Previous Top News: 2017

  • . As one of the final acts of the outgoing President, the White House has released "Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation." In 2008, President Obama announced "Change We Can Believe In" and said he would "strengthen the privacy protections for the digital age and to harness the power of technology to hold government and business accountable for violations of personal privacy." Beginning after his election, privacy groups across the county urged the President to strengthen privacy in America. In 2012, Obama proposed a Consumer Privacy Bill of Rights but no legislation followed. After the Snowden revelations, Congress enacted the Freedom Act and Obama reformed intelligence practices, but the US failed to limit data collection outside the US. The "Privacy Shield," a framework to gather data for commercial use without legal protections, was put in place even after NGOs urged comprehensive reforms in the US and the EU. Between 2009 and 2016, the levels of data breach, identity theft, and financial fraud in the United States skyrocketed, even as Americans called for stronger protections. The 2016 Presidential election was marked by data breaches, email disclosures and cyber attack The U.S. is still one of the few democratic nations in the world without a data protection agency. (Jan. 19, 2017)
  • . EPIC today filed a Freedom of Information Act lawsuit against the Federal Bureau of Investigation in federal district court in Washington, DC. The case is designated EPIC v. FBI, No. 17-127 (D.D.C. filed Jan. 18, 2017). The complaint states “EPIC challenges the FBI’s failure to make a timely decision concerning EPIC’s request for expedited processing of the FOIA request for records about the Russian interference with the 2016 Presidential Election.” A press conference will be held at the Fund for Constitutional Government on Capitol Hill on Thursday, January 19, 2017 at 1 pm. Media Advisory (Jan. 18, 2017)
  • . EPIC has sent a statement to the Senate Foreign Relations Committee urging that the next UN Ambassador to advocate for human rights, particularly the right to privacy and the right to freedom of expression as set out in the Universal Declaration of Human Rights. EPIC also wrote that the UN Ambassador should support US ratification of the Council of Europe Privacy Convention, which is critical to the continued flow of personal data around the world. EPIC and consumer organizations have called on the United States to ratify the Privacy Convention. Next week, many countries around the world will recognize January 28, International Privacy Day, which celebrates the International Privacy Convention. (Jan. 18, 2017)
  • . EPIC will host a press conference at the Fund for Constitutional Government, across the street from the U.S. Supreme Court, on Thursday, January 19, 2017, at 1 pm, concerning the Russian Interference with the 2016 Presidential Election. Details to follow. (Jan. 18, 2017)
  • . EPIC has sent a letter to the Senate Commerce Committee outlining the key privacy issues that the next Secretary of Commerce should address. The Committee convened this week to consider the nomination of Wilbur Ross for Commerce Secretary. EPIC stated that privacy protection may be on "the most important issue that the Secretary of Commerce will confront over the next several years." EPIC urged the Committee to ensure the nominee "make clear his commitment to a comprehensive approach to data protection, based in law." EPIC warned about the inadequacy of the Privacy Shield, a non-legal framework that permits the flow of European consumers' personal data to the United States, outside of European privacy law. (Jan. 18, 2017)
  • . EPIC has filed a "friend-of-the-court" brief urging a federal appeals court to protect consumers' ability to sue companies that fail to safeguard personal information. A group of consumers sued health insurer Carefirst after the company's faulty security practices allowed hackers to obtain the personal information of 1,100,000 customers. A lower court wrongly dismissed the case because the judge believed that consumers must suffer identity theft before a court can consider violations of legal obligations. In the amicus brief, EPIC explained that the court misunderstood the relevant law, and confused the legal responsibility of companies to maintain good security with the harms that consumers eventually suffer. EPIC said courts should focus on whether companies have breached a legal obligation to safeguard personal data. EPIC regularly files briefs defending consumer privacy. (Jan. 18, 2017)
  • . EPIC has sent a statement to the Senate Select Committee on Intelligence highlighting CIA Director nominee Mike Pompeo's troubling positions on privacy and surveillance. In a January 2016 op-ed, Mr. Pompeo wrote that "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed." EPIC warned the Committee that the CIA Director must not "turn the enormous surveillance powers of the agency against the American people." The CIA has a long history of unlawful surveillance. A recent Freedom of Information Act case pursued by an EPIC revealed the CIA spied on staff members of the US Senate. (Jan. 17, 2017)
  • . Senator Richard Burr (R-NC) and Senator Mark Warner (D-VA), the Chairman and Ranking Member of the Senate Intelligence Committee, have announced a bipartisan inquiry into the Russian interference with the 2016 Presidential Election. Democratic members of the House Judiciary Committee have also pressed the FBI to confirm its investigation of President-elect Trump's ties to Russia. In a letter to FBI Director James Comey, Committee Members requested "all documentation relevant to this investigation" be provided to the Committee "as soon as possible." EPIC has filed two urgent Freedom of Information Act requests concerning Russian interference: one for records about the FBI's lax response to the foreign cyber threat, the other for the report "Russian Activities and Intentions in Recent US Elections". This week EPIC also urged the Senate Armed Services Committee to pursue an investigation. (Jan. 16, 2017)
