Previous Top News: 2017


  • Senator Mark Warner has sent a letter to the Federal Trade Commission expressing his concern about connected toys that spy on children. "I worry that protections for children are not keeping pace with consumer and technology trends shaping the market for these products," Senator Warner said in the letter. Senator Warner asked FTC Acting Chairwoman Maureen Ohlhausen to respond to several questions, including whether the FTC has "taken any action with respect to 'My Friend Cayla' or other products manufactured by Genesis Toys." EPIC filed a complaint with the FTC in December, 2016, alleging that toys My Friend Cayla and i-Que Intelligent Robot violate federal privacy laws. The complaint spurred international efforts to ban the toys from the marketplace and a congressional investigation into the toy makers' data practices. (May. 23, 2017)

  • EPIC has sent a statement to the House Ways & Means Committee and House Committee on Oversight and Government Reform in advance of a hearing on "Protecting Americans' Identities: Examining Efforts to Limit the Use of Social Security Numbers." EPIC warned about the danger of SSN-related identity theft. "Given the growing risk of identity theft coupled to the SSN and the ease of alternative systems, there is simply no excuse for the use of SSNs in either the public or private sector," said EPIC. EPIC has long urged Congress and state legislators to limit use of the SSN. (May. 22, 2017)

  • In advance of an IRS Oversight hearing, EPIC has sent a statement to the House Appropriations Committee regarding EPIC v. IRS, the case in which EPIC is seeking release of President Trump's tax records. According to EPIC, "There has never been a more compelling FOIA request presented to the IRS." In the request to the IRS, EPIC explained that the IRS Commissioner may release tax returns to "correct misstatements of fact" and to ensure the "integrity and fairness" of the tax system. EPIC is currently pursuing several high level FOIA cases, including EPIC v. FBI and EPIC v. ODNI, to determine the scope of Russian interference with the 2016 Presidential election. (May. 22, 2017)

  • The FBI is opposing EPIC's emergency motion to preserve records in a Freedom of Information Act case for records of the Russian Interference with the 2016 Presidential Election. Following Donald Trump's abrupt firing of FBI Director James Comey, EPIC asked a federal court to issue a preservation order for records at issue in EPIC v. FBI and to impose sanctions if the order is violated. EPIC cited irregular circumstances surrounding the firing of the FBI Director, as well as concerns expressed by members of Congress and Senators regarding the possible destruction of FBI records. In the filing today, the FBI suggested that EPIC would have to provide actual evidence of destruction of records before a court could issue a preservation order to prevent destruction of records. (May. 19, 2017)

  • Rep. Marsha Blackburn (R-TN) has introduced the The Browser Act, H.R. 2520, aimed at protecting online privacy. The Browser Act would apply to Internet ISPs as well as Internet companies, such, as Google and Facebook, and would generally require "opt-in" consent before sensitive information could be collected or disclosed. However, the bill lacks a private right of action or a remedy for violations. The bill gives enforcement authority to the FTC which has mostly failed to protect consumers online privacy. The bill lacks data breach notification, and would overwrite stronger state privacy laws that protect consumers. In comments to the FCC and elsewhere, EPIC has set out a comprehensive framework for online privacy. (May. 19, 2017)

  • A federal appeals court has struck down the FAA's rule requiring hobbyists to register their drones. The D.C. Circuit ruled that a registration requirement violated the FAA Modernization Act which forbade regulations for "model aircraft," including unmanned drones "flown for hobby or recreational purposes." EPIC is currently challenging the FAA's failure to establish privacy rules for "small, commercial" drones. Congress required a "comprehensive plan" for drone deployment in the United States, and more than 100 experts and organizations petitioned the agency for privacy safeguards. EPIC v. FAA is full briefed and arguments before the D.C. Circuit are anticipated this fall. (May. 19, 2017)

  • In comments to the State Department, EPIC urged the agency to drop a plan to obtain the social media identifiers of individuals applying for visas to enter the U.S. EPIC argued that the proposal threatens important First Amendment rights, risked, abuse, and would disproportionately impact certain minority groups. EPIC has previously opposed DHS proposals to collect social media information and recently submitted a FOIA request following statements made by the Homeland Security Secretary, indicating DHS planned to ask individuals for social media passwords before allowing entry into the U.S. (May. 19, 2017)

  • The EU has fined Facebook $122 million for misleading the European Commission during the investigation of the Facebook-WhatsApp Merger. Following Facebook's acquisition of WhatsApp, WhatsApp transferred users' personal data to Facebook and violated the company's privacy promises. Facebook had downplayed the risks of the merger, saying that WhatsApp users' personal data could not be linked with their Facebook accounts. "U.S. antitrust law has failed to keep up with the digital economy and the emergence of monopoly services," EPIC president Marc Rotenberg told the New York Times. "There is far too much 'lock in' with a dominant provider, and far too much consolidation of personal data." The head of BEUC, the European consumer association, said "It is very disappointing that the Commission decided not to revise its original decision on the Facebook merger with WhatsApp." EPIC recently urged the Senate Judiciary Committee to consider the role of consumer privacy and data protection in merger reviews and highlighted the FTC's failure to block the Facebook-WhatsApp merger. (May. 18, 2017)

  • EPIC has filed an urgent Freedom of Information Act request with the Federal Bureau of Investigation for former Director James Comey's memos concerning his communications with President Trump. On May 16th, 2017, the New York Times reported Mr. Comey documented "every phone call and meeting he had with the president." The memos tracked "what he perceived as the president's improper efforts to influence a continuing investigation," the Times said. EPIC has filed a formal FOIA request for the public release of all of Director Comey's memos, including a memo describing his meeting with President Trump concerning National Security Advisor Flynn's resignation. Leaders of the Senate Intelligence Committee and House Oversight Committee both requested the FBI to turn over the memos to Congress. EPIC also recently filed an emergency motion to preserve records in EPIC v. FBI, a FOIA lawsuit for records concerning the Russian Interference with the 2016 Presidential Election. (May. 17, 2017)

  • EPIC has filed a complaint with the Federal Trade Commission to stop the secret scoring of young tennis players. The EPIC complaint concerns the "Universal Tennis Rating", a proprietary algorithm used to assign numeric scores to tennis players, many of whom are children under 13. "The UTR score defines the status of young athletes in all tennis-related activity; impacts opportunities for scholarship, education and employment; and may in the future provide the basis for 'social scoring' and government rating of citizens," according to EPIC. EPIC urged the FTC to “find that a secret, unprovable, proprietary algorithm to evaluate children is an unfair and deceptive trade practice.” In 2015, EPIC launched a campaign on "Algorithmic Transparency" and has pursued several cases, including one for rating travelers and another for assessing guilt or innocence, that draw attention to the social risks of secret algorithms. (May. 17, 2017)

  • In Freedom of Information Act lawsuit EPIC v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that the FBI Cyber Division is to "notify and disseminate meaningful information to victims and the CND [Computer Network Defense] community." The Cyber Division specifically notifies the "individual, organization, or corporation that is the owner or operator of the computer at the point of compromise or intrusion." The analysis to determine whether or not to notify the victim, as well as FBI procedures for approval or deferral of notification, the timing of notification, the method of notification, and more were all redacted by the agency. EPIC intends to challenge theses withholdings. The FBI's response raises questions about whether the agency fulfilled the obligation to properly notify the victims of the Russian cyberattacks.The Intelligence Community assessed that both major US political parties were attacked. The FBI also produced notification procedures for threats to life or serious bodily injury, and certain procedures under the Foreign Intelligence Surveillance Act. Next in the case, EPIC anticipates the release, on May 26, of FBI communications with political organizations and federal agencies concerning the Russian interference. (May. 15, 2017)

  • The Ninth Circuit Court of Appeals has granted rehearing of a decision that stripped the FTC of its authority over companies engaged in "common carrier" activities. The grant of rehearing vacates the court's earlier holding that the common carrier exemption to FTC authority is status-based, not activity-based. EPIC and a coalition of consumer advocates had filed a friend-of-the-court brief urging reconsideration of the court's decision, warning that the decision "could immunize from FTC oversight a vast swath of companies that engage in some degree in common carrier activity." EPIC previously filed an amicus brief in FTC v. Wyndham to defend the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards." (May. 15, 2017)

  • EPIC has filed an emergency motion today in EPIC v. FBI, a Freedom of Information Act case for records concerning the Russian Interference with the 2016 Presidential Election. In papers filed with a federal district court in Washington, DC, EPIC cited Donald Trump's abrupt firing of the FBI Director, and concerns expressed by Members of the House and Senate regarding the possible destruction of FBI records related to the investigation. EPIC asked the Court to issue a preservation order and to impose sanctions if the order is violated. Today, the FBI also released records to EPIC, including the agency's procedures for notifying the victims of cyberattacks. The case is EPIC v. FBI, No. 17-121, before Judge Royce C. Lamberth. [Press Release] (May. 12, 2017)

  • A long delayed Executive Order on cybersecurity was released this week. The Order continues many of the cybersecurity policies of the Obama and Bush administrations. The Executive Order requires agency heads to use the NIST Framework to manage cybersecurity risk, and to provide a risk management report. The Order also requires Cabinet officials to devise a strategy for international cooperation in cybersecurity. However, the Order does not address Russia's cyber interference with the 2016 Presidential Election. EPIC, and a group of forty leading experts in law and technology, had urged the White House to strengthen privacy and data protection, and support strong encryption. The EPIC Cybersecurity and Democracy Project focuses on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (May. 12, 2017)

  • EPIC has filed a reply brief in EPIC v. FAA, a lawsuit concerning the FAA's failure to establish privacy rules for small commercial drones. EPIC sued the FAA after the agency refused to issue drone privacy rules. Congress had required a "comprehensive plan" for drone deployment in the United States, and more than 100 experts and organizations petitioned the agency for privacy safeguards. In a brief filed last month, the FAA acknowledged "that cameras and other sensors attached to [drones] may pose a risk to privacy interests" but continued to deny the agency's responsibility to set privacy rules. EPIC wrote in reply, "It is not possible to address the hazards associated with drone operations without addressing privacy in the final rule for small commercial drone." EPIC also explained that the FAA "profoundly mischaracterizes the aviation technology at issue" by suggesting that cameras are simply add-ons. "Drone cameras are an integral component of drone operations," EPIC explained. "Without a camera, it would be almost impossible to operate a commercial drone." (May. 12, 2017)

