EPIC Alert 30.06 – June 30, 2023
- Top Updates
- 2023 Champions of Freedom Awards
- Analysis From EPIC
- EPIC in the News
1. ODNI Releases Partially Declassified Report on Data Purchases in Response to EPIC FOIA
In response to a Freedom of Information Act submitted by EPIC, the Office of the Director of National Intelligence released a partially declassified report that reveals alarming details about the intelligence community’s purchase of Americans’ sensitive information.
2. NJ Court Says Defendant Entitled to Detailed Discovery on the Facial Recognition Search that Identified Him
The Superior Court of New Jersey relied on arguments in EPIC’s amicus brief in a ruling that represents a win for oversight of facial recognition technologies.
3. EPIC Urges First Circuit to Recognize Legality of State Voter Privacy Law
EPIC filed an amicus brief in Public Interest Legal Foundation v. Bellows urging the First Circuit to recognize the legality of a Maine voter privacy law.
2023 EPIC Champions of Freedom Awards
Save the date!
We are excited to announce that the 2023 EPIC Champions of Freedom Awards will be held on Wednesday, September 20, from 7 PM – 10 PM at District Winery in Washington, D.C.! The theme of this year’s ceremony is “Envisioning a Better Future for the Internet” because EPIC knows a better future is possible and is committed to doing the work to get us there. More details about the event, including our slate of amazing awardees, will be announced soon.
In the meantime, please consider supporting EPIC’s important work by sponsoring the dinner here, or by making a general donation here. EPIC has a strict independence policy and does not accept contributions from corporations or government entities, so our success depends entirely upon the generous support of donors like you.
Analysis From EPIC
It Will Take More than Reforming Section 702 to Rein in Warrantless Government Surveillance
As the debate over the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act revs up, Congress has already recognized that the Administration’s calls for a clean authorization are a “nonstarter.” However, this year’s debate over the reauthorization of Section 702 is a key opportunity for Congress to reform national security surveillance beyond the Section 702 framework, and even beyond FISA. In this blog post, EPIC Law Fellow Chris Baumohl explains why it is vital that conversations around surveillance reform are informed by an understanding of the full scope of the government’s collection and use of Americans’ personal information.
More EPIC Analysis
Don’t Take It at Face Value: Why TSA’s Implementation of Facial Recognition is More Dangerous Than You Think
Jeramie Scott, Senior Counsel and Director of EPIC’s Project on Surveillance Oversight
Data Minimization: A Pillar of Data Security, But More Than That Too
John Davisson, Senior Counsel and Director of Litigation
AI & Human Rights
In comments to the White House’s Office of Science and Technology Policy, EPIC urged the Administration to “take a broad view of worker surveillance and consider the multiplicity of harms created by surveillance, both when it works as intended and when it goes off the rails.” EPIC also provided examples of prior work demonstrating the potential harms caused by workplace surveillance and automated decision-making systems, including EPIC’s recent report on generative AI and EPIC’s 2019 complaint against recruitment company Hirevue.
In comments to the National Telecommunications and Information Administration, EPIC commended the agency’s inquiry into AI accountability measures such as algorithmic impact assessments and recommended specific required disclosures for companies developing or using AI.
FTC Announces Complaint Against Amazon for Manipulative Design Practices in Amazon Prime Enrollment and Cancellation Tactics
The Federal Trade Commission has filed a complaint against Amazon for using dark patterns to trick consumers in both the enrollment and cancelation processes for Amazon Prime. “Amazon has a long history of using complicated, mazelike design features to prevent users from choosing privacy protective options,” said EPIC Counsel Sara Geoghegan. “The FTC’s lawsuit is a strong step towards holding Amazon accountable and stopping the company from undermining the privacy of its customers.”
On June 6, the National Consumer Law Center—joined by EPIC and eight other consumer advocacy organizations—submitted reply comments to the Federal Communications Commission urging the agency not to proceed with its proposed modified rules and instead enforce the stronger, existing rules regarding consent to receive texts and prerecorded telemarketing calls.
EPIC and the National Consumer Law Center submitted comments to the Federal Communications Commission urging the agency to expand its focus on caller ID authentication to include curtailing short-term rentals of phone numbers that can bypass caller ID authentication rules.
EPIC submitted comments to the Federal Trade Commission applauding the agency’s attention to cloud computing and urging the Commission to promote competition and strong data security practices among providers of web-based products and services.
EPIC filed a letter comment with the Securities and Exchange Commission supporting the agency’s proposal to amend Regulation S-P to establish a federal standard for data breach notifications for all broker-dealers, investment companies, investment advisors, and transfer agents.
EPIC Commends Proposed HIPAA Reproductive Health Safeguards, Calls on HHS to Further Strengthen Rule
In comments to the Department of Health and Human Services, EPIC praised the agency for proposing new reproductive health safeguards for the Health Insurance Portability and Accountability Act Privacy Rule and called on the agency to expand those protections.
On June 14, Federal Communications Commission Chairwoman Rosenworcel announced the formation of the Privacy and Data Protection Task Force at the Commission. The new staff working group will address data breaches, supply chain vulnerabilities, SIM swapping, protections for survivors of domestic violence, and responsibilities for privacy and data protection among telecom, interconnected VoIP, cable, and satellite providers.
EPIC, the Center for Digital Democracy, Fairplay, US PIRG, and 30 other organizations sent a letter to the Federal Trade Commission supporting its efforts to modify and strengthen its 2020 privacy order against Meta. The letter emphasizes that the Commission’s proposed prohibition on monetizing minors’ data is necessary to address the unique privacy vulnerabilities of minors, especially as Meta is “unable or unwilling to safeguard user data in accordance with the Commission’s orders or by following the law.”
