EPIC Alert 29.09 – September 30, 2022
- Top Updates
- Analysis From EPIC
- EPIC in the News
1. EPIC’s Fitzgerald Warns of ‘Data Privacy Crisis’ at FTC Rulemaking Forum
EPIC Deputy Director Caitriona Fitzgerald spoke as an invited panelist as part of the Federal Trade Commission’s recently announced rulemaking on commercial surveillance and data security, explaining that the best way the FTC “can rein in commercial surveillance under current law is to use [its] section 5 authority to issue an unfairness rule that limits wide scale tracking and profiling of consumers.”
2. EPIC Holds 2022 Champions of Freedom Awards
EPIC held the 2022 Champions of Freedom Awards ceremony on September 21st, honoring D.C. Attorney General Karl Racine, Rep. Yvette Clarke (NY-9), Dr. John Abowd, Dr. Safiya Noble, and Professor Sherry Turkle.
3. EPIC Hosts Scored and Screened in D.C. Panel
EPIC hosted a launch panel for its Scored and Screened in D.C. report, which catalogs and analyzes the use of automated decision-making systems throughout the District of Columbia. The report will be released in late October and will be distributed via the EPIC Alert.
Analysis From EPIC
The Rise of Chinese Surveillance Technology in Africa: Personal Data Vulnerabilities in Africa
In the fifth of his six-part blog post series, EPIC Scholar-in-Residence Bulelani Jili provides an overview of a few digital initiatives that have widened the range of personal data collected by African states. He argues that researchers should not make China into a unique bad-faith actor and should widen their attention to examine how resources are leveraged by local African actors to establish surveillance and administrative tools.
AI & Human Rights
EPIC submitted feedback to the National Institute of Standards and Technology to inform the development of an AI Risk Management Framework that will assist companies in developing, deploying, and evaluating trustworthy AI systems. EPIC urged NIST to (1) prioritize meaningful accountability mechanisms that keep companies honest, (2) incorporate additional protections for those impacted by high-risk AI practices, and (3) provide clear examples of recommended practices that help companies comply with the Framework.
EPIC urged the DC Council Committee on Government Operations and Facilities to pass the Stop Discrimination of Algorithms Act. The bill prohibits algorithmic eligibility or information delivery determinations based on a protected class that segregates, discriminates against, or otherwise makes important life opportunities unavailable to an individual or class of individuals.
EPIC hosted a launch panel for its Scored and Screened in D.C. report, which catalogs and analyzes the use of automated decision-making systems throughout the District of Columbia. The panel was moderated by EPIC Scholar-in-Residence Virginia Eubanks and featured panelists from the National Fair Housing Alliance, Upturn, the Center for Law and Social Policy, and EPIC. The report will be released in late October.
In an opinion published in Rodriguez v. Massachusetts Parole Board, the Massachusetts Supreme Judicial Court declined to decide whether the Parole Board’s use of a risk-assessment instrument violated a parole applicant’s constitutional rights. The Court avoided answering this question by adopting an extremely deferential stance: the Court has jurisdiction to review whether certain factors about the applicant were considered but no jurisdiction to review how those factors were considered.
EPIC Urges Interagency Body to Center Privacy, Human Rights in Federal Research on AI Image Analysis
EPIC urged the Networking and Information Technology Research and Development program to center privacy and human rights in its revised plan for federal research on AI-powered image analysis. “EPIC supports the continuing development of a coordinated federal strategy for [image analytics] R&D, but the uniformity imposed across agencies must include a robust privacy and human rights framework,” EPIC wrote.
EPIC and the National Consumer Law Center filed an amicus brief in Trim v. Reward Zone USA LLC, arguing that Reward Zone violated the Telephone Consumer Protection Act if its dialing system used a number generator to mass dial people without consent—even if Reward Zone called telephone numbers from a stored list.
EPIC and the National Consumer Law Center urged the Federal Communications Commission to more aggressively protect phone subscribers from scam robocalls, which account for billions of dollars in consumer losses every month. The organizations emphasized that there are demonstrably effective tools currently available to assist with this goal, yet phone service providers refrain from using them and continue to transmit scam robocalls because the Commission has not made it unprofitable for providers to change their behavior.
