Blog Post

  • Data Minimization: Limiting the Scope of Permissible Data Uses to Protect Consumers

    This is the second in a series of blog posts about EPIC’s proposal for a data minimization standard to limit commercial surveillance and protect consumer privacy.

    • Consumer Privacy

    • Data Brokers

    • Data Protection

    • Analysis

  • New ICE Privacy Impact Assessment Shows All the Way the Agency Fails to Protect Immigrants’ Privacy

    ICE finally published a Privacy Impact Assessment for its massive Alternatives to Detention program surveilling immigrants waiting for court dates. Despite being 20 years late, the document fails to account for most of the harms of ICE surveillance and is already outdated.

    • Surveillance Oversight

    • Traveler Screening & Border Surveillance

    • Analysis

  • Data Minimization: Centering Reasonable Consumer Expectation in the FTC’s Commercial Surveillance Rulemaking

    We face a data privacy crisis in the United States. Unrestricted data collection has eroded consumer privacy.

    • Consumer Privacy

    • Data Brokers

    • Analysis

  • Framing the Risk Management Framework: Actionable Instructions by NIST in The “Measure” Section of the AI RMF

    The Measure Function of the A.I. Risk Management Framework urges companies to build and deploy carefully, centering human experience and a myriad of impact points including environmental and impact on civil liberties and rights. Particularly, it calls for regular testing on validity, reliability, transparency, accountability, safety, security, and fairness. 

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Analysis

  • Framing the Risk Management Framework: Actionable Instructions by NIST in the “Map” section of the RMF

    The Map Function of the A.I. Risk Management Framework urges companies to document every step of the A.I. development lifecycle, from identifying use cases, benefits, and risks to building interdisciplinary teams and testing methods. However, it goes further: the A.I. Risk Management Framework also pushes companies to consider the broader contexts and impacts of their A.I. systems—and resolve conflicts that may arise between different documented methods, uses, and impacts. Notably, the Map Function recommends (1) pursuing non-A.I. and non-technological solutions when they are more trustworthy than an A.I. system would be and (2) decommissioning or stopping deployment of A.I. systems when they exceed an organization’s maximum risk tolerance. The Map Function also includes recommendations for instituting and clearly documenting procedures for engaging with internal and external stakeholders for feedback.

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Analysis

  • Framing the Risk Management Framework: Actionable Instructions by NIST in their “Manage” Section

    use of A.I. systems. The core of the framework are recommendations divided into four overarching functions: (1) Govern, which covers overarching policy decisions and organizational culture around A.I. development; (2) Map, which covers efforts to contextualize A.I. risks and potential benefits; (3) Measure, which covers efforts to assess and quantify A.I. risks; and (4) Manage, which covers the active steps an organization should take to mitigate risks and prioritize elements of trustworthy A.I. systems.

    • AI in the Criminal Justice System

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Commercial AI Use

    • Government AI Use

    • Screening & Scoring

    • Analysis

  • Framing the Risk Management Framework: Actionable Instructions by NIST in their “Govern” Section

    If you’ve had trouble following the different laws and frameworks proposed as ways to regulate A.I. systems, you’re not alone. From the White House’s Blueprint for an A.I. Bill of Rights and the National Institute of Standards and Technology’s (NIST’s) A.I. Risk Management Framework to the OECD’s Principles on Artificial Intelligence and state laws like New York’s Local Law 144, the last few years have seen numerous attempts to solidify a framework for regulating A.I. systems

    • Analysis

  • What the FCC’s Safe Connections Rule Must Get Right to Support Survivors of Domestic Violence

    The FCC's Safe Connections Rule must prioritize maximizing survivor self-determination, maximizing program utilization, and protecting privacy through data minimization.

    • Communications Privacy

    • Consumer Privacy

    • Analysis

  • Celebrating Sunshine Week with Some EPIC Open Government Wins

    On Freedom of Information Day, which coincides with Sunshine Week and James Madison's birthday, EPIC is highlighting some open government wins from the past year.

    • Access to Information

    • Democracy & Free Speech

    • Freedom of Information Act

    • Open Government

    • Analysis

  • Reforming 702: Ensure Meaningful Avenues for Judicial Redress

    Throughout the history of Section 702, there has been a severe lack of judicial review and accountability, whether in criminal or civil proceedings, despite FISA’s express provision of such remedies. This lack of robust judicial review leaves us all worse off, with no opportunity to challenge the lawfulness of these programs and remedy surveillance harms.

    • Intelligence Surveillance

    • Surveillance Oversight

    • Analysis