  • . The National Academies of Sciences has released a new report that examines how disparate federal data sources can be used for policy research while protecting privacy. The NAS Statistics and Privacy Report states that privacy must be a "core value" of any use of government data and recommends that federal statistical agencies "adopt modern database, cryptography, privacy-preserving, and privacy-enhancing technologies” and "engage in collaborative research with academia and industry to continuously develop new techniques to address potential breaches of the confidentiality of their data." EPIC President Marc Rotenberg and EPIC Advisory Board member Cynthia Dwork served on the committee that developed the report. Mr. Rotenberg testified before the Commission on Evidence-Based Policymaking, which is working on increasing access to government data for policy analysis. EPIC also filed comments with the Commission urging it to promote Privacy Enhancing Techniques. (Jan. 12, 2017)
  • . EPIC has sent a statement to the Senate Commerce Committee, highlighting two significant privacy issues: drones and autonomous vehicles. The Senate Committee met this week to consider the nomination of Elaine Chao for Secretary of Transportation. EPIC sued the FAA, an agency subject to the Committee's oversight, for its failure to establish drone privacy rules, as required by Congress. EPIC also testified last year before the Committee on the risks of connected cars, EPIC has recently submitted comments on federal automated vehicles policy and filed an amicus brief in federal appeals court on the risks to consumers of connected vehicles. (Jan. 12, 2017)
  • . The Director of National Intelligence has announced new rules that permit intelligence agencies to disseminate "raw" signals intelligence without first removing or "minimizing" personal information. EPIC and other civil liberties groups opposed these changes in a letter last year to the Director, explaining that the changes would "fatally weaken existing restrictions on access to the phone calls, emails, and other data the NSA collects." The Director said that the new rules would "prohibit recipient elements from querying raw [intelligence] for a law enforcement purpose." But EPIC previously highlighted the risks of consolidating personal data in a FOIA lawsuit, EPIC v. ODNI, against the Director of National Intelligence. (Jan. 12, 2017)
  • . The Federal Trade Commission has filed a lawsuit against Internet of Things device maker D-Link. The complaint alleges that D-Link failed to use adequate security in its internet cameras and routers despite promises that the devices were "easy to secure" and used "advanced network security." The poor security practices alleged by the FTC include using easily-guessed default passwords, mishandling code-signing keys, and storing usernames and passwords in plaintext. EPIC has worked extensively on the risks of the Internet of Things, recommending safeguards for connected cars, "smart homes," and "always on" devices. In 2013, EPIC submitted comments to the FTC addressing the security and privacy risks of IoT devices. (Jan. 12, 2017)
  • . EPIC and a coalition of privacy advocates have submitted comments asking the FCC to prohibit forced arbitration clauses in communications contracts. Arbitration clauses require consumers to settle complaints in private proceedings out of court, often in inconvenient locations and before arbitrators of the company's choosing. The comments note that forced arbitration clauses allow corporations to "escape accountability for systemic harms" such as overbilling. The FCC's broadband privacy rules, adopted in October 2016, did not address forced arbitration clauses, but Chairman Wheeler announced at the FCC's October meeting that the agency had begun an internal process for rulemaking on that issue. EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC has frequently defended FCC privacy rules and currently has a petition pending before the FCC to end the mandatory retention of customer telephone records. (Jan. 12, 2017)
  • . The Federal Trade Commission has responded to EPIC's complaint about toys that spy, promising to "carefully review" the filing. EPIC's complaint, filed last month and joined by the Campaign for Commercial Free Childhood, the Center for Digital Democracy, and Consumers Union, alleges that the internet-connected children's toys My Friend Cayla and i-Que Intelligent Robot violate federal privacy laws. The complaint is part of coordinated, international efforts to ban these toys from the marketplace. Walmart, Toys "R" Us, and stores across Europe have already pulled the toys from their shelves. EPIC's complaint has also spurred a congressional investigation by Sen. Edward Markey (D-MA) into the data practices of toymaker Genesis Toys and speech technology developer Nuance Communications. (Jan. 11, 2017)
  • . In a letter to the Senate Committee on Homeland Security, EPIC and leading experts urged Congress to keep a close eye on the White House Homeland Security Advisor. EPIC explained that the position, equal in power to the National Security Advisor, carries "significant implications for the safety and security of the American people." EPIC said that the Homeland Security Advisor should ensure "the Russian government poses no further threats to the United States electoral system or to other democratic governments." EPIC also said that "data protection and privacy should remain a central focus" of U.S. cyber security policy. The EPIC letter was signed by distinguished experts in cyber security, information technology, encryption, and human rights law. (Jan. 10, 2017)