  • The D.C. Circuit Court of Appeals has ruled that information about a government project to manage water in the California is exempt from disclosure under the Freedom of Information Act. The Court found that Exemption 9, which covers "geological and geophysical information…concerning wells," permitted the Bureau of Reclamation to withhold information about well location and depth information. "Congress enacted FOIA to 'permit access to official information long shielded unnecessarily from public view,'" the Court said. However, the D.C. Circuit rejected the arguments of environmental group AquAlliance that the legislative history indicated the exemption only applied to oil and gas wells; the Court said it should "assume that Congress meant what it said, and said what it meant." EPIC frequently fights overbroad agency withholding of public records. In EPIC v. FBI, a FOIA lawsuit seeking release of FBI privacy assessments, a court sided with EPIC and agreed that the agency did not justify withholding records under a FOIA exemption for law enforcement procedures and techniques. (May. 11, 2017)

  • EPIC has sent a statement to the Senate Judiciary Committee ahead of a hearing on the new Antitrust Chief. EPIC urged the Committee to consider the role of consumer privacy and data protection in merger reviews. EPIC warned that "monopoly platforms" are reducing competition, stifling innovation, and undermining privacy. EPIC pointed to the FTC's failure to block the Google/DoubleClick merger which accelerated Google's dominance of Internet advertising and the WhatsApp/Facebook merger which paved the way for Facebook to access confidential WhatsApp user data. EPIC also suggested that "algorithmic transparency" would become increasingly important for merger analysis. EPIC is a leading consumer privacy advocate and regularly submits complaints urging investigations and changes to unfair business practices. (May. 9, 2017)

  • EPIC joined a coalition of civil society organizations to urge the House Committee on Financial Services to rescind guidance declaring communications between the Department of Treasury and the Committee are exempt from public access. In the letter to Chairman Jeb Hensarling (R-TX), the coalition stated the move represented "a troubling precedent" that "improperly restrict[s] the ability of the public to use FOIA." Records in the possession of federal agencies are presumptively available to the public under the Freedom of Information Act. EPIC and a coalition also recently urged the Immigration and Customs Enforcement to comply with the FOIA and "fully disclose information on immigration enforcement cooperation between federal and non-federal law enforcement agencies." For more information about EPIC's latest open government work, visit: https://epic.org/open_gov/. (May. 9, 2017)

  • EPIC has sent a statement to the Senate Judiciary Committee for a hearing on "Law Enforcement Access to Data Stored Across Borders." According to news reports, the United States and the United Kingdom are seeking to establish an agreement for direct access to personal data outside their legal jurisdictions. A secret agreement is under negotiation. In November 2016, EPIC filed a FOIA Request related to the US-UK agreement. Last week, the Justice Department alerted EPIC that responsive documents had been located and would be referred to the State Department for additional processing. EPIC has long advocated for transparency concerning international agreements. In 2016, EPIC obtained the "Umbrella Agreement" after a successful Freedom of Information Act lawsuit. (May. 9, 2017)

  • In a hearing before a Senate Judiciary Subcommittee, former Acting Attorney General Sally Yates said she warned the White House that General Michael Flynn "could be blackmailed by the Russians" who knew he had lied about his Russian contacts. Yates also said the DOJ came forward out of concern that both administration officials and the American people "had been misled." As a part of the Democracy and Cybersecurity Project, EPIC is pursuing a Freedom of Information Act request for records of DOJ's investigation of Russian interference, EPIC explained to the Senate committee that "the public has 'the right to know' the extent of Russian interference with democratic elections and the steps that are being taken to prevent future attacks." (May. 9, 2017)

  • In advance of a hearing on "Cyber Threats Facing America: An Overview of the Cybersecurity Threat Landscape," EPIC has sent a statement to a Senate Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project that will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (May. 8, 2017)

  • EPIC has announced the recipients of the 2017 Champions of Freedom Awards. They are privacy attorney Carrie Goldberg, human rights advocate Garry Kasparov, and Judge Patricia Wald. Computer scientist Ron Rivest will receive the 2017 EPIC Lifetime Achievement Award. Event hosts include Danielle Citron, John Podesta, Marc Rotenberg, Bruce Schneier, and Manoush Zomorodi. The 2017 EPIC Awards dinner will be held at the National Press Club in Washington, DC on Monday, June 5, 2017. Tickets are available. (May. 7, 2017)

  • EPIC has sent a statement to the Senate Judiciary Committee for a hearing on "Russian Interference in the 2016 United States Election." EPIC described its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions. EPIC is also pursuing the release of any FISA orders for Trump Tower, as well as Donald Trump's tax returns. EPIC wrote the "need to understand Russian efforts to influence democratic elections cannot be overstated.” (May. 5, 2017)

  • The spending measure recently approved by Congress allocates $313 million to the FTC for fiscal 2017. According to the Senate summary, the allocation is for the FTC "to detect and eliminate illegal collusion, prevent anticompetitive mergers, combat consumer fraud, fight identity theft and promote consumer privacy." The amount is an increase of $6 million, or about 2 percent, over 2016 levels. EPIC has consistently urged the FTC to exercise its full authority in protecting consumers and has filed numerous consumer privacy complaints with the FTC, including a recent complaint about "toys that spy." Earlier this year, an EPIC-led coalition detailed 10 steps for the FTC to protect consumers in 2017. (May. 4, 2017)

  • Senators Steve Daines (R-MT) and Gary Peters (D-MI) have introduced a bill that would remove personally identifiable information from shipping manifest sheets that are released to the public. According to the bill's sponsors, the Moving Americans Privacy Protection Act seeks to protect people who make international moves from "identity theft, credit card fraud and unwanted solicitations." EPIC maintains a page on identity theft and launched "Data Protection 2016," a non-partisan campaign to make data protection an issue in the 2016 election. (May. 4, 2017)

  • The Director of National Intelligence has failed to provide a sufficient response in EPIC v. ODNI, concerning release of the report on the Russian interference in the 2016 Presidential election. The intelligence agency was required to release all “non-exempt portions" of the report to EPIC on May 3, 2017. However the agency withheld the entire document, refusing to provide even partial information that should have been released to EPIC under the Freedom of Information Act. As EPIC made clear in the complaint, “There is an urgent need to make available to the public the Complete ODNI Assessment to fully assess the Russian interference with the 2016 Presidential election and to prevent future attacks on democratic institutions.” EPIC will challenge the agency’s response as the litigation continues in federal district court in Washington, DC. EPIC v. ODNI is a part of the EPIC Cybersecurity and Democracy Project, which focuses on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (May. 3, 2017)

  • EPIC has sent a statement to the House Committee on Oversight for the upcoming hearing on the FAFSA ("Free Application for Federal Student Aid") data breach, which compromised more than 100,000 taxpayer records. EPIC urged the Committee to protect student privacy. EPIC's testimony: (1) explained how the U.S. Education Department weakened key safeguards for student records, (2) described the privacy risks that students today face, (3) underscored the need for data security safeguards for student information, and (4) recommended that Congress adopt EPIC's Student Privacy Bill of Rights. EPIC has previously urged Congress, the Education Department, and the Federal Trade Commission to strengthen student privacy. (May. 2, 2017)

  • In a Freedom of Information Act lawsuit EPIC v. ODNI, EPIC anticipates the May 3 release of the Complete Assessment of the Russian interference in the 2016 presidential election. In January 2017, the Director of National Intelligence released a limited, declassified version report about the "multi-pronged attack" on democratic institutions. EPIC filed a FOIA suit for public release of the Complete Assessment of Russian interference. As EPIC explained in an op-ed in The Hill and statements to Congress, the "public has a right to know the details when a foreign government attempts to influence the outcome of a U.S. presidential election." In accordance with the briefing schedule in the case, the ODNI must release all non-exempt portions of the Complete Assessment on May 3, 2017 to EPIC. EPIC is also pursuing two related FOIA cases as part of the Democracy and Cybersecurity Project. In EPIC v. FBI, EPIC is seeking records concerning the FBI's investigation of Russian interference. In EPIC v. IRS, EPIC is seeking release of President Trump’s Tax records. (May. 2, 2017)

  • In comments to the FTC and NHTSA ahead of a June workshop, EPIC underscored the need to safeguard consumers and improve vehicle security. EPIC also defended the role of states that are developing new safeguards for connected vehicles. For more than a decade, EPIC has been a leading advocate for privacy and security measure for connected vehicles. EPIC routinely submits comments to federal agencies regarding the unique challenges that these vehicles present. EPIC has also testified before Congress, filed amicus briefs, and submitted statements on the risks of autonomous vehicles. (May. 2, 2017)

  • The ODNI 2016 Transparency Report provides new details about government surveillance activities. According to the ODNI, there was a 10% increase in the use of “backdoor searches” under Section 702. These searches occur when a government search targets a U.S. person under a law intended to permit only surveillance of non-US persons. This controversial practice is one of the reasons lawmakers oppose renewal of Section 702. (May. 2, 2017)

  • EPIC has sent a statement to the Senate Judiciary Committee for an upcoming FBI oversight hearing. EPIC urged the Committee to investigate the FBI's Next Generation Identification system, a massive biometric database. EPIC has sought to ensure that the FBI database complies fully with the federal Privacy Act which the Bureau has opposed. EPIC explained to the Senate Committee that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." In a leading FOIA lawsuit, EPIC v. FBI, EPIC also uncovered documents which revealed high error rates in the biometric system. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (May. 1, 2017)

  • European Data Protection Supervisor Giovanni Buttarelli, one of Europe's top privacy officials, published an opinion backing a key update to EU privacy law. The updated e-Privacy Regulation would extend consumer safeguards to users of all online communications services, cover content and metadata, and limit tracking of internet users. The EDPS welcomed the "ambitious attempt to provide for the comprehensive protection of electronic communications." However, the EDPS opinion also emphasized the need to strengthen privacy protections, raising concern about the proposal's complexity and failure to cover data processing beyond communications services providers. The EDPS's statement follows a supportive opinion from the Article 29 Working Party, an expert group of European privacy officials. EPIC recently hosted Mr. Buttarelli in Washington, DC to speak before the Privacy Coalition, a nonpartisan association established in 1995 to promote dialogue on emerging privacy issues between civil society organizations and policy leaders. (May. 1, 2017)

  • Following EPIC’s appeal of a decision to “neither confirm nor deny” the existence of a FISA application to monitor Trump Tower, the Justice Department took the unusual step of submitting the matter for declassification review. After the President tweeted allegations that President Obama “had [his] wires tapped in Trump Tower,” EPIC filed an urgent FOIA request for any FISA applications concerning Trump Tower. The Justice denied the request, but on appeal stated it was referring this matter “so that it may determine if the existence or nonexistence of any responsive records should remain classified.” The Justice Departement issued a similar response to EPIC’s related request concerning alleged surveillance of the Trump team. EPIC had explained in the appeal that “the agency may not hide behind the ‘neither confirm nor deny’ response” after FBI Director James Comey stated before Congress that the FBI and the Justice Department had “no information” to support the President’s tweets.

