protect Employees from Covert Video Recording » (Sep. 14, 2011)
    EPIC Senior Counsel John Verdi argued before the Third Circuit Court of Appeals in Doe v. Luzerne County that secretive video surveillance, coupled with the storage and dissemination of sensitive personal information, violates the right to information privacy and should not be permitted. The case involves a Jane Doe police deputy who is suing to recover monetary damages for privacy violations. A coworker captured semi-nude video footage of Ms. Doe without her consent during a mandatory decontamination shower. The digital footage was uploaded onto a government computer and disclosed over the municipal network. EPIC argued that the case "presents novel privacy issues involving new technology" and that "the District Court failed to appreciate the unique damage caused by unlawful disclosures over computer networks." EPIC previously filed an amicus brief in the case. For more, see EPIC: Doe v. Luzerne.
  • Federal Appeals Court Holds Individuals Have a Right to Record Public Officials » (Sep. 1, 2011)
    In a case concerning the arrest of a person who used a cell phone camera to film a police officer, the First Circuit Court of Appeals has held in Glik v. City of Boston that the First Amendment protects "the filming of government officials engaged in their duties in a public place." The Court found that members of the public enjoy the same rights as credentialed members of the press, stating that "the public's right of access to information is coextensive with the press." The Court further held that, in arresting Glik, the City of Boston violated the Fourth Amendment probable cause requirement as there was no reason to believe that Gilk had violated any state law. EPIC agreed that the Massachusetts state wiretap law was not intended to limit the ability of the public to record police activity, but did not file an amicus brief in the case. For more information, see EPIC: EPIC Amicus Curiae Briefs.
  • EPIC Urges Seventh Circuit to Protect Students' Privacy Rights » (Jul. 21, 2011)
    EPIC filed a "friend of the court" brief in Chicago Tribune v. University of Illinois, a case involving student privacy rights protected by the Family Educational Rights and Privacy Act ("FERPA"). EPIC's brief argues that Congress intended to protect student records, including admissions files, from unauthorized release and that Illinois' open government law must yield to the federal privacy law. While investigating alleged corruption in the admissions practices of the University of Illinois, the Tribune sought documents from the University under Illinois' open government law. The University denied the Tribune's request, stating that the requested documents contain the personally identifiable information of students and are thereby protected by federal law. A lower federal court found that Illinois law required the documents to be released.The Depart of Justice has also filed a brief in support of student privacy in the case. For more information, see EPIC: Chicago Tribune v. University of Illinois and EPIC: Student Privacy.
  • High Court To Decide Major GPS Tracking Case » (Jun. 27, 2011)
    The Supreme Court will decide if warrantless locational tracking violates the Fourth Amendment. The Court granted review of a District of Columbia Circuit Court of Appeals opinion on two legal questions. The first is whether police need a warrant to monitor the movements of a car with a tracking device. The second is whether policy can legally install such a device without their target's consent, and without a valid warrant. EPIC previously filed an amicus brief in Commonwealth v. Connolly, a Massachusetts case which established that the state Constitution prohibited warrentless GPS tracking. The Massachusetts Supreme Judicial court imposed time limits on GPS monitoring, ruling that warrants will expire fifteen days after they are issued. For more information, see EPIC: US v. Jones and EPIC: Locational Privacy.
  • Supreme Court Strikes Down Prescription Privacy Law » (Jun. 23, 2011)
    In a 6-3 decision, the Supreme Court struck down Vermont's prescription privacy law. IMS Health, Inc. v. Sorrell held that the Vermont statute, which bars disclosure of prescription data for marketing purposes, violates data mining firms' free speech rights. Vermont "burdened a form of protected expression that it found too persuasive. At the same time, the State has left unburdened those speakers whose messages are in accord with its own views. This the State cannot do." the Court wrote. The Court suggested that a more privacy-protective statute might have withstood Constitutional scrutiny, writing "the State might have advanced its asserted privacy interest by allowing the information’s sale or disclosure in only a few narrow and well-justified circumstances. A statute of that type would present quite a different case than the one presented here." EPIC filed an amicus brief on behalf of 27 technical experts and legal scholars, as well as nine consumer and privacy groups, arguing that the privacy interest in safeguarding medical records is substantial and that the "de-identification" techniques adopted by data-mining firms do not protect patient privacy. For more information, see EPIC: IMS Health v. Sorrell.