  • . The European Commission has released its proposal to update EU law on privacy and security safeguards for electronic communications. The revamped e-Privacy Regulation would extend important new safeguards to users of all online communications services, including email, instant messaging, and social media. The proposal would also protect both communications content and metadata, and would limit tracking of internet users. In the US, the FCC recently adopted modest privacy rules that apply only to broadband services offered by telecom companies, despite EPIC's repeated advice to the FCC to address "the full range of communications privacy issues facing US consumers." The Commission's update of the e-Privacy Directive follows the recently adopted General Data Protection Regulation, and must next be adopted by the European Parliament and European Council. (Jan. 10, 2017)
  • . EPIC has submitted an urgent Freedom of Information Act request to the Office of the Director of National Intelligence (ODNI) seeking the complete report on the Russian interference in the 2016 Presidential Election. On January 6, the ODNI released a public summary on the Russian interference, but withheld important information. EPIC is seeking expedited release of the complete, unreacted report. EPIC is also seeking records from the FBI about the agency's lax response to the foreign cyber threat. EPIC submitted a statement to the Senate Armed Services Committee hearing on Russian interference. Congress will hold a second hearing today, and a bill initiating new sanctions against Russia is expected this week. EPIC will continue to press the ODNI for prompt release of the report. (Jan. 10, 2017)
  • . In comments to the TSA, EPIC urged the agency to abandon a proposed information collection plan under the REAL ID Act. REAL ID is a federal to turn the state driver's license into a national identity statement. Many states have opposed REAL ID. The TSA now plans to subject Americans, without a TSA "compliant" ID, to broad information collection requirements. EPIC, supported by a broad coalition, opposed REAL ID because it compromised privacy and enabled government surveillance. EPIC provided detailed comments to DHS later issued a report. Since adoption of REAL ID, many states have suffered data breaches of DMVs because of criminals seeking REAL ID mandated documents. (Jan. 10, 2017)
  • . Tomorrow the Senate Judiciary Committee will begin hearings on the nomination of Senator Jeff Sessions for Attorney General. EPIC submitted a statement to the Committee, which stated “Senator Sessions’ record regarding the privacy rights of Americans raises serious questions about his selection as Attorney General.” EPIC pointed to Sessions’ support for warrantless surveillance of the American people and opposition to government oversight. Senator Sessions also opposed Apple in its dispute with the FBI and failed to support efforts to modernize the Electronic Communications Privacy Act. The Lawyers for Good Government also raised concerns about Senator Session’s support for the Privacy Act, the Freedom of Information Act, as well as his independence to “prosecute all criminal acts including those that may implicate the President of the United States.” (Jan. 9, 2017)
  • . The U.S. Supreme Court declined today to review In re Nickelodeon, a class action suit concerning privacy protections for Internet users under the Video Privacy Protection Act. Last year, a federal appeals court rejected claims that Google and Viacom had violated the statute, holding that static IP and MAC addresses are not "personally identifiable information." That opinion contradicted a previous ruling from a different federal appeals court, which held that unique IDs are personally identifiable under the video privacy law. EPIC filed an amicus brief in the Nickelodeon case, explaining that Congress defined personal information broadly "to ensure that the underlying intent of the Act-to safeguard personal information against unlawful disclosure-is preserved as technology evolves." (Jan. 9, 2017)
  • . The White House Office of Management and Budget has released guidance establishing common standards and practices for how federal agencies manage data breaches. The Data Breach Memorandum sets out a risk-based framework for evaluating data breaches and requires each agency to develop a data breach response plan. Not all breaches will trigger individual notification under the guidance. The new guidance comes four months after a House Government and Oversight Committee report criticized the Office of Personnel Management about the 2015 data breaches that compromised the records of 22 million federal employees and family members. EPIC testified in 2009 and 2011 in support of strong data breach notification laws, filed comments with the Office of Personal Management recommending limits on data collection, and has urged the Supreme Court to recognize a right of "information privacy" that would limit the ability of the federal government to collect personal information. (Jan. 4, 2017)
  • . The Senate Armed Services Committee will hold a hearing on "Foreign Cyber Threats to the United States" on January 5, 2016. EPIC submitted a statement to the Committee to alert Senators about a pending Freedom of Information Act request. The EPIC FOIA request concerns the lax response of the FBI to the Russian interference with the 2016 Presidential election. EPIC wrote “we believe that the information that we are seeking from the FBI will also be helpful to the Senate Armed Services Committee as you investigate foreign cyber threats to the United States.”“Director of National Intelligence James Clapper, National Security Agency and Cyber Command Chief Adm. Mike Rogers and Undersecretary of Defense for Intelligence Marcel Lettre are scheduled to testify. (Jan. 4, 2017)

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.


EPIC Bookstore

Communications Law and Policy

Communications Law and Policy
Jerry Kang and Alan Butler