    (Apr. 28, 2017)

  • The Federal Aviation Administration has filed a brief in response to EPIC's lawsuit, EPIC v. FAA, concerning the FAA's failure to establish privacy rules for commercial drones. EPIC sued the FAA after Congress required a "comprehensive plan" for drone deployment in the United States and the FAA denied EPIC's petition calling for privacy safeguards. In the opposition brief, the FAA acknowledged "that cameras and other sensors attached to [drones] may pose a risk to privacy interests." The FAA claims that the agency is not ignoring drone privacy risks, but documents from a previous Freedom of Information Act request by EPIC showed the agency also failed to complete a drone privacy report required by Congress. (Apr. 28, 2017)

  • The National Security Agency announced that it will no longer acquire upstream “about” communications under Section 702 surveillance authority. The Foreign Intelligence Surveillance Court previously questioned these searches, but permitted them to continue after the NSA claimed that ending the program would be technologically infeasible. According to PCLOB, the NSA collects more than 25 million Internet communications every year. EPIC recently challenged the “about” searches in an amicus brief for the Irish DPC v. Facebook case. The broader Section 702 authority is set to expire in December. (Apr. 28, 2017)

  • Senators Richard Blumental (D-CT) and Tom Udall (D-NM) have introduced the Managing Your Data Against Telecom Abuses (MY DATA) Act. The MY DATA Act would grant the FTC jurisdiction over broadband providers, as well the authority to establish rules for privacy and data security online. "In the 21st century, internet access is a basic necessity. And signing up for a basic necessity should never mean you have to sign away your rights to privacy," said Senator Blumenthal. EPIC has previously told Congress that the FTC has not done enough to safeguard consumer privacy, citing the Commission's failure to enforce settlement agreements or to modify proposed settlements based on public comments. EPIC has also proposed comprehensive consumer privacy laws to combat the growing threats of data breaches, identity theft, and financial fraud. (Apr. 27, 2017)

  • A Federal Court of Appeals has ruled in Perry v. CNN, a case concerning the disclosure of video viewing records. EPIC filed an amicus brief and explained that the Video Privacy Protection Act applies to all companies that collect video records, including app companies. The Appeals Court held that the plaintiff, a mobile app user, wasn't a "subscriber" under the video privacy law, following an earlier similar decision by the same court. However, the appeals court made clear that federal privacy laws, such as the Video Privacy Protection Act, provide a sufficient basis for a lawsuit without the need to show additional harm. (Apr. 27, 2017)

  • A German court has upheld an order requiring Facebook to suspend the import of users' personal data from WhatsApp. Following Facebook's acquisition of WhatsApp, WhatsApp announced that it would transfer users' personal data to Facebook, violating the company's privacy promises. A Data Protection Commissioner in Germany ordered Facebook to halt the data transfer. This week a German court refused Facebook's attempt to block the order, ruling that Facebook had no legal basis for the transfer and no effective consent from WhatsApp users. The transfer is also under investigation by the Article 29 Working party, a group of European privacy officials. EPIC filed a complaint with the FTC in 2014, backed by over a dozen US consumer groups, urging the US agency to block the acquisition of WhatsApp if privacy safeguards were not established. As EPIC explained, "WhatsApp built a user base based on its commitment not to collect user data for advertising revenue. Acting in reliance on WhatsApp representations, Internet users provided detailed personal information to the company including private text to close friends." (Apr. 27, 2017)

  • EPIC has sent a statement to the House Committee on Homeland Security for an oversight hearing on the Transportation Security Administration. EPIC has objected to the TSA's refusal to release information the agency designated as "sensitive security information" that is pertinent to EPIC's ongoing case against TSA regarding airport body scanners. EPIC said that the TSA is "seeking to hide its decision making behind this cloak of secrecy." Congress also criticized the TSA's use of the SSI designation in an extensive report on "Pseudo Classification." In the statement for the Committee, EPIC also objected to the eye scanning of US travelers at US airports. (Apr. 26, 2017)

  • A statement from EPIC to the House Oversight Committee for a hearing on border security warns that enhanced surveillance will impact citizens' rights. "The use of drones in border security will place U.S. citizens living on the border under ceaseless surveillance by the government." said EPIC. EPIC noted that Customs and Border Protection is already deploying drones with facial recognition technology on U.S. communities. In 2013, EPIC obtained records under the Freedom of Information Act which revealed that CBP drones could also intercept electronic communications in the United States. State laws in some border states prohibit warrantless aerial surveillance but the United States has failed to enact laws to limit drone surveillance. EPIC has sued the FAA for the agency's failure to create drone privacy safegruards as required by Congress. (Apr. 26, 2017)

  • This week EPIC hosted the 61st meeting of the International Working Group on Data Protection in Telecommunications in Washington, D.C. Twice a year, the Berlin-based Working Group convenes data protection authorities and privacy experts from around the world to develop recommendations on emerging privacy challenges. The IWG recently issued recommendations on topics including Biometrics in Online Authentication, Location Tracking, and Intelligent Video Analytics. The IWG meeting was held at the Goethe-Institut, Germany's cultural institute. Through June 2016 the Institut is presenting the "Plurality of Privacy Project," a transatlantic theater project focused on the value of privacy. EPIC previously hosted a meeting of the IWG in Washington, DC in the spring of 2004. (Apr. 25, 2017)

  • EPIC joined a coalition of civil society organizations to urge the Immigration and Customs Enforcement to comply with the Freedom of Information Act. The letter to DHS Secretary Kelly calls upon the federal agency to "fully disclose information on immigration enforcement cooperation between federal and non-federal law enforcement agencies." EPIC previously received documents through a Freedom of Information Act Request about DHS's immigration enforcement practices. The documents obtained by EPIC detail the "Priorities Enforcement Program," a controversial program that relied on biometric data collection for immigration enforcement. (Apr. 25, 2017)

  • EPIC and a coalition of leading civil society organizations have sent a letter to the Federal Communications Commission urging the Commission to act immediately upon a petition submitted by an EPIC-led coalition almost two years ago. The petition called for an end to the FCC rule requiring the mass retention of phone records. The privacy organizations said that the FCC regulation was "unduly burdensome and ineffectual and posed an ongoing threat to the privacy and security of American consumers." The FCC requires phone companies to retain sensitive information on all telephone customer calling activity for 18 months, including telephone numbers dialed, date, time, and length. The coalition letter states that "the time has come to give the public the opportunity to comment on whether the data retention mandate should continue." (Apr. 23, 2017)

  • European Data Protection Supervisor Giovanni Buttarelli spoke today to the Privacy Coalition, a nonpartisan association established in 1995 to promote dialogue on emerging privacy between civil society organizations and policy leaders. Mr. Buttarelli addressed relations between the European Union and the United States, and discussed encryption policy, the E-Privacy Regulation, the Privacy Shield, the U.S. Privacy Act as it applies to foreigners among many other topics. Recent speakers at the Privacy Coalition have included FTC Chair Maureen Ohlhausen and FCC Senior Counsel Nick Degani. (Apr. 21, 2017)

  • The Administrative Office of the U.S. Courts has issued the 2016 report on activities of the Foreign Intelligence Surveillance Court. The 2016 FISA report reveals that there were 1,752 FISA applications in 2016, of which 1,378 were granted, 339 were modified, 26 were denied in part, and 9 were denied in full. Scrutiny of FISA applications increased substantially in 2016. The FISA court denied more applications in 2016 than it had during the previous 36 years. In testimony before Congress in 2012, EPIC urged increased public reporting of the use of FISA authority to prevent abuse. Several of EPIC’s recommendations are reflected in the revised reporting requirements, following passage of the USA FREEDOM Act in June 2015.

    (Apr. 21, 2017)

  • The Office of the Director of National Intelligence has released a report on the controversial Section 702 "PRISM" program, which is set to expire on December 31, 2017. The report argues for renewal, but significant questions remain about the PRISM program. Despite repeated requests from Congress, the ODNI has refused to reveal the number of U.S. persons who are swept up in PRISM surveillance every year. EPIC sent a letter to the House Judiciary Committee urging public reporting of the Government's surveillance activities. EPIC also warned that the Section 702 legal controversy could block international data transfers. (Apr. 20, 2017)

  • The Department of Homeland Security has released the 2016 Annual Data Mining Report. The report describes several of the agency's profiling systems that assign secret "risk assessments" to U.S. citizens. According to the DHS report, the Analytical Framework for Intelligence is accessible to several agency components, including the Citizenship and Immigration Services, the Coast Guard, and the Transportation Security Administration. Through a Freedom of information Act lawsuit, EPIC previously obtained important documents about the secretive scoring program. EPIC is now appealing EPIC v. CBP to the D.C. Circuit Court of Appeals to compel the release of additional documents. (Apr. 20, 2017)

  • EPIC has joined the Fly Don't Spy! campaign to urge DHS Secretary Kelly to reject plans to require to hand over passwords to the federal government. Such a requirement would undermine privacy and human rights, chill freedom of speech and association, and create greater security risks for travelers. Earlier this year, Secretary Kelly testified before Congress about collecting social media passwords. In response, EPIC immediately filed a Freedom of Information Act request regarding all DHS plans to use individuals' internet and social media information to vet potential entrants to the U.S. (Apr. 18, 2017)

