EPIC Alert 29.10 – October 31, 2022
- Top Updates
- In Memoriam
- New Report: Screened & Scored in D.C.
- Analysis From EPIC
- EPIC in the News
1. EPIC Joins Brennan Center, Others Urging Supreme Court to Allow Lawsuits by Unconstitutionally Surveilled Citizens
EPIC joined an amicus brief filed before the Supreme Court in the case Wikimedia v. NSA, which could determine whether people subjected to unlawful surveillance are permitted to challenge that surveillance in court.
2. President Biden Signs Executive Order Creating New Safeguards for U.S. Surveillance Programs
President Biden signed an Executive Order outlining the steps the U.S. government will take to implement the new EU-U.S. Data Privacy Framework and imposing new limitations on U.S. surveillance programs. While it is an improvement from the prior privacy framework, EPIC Executive Director Alan Butler points out that “the Administration must ensure that existing barriers to redress—such as notice, excessive secrecy, and undue deference to national security authorities—do not continue to stymie independent, meaningful efforts to vindicate privacy rights.”
3. White House Releases Long-Awaited “AI Bill of Rights” Document
The White House Office of Science and Technology Policy released a “Blueprint” for an “AI Bill of Rights,” stating that “Designers, developers, and deployers of automated systems should take proactive and continuous measures to protect individuals and communities from algorithmic discrimination.”
This month at EPIC, we honor the memory of a privacy champion and long time member of the EPIC Advisory Board, David Flaherty. David was a pioneer of international data protection law in Canada and a global leader in the privacy field. He served as the first Information and Privacy Commissioner for the Province of British Columbia, where he wrote 320 Orders under the B.C. Freedom of Information and Protection of Privacy Act and pioneered the development of Privacy Impact Assessments and site visits as forms of privacy compliance auditing.
We are honored that David brought his expertise to EPIC as an invaluable member of the Advisory Board, a generous supporter, and a dear friend. He strongly encouraged the participation of NGOs in international meetings of privacy officials and launched EPIC’s work on international law and comparative privacy law. David received EPIC’s Lifetime Achievement Award at the 2013 Champions of Freedom Awards dinner. We are honored to have been able to celebrate his amazing work and advocacy on privacy protection and will miss him dearly. You can read more about David’s impressive body of work here.
New Report: Screened & Scored in D.C.
Today, EPIC released Screened and Scored in DC, a report about the automated decision-making systems used in Washington D.C. The report, written with Scholar-in-Residence Virginia Eubanks, takes a bird’s-eye-view of the widespread use of automated decision-making systems by the D.C. government, many of which are third-party systems.
The report includes:
• Key details of 29 automated decision-making systems in 20 agencies around D.C.;
• Vignettes based on real stories that illustrate the ways automated decision-making systems impact district residents;
• Documents detailing the use of a “fraud prediction” software from a huge data broker that tracks and scores public benefit recipients;
• Explanations of how predictive systems threaten long-held rights to travel and a fair hearing; and
• Advice to individuals affected by these systems and lawmakers to improve the status quo.
The report explains the problems that the use of some of these systems present, articulates examples of algorithmic harm felt by District residents, and presents policy recommendations and resources for affected D.C. residents among others.
Read the report here.
Analysis From EPIC
What’s in a name? A survey of strong regulatory definitions of automated decision-making systems
There is no consensus definition of automated decision-making and artificial intelligence, but with regulation and enforcement of AI starting to take shape, it is essential that we understand and build common definition(s) that can protect individuals today and in the future. In this blog post, EPIC Counsel Ben Winters provides an overview of different types of definitions of automated decision-making systems proposed by scholars and government entities, illustrating the variance in approaches to regulating AI and automated decision-making systems.
The Rise of Chinese Surveillance Technology in Africa: Regulatory Responses to the Spread of Surveillance Tools in Africa
In the final installment of his six-part blog post series, EPIC Scholar-in-Residence Bulelani Jili examines why local African elites are interested in procuring Chinese surveillance tools, despite there being no robust empirical evidence that the adoption of these tools results in the reduction of crime. In addition to analyzing the hidden costs of adopting these digital surveillance tools, he lays out several steps for African governments to mitigate further threats and harms.
AI Bill of Rights Provides Actionable Instructions for Companies, Agencies, and Legislators
In this blog post, EPIC Counsel Ben Winters summarizes the White House Office of Science and Technology Policy’s expectations for how people should be able to experience automated decision-making systems and how entities should act when developing and using automated decision-making systems, as outlined in the newly-released “Blueprint” for an “AI Bill of Rights.”
AI & Human Rights
The White House Office of Science and Technology Policy released a “Blueprint” for an “AI Bill of Rights,” stating that “Designers, developers, and deployers of automated systems should take proactive and continuous measures to protect individuals and communities from algorithmic discrimination.” While this is a significant step, EPIC Executive Director Alan Butler emphasized that the White House “must [now] build the framework to ensure that these principles are put into practice. The Administration must also ensure that systems used by the federal government meet the goals set out in [the] Blueprint.”
EPIC regularly provides comments to the Office of Science and Technology Policy and co-hosted a panel event as part of the Bill of Rights for an Automated Society event series in November 2021.
The Federal Communications Commission recently announced the removal of seven voice providers from the FCC’s Robocall Mitigation Database for failing to file key documentation with the Commission. Although EPIC and others have called attention to similar certification problems, one-off enforcement actions against a small number of deficient providers will not meaningfully impact the billions of illegal robocalls sent to American phones every month. EPIC will continue to advocate for the Commission to use its unique regulatory authority to establish systemic protections for consumers from these illegal calls.
The Consumer Financial Protection Bureau has launched a rulemaking under the Dodd-Frank Act to “strengthen consumers’ access to and control over their financial data.” The rulemaking will establish data portability and access rights and facilitate consumers’ ability to switch between financial products and services. Notably, the CFPB is considering proposals that reflect the principle of data minimization, which EPIC has repeatedly called for as a basis for strong privacy regulations.
While speaking at the Center for Technology, Innovation & Competition, Federal Communications Commission Commissioner Geoffrey Starks called on broadcasters to minimize the personal data they collect from individuals and suggested the Commission might step in as a regulator. Starks stressed the need to focus on data minimization, secondary uses of data, and targeted advertising in the broadcast industry, saying “We have a unique opportunity to get ahead of this, to make sure that broadcasters are good actors in the market from the start instead of racing to unwind any privacy harms—ex ante, not ex post.”
President Biden signed an Executive Order outlining the steps the U.S. government will take to implement the new EU-U.S. Data Privacy Framework and placing new requirements on the collection and handling of personal information by U.S. intelligence agencies, creating a new redress mechanism for EU residents. While it is an improvement from the prior privacy framework, EPIC Executive Director Alan Butler points out that “the Administration must ensure that existing barriers to redress—such as notice, excessive secrecy, and undue deference to national security authorities—do not continue to stymie independent, meaningful efforts to vindicate privacy rights.”
EPIC Joins Brennan Center, Others Urging Supreme Court to Allow Lawsuits by Unconstitutionally Surveilled Citizens
EPIC joined an amicus brief filed before the Supreme Court in the case Wikimedia v. NSA, which could determine whether people subjected to unlawful surveillance are permitted to challenge that surveillance in court. The brief argues that permitting courts to dismiss valid mass surveillance claims because the government says it will need to disclose state secrets in its defense will allow every case to be dismissed on these grounds, leaving plaintiffs functionally unable to combat government mass surveillance.
A report from the Department of Justice Inspector General revealed that the FBI conducted queries of data collected under foreign intelligence surveillance authorities that oversight officials within the DOJ believed were not permissible. According to the report, the FBI’s Office of the General Counsel and the DOJ’s National Security Division often disagreed over basic definitions under the Foreign Intelligence Surveillance Act, and poor communication between the two agencies also resulted in substantial delays in reporting noncompliance to the Foreign Intelligence Surveillance Court.
EPIC in the News
- Business Insider: Pressure mounts for regulators to investigate TikTok over potential ‘Big Brother-type surveillance’ after reports of plans to track Americans’ locations
- The Washington Post: The FTC is doing more to protect data, but to some it’s still not enough
- Forbes: TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens
- Marketplace: Can your workplace store your fingerprint or facial scan data?
- Teen Vogue: Remote Proctoring Services Are Facing Legal, Legislative Challenges
- Gizmodo: Is Every Website That Plays Videos Breaking An ’80s Privacy Law?
- Motherboard: Police Are Using DNA to Generate 3D Images of Suspects They’ve Never Seen
- Protocol: The White House can build on its AI Bill of Rights blueprint today
- The New York Times: Whatever Happened to Those Self-Service Passport Kiosks at Airports?
- NBC: Cookies might not be tracking you, but some of your favorite brands are