  • Supreme Court to Hear Arguments in Medical Record Data-mining Case » (Apr. 25, 2011)
    Oral argument for IMS Health, Inc. v. Sorrell will take place in the Supreme Court on Tuesday, April 26, 2011. The case concerns a state privacy law that seeks to regulate data-mining of prescription records for commercial purposes. EPIC filed an amicus brief on behalf of 27 technical experts and legal scholars, as well as nine consumer and privacy groups, arguing that the privacy interest in safeguarding medical records is substantial and that the "de-identification" techniques adopted by data-mining firms do not protect patient privacy. For more information, see EPIC: IMS Health v. Sorrell.
  • Solicitor General to Supreme Court: Review GPS Tracking Cases » (Apr. 18, 2011)
    The Solicitor General filed a petition with the Supreme Court about the growing dispute in the federal courts over warrantless locational tracking. There is a split among the appellate court about GPS tracking by police agencies. The petition appeals a decision from the DC Circuit which held that the warrantless tracking of a motor vehicle violates the Constitutional right against unlawful searches. Earlier, EPIC filed an amicus brief in the Massachusetts Supreme Judicial Court case that also held that a warrant is required for the use of a GPS tracking device. For more information, see EPIC - Commonwealth v. Connolly and EPIC - Locational Privacy.
  • EPIC Champions Constitutional Right to Informational Privacy Before Third Circuit » (Apr. 14, 2011)
    EPIC has filed an amicus brief in the Third Circuit Court of Appeals in support of a Jane Doe police deputy, who is suing to recover monetary damages for privacy violations. A coworker captured semi-nude video footage without her consent during a mandatory decontamination shower at a local hospital. The footage was uploaded onto a government computer. EPIC argued in support of Doe that the case implicates "freedom, intimacy, autonomy, and human dignity," and urged the Federal appeals court to hold that the Sheriff's Department violated the Constitutional right to informational privacy. EPIC has filed similar briefs in other cases, including NASA v. Nelson, decided by the Supreme Court earlier this year. For more information, see EPIC: Doe v. Luzerne.
  • Supreme Court To Hear Arguments in ID Search Case » (Mar. 18, 2011)
    Oral argument for the Supreme Court case Tolentino v. New York will take place on Monday, March 21, 2011. The case concerns an unlawful police stop. Tolentino asserts that that police had no basis for pulling his car over and then running his license. EPIC has filed a "friend of the court" brief arguing that the Constitution protects individuals from suspicionless searches of government databases. For more information, see EPIC: Tolentino v. NY.
  • EPIC Files Amicus Brief on Risk of "Reidentification," Urges US Supreme Court to Uphold Vermont Privacy Law » (Feb. 28, 2011)
    EPIC has filed an amicus brief in Sorrell v. IMS Health, a case now before the US Supreme Court concerning a state privacy law that seeks to regulate datamining of prescription records for commercial purposes. Datamining companies have challenged the Vermont law, arguing that it violates the First Amendment and also that there is no privacy interest in the transfer of "deidentified" prescriber records. The EPIC brief, filed on behalf of 27 technical experts and legal scholars, as well as 9 consumer and privacy groups, argues that the privacy interest in safeguarding medical records is substantial and that the "deidentification" techniques adopted by data-mining firms do not protect patient privacy. EPIC's amicus brief for the lower appellate court was cited in the opinion of Judge Deborah Ann Livingston. As Judge Livingston explained, "neither appellants nor the majority advances any serious argument that the state does not have a legitimate and substantial interest in medical privacy . . . " For more information, see EPIC: IMS Health, Inc. v. Sorrell.