  • Today EPIC filed a FOIA lawsuit against the IRS after the agency failed to release Donald J. Trump’s tax records. According to EPIC, "There has never been a more compelling FOIA request presented to the IRS.” In the request to the IRS, EPIC explained that the IRS Commissioner may release tax returns to "correct misstatements of fact" and to ensure the “integrity and fairness" of the tax system. EPIC cited an earlier statement of Senator Charles Grassley (R-IA), a member of the Joint Committee on Taxation, in support of the release. The case is captioned EPIC v. IRS, 17-670 (D.D.C. filed Apr. 15, 2017). For more information, see the Press Release about EPIC v. IRS. EPIC is currently pursuing several high level FOIA cases, including EPIC v. FBI and EPIC v. ODNI, to determine the scope of Russian interference with the 2016 Presidential election. (Apr. 15, 2017)

  • In comments to the National Highway Traffic Safety Administration, EPIC recommended stronger privacy protections for vehicle-to-vehicle communications. EPIC urged the agency to allow consumers to turn off pre-installed V2V communications and to required automobile manufacturers to be transparent about the collection of personal data. EPIC also urged that agency to establish basic cybersecurity safeguards and require encryption for all vehicle networks and ensure data minimization techniques. EPIC has previously submitted comments to NHTSA on connected cars and has submitted several statements to Congress. (Apr. 14, 2017)

  • The Article 29 Working Party, an expert group of European privacy officials, has issued an opinion supporting a key proposal to modernize EU privacy law for electronic communications. The updated e-Privacy Regulation would extend consumer safeguards to users of all online communications services, cover content and metadata, and limit tracking of internet users. The Working Party welcomed the harmonization of privacy standards across the European Union, but cautioned that the Privacy Directive must offer protections at least as strong as the recently adopted General Data Protection Regulation. EPIC had urged the US Federal Communication Commission to adopt a similar, comprehensive approach to communications privacy. A narrow FCC rule covering only ISPs was recently rescinded by Congress, folding under attacks that it unreasonably singled out a sector of the communications industry. (Apr. 12, 2017)

  • A federal district court has ruled that a Texas voter ID law violates the Voting Rights Act because the state legislature intended the law to be discriminatory. The ruling effectively halts enforcement of the law, which poses a significant threat to voter privacy and could discourage legal voters. Last summer, the Fifth Circuit Court Appeals held that the Texas law had a "discriminatory effect" on minorities' voting rights and sent the case back to the district court to reexamine whether the law was passed with “discriminatory purpose.” EPIC filed an amicus brief with the appeals court arguing that that the Texas law places an unconstitutional burden on voters' rights to informational privacy because of the excessive collection of personal data. Such bills "disenfranchise individuals who seek to protect their personal information from data breach, cybercrime, and commercial exploitation," EPIC wrote. The Supreme Court recently declined to review the Fifth Circuit’s ruling. (Apr. 12, 2017)

  • A judge ruled this week that New York City may destroy the application materials of those who applied for an NYC identification card. The IDNYC program allows any New York City resident, regardless of immigration status, to obtain an identity document to access city services and to open a bank account. The IDNYC program was intended to assist vulnerable populations, including homeless, victims of domestic violence and undocumented immigrants. More than one million cards were issued and fewer than 2% of applications were denied. Under initial implementation, the application documentation was to be retained for two years, but critics of the program sought to obtain the personal information of applicants with the state FOI law. The judge rejected the claim. EPIC has long warned that the retention of identity document enrollment materials pose a significant privacy risk. (Apr. 11, 2017)

  • According to a POLITICO / Morning Consult poll, Americans trust Google and Facebook less than ISPs to protect personal data. Only 43% of respondents trusted broadband companies with personal information "a great deal" or "a fair amount." But trust in internet companies was much lower: 31% said they trust Facebook, 21% trust Twitter, 39% trust Google, and 35% trust other websites they visit regularly. The poll also shows public opposition to web tracking, with 70% respondents saying they were "somewhat uncomfortable" or "very uncomfortable" with companies tracking the web sites people visit and 77% being uncomfortable with companies selling people's data for advertising purposes. EPIC had urged the FCC to adopt a comprehensive approach to privacy protection and maintains an extensive page on Privacy and Public Opinion. (Apr. 11, 2017)

  • Senator Edward Markey (D-Mass) and Senator Orrin Hatch (R-Utah) have reintroduced the "Protecting Student Privacy Act." The Act would strengthen the Family Educational Rights and Privacy Act, a federal student privacy law. The Student Privacy Act would also implement several of the recommendations EPIC set out in the Student Privacy Bill of Rights, including data security safeguards, student access to personal information held by companies, prohibiting the use of personal data for marketing purposes, and minimizing the personal information schools transfer to third parties. (Apr. 7, 2017)

  • The Senate has confirmed Neil Gorsuch as the next Associate Justice of the U.S. Supreme Court. The final vote was 54 yeas to 45 nays. During Justice Gorsuch’s confirmation hearing, EPIC urged the Senate Judiciary Committee to scrutinize Gorsuch’s positions on a wide range of privacy, First Amendment, open government, and consumer protection issues. Gorsuch’s views on these subjects could have "far-reaching implications" for “the future of privacy in the digital era," EPIC wrote. Committee members ultimately questioned Gorsuch extensively on the constitutional right to privacy, the application of the Fourth Amendment to new technologies, and the right to anonymous speech. EPIC regularly shares its views with the Senate concerning nominees to the Supreme Court, including Justice Kagan, Justice Sotomayor, Justice Alito, and Chief Justice Roberts. (Apr. 7, 2017)

  • EPIC has appealed the ruling in EPIC v. CBP, case involving a controversial passenger screening program that combines detailed personal information with secret algorithms to assign "risk assessments" to travelers—including US citizens. EPIC sued the agency for information about the "Analytic Framework for Intelligence" under the Freedom of Information Act. As a consequence of the EPIC FOIA lawsuit, EPIC obtained important documents and prevailed in an earlier phase of the case. However, the federal court in Washington, DC declined last month to order the release of certain additional materials. EPIC is now asking the DC Circuit Court of Appeals to overrule the lower court's decision and compel the release of documents sought by EPIC. (Apr. 7, 2017)

  • As a result of a Freedom of Information Act request, EPIC has obtained the FBI's first annual summary report on drone operations. The annual reports are required by an Obama Presidential Memorandum regarding the domestic use of drones by federal agencies. EPIC also obtained related documents about FBI drone operations that were heavily redacted. Additionally, EPIC requested the FBI's drone policies and procedures related to privacy, civil liberties, and civil rights. The FBI has not yet released these documents to EPIC. EPIC will appeal the FBI's failure to release these documents and will also challenge the redactions in the documents that were released. (Apr. 6, 2017)

  • In a resolution passed today, the European Parliament expressed alarm over the rollback of U.S. privacy safeguards necessary for Privacy Shield, a framework permitting the flow of European consumers' personal data to the United States. The Parliament cited several recent developments including procedures that allow the NSA to disseminate raw data across the US government, vacancies at the Federal Trade Commission and the Privacy and Civil Liberties Oversight Board, the repeal of an FCC privacy rule, and the absence of effective redress for violations of Privacy Shield. The resolution of Parliament called on the European Commission to rigorously analyze these matters and to "take all necessary measures" to ensure the agreement respects EU privacy rights. In 2015, EPIC a coalition of privacy organizations had urged the US and the EU to strengthen privacy protections, following a landmark decision that found insufficient legal protections for the transfer of consumer data to the US. (Apr. 6, 2017)

  • A recent Reuters survey found that a majority of Americans are not willing to give up their privacy even to help the government fight terrorism. About 3 in 4 participants in the online survey answered that they would not give up the privacy of their e-mail, text messages, or phone records to help the US fight foreign or domestic terrorism plots or counter hacking of US networks by foreign powers. The poll of 3,307 people showed strong support for privacy among both Democrats and Republicans. EPIC has advocated for strong encryption since its founding and published the first comprehensive survey of encryption use around the world. EPIC also maintains a page on Privacy and Public Opinion. (Apr. 6, 2017)

  • EPIC has sent a letter to the House Energy and Commerce Committee about cybersecurity in the health care sector EPIC noted that in 2016, approximately 300 health care sector data breaches compromised the health data of over 4 million patients. EPIC recommended specific privacy-enhancing technologies that should be required to be implemented in health care IT systems, including secure e-mail communications systems and the ability for patients to hold back sensitive information. (Apr. 5, 2017)

  • In a letter to the House Financial Services committee about the Consumer Financial Protection Bureau, EPIC highlighted its complaint about automobile "starter interrupt devices." EPIC alleges that companies use these devices to monitor borrowers' location and disable vehicles in violation of the Consumer Financial Protection Act. EPIC has asked the Bureau "to enjoin their unfair and abusive practices." In testimony, detailed comments, and letters, EPIC has urged Congress to establish safety standards for connected vehicles. EPIC has also submitted comments to the CFPB on debt collection practices and publication of consumer complaint narratives. (Apr. 5, 2017)

  • In a letter to the House Judiciary Committee for an oversight hearing, EPIC highlighted civil liberties problems with DEA programs. In 2014, EPIC sued the DEA for information about the agency's Hemisphere program, a massive telephone record database. More recently, EPIC prevailed in a FOIA lawsuit that revealed the DEA's failure to conduct privacy assessments required by law, for the agency's license plate scanning program. In the letter EPIC urged the Committee to investigate the Hemisphere program and determine whether the agency will complete privacy impact statements for agency programs as required by law. (Apr. 4, 2017)

  • Donald Trump signed a congressional resolution rescinding the FCC's broadband privacy rules. The rules required internet service providers to obtain consumers' consent before accessing sensitive information and to notify consumers of data breaches. The resolution nullifies the FCC's rules and blocks the FCC from enacting similar rules in the future. EPIC had urged the FCC to establish comprehensive safeguards for consumer privacy, and also explained to Congress that the FTC does not effectively safeguard consumer privacy. EPIC also has a petition pending before the FCC to end the mandatory retention of private customer telephone records. (Apr. 4, 2017)

  • EPIC has filed an urgent Freedom of Information Act request for documents concerning a recent meeting between Attorney General Jeff Sessions and EU Commissioner Věra Jourová. The two reportedly discussed "a proposal [on] how to 'solve this problem'" of encryption. EPIC said in the FOIA request that "strong encryption is the cornerstone of the modern internet economy" and that encryption "is critical to preserving human rights and information security around the world." A proposal on encryption policy may be taken up at a June 2017 meeting between the United States and the European Union. EPIC has advocated for strong encryption since its founding and published the first comprehensive survey of encryption use around the world. In the FOIA request, EPIC also noted the growing risk to users of Internet-connected devices. (Apr. 3, 2017)

  • EPIC has submitted an urgent Freedom of Information Act request for DHS's review of the Russian Interference with the presidential election. The EPIC FOIA request follows House Resolution 235, sponsored by Rep. Bennie Thompson (D-MS), which would direct the Secretary of Homeland Security to transmit DHS's documents related to Russian interference to the House of Representative. EPIC is now pursuing public release of the same records, and has notified Chairman Jason Chaffetz (R-UT) and Ranking Member Cummings (D-MD), of the House Oversight Committee of the pending FOIA request. Earlier this week, EPIC argued "the public has the right to know" about the extent of Russian interference with the 2016 election. (Mar. 31, 2017)

  • A federal appeals court in Washington, D.C. heard arguments today in a major data breach suit. The faulty security practices of Carefirst, a health insurer, allowed hackers to obtain the personal information of more than 1,100,000 customers. But a lower court dismissed the case because the judge believed that consumers must suffer actual identity theft before before filing a lawsuit. EPIC's amicus brief explained that the judge misunderstood the law and confused the harm consumers eventually suffer with the failure of companies to uphold obligations to safeguard the data they choose to collect. The appellate judges today voiced similar doubts about the lower court's decision, suggesting that consumers don't have to wait until their identity is stolen to bring a lawsuit. One judge compared the case to a person putting down her driver's license to rent a Segway, only to have it stolen from the rental company. EPIC regularly files briefs defending the privacy rights of consumers. (Mar. 31, 2017)

  • EPIC has sent a letter to the Senate Intelligence Committee for a hearing on "Disinformation: A Primer in Russian Active Measures and Influence Campaigns." EPIC described its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions. EPIC is also pursuing the release of any FISA orders for Trump Tower, as well as Donald Trump's tax returns. EPIC wrote the "need to understand Russian efforts to influence democratic elections cannot be overstated." EPIC President Marc Rotenberg summarized EPIC's FOIA efforts in an op-ed in The Hill earlier this week. (Mar. 29, 2017)

  • EPIC has renewed its Freedom of Information Act request for Donald Trump's tax returns after FBI Director Comey confirmed an FBI investigation into financial ties between the Trump campaign and the Russian government. The Senate Intelligence Committee is also investigating Russian interference in the 2016 presidential election and the role of Trump advisors. Former National Security Advisor Mike Flynn resigned after evidence emerged that he received more than $30,000 to celebrate the Russian propaganda outlet RT. As EPIC stated, "At no time in American history has a stronger claim been presented to the IRS for the public release of tax records." EPIC explained that the IRS has the authority to release tax records to correct "misstatements of fact." EPIC cited contradictory statements made by the President, advisers, and family members, including Jared Kusher, who stated "Russians make up a pretty disproportionate cross-section of a lot of our assets. We see a lot of money pouring in from Russia." The President later tweeted that he "has ZERO investments in Russia" and that he has "NOTHING TO DO WITH RUSSIA-NO DEALS, NO LOANS, NO NOTHING." (Mar. 29, 2017)

  • EPIC has sent a letter to a House Judiciary committee concerning “the state of forensic science in the United States.” Citing the work of EPIC Advisory Board members Erin Murphy and Jennifer Mnookin EPIC said that oversight of forensic techniques, such as DNA and algorithms, is needed to ensure confidence in the criminal justice system. Last year, EPIC filed public records requests with six states to obtain the source code of DNA forensic software. EPIC has previously warned the US Supreme Court to carefully assess the reliability of investigative techniques. EPIC also argued a federal appeals case against DNA dragnet surveillance. (Mar. 28, 2017)

  • EPIC has submitted a series of urgent Freedom of Information Act requests for records concerning three witnesses who were scheduled to testify at an oversight hearing next week — Former Director of National Intelligence James Clapper, former Central Intelligence Agency Director John Brennan, and former Deputy Attorney General Sally Yates. Chairman Devon Nunes (R-CA), abruptly cancelled the hearing on the Russian interference in the 2016 Presidential Election, a move Ranking Member Adam Schiff (D-CA) called "an attempt to choke off public info." In today's FOIA requests, EPIC seeks to make public the information known to the witnesses about the Russian interference that would have presented to Committee members. EPIC is also pursuing related FOIA lawsuits against the FBI and ODNI. For more information about EPIC's latest open government work, visit: https://epic.org/open_gov/. (Mar. 24, 2017)

  • A federal court in Washington, DC has issued a ruling in EPIC v. DHS, case involving a controversial passenger screening program operated by Customs and Border Protection. Under the program, CBP combines detailed personal information with secret algorithms to assign "risk assessments" to travelers—including US citizens. EPIC sued the DHS for information about the "Analytic Framework for Intelligence" program, and argued that the agency unlawfully withheld records under the Freedom of Information Act. As a consequence of the EPIC FOIA lawsuit, EPIC obtained important documents and prevailed in an earlier phase of the case. However, the Court declined to order the further release of certain training materials for the profiling system EPIC sought. EPIC is currently deciding whether to pursue further a legal challenge to the agency's withholding. (Mar. 24, 2017)

  • The European Parliament has adopted a resolution on the fundamental rights implications of big data. The resolution stresses that "the prospects and opportunities of big data" can only be realized "when public trust in these technologies is ensured by a strong enforcement of fundamental rights and compliance with current EU data protection law." The resolution discusses the importance of data protection, accountability, transparency, data security, and privacy by design. EPIC has warned about the risks of big data and launched campaigns on "Algorithmic Transparency" and data protection. (Mar. 24, 2017)

  • Today the Senate voted to roll back the FCC's broadband privacy rules which require internet service providers to obtain consumers' consent for accessing sensitive information and required consumers to be notified of any data breaches. Senator Edward Markey (D-MA) blasted the vote stating that it is "Now easier for American's sensitive information about their health, finances and families to be used, shared, and sold to the highest bidder without their permission." EPIC had urged the FCC to establish comprehensive safeguards for consumer privacy. (Mar. 24, 2017)

  • A a letter from EPIC to the House Oversight Committee for a hearing on "Legislative Proposals for Fostering Transparency" highlighted the Freedom of Information Act. EPIC routinely pursues FOIA case on issues of public concern. Previously, EPIC uncovered evidence that airport body scanners are ineffective, that DHS monitors social media, and that the FBI's biometric database is filled with inaccuracies. EPIC is now seeking the Complete Assessment of Russian interference in the 2016 election as well information on "risk assessment" tools in the criminal justice system. In celebration of Sunshine Week, EPIC recently published the 2017 FOIA Gallery which showcases EPIC's work in 2016 to further government transparency. (Mar. 24, 2017)

  • The Pew Research Center has released a report on "What the Public Knows About Cybersecurity." According to the Pew survey, 75% of respondents could identify the strongest password out of four options. About half of the people who took the survey could identify a phishing attack; a similar number knew what ransomware is. Only 16% answered that "a group of computers that is networked together and used by hackers to steal information" is called a "botnet." EPIC maintains an Online Guide to Practical Privacy Tools and resources on Public Opinion and Privacy. (Mar. 22, 2017)

  • EPIC has sent a letter to the Senate Commerce Committee concerning "The Promises and Perils of Emerging Technologies for Cybersecurity." EPIC urged the Committee to support "Algorithmic Transparency," an essential strategy to make accountable automated decisions. EPIC also pointed out the "significant privacy and security risks" of the Internet of Things. EPIC has been at the forefront of policy work on the Internet of Things and Artificial Intelligence, opposing government use of "risk-based" profiling, and recommending safeguards for connected cars, "smart homes," consumer products, and "always on" devices. (Mar. 22, 2017)

  • Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) have introduced the "Security and Privacy in Your Car Act of 2017." The SPY Car Act would establish cybersecurity and privacy standards for new passenger vehicles, and establish a privacy rating system. A 2014 report from Senator Markey "detailed major gaps in how auto companies are securing connected features in cars against hackers." The bill would also prevent the use of driver data for marketing purposes without consent. In 2015 EPIC testified before Congress on the need for privacy and safety safeguards for connected vehicles. In 2016 EPIC filed an amicus brief in federal appeals court to protect consumers in cases involving connect vehicles. (Mar. 22, 2017)

  • EPIC has submitted a Freedom of Information Act request to the TSA seeking information on the recently announced ban on electronics on flights bound for the United States. The ban applies to ten airports in eight majority Muslim countries. EPIC is seeking documents related to the reasons for implementing the ban as well as documentation on TSA policies and procedures for searching electronics in checked luggage. EPIC regularly submits FOIA requests to government agencies and is also seeking information on eye scans conducted at US airports on US travelers. In EPIC v. DHS, EPIC is challenging the TSA's efforts to mandate airport body scanners. (Mar. 22, 2017)

  • In a letter to DHS Secretary Kelly and Attorney General Sessions, EPIC and a coalition of 25 open government organizations expressed concerns about the lawfulness and objectivity of data practices under several recent immigration Executive Orders. Official memos reveal the Orders are being implemented in "manner that is unlawful and inconsistent with federal information quality guidelines, raising serious privacy, transparency, and accountability concerns." The coalition urged Secretary Kelly and the Attorney General to align data practices with privacy safeguards, open data, and data quality requirements. "Public data allows the public to hold its government accountable - but that is only possible if government information is released in a complete, consistent, unbiased, and open manner," the group stated. Earlier this year, EPIC also collaborated with other open government advocates to push for greater transparency in federal dispute resolution services and to preserve access to government information online. (Mar. 22, 2017)

  • EPIC has sent a letter to the House Committee on Oversight concerning "Law Enforcement's Use of Facial Recognition Technology." EPIC urged the Committee to investigate the FBI's Next Generation Identification program. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." The FBI biometric database is one of the largest in the world, but the FBI has opposed privacy safeguards that EPIC supported. The Bureau proposed to exempt the database from Privacy Act protections. EPIC has filed a FOIA lawsuit against the FBI for information about the agency's plans to transfer biometric data to the Department of Defense. (Mar. 21, 2017)

  • Following Director James Comey's confirmation of the FBI investigation into ties between Russia and Trump's presidential campaign, the FBI asked to delay EPIC's FOIA lawsuit against the agency. In EPIC v. FBI, EPIC seeks public release of records pertaining to the Russian interference with the 2016 Presidential election. Yesterday, in an open hearing before the House Select Intelligence Committee, Comey acknowledged for first time that the FBI is investigating possible coordination between the Trump campaign and Russia's interference in the election. Following the testimony, the FBI immediately asked the court for more time file a schedule for processing the FOIA request in EPIC's case against the FBI. EPIC is simultaneously pursuing a FOIA appeal with the DOJ, pressing the agency to reveal the existence of any applications to wiretap Trump Tower. EPIC has also filed suit against the ODNI for public release of the Complete ODNI Assessment of the Russian interference in the 2016 election, and a new EPIC project, the EPIC Cybersecurity and Democracy Project, will focus on US cyber policies. (Mar. 21, 2017)

  • EPIC has filed a complaint with the Consumer Financial Protection Bureau over the use of automobile "starter interrupt devices." The EPIC complaint alleges that companies use these devices to "monitor borrowers' real-time location, limit borrowers' movements to prescribed boundaries via geo-fencing technology, and disable vehicles in remote or dangerous locations" in violation of the Consumer Financial Protection Act. EPIC has asked the Bureau "to enjoin their unfair and abusive practices." In testimony, and detailed comments, and letters. EPIC has urged Congress to adopt privacy and safety standards for connected vehicles. EPIC has also submitted comments to the CFPB on debt collection practices and publication of consumer complaint narratives. (Mar. 21, 2017)

  • EPIC has appealed the DOJ’s decision to “neither confirm nor deny" the existence of a FISA application to monitor Trump Tower. Following tweets by the President alleging that President Obama "had [his] wires tapped in Trump Tower,” EPIC submitted an urgent FOIA request with the DOJ’s National Security Division for public release of any FISA applications for wiretapping Trump Tower. In response, the DOJ stated on Friday that "we can neither confirm nor deny the existence of records in these files responsive to your request." Yet, in today’s hearing before the House Select Committee on Intelligence, FBI Director James Comey stated that both the FBI and the DOJ had “no information to support those tweets.” EPIC has appealed the agency's response to the FOIA request, stating "Based on the FBI Director’s statement today... the agency may not hide behind the “neither confirm nor deny" response," and the "agency should immediately process EPIC’s FOIA Request." The heads of the Senate and House Intelligence committees have also publicly rejected the allegations, along with House Speaker Paul Ryan. EPIC will continue to press the DOJ for release of the information. (Mar. 20, 2017)

  • EPIC has sent a letter to the House Intelligence Committee for a hearing on "Russian Active Measures Investigation," during which FBI Director James Comes will testify. EPIC described a FOIA request with the Department of Justice for the public release of any applications filed under "FISA" for wiretapping Trump Tower. This past Friday, DOJ responded to EPIC stating it can neither "confirm nor deny" the existence of a FISA application to monitor Trump Tower. EPIC also described its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions. EPIC explained that upcoming federal elections in Europe underscore the need to assess the threat to democratic elections. EPIC told the Committee the "need to understand Russian efforts to influence democratic elections cannot be overstated." (Mar. 20, 2017)

  • In a letter to the Senate Judiciary Committee, EPIC has urged Senators to question Supreme Court nominee Neil Gorsuch on a wide range of privacy, First Amendment, open government, and consumer protection issues. Judge Gorsuch’s views on these subjects could have "far-reaching implications" for “the future of privacy in the digital era," EPIC wrote. The letter from EPIC emphasized that "[t]hese issues could not be more timely” given recent allegations by the President “that he was the target of government surveillance"—a claim that is the target of an EPIC freedom of information request. EPIC regularly shares its views with the Senate concerning nominees to the Supreme Court, including Justice Kagan, Justice Sotomayor, Justice Alito, and Chief Justice Roberts. The Senate hearing will be webcast on C-SPAN Monday at 11:00 am EDT. (Mar. 20, 2017)

  • In a letter to EPIC, the Department of Justice’s National Security Division stated it will neither "confirm nor deny" the existence of a FISA application to monitor Trump Tower. After the President has charged that President Obama "had [his] wires tapped in Trump Tower,” EPIC filed an urgent FOIA request with the DOJ for the public release of any applications filed under "FISA" for wiretapping Trump Tower. In response to EPIC’s FOIA request, the DOJ has stated, "we can neither confirm nor deny the existence of records in these files responsive to your request." EPIC will challenge the agency's determination. The Senate Select Committee on Intelligence released a bipartisan statement rejecting the allegations, and House Speaker Paul Ryan stated on Thursday they have "seen no evidence" of wiretapping. EPIC also filed a related request for five categories of FISA applications related to the alleged surveillance of the Trump team. The DOJ provided the same response to EPIC to that request. (Mar. 18, 2017)

  • President Trump’s proposed budget reveals a $61 million increase in FBI funds dedicated to fighting encryption. The newly released budget for Fiscal Year 2018 directs the FBI to invest “$61 million more to fight terrorism and combat foreign intelligence and cyber threats and address public safety and national security risks that result from malicious actors’ use of encrypted products and services.” The FY2017 budget set aside $38 million to FBI anti-encryption technology and research. EPIC has advocated for strong encryption since its founding, and consistently pushed back against efforts to weaken the technology. EPIC also published the first comprehensive survey of encryption use around the world. (Mar. 17, 2017)

  • The International Working Group on Data Protection in Telecommunications adopted new recommendations to improve the privacy and security of biometric identification online. The Berlin-based Working Group includes Data Protection Authorities and experts who work together to address emerging privacy challenges. The "Working Paper on Biometrics in Online Authentication )" explains that “biometrics in online authentication offers one possibility to address some of the shortcomings” of conventional online passwords, but the “data protection and privacy risks” must be considered. Among their recommendations, the experts urge policymakers to support for “[p]roactive privacy tools,” and contend biometric authentication should “remai[n] an active choice by the user and not a condition of use.” EPIC will host the 61st meeting of the International Working Group in Washington DC in April 2017. (Mar. 17, 2017)

  • EPIC has filed a "friend-of-the-court" brief in an open government case with implications for informational privacy. A group of anonymous medical employees challenged the release of personal information sought under a state public records act. EPIC argued that withholding personal information is consistent with open government and constitutionally required. "Open government laws and privacy laws are complimentary: the aim is to maximize both the public's access to information about the government and to safeguard personal privacy to the greatest extent feasible," EPIC wrote. EPIC has argued for similar privacy protections in ATF v. Chicago, Chicago Tribune v. University of Illinois, Ostergren v. Cuccinelli, NASA v. Nelson, and FCC v. AT&T. (Mar. 16, 2017)

  • The Colorado General Assembly recently passed a bill that allows "ballot selfies," threatening voter privacy. Ballot selfies allow campaigns, employers, unions, and others to verify how an individual voted. But EPIC explained in "The Secret Ballot At Risk: Recommendations for Protecting Democracy" that the secret ballot — the inability to link particular voters to particular votes — is a cornerstone of modern democracies. The secret ballot reduces the threat of coercion, vote buying and selling, and tampering. The secret ballot allows people to vote without fear of intimidation or retaliation. EPIC has a long history of working to protect voter privacy and election integrity. In a 2010 Supreme Court case, EPIC argued that disregard for voter privacy may unconstitutionally burden the right to vote. (Mar. 16, 2017)

  • Senator Markey and Representative Welch today introduced the Drone Aircraft Privacy and Transparency Act of 2017. The Act would establish privacy safeguards to protect individuals from drone surveillance. The Drone Privacy Act requires publicly available data collection statements from operators and warrants for drone surveillance by law enforcement. "Drones flying overhead could collect very sensitive and personally identifiable information about millions of Americans, but right now, we don't have sufficient safeguards in place to protect our privacy," said Senator Markey. The Act includes privacy protections EPIC has proposed in statements to Congress and comments to federal agencies. In EPIC v. FAA, EPIC is challenging the failure of the FAA to protect the public from aerial surveillance. (Mar. 15, 2017)

  • EPIC has sent a letter to the Senate Judiciary Committee for a hearing on "The Modus Operandi and Toolbox of Russia and Other Autocracies for Undermining Democracies Throughout the World." EPIC described two of its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions, as well as a pending FOIA request regarding the "wiretapping of Trump Tower." EPIC explained that upcoming federal elections in Europe underscore the need to assess the threat to democratic elections. EPIC told the Committee the "need to understand Russian efforts to influence democratic elections cannot be overstated." (Mar. 15, 2017)

  • EPIC sent a detailed letter to the Senate Commerce Committee ahead of a hearing on drone deployment in the United States. Emphasizing the unique privacy risks of drones, EPIC explained that the FAA has failed to establish necessary safeguard. EPIC has sued the agency, arguing that is has failed to comply with Congressional directives, following a petition by EPIC hundreds of comments the agency receivedin support of privacy rules. EPIC also pointed out that the FAA has excluded privacy experts from the agency task force on drone policy. (Mar. 14, 2017)

  • EPIC has announced the newest members of the EPIC Advisory Board. They are Jennifer Daskal, Robert Groves, Cathy O'Neil, Jennifer Mnookin, Erin Murphy, and James Waldo. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy who contribute to EPIC's work on privacy and civil liberties issues. Professor Danielle Citron, author of "Hate Crimes in Cyberspace," was recently named Chair of the EPIC Board of Directors. Sherry Turkle and Shoshana Zuboff joined the Board of Directors. (Mar. 13, 2017)

  • The House Committee on Education and the Workforce gave approval last week to a bill that would undermine the privacy protections guaranteed by the Genetic Information Nondiscrimination Act (GINA). The bill would condition health insurance discounts for wellness programs on whether an employee agrees to participate in genetic testing. Under GINA, employers may not penalize employees for keeping their genetic data private. DNA profiles and other genetic records contain particularly sensitive personal information that can impact employment decisions, insurance availability, and even criminal justice outcomes. EPIC supported GINA and has backed the right of individuals to control the use of their genetic data in numerous comments and cases. (Mar. 13, 2017)

  • In celebration of Sunshine Week, a national recognition of public access to information, EPIC has unveiled the 2017 FOIA Gallery. Since 2001, EPIC has released annual highlights of EPIC's most significant open government cases. In 2016, EPIC obtained records detailing a Customs and Border Protection data mining program used to build "risk" profiles on travelers, unveiled two years' worth of statistical data showing the FBI's growing biometric identification program, and revealed the DEA's failure to conduct legally mandated privacy assessments in EPIC v. DEA. In the latest FOIA Gallery, EPIC also highlights two new FOIA lawsuits to uncover details of the Russian interference in the 2016 election case concerning electronic surveillance report, and the launch of EPIC's new course teaching the basics of the federal FOIA. (Mar. 10, 2017)

  • The Justice Department's Office of Information Policy has released the 2016 Freedom of Information Act Litigation and Compliance Report. The report describes the DOJ's efforts in 2016 to ensure compliance with the open government law across the federal government, from issuing policy guidance to holding FOIA trainings. The agency also issued a list of FOIA cases where a court decision was rendered in 2016 and the amount of fees awarded by the court. EPIC tied for second (with the ACLU), behind the Public Employees for Environmental Responsibility, as the most successful FOIA litigator in the country, receiving court-ordered fee awards in three cases in 2016. In 2017, EPIC has already prevailed in a FOIA case against the FBI for public release of the agency's privacy assessments. Fees are anticipated in that case. For more information about EPIC's open government work, visit: https://epic.org/open_gov/. (Mar. 9, 2017)

  • EPIC has asked the House Committee on Foreign Affairs to examine the risk to democratic institutions of cyber attack. EPIC described two recent Freedom of Information Act cases against the FBI and the ODNI to obtain records about the Russian interference with the 2016 US Presidential election. EPIC pointed to the upcoming federal elections in Europe and the need to safeguard democratic elections. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which focuses on US cyber policies, threats to election systems, and foreign attempts to influence American policymaking. (Mar. 9, 2017)

  • EPIC has filed an urgent FOIA request with the FCC for information on the recent meeting between FCC Chairman Ajit Pai and President Donald Trump. EPIC is seeking memos, briefing papers, emails, and talking points relating to the White House meeting that took place on March 6, 2017. EPIC said in the FOIA request that public disclosure of this is critical as President Trump has described the media, which is subject to FCC regulation, as the "enemy of the people." FCC Chair Pai also recently suspended parts of a broadband privacy order that protects Internet users from invasive tracking and profiling. EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy. EPIC also has a long-standing petition before the FCC to end the mandatory retention of customer telephone records. (Mar. 9, 2017)

  • EPIC has filed a FOIA lawsuit against the Department of Justice for information about the use of "risk assessment" tools in the criminal justice system. These proprietary techniques are used to set bail, determine criminal sentences, and even contribute to determinations about guilt or innocence. Many criminal justice experts oppose their use. EPIC has pursued several FOIA cases to promote "algorithmic transparency." The EPIC cases include passenger risk assessment, "future crime" prediction, and proprietary forensic analysis. The Supreme Court is now considering whether to take a case on the use of a secretive technique to predict possible recidivism. (Mar. 7, 2017)

  • EPIC has sent a letter to the Senate Commerce Committee ahead of an FCC oversight hearing. EPIC urged the Committee to examine the FCC's role in online privacy. EPIC supports the FCC's broadband privacy rule. In fact, EPIC had urged the FCC to adopt a comprehensive privacy rule for all communications services, as suggested by FCC Chairman Pai. EPIC also brought to the Committee's attention an outdated FCC regulation that requires the bulk collection of telephone data of American consumers. In 2015, EPIC and many consumer privacy groups petitioned the FCC to repeal, but the Commission has yet to take any action. In the letter to the Senate, EPIC said the FCC should withdraw the anti-privacy, data retention regulation. (Mar. 7, 2017)

  • EPIC has filed an urgent FOIA request with the Department of Justice for the release of the warrant for wiretapping the Trump Tower in New York city. The President has charged that President Obama "had [his] wires tapped in Trump Tower." EPIC has filed a formal Freedom of Information request of the public release of any applications filed under "FISA" for wiretapping in Trump Tower. Such an order would have been filed by the National Security Division of the Justice Department and approved by the Foreign Intelligence Surveillance Court. The complete text of the Foreign Intelligence Surveillance Act is available in the Privacy Law Sourcebook (EPIC 2016) at the EPIC Bookstore. (Mar. 6, 2017)

  • EPIC and a coalition of children's advocates have filed a comment opposing petitions that ask the FCC to revoke its broadband privacy rules. The coalition urged the FCC to retain rules that treat children's data, web browsing histories, and app usage data as sensitive and to retain opt-in requirements for all categories of sensitive information. EPIC previously urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC has frequently defended FCC privacy rules and currently has a petition pending before the FCC to end the mandatory retention of customer telephone records. (Mar. 6, 2017)

  • In comments to the National Science Foundation on "Smart Cities and Communities Federal Strategic Plan", EPIC warned that they there were considerable risks to public safety and personal privacy. EPIC urged the NSF to prioritize cybersecurity, protect individual privacy, and minimize the collection of personally identifiable information. EPIC regularly submits comments to federal agencies on emerging civil liberties issues, including cybersecurity, consumer protection, and other privacy issues. (Mar. 3, 2017)

  • EPIC has sent a letter to the House Committee on Oversight for a hearing on the Transportation Security Administration. EPIC has objected to the TSA's refusal to release information designated as "sensitive security information" that is pertinent to EPIC's ongoing case against TSA regarding airport body scanners. EPIC said that "seeking to hide its decision making behind this cloak of secrecy." The House Committee has also criticized the agency's use of the SSI designation. EPIC also raised concerns about the eye scanning of US travelers at US airports as well as the TSA's statement that they will no longer accept drivers licenses from states that oppose "REAL ID". (Mar. 2, 2017)

  • In advance of a hearing on "Cyber Strategy and Policy," EPIC has sent a letter to the Senate Armed Services Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project that will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Mar. 2, 2017)

  • In March 2016, EPIC and more than 20 civil society organizations urged European leaders to oppose adoption of the "Privacy Shield" for EU-US data flows. The NGOs wrote that the political agreement fails to provide sufficient data protection and does not respect the decision of the European Court of Justice in the Schrems case. The groups urged the US to make changes in domestic laws and international commitments to permit transfers of personal data to the US. The ACLU and Human Rights Watch have now also sent a letter asking Europe to reexamine Privacy Shield. At a hearing before the High Court of Ireland, EPIC Senior Counsel Alan Butler has made submissions in DPC v. Facebook highlighting weaknesses in US privacy law. (Mar. 2, 2017)

  • EPIC has filed an urgent FOIA request with U.S. Customs and Border Protection for details of eye scans conducted on U.S. citizens traveling internationally. The CBP has long been testing biometric identification of travelers, including U.S. citizens, and a recent report indicates U.S. citizens were subject to eye scans before traveling abroad. EPIC seeks public disclosure of the details of CBP policies for scanning U.S. citizen irises and retinas upon entry or exit to the U.S. EPIC makes frequent use of the Freedom of Information Act. As the result of a FOIA lawsuit, EPIC recently obtained several memorandum of understanding regarding the transfer of biometric identifiers between the FBI and DOD. Last month, EPIC also prevailed in EPIC v. FBI, a FOIA lawsuit public release of the FBI's privacy assessments. (Mar. 2, 2017)

  • In advance of a hearing on Section 702 of the Foreign Intelligence Surveillance Act, EPIC has sent a letter to the House Judiciary Committee urging increased transparency and new public reporting of the Government's surveillance activities. EPIC also highlighted that Section 702 is the central focus of multiple current legal challenges to international data transfer agreements occurring abroad. Section 702, which authorizes the bulk surveillance on the communications of non-U.S. persons, sunsets on December 31, 2017. EPIC testified before the Committee during the 2012 FISA reauthorization hearings. (Mar. 1, 2017)

  • Today EPIC made submissions before the Irish High Court in Data Protection Commissioner v. Facebook, concerning privacy protections for transAtlantic data transfers. EPIC explained that "U.S. privacy law is characterized by particularly narrow conceptions of privacy and personal data, which in turn limit the scope of relevant constitutional, statutory, and regulatory privacy protections." EPIC also stated, "many of the privacy safeguards under U.S. law in fact operate to the exclusion of E.U. citizens" and that the "standing" doctrine is an overarching barrier to legal redress. EPIC is represented by FLAC (Free Legal Advice Centres), an independent human rights organization, based in Dublin, dedicated to the realization of equal justice for all. [Press Release] (Mar. 1, 2017)

  • In advance of a hearing on "Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities," EPIC has sent a letter to the House Armed Services Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Feb. 28, 2017)

  • EPIC has sent a statement to the Senate Select Committee on Intelligence outlining the key government transparency and cybersecurity challenges the next Director of National Intelligence will confront. The Committee meets today to consider the nomination of Sen. Dan Coats for the position. EPIC commended former Director Clapper's progress on oversight and transparency and urged the Committee to seek assurance from Sen. Coats that his office will continue that work. EPIC also warned that over classification remains an issue that frustrates government accountability. EPIC informed the Committee that EPIC has filed suit against the ODNI for public release of the Complete Assessment of the Russian interference in the 2016 election. In the unclassified report, former Director Clapper said that the Russians conducted a "multi-faceted" attack on the 2016 election. (Feb. 28, 2017)

  • EPIC has filed the opening brief in a lawsuit against the Federal Aviation Administration concerning drone surveillance. EPIC charged that the FAA's failure to establish privacy rules for commercial drones is a violation of law. The EPIC lawsuit is based on an Act of Congress requiring a "comprehensive plan" for drone deployment in the United States and a petition, backed by more than one hundred organizations and privacy experts, calling for privacy safeguards. EPIC stated that “As the FAA has refused to issue any privacy-related rules and refused to conduct a comprehensive rulemaking, contrary to the FAA Modernization Act and to EPIC's Rulemaking Petition, the Court must now order the agency to do so.” The case is EPIC v. FAA, No. 16-1297. (Feb. 28, 2017)

  • Congressman Frank Pallone has asked the U.S. Government Accounting Office to study the harms of eliminating rules that protect consumer privacy. "With the near universal use of the internet, and the rapid expansion of connected devices, corporations now have more information about American consumers than ever before," Pallone wrote in his letter. "It is, therefore, more important than ever that Americans' privacy and security be protected online." Pallone asked the GAO to report on whether the "notice and choice" approach to privacy regulation works, what challenges consumers face in protecting their information, and how the FCC, FTC, and other agencies approach privacy regulation. EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy. EPIC also explained in comments to the FTC and FCC and in testimony before Congress that "notice and choice" is insufficient to protect consumer privacy. (Feb. 27, 2017)

  • Yahoo has responded to a letter from Senators John Thune (R-SD) and Jerry Moran (R-KS) inquiring into data breaches that exposed over a billion user records in 2013 and 2014. Yahoo said in its response that it has notified users affected by the breaches, required users who had not changed their passwords since 2014 to do so, and encouraged all users to review their passwords and security questions. Yahoo's letter also discussed the steps the company has taken to improve its security program. EPIC testified in support of strong data breach notification laws in 2009 and 2011, launched "Data Protection 2016" to make privacy a campaign issue and recently filed an amicus brief to protect the ability of consumer to sue companies that fail to protect their personal information. (Feb. 24, 2017)

  • In comments to Office of Government Information Services, EPIC and a coalition of open government groups urged greater transparency for dispute resolutions. The coalition wrote that a proposed rule "would impose restrictive confidentiality requirements." The coalition proposed revisions that "do not place restrictive confidentiality requirements on requesters" who use dispute resolution services. EPIC routinely advocates on behalf of open government and transparency. Earlier this month, EPIC and a coalition called on the Office of Management and Budget to preserve public access to online government information. EPIC also recently prevailed in EPIC v. FBI, a Freedom of Information Act lawsuit for public release of the FBI's privacy assessments. (Feb. 24, 2017)

  • The International Conference of Data Protection & Privacy Commissioners is seeking submissions by April 21, 2017 for the inaugural Global Privacy and Data Protection Awards. Entries are invited for research, dispute resolution, education and advocacy, and use of online tools. Winning entries will be announced at the 39th annual Privacy Commissioners conference in Hong Kong in September 2017. EPIC has organized more than a dozen Public Voice events in conjunction with the annual meetings of the Privacy Commissioners to encourage civil society participation in decisions concerning the future of the Internet. EPIC also gives out the Champion of Freedom Awards at the Computers, Privacy and Data Protection Conference in Brussels and the EPIC Awards Dinner in Washington, DC. (Feb. 24, 2017)

  • The U.S. Supreme Court will hear arguments Monday in Packingham v. North Carolina. At issue is a state law that bars people listed in a sex offender registry from accessing any commercial website that allows users under 18 to create profiles and communicate online. The North Carolina ban covers major news sites such as the New York Times and CNN. Packingham was convicted for posting "Good is God" on Facebook after a traffic ticket was dismissed. EPIC filed a "friend-of-the-court" brief joined by thirty-five technical experts, legal scholars, and civil liberties organizations, EPIC explained that the law violates the First Amendment right to receive information, censors vast amounts of speech unrelated to protecting minors, and will lead to widespread government monitoring of all internet users. "The state can no more criminalize what an individual chooses to read on a personal electronic device than it can restrict the contents of a home library: the privacy of both is sacrosanct," EPIC wrote. EPIC regularly files amicus briefs with the US Supreme Court on emerging privacy and civil liberties issues. EPIC previously argued for First Amendment privacy protections in Doe v. Reed, Watchtower Bible v. Stratton, and Los Angeles v. Patel. (Feb. 24, 2017)

  • The FBI has filed an answer to EPIC's Freedom of Information Act lawsuit for records pertaining to the Russian interference with the 2016 Presidential election. In the answer, the FBI acknowledged receipt of EPIC's FOIA request. EPIC filed suit against the FBI in federal district court after the agency failed to make a timely decision concerning EPIC's request for expedited processing of the FOIA request. The parties will next confer to set a schedule for production of documents and briefing, if necessary. EPIC has also filed suit against the ODNI for public release of the Complete ODNI Assessment of the Russian interference in the 2016 election. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Feb. 23, 2017)

  • As a result of a Freedom of Information Act request, EPIC has obtained over 650 pages about DHS's immigration enforcement priorities. The documents detail the "Priorities Enforcement Program," a controversial program that relied on biometric data collection for immigration enforcement. EPIC recently submitted two new urgent FOIA requests to DHS, the first about DHS plans to step up social media monitoring and a second to reveal the agency's compliance with recent immigration court orders. This week, EPIC also prevailed in a FOIA lawsuit for public release of privacy assessments the FBI is required to prepare. (Feb. 23, 2017)

  • The Article 29 Working Party, an expert group of European privacy officials, has raised concerns over a provision in the immigration Executive Order that would limit Privacy Act protections. The Working Party is seeking assurance from the US that the change will not threaten the privacy rights of non-US citizens established in the "Privacy Shield" and the Umbrella Agreement. EPIC is currently participating in Data Protection Commissioner v. Facebook, a case following a landmark decision that found insufficient legal protections for the transfer of European consumer data to the US. (Feb. 22, 2017)

  • EPIC has prevailed in EPIC v. FBI, a case involving a Freedom of Information Act request for privacy assessments the FBI is required to prepare. EPIC sued the Federal Bureau of Investigation after the agency failed to respond to EPIC's FOIA request for the assessments. EPIC subsequently challenged the adequacy of the agency's search for responsive documents and the FBI's claim that record could be withheld pursuant to "Exemption 7(E)," which concerns law enforcement "techniques and procedures." Today, the federal judge concluded that "the FBI neither adequately described its search nor properly justified its withholdings of information under FOIA exemption 7(E)." The Court ordered the FBI to supplement the record to address the inadequacy of the agency's search and the basis for the Exemption 7(E) claims. (Feb. 21, 2017)

  • Sen. Ron Wyden (D-OR) has asked the Department of Homeland Security to explain reports of Customs and Border Patrol agents demanding access to Americans' locked phones at U.S. borders. Wyden said that "These digital dragnet border search practices weaken our national and economic security." EPIC awarded Sen. Wyden the EPIC Champion of Freedom Award in 2013. EPIC's 2017 awards dinner will be held on June 5, 2017 honoring Carrie Goldberg, Garry Kasparov, and Judge Patricia Wald. EPIC has also submitted FOIA requests to the DHS regarding the agency's policies for searches of social media. (Feb. 21, 2017)

  • The German Federal Network Agency has told parents to destroy the "My Friend Cayla" doll, an internet-connected doll that spies on young children. The toy is illegal under German privacy law because it is a "concealed listening device," according to the agency. EPIC and several consumer organizations filed a complaint with the Federal Trade Commission alleging that the doll violates U.S. privacy law. EPIC's complaint spurred a congressional investigation, and toy stores across Europe have removed Cayla from their shelves and are offering refunds to parents who purchased the toys. However, the Federal Trade Commission has failed to act on the complaint and U.S. families continue to purchase the doll that surreptitiously monitors children's communications. (Feb. 17, 2017)

  • A coalition of human rights groups is urging the UN to investigate reports that the US is demanding entrants provide access to their cell phones and social media accounts. "These practices persist in violation of the United States human rights treaty obligations and your action is needed to hold the government accountable," the group stated in a letter to the the UN High Commissioner on Human rights and other UN offices. EPIC recently submitted an urgent request for disclosure of DHS plans to step up social media monitoring, and previously prevailed in a lawsuit against the agency to reveal records of its monitoring programs. EPIC's Privacy Law Sourcebook 2016, available in the EPIC bookstore, provides an overview of privacy frameworks around the world and tracks emerging privacy challenges. (Feb. 16, 2017)

  • EPIC and a coalition of consumer groups sent a letter to the Federal Trade Commission recommending 10 steps the agency should take to protect consumers and promote competition in 2017. "American consumers today are at great risk of identity theft, financial fraud, and data breaches," the coalition wrote, arguing that "proactive efforts to strengthen data protection will spur innovation and support business models that are sustainable over time." The letter asks the FTC to increase its enforcement efforts, promote transparency, and pursue actions based on unfairness instead of relying on "notice and choice." EPIC has consistently urged the FTC to exercise its full authority in protecting consumers. EPIC has also filed numerous consumer privacy complaints with the FTC, including a recent complaint about "toys that spy." (Feb. 16, 2017)

  • EPIC has sent a letter to a House committee on Digital Commerce and Consumer Protection for a hearing on "Self-Driving Cars: Road to Deployment," urging the establishment of privacy and safety measures for connected cars. EPIC warned that connected vehicles raise substantial risks for consumers. EPIC explained that voluntary guidance and self-regulation do not provide meaningful protection. EPIC has testified before Congress and submitted detailed comments on the need for privacy and safety standards for connected vehicles. (Feb. 15, 2017)

  • EPIC has sent letters to two Senate Committees investigating Russian interference with the 2016 Presidential Election. In letters to the Senate Judiciary Committee and Senate Foreign Relations Committee EPIC described two Freedom of Information Act cases against the FBI and the ODNI to obtain records about the scope of activities aimed at undermining democratic institutions. EPIC explained that upcoming federal elections in Europe underscore the need to understand the cyber threat to democratic elections. (Feb. 13, 2017)

  • EPIC and a coalition of over sixty organizations urged the Office of Management and Budget to preserve access to government information online. In a letter, the coalition called on OMB to ensure agencies give the public notice required by law before removing information. The coalition warned that agencies have begun removing information on topics "such as animal welfare, individuals with disabilities, climate change, and more from their websites." EPIC routinely advocates on behalf of open government and transparency. EPIC is currently pursuing two Freedom of Information Act lawsuits for records related to the Russian interference in the 2016 Presidential election. (Feb. 13, 2017)

  • In advance of a hearing on "Strengthening U.S. Cybersecurity Capabilities," EPIC has sent a letter to the House Science Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. (Feb. 13, 2017)

  • Several states across the U.S., including Michigan, Montana, North Carolina, and Ohio, recognized international Data Privacy Day, held annually on January 28 to commemorate the first international treaty for privacy and data protection. State efforts to raise awareness about privacy and other consumer protection issues are published monthly in The State Center Consumer Protection Report. The