The Federal Trade Commission has announced a major enforcement action against Amazon, moving to fine the tech and retail giant $25 million and requiring updated data deletion practices. More than 800,000 children have their own Alexa profiles on Amazon devices that target and collect children’s personal data, retaining voice recordings and geolocation indefinitely. The FTC noted that even when parents requested that Alexa delete their children’s voice recordings, Amazon failed to honor those requests for a significant length of time, if at all. As the complaint explains, Amazon’s children’s data retention practices violated the Children’s Online Privacy and Protection Act Rule and Section 5 of the FTC Act.
Democracy & Free Speech
EPIC has filed an amicus brief in the case Public Interest Legal Foundation v. Bellows urging the First Circuit to reverse a lower court opinion that found a Maine voter privacy law to be preempted by the National Voter Registration Act. EPIC’s brief argues that publicly releasing voters’ sensitive private information would only discourage voting—given that voter privacy enhances election integrity by shielding voters from abuse, intimidation, and coercion—so Maine’s reasonable access, transfer, and use limitations enable the public to ensure Maine’s elections are handled with integrity while also protecting Maine citizens.
The New Jersey Supreme Court ruled that law enforcement cannot do an end run around the Wiretap Act when they want to force social media companies to provide users’ communications for a period of time. The opinion agreed with EPIC’s amicus brief—co-written with EFF, CDT, and Davis Wright Tremaine—which urged the court to rule that police need a wiretap order if they want Facebook to provide them with users’ future communications in 15-minute increments, as wiretap orders have extra protections that regular search warrants do not. The court agreed, writing, “The nearly contemporaneous acquisition of electronic communications here is the functional equivalent of wiretap surveillance and is therefore entitled to greater constitutional protection.”
Jake Wiener, EPIC Counsel in the Project on Surveillance Oversight, testified before a hearing of the DC Council Committee on the Judiciary & Public Safety on the Safer Stronger Amendments Act of 2023. Mr. Wiener’s testimony urged the Council not to pass amendments concerning DC’s various electronic monitoring programs that are used to track people on pretrial, civil commitment, and post-conviction supervised release with GPS ankle bracelets. In his written testimony, he explains that “Lowering the barriers to surveilling and investigating people on electronic monitoring has several demonstrable negative impacts, and few, if any, benefits to the public.”
EPIC, Coalition: New FBI Procedures under FISA Section 702 “Out of Touch” with Extent of Abuse and Gravity of Privacy Threat
EPIC joined a bipartisan coalition of civil liberties organizations in rejecting the FBI’s latest attempt to preempt Congressional efforts to rein in the Bureau’s warrantless querying of U.S. person information under FISA Section 702. Ahead of a Senate Judiciary hearing on Section 702, the FBI announced internal procedural changes, including a “three strikes” policy for FBI agents who violate rules, that are intended to increase accountability for violations of internal rules governing U.S. person queries. EPIC and its coalition partners emphasized that this response—coming after years of flagrant and persistent abuses—is “completely out of touch with both the level of abuse perpetrated by intelligence agencies and other serious threats to our privacy.”
EPIC, Coalition of Civil Liberties Groups Urge Congress to Let FISA Section 702 Sunset Absent Significant Reform to the Government Surveillance Ecosystem
This month, the Senate Committee on the Judiciary held a hearing on Section 702 of the Foreign Intelligence Surveillance Act and related intelligence authorities. Ahead of the hearing, EPIC submitted a letter to the committee highlighting the need to address the government’s purchase of data as part of any reauthorization. EPIC also joined a bipartisan coalition of civil liberties organizations to urge that Congress not reauthorize Section 702 without substantial reforms to the government surveillance ecosystem.
In response to a Freedom of Information Act request submitted by EPIC, the Office of the Director of National Intelligence released a partially declassified report on the Intelligence Community’s purchase of commercially available information. As EPIC Law Fellow Chris Baumohl told WIRED, the report “makes it clear that the government continues to think that it can buy its way out of constitutional protections using taxpayers’ own money. Congress must tackle the government’s data broker pipeline this year, before it considers any reauthorization of Section 702 of the Foreign Intelligence Surveillance Act.”
NJ Court Says Defendant Entitled to Detailed Discovery on the Facial Recognition Search that Identified Him
The Superior Court of New Jersey ruled in New Jersey v. Arteaga that the defendant, Mr. Arteaga, is entitled to detailed information on how he was identified by a facial recognition search, even though the search itself was performed by an out-of-state agency. EPIC had filed an amicus brief with the Electronic Frontier Foundation and the National Association of Criminal Defense Lawyers in the case, arguing that the right to discovery is necessary in cases like Mr. Arteaga’s because the risk of misidentification from a facial recognition system is unique to each search and varies greatly based on the system used, the database searched, the quality of the photograph submitted, and the demographics of the individual potentially misidentified.
EPIC in the News
- The Boston Globe: Abortion alarm spurs push for Mass. cellphone data privacy law
- The Guardian: Health data privacy post-Roe: can our information be used against us?
- The Washington Post: Schumer launches ‘all hands on deck’ push to regulate AI
- The New York Times: Schumer Lays Out Process to Tackle A.I., Without Endorsing Specific Plans
- The New York Times: F.T.C. Accuses Amazon of Tricking Users Into Subscribing to Prime
- The Guardian: The EU is leading the way on AI laws. The US is still playing catch-up
- WIRED: The US Is Openly Stockpiling Dirt on All Its Citizens
- CyberScoop: AI chatbots want your geolocation data. Privacy experts say beware.
- Vox: Do we really need an app for everything?
- CBS News: TSA scanning faces at Detroit Metro Airport; privacy advocates doubt it’s worth the convenience
- CNBC: OpenAI is pursuing a new way to fight A.I. ‘hallucinations’
- Quartz: Meta has a $11 billion reason not to leave the EU