During a public forum that was part of the Federal Trade Commission’s recently announced rulemaking on commercial surveillance and data security, EPIC Deputy Director Caitriona Fitzgerald explained that the best way the FTC “can rein in commercial surveillance under current law is to use [its] section 5 authority to issue an unfairness rule that limits wide scale tracking and profiling of consumers.” Later in the event, EPIC Director of Litigation John Davisson underscored that today’s commercial surveillance practices are exactly the type of threat to the public that Congress intended the FTC to address through rulemaking. Calli Schroeder, EPIC Global Privacy Counsel, emphasized the importance of pairing the FTC’s forthcoming rules with robust enforcement.
A Government Accountability Office report, prepared in consultation with privacy experts including EPIC Senior Counsel John Davisson, canvassed 24 federal government agencies and found that most have failed to fully implement statutory privacy requirements. The GAO recommended that Congress consider legislation to designate a senior privacy official at agencies and give that individual sufficient authority to ensure privacy requirements are implemented.
Report: DOD Agencies Provided Access to “Petabytes” of Data, Including Internet Browsing and Email Data, via Data Broker Mass Monitoring Tool
In a letter to the Department of Defense, Department of Homeland Security, and Department of Justice Inspectors General, Sen. Ron Wyden revealed that the Naval Criminal Investigative Service has purchased a subscription to Augury, a service that provides access to internet browsing and email data “from over 550 collection points worldwide” and “is updated with at least 100 billion new records each day.”
Rep. Ted Lieu (D-CA), along with Rep. Yvette Clark (D-NY), introduced legislation to limit law enforcement use of face recognition tools. The Facial Recognition Act would require law enforcement agencies to obtain a warrant before conducting face recognition searches and would narrow the circumstances in which law enforcement may use face recognition technology. The Facial Recognition Act would also create transparency and reliability requirements, including through public audits and annual accuracy and bias reviews.
Indonesia’s parliament has passed a new personal data protection law after a series of data leaks and breaches, becoming the fifth Southeast Asian country to pass a data protection law. The law carries heavy penalties for data misuse or leaks, including up to 5 years of jail time and 2% of a company’s annual revenue.
The Government Accountability Office released a snapshot of its recent work on consumer data, showing that (1) consumer scores pose risks; (2) facial recognition technology raises consumer privacy and accuracy concerns; and (3) additional federal authority over internet privacy could enhance consumer protection.
EPIC, EFF, & NACDL Amicus Brief Urges NJ Court to Recognize Right to Discovery on Facial Recognition Used to Identify Defendant
EPIC filed an amicus brief in New Jersey v. Arteaga supporting the defendant’s right to know the details of how he was identified by a facial recognition system. The brief argues that discovery is necessary because the risk of misidentification from a facial recognition system is unique to each search and varies greatly based on the system used, the database searched, the quality of the photograph submitted, and the demographics of the individual potentially misidentified.
In a letter to Customs and Border Patrol Commissioner Chris Magnus, Sen. Ron Wyden revealed that CBP has compiled a massive amount of travelers’ data through the searches of cellphones, iPads, and computers seized from travelers at U.S. airports, seaports, and border crossings. According to the letter, CBP officials are adding data from as many as 10,000 electronic devices a year to the database, which is accessible to at least 2,700 CBP officers without a warrant.
In a letter to Immigration and Customs Enforcement’s Acting Director, Tae D. Johnson, Senators Ed Markey and Ron Wyden “urge[d] [ICE] to end its use of technologies and surveillance tactics that threaten the privacy rights of individuals all across the United States.” EPIC recently published a report, DHS’s Data Reservoir, which analyzes the ways that the Department of Homeland Security, in particular CBP and ICE, collects and circulates location data.
EPIC in the News
- Axios: FTC considers strengthening its consent decree security hammer
- Dallas Morning News: Tracked: How Colleges Use AI To Monitor Student Protests
- The Register: US border cops harvest info from citizens’ phones, build massive database
- ABC News: Twitter whistleblower alleges user data vulnerable to foreign adversaries
- WIRED: The FTC Is Closing In on Runaway AI
- Bloomberg Law: Data-Driven Online Ads Enter Spotlight as FTC Moves Toward Rules
- Bloomberg Government: NFL Fears ‘Nefarious’ Drones, Seeks Law to Thwart Stadium Risks
- Law360: FTC’s Broad Privacy Rulemaking Faces Bumpy Path Forward
- Forbes: Israeli Facial Recognition Once Did Border Checks In The West Bank. Now It Snoops On Casinos Across America