Analysis

  • Here Comes the Sun(shine Week): Celebrating Some EPIC Open Government Wins

    In celebration of Sunshine Week, EPIC is highlighting some open government successes from the past year.

    • Access to Information

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Democracy & Free Speech

    • Freedom of Information Act

    • Government AI Use

    • Government Databases

    • Intelligence Surveillance

    • Open Government

    • Privacy Impact Assessments

    • Surveillance Oversight

    • Analysis

  • Overview of EPIC’s Comments to DOJ and DHS on the use of facial recognition, other technologies using biometric information, and predictive algorithms.

    EPIC submitted comments in response to DOJ and DHS’ Request for Written Submissions on Sec. 13e of Executive Order 14074 urging DOJ and DHS to center vulnerable communities as the agencies craft new guidance for law enforcement on certain advanced technologies. The proposed guidance will cover use of facial recognition, predictive policing technologies, social media surveillance tools, and DNA analysis. DOJ and DHS have a long and historied pattern of misuse and abuse of surveillance tools.

    • Face Surveillance & Biometrics

    • Intelligence Surveillance

    • Privacy in Public

    • Surveillance Oversight

    • Analysis

  • Four Key Takeaways from the Moody v. NetChoice and NetChoice v. Paxton Oral Arguments

    In one of the most important internet regulation cases in recent memory, Supreme Court justices had a lot of questions for all the parties involved. Here are four takeaways (plus a few bonus quick hits) about how the oral arguments went.

    • Analysis

  • Summary: What does the European Union Artificial Intelligence Act Actually Say?

    Covering everything from ChatGPT to the systems used to build freight truck cabins, the European Union’s Proposed Artificial Intelligence Act (“AI Act” or “the Act”) is a piece of tech legislation rivaled only in scope by the GDPR. The sweeping harms-based structure categorizes artificial intelligence systems by preconceived risks to fundamental rights, public safety, and public health (prohibited, high-risk, and low or no-risk systems).

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Data Protection

    • International Privacy

    • International Privacy Laws

    • Privacy Laws

    • Analysis

  • FTC’s Strong Rite Aid Enforcement Order Is a Warning to Companies Using Biometric AI Systems

    In December, the Federal Trade Commission announced a settlement with Rite Aid over the pharmacy’s discriminatory use of facial recognition technology in its stores. Between 2012 and 2020, Rite Aid deployed facial recognition surveillance systems to identify individuals who may be shoplifting—yet did so without assessing the accuracy or bias of the technology. Rite Aid also used facial recognition technology disproportionately in stores in plurality non-white neighborhoods.

    • AI Policy

    • Artificial Intelligence and Human Rights

    • Commercial AI Use

    • Consumer Privacy

    • Analysis

  • DHS Disregards Internal Policies and Avoids Fourth Amendment Protections to Track Your Location

    The Department of Homeland Security’s Office of the Inspector General (OIG) published a report on DHS’ use of Commercial Telemetry Data (CTD). CTD, in brief, is data collected from mobile devices by private entities that can form a detailed timeline of the device’s location over the period of time contained in the dataset. The OIG report found that Customs and Border Patrol (CBP), Immigration and Customs Enforcement (ICE), and the United States Secret Service (USSS) bought and used CTD in violation of their own meager internal privacy policies.

    • Intelligence Surveillance

    • Surveillance Oversight

    • Analysis

  • Google’s Location Data Policy Update: Why Users Need More Than Pinkie Promises to Protect Their Most Sensitive Information

    While Google's location data policy change seems like a promising step in the right direction, we should be mindful of Google’s long history of failing to uphold its privacy obligations and vigilant in monitoring the company's follow-through on its commitments.

    • Consumer Privacy

    • Data Protection

    • Location Tracking

    • Analysis

  • Assessing the Field of Section 702 Reform (and Anti-Reform) Bills

    As 2023 comes to a close, the debate over reauthorizing Section 702 remains heated. However, because of Congress’s disappointing and unnecessary “temporary” extension of Section 702 as part of the National Defense Reauthorization Act (NDAA), there is likely to be no further movement on the reform debate until early 2024—that is, if the administration does not get a new, year-long certification further punting reform debates into 2025. Ahead of further debate, EPIC assesses the current proposals for reauthorizing Section 702.

    • FISA Section 702

    • Intelligence Surveillance

    • Surveillance Oversight

    • Analysis

  • How the FCC’s Voluntary Nutrition Label Program Could Equip Consumers to Shop for Secure Connected Devices

    The FCC's Cybersecurity labels for the Internet of Things (IoT) should be dual-layered, should be accompanied by robust enforcement, and should not serve as a safe harbor for cybersecurity deficiencies.

    • Communications Privacy

    • Consumer Privacy

    • Cybersecurity

    • Data Protection

    • Health Privacy

    • Location Tracking

    • Analysis

  • Assessing the Assessments: Comparing Risk Assessment Requirements Around the World

    As part of EPIC’s project Assessing the Assessments: Maximizing the Effectiveness of Algorithmic & Privacy Risk Assessments, we have taken stock of impact assessment requirements on the state, federal, and international levels. The chart below breaks down various state laws, executive orders, proposed laws, and international directives and laws that require impact assessments and compares their requirements.

    • Artificial Intelligence and Human Rights

    • Analysis