  • New Jersey Supreme Court Holds Expungement Statute Does Not Protect Private Facts in Defamation Case » (Jan. 31, 2011)
    In G.D. v. Kenny, a case raising both defamation and privacy tort claims, the Supreme Court of New Jersey has held that defendants are entitled to assert truth as a defense, even when the relevant facts are subject to an expungement order under a state statute. The Court relied on the fact that criminal conviction information is disseminated before the entry of an expungement judgement. In an amicus brief, EPIC had urged the New Jersey Supreme Court to preserve the value of expungement and further argued that data broker firms will make available inaccurate and incomplete information if expungement orders are not enforced by the state. The case may have implications for the "Right to be Forgotten." For more information, see EPIC - G.D. v. Kenny, EPIC - Expungement.
  • Supreme Court Affirms Right to Informational Privacy, But Says Privacy Act Safeguards Sufficient for NASA Records » (Jan. 19, 2011)
    The Supreme Court has issued a decision in NASA v. Nelson, a case brought by NASA scientists who argued that the government's invasive background checks violated the Constitution. The Supreme Court found that the inquiries implicate "a privacy interest of Constitutional significance" but that the requests were reasonable and that the information would be protected under the Privacy Act. Writing in concurrence, Justice Scalia said the Court's opinion "will dramatically increase the number of lawsuits claiming violations of the right to informational privacy." EPIC authored a amicus brief, cosigned by 27 technical experts and legal scholars, which highlighted problems with the Privacy Act, including the "routine use" exception, security breaches, and the agency's authority to carve out its own exceptions. For more information, see EPIC: NASA v. Nelson and EPIC: Workplace Privacy.  
  • Supreme Court Hears Oral Argument in "Personal Privacy" case » (Jan. 19, 2011)
    The Supreme Court heard oral argument in FCC v. AT&T. EPIC has filed a "friend of the court" brief in the case, which concerns the meaning of "personal privacy." EPIC urged the Justices to reject AT&T's claim that the corporation's "personal privacy" prevents the public disclosure of records subject to the Freedom of Information Act. EPIC cited the commonly understood meaning of "personal privacy" in the work of legal scholars and technical experts, as well as the use of these terms in an extensive survey of US privacy laws. The records at issue in the case pertain to contract work for the federal government. The Supreme Court agreed to review a lower court opinion which held that AT&T could assert a personal privacy interest. EPIC's brief argued that if upheld, the lower court's "interpretation of 'personal privacy' would stand as an outlier, untethered to common understanding, legal scholarship, technical methods, or privacy law." For more information, see EPIC: FCC v. AT&T.
  • EPIC Urges Supreme Court to Limit Police Access to Identity Documents » (Jan. 18, 2011)
    EPIC filed an amicus brief in Tolentino v. New York, a Supreme Court case concerning police access to government databases, enabled by patrol cars with Mobile Device Terminals. EPIC urged the Court to uphold Fourth Amendment protections for the Petitioner, who asserted that police had no basis for pulling him over and running his license. EPIC's brief states that "the risk is real that car stops will increasingly become pretextual because of the opportunity to search a government database for data unrelated to the reason that gave rise to the original stop." EPIC has filed briefs in related cases, including Hiibel v. Sixth Judicial District, in which the Supreme Court upheld, by a 5-4 margin, a state identification law because the individual did not have to produce his drivers license. In that case, Justice Stevens wrote "a name can provide the key to a broad array of information about the person, particularly in the hands of a police officer with access to a range of law enforcement databases." For more information, see EPIC: Tolentino v. NY, EPIC: Herring v. US, and EPIC: Drivers Privacy Protection Act.
  • EPIC Files Amicus Brief in Supreme Court Case on "Personal Privacy" » (Nov. 15, 2010)
    EPIC has filed a "friend of the court" brief in a case concerning the meaning of "personal privacy." EPIC urged the Justices to reject AT&T's claim that its "personal privacy" prevents the public disclosure of records subject to the Freedom of Information Act. EPIC cited the commonly understood meaning of "personal privacy" in the work of legal scholars and technical experts, as well as the use of these terms in an extensive survey of US privacy laws. The records at issue in the case pertain to contract work for the federal government. The Supreme Court agreed to review a lower court opinion which held that AT&T could assert a personal privacy interest. EPIC's brief argued that if upheld, the lower court's "interpretation of 'personal privacy' would stand as an outlier, untethered to common understanding, legal scholarship, technical methods, or privacy law." For more information, see EPIC: FCC v. AT&T.
  • In Open Government Case, Government Opposes "Personal Privacy" Rights for Corporations » (Nov. 9, 2010)
    The Solicitor General filed the government's brief in an important Supreme Court case that will determine if corporations have personal privacy rights in Freedom of Information Act cases. The Solicitor General is defending the FCC's decision to disclose records pertaining to an investigation concerning AT&T. AT&T challenged the agency and a federal appeals court sided with AT&T and held that the FOIA grants corporations personal privacy rights. In its brief, the Solicitor General argues that the opinion is "a singular outlier in an otherwise uniform body of more than 35 years of decisional law and commentary." EPIC will file an amicus brief in support of the FCC. For more information, see EPIC: FCC v. AT&T.
  • Supreme Court to Hear Arguments in NASA Privacy Case » (Oct. 4, 2010)
    On October 5, 2010 the Supreme Court will hear arguments in a case that will determine whether public contract employees have a right to limit the government's collection of their personal information. The case, NASA v. Nelson, was brought by a NASA scientist who argued that the Constitution grants a right to privacy from invasive government background checks. NASA claims that the Privacy Act provides sufficient legal protections. EPIC authored a "friend of the court" brief in the case, cosigned by 27 technical experts and legal scholars. EPIC's brief highlights exceptions in the Privacy Act, claimed by the federal agency, that place the scientists' personal information at risk. For more information, see EPIC: NASA v. Nelson and EPIC: Workplace Privacy.
  • Ninth Circuit Strips Search Guidelines from Fourth Amendment Opinion » (Sep. 15, 2010)
    A new opinion from the United States Court of Appeals for the Ninth Circuit raises many questions about procedures to be followed in electronic searches. Last year in United States v. Comprehensive Drug Testing, Inc., the court set out guidelines for electronic searches and seizures so that the "plain view" doctrine did not allow electronic fishing expeditions. The guidelines followed an approach that is routinely used for electronic surveillance. However, on rehearing the case following objections from government prosecutors, the court's new opinion removed the guidelines though it still concluded that the search at issue was impermissible. EPIC had argued in an amicus brief for the Supreme Court that the guidelines in Comprehensive Drug Testing should be broadly applied to searches of electronic media. For more information, see EPIC: City of Ontario v. Quon.
  • Appeals Court Protects Free Speech for Privacy Advocate » (Jul. 26, 2010)
    Privacy Advocate Betty Ostergren has won in federal appeals court in her challenge to a state law designed to prosecute her for drawing attention to the state's online publication of SSNs. In Ostergren v. Cuccinelli, the court ruled that the Commonwealth of Virginia may not prosecute Ostergren for publishing the SSNs of state officials available in public land records until the Commonwealth itself stops making these unredacted documents available. EPIC filed a "friend of the court" brief in support of Ostergen, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC Ostergren v. McDonnell, EPIC Social Security Numbers, and EPIC Identity Theft.
  • Supreme Court Permits Disclosure of Petitioner Signatures » (Jun. 24, 2010)
    The Supreme Court has held in Doe v. Reed that, as a general matter, the state's interest in ensuring election integrity outweighs the First Amendment interest of petitioner signatories. Chief Justice Roberts writing for the Court, said that disclosure of signatures under a state open records law "would not violate the First Amendment with respect to referendum petitions in general." However, the Court left open the possibility that the disclosure of names for a particular referendum could violate the First Amendment. Justice Thomas, writing in dissent, said that it was not necessary for the state to publish the names of those who sign petitions to ensure valid elections. He noted techniques that could protect privacy and safeguard election integrity. In a concurrence, Justice Alito warned that the state could obtain vast powers to collect and disclose personal information about those who engage in the petition process. Justices Breyer, Scalia, Sotomayor, and Stevens also filed concurrences. EPIC submitted an amicus brief in the case, arguing that "the privacy of petitioner signatories safeguards First Amendment interests and helps to ensure meaningful participation in the political process without fear of retribution." For more information see, EPIC - Doe v. Reed.
  • Supreme Court Rules Against Text Message Privacy, Permits Search of Public Employee's Pager » (Jun. 17, 2010)
    The Supreme Court has issued a ruling in City of Ontario v. Quon, a case concerning the reasonablenees of a search of a public employee's pager. EPIC filed a "friend of the court" brief in the case, arguing that data minimization practices should be followed for electronic searches, and that the search, which uncovered personal texts unrelated to the purpose of the search, was therefore unreasonable. EPIC urged the Supreme Court to apply the approach set out in Comprehensive Drug Testing v. United States, which allows a government agency to undertake appropriate searches without unnecessarily violating privacy interests. The Court ruled that the search was reasonable, reversing the Ninth Circuit's decision that such a search be conducted through the least intrusive means possible. For more information, see EPIC: City of Ontario v. Quon.
  • EPIC Urges Federal Court to Protect Individuals from Wiretap Abuse » (Apr. 30, 2010)
    EPIC filed a "friend of the court" brief, urging a federal appeals court to protect the privacy of innocent individuals who were inadvertently recorded on federal wiretaps. In SEC v. Rajaratnam, a trial court judge ordered disclosure of all wiretaps conducted in a criminal investigation, even though a court has yet to rule on the recordings' legality or relevance. EPIC noted that "hundreds of thousands of individuals are recorded on wiretaps every year," and "80% of those personal communications are wholly unrelated to criminal activity." For more information, see SEC v. Galleon and EPIC Wiretapping.
  • Supreme Court Hears Arguments in Text Messaging Case » (Apr. 20, 2010)
    The U.S. Supreme Court held arguments in City of Ontario v. Quon. The Court will determine whether a government employer can review the contents of private text messages sent from an employee's pager through a private communications company. EPIC filed a "friend of the court" brief arguing that data minimization practices should be applied to public sector searches and that the search was therefore unreasonable.  EPIC urged the court to apply the standards set out in Comprehensive Drug Testing v. United States, which allow a government agency to undertake appropriate searches without unnecessarily violating privacy interests. For more information, see EPIC: City of Ontario v. Quon.
  • Supreme Court to Hear Arguments in Text Messaging Privacy Case » (Apr. 15, 2010)
    The Supreme Court will hold oral arguments on Monday, April 19 in City of Ontario v. Quon, a case in which the Court will determine whether a government employer can search the content of text messages sent from an employee's pager. EPIC's has filed a "friend of the court" brief arguing that data minimization practices should be applied to public sector searches because of the Fourth Amendment reasonableness requirement and the fact that communications devices today collect and store detailed personal information, including internet search history, text messages, emails, and locational data.  EPIC urged the court to apply the standards set out in Comprehensive Drug Testing v. United States[4], which allow a government agency to undertake appropriate searches without unnecessarily violating privacy interests. For more information, see EPIC: City of Ontario v. Quon.
  • EPIC Files Supreme Court Brief for Petitioner Privacy » (Mar. 3, 2010)
    EPIC has filed a "friend of the court" brief in the United States Supreme Court, urging the Justices to protect the privacy of those who sign petitions. In Doe v. Reed, the Court has been asked to determine whether the state of Washington may force disclosure of the names of citizens who have signed petitions for ballot initiatives. EPIC's brief argues that revealing the names would subject signatories to the risk of retribution, that signing petitions constitutes anonymous speech, and that signing petitions is similar to casting a vote and should be protected accordingly. For more information, see EPIC Doe v. Reed.
  • Supreme Court to Hear Workplace Privacy Case, Rule on Safeguards for Text Messages » (Dec. 14, 2009)
    The Supreme Court agreed to hear a case that will determine what privacy safeguards apply to text messages transmitted through government employees' pagers. In City of Ontario v. Quon, a federal appeals courts held that California police officers "have a reasonable expectation of privacy" in some personal text messages sent while at work. The Supreme Court will review the ruling. For more, see EPIC Workplace Privacy.

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security