EPIC Alert 30.04 – April 30, 2023
- Top Updates
- Analysis From EPIC
- EPIC in the News
1. EPIC Files Brief Supporting Class Fight Against Mass Surveillance of Money Transfer Customers
EPIC filed an amicus brief in Sequiera v. Department of Homeland Security, et al., in which targets of a mass surveillance program are suing money transfer companies and federal agencies for illegally sharing their financial records.
2. EPIC Commends FTC’s BetterHelp Health Data Settlement
In comments to the Federal Trade Commission, EPIC commended the agency for taking enforcement action against online counseling company BetterHelp for unfair and deceptive trade practices involving health data.
3. EPIC and ACLU Urge NIST to Advance Privacy in Digital Identity Guidelines
EPIC and the ACLU submitted comments urging the National Institute of Standards and Technology to update its draft guidelines to further reduce the collection of biometric information and Social Security Numbers, limit the use of potentially harmful fraud prevention tools, and more.
Analysis From EPIC
Full of Holes: Federal Law Leaves Americans’ Personal Data Exposed
On April 27th, the U.S. House Energy & Commerce Subcommittee on Innovation, Data, and Commerce held a hearing on how a federal privacy law would fill gaps to protect Americans’ personal information. In this blog post, EPIC Deputy Director Caitriona Fitzgerald and EPIC Law Fellow Suzy Bernstein explain what those gaps are and illustrate why existing sectoral privacy laws, like HIPAA and FERPA, leave most of Americans’ personal data exposed. They conclude by emphasizing that privacy is a fundamental right and that it is long past time for Congress to enact comprehensive privacy legislation.
More EPIC Analysis
New ICE Privacy Impact Assessment Shows All the Ways the Agency Fails to Protect Immigrants’ Privacy
Jake Wiener, Counsel
Data Minimization: Centering Reasonable Consumer Expectation in the FTC’s Commercial Surveillance Rulemaking
Suzy Bernstein, Law Fellow
“Framing the Risk Management Framework” Part 3: Actionable Instructions by NIST in the “Map” section of the RMF
Grant Fergusson, Equal Justice Works Fellow
“Framing the Risk Management Framework” Part 4: Actionable Instructions by NIST in The “Measure” Section of the AI RMF
Ben Winters, Senior Counsel
AI & Human Rights
The heads of the Federal Trade Commission, Consumer Financial Protection Bureau, Department of Justice Civil Rights Division, and Equal Employment Opportunity Commission have released a joint statement on enforcement efforts against discrimination and bias in automated systems, noting that “Existing legal authorities apply to the use of automated systems and innovative new technologies just as they apply to other practices.”
EPIC Recommends ACUS Consider Administrative Burdens Exacerbated By Scoring and Screening Tools, Recommend Transparency
In comments submitted to the Administrative Conference of the United States regarding Identifying and Reducing Administrative Burdens, EPIC recommended the agency consider how automated decision-making systems are often adopted to reduce barriers on their face, but end up inflicting additional harms. EPIC also urged the agency to consider and recommend transparency and accountability mechanisms in order to facilitate more trustworthy delivery of government services.
In comments to the Federal Trade Commission, EPIC commended the agency for taking enforcement action against online counseling company BetterHelp for unfair and deceptive trade practices involving health data. In addition to prohibiting the disclosure of treatment information to third parties for many purposes, including advertising, EPIC applauded the FTC for barring BetterHelp from misrepresenting its data collection and use practices.
In comments to the National Institute of Standards and Technology, EPIC and the ACLU urged the standards-setting agency to update its draft guidelines to further reduce the collection of biometric information and Social Security Numbers, limit the use of potentially harmful fraud prevention tools, and more. As federal agencies consult the draft guidelines when designing identity verification systems, EPIC aims to protect people interacting with the government by pushing for the most privacy-protective standards for digital identity.
EPIC, Coalition Urge FCC to Combat Stalkerware and Police Misuse of Survivor Data in Safe Connections Rulemaking
EPIC, the National Network to End Domestic Violence, and a coalition of survivor advocacy and direct service organizations filed comments to the Federal Communications Commission regarding its implementation of the Safe Connections Act of 2022, which seeks to help survivors of domestic violence separate their phone line from a shared account with an abuser, protect the privacy of calls with hotlines and shelters, and support survivors experiencing financial hardship through affordability programs.
EPIC submitted comments to the White House Office of Science and Technology Policy, providing resources to assist in fulfilling the aims of the “Advancing Effective, Accountable Policing and Criminal Justice Practices to Enhance Public Trust and Public Safety” Executive Order. EPIC urged the OSTP to consider that data transfers between agencies are not necessarily safe or helpful, especially for vulnerable individuals and marginalized communities, and recommended that privacy-enhancing technologies such as differential privacy be employed as minimum safeguards.
The Washington State Legislature recently finalized passage of the My Health My Data Act, the first state-level health data bill of its kind in the U.S. The MHMDA includes several strong provisions to protect consumer health data. Its passage echoes recent momentum concerning the protection of personal health data, including FTC enforcement actions and proposed legislation addressing health data security and privacy issues beyond the scope of HIPAA.
EPIC, Coalition Urge Congress to Eliminate Funding for Failed “Countering Violent Extremism” Program
In a letter to the House and Senate Appropriations Committees, EPIC and a coalition of 40 advocacy groups called on Congress to stop funding the Department of Homeland Security’s Targeted Violence and Terrorism Prevention Grants Program. The letter notes that the program has “a long history of targeting Americans based on religion, mental health, political beliefs, and innocuous behavior,” thereby “actively undermining civil rights, civil liberties, and privacy.”
EPIC recently filed an amicus brief in Sequiera v. Department of Homeland Security, et al., in which targets of a mass surveillance program are suing money transfer companies and federal agencies for illegally sharing their financial records. In particular, EPIC’s brief pushed back against the defendants’ arguments that, unlike bank customers, customers of money transfer companies have no right to privacy under the Right to Financial Privacy Act.
EPIC and a coalition of civil rights organizations have requested that the New York City Council hold a hearing on the NYPD’s noncompliance with the POST Act, which requires the police to publish documents explaining their use of surveillance technologies, accept public comments about them, and provide a final surveillance impact and use policy to the public. This follows the NYPD’s recent introduction of three new policing technologies, including the Digidog, a remote-controlled robot dog, and Knightscope’s K5, an autonomous surveillance robot.
In comments to U.S. Customs and Border Protection, EPIC and a coalition opposed a new rule that would require airlines to collect images of travel documents like passports and more information from passengers before they depart for the United States. As the comments note, the information collected is unlikely to help CBP enforce border security but would undermine the status of airlines as common carriers who cannot deny people access to travel.
EPIC in the News
- Quartz: Elon Musk is courting fresh FTC scrutiny with his latest Twitter fiasco
- Rolling Stone: Law-Enforcement Agencies Have Sent 35 Warnings About This Movie
- The Drum: As European data authorities scrutinize ChatGPT, experts see AI regulation on the horizon
- WhoWhatWhy: Telecom Companies Want to Keep Phoning It in on Data Security
- CSO: Battle could be brewing over new FCC data breach reporting rules
- The Pitt News: Biden administration official talks AI accountability procedures at Pitt panel
- Engadget: The dos and don’ts of location sharing
- MIT Technology Review: AI might not steal your job, but it could change it
- The Markup: It Takes a Small Miracle to Learn Basic Facts About Government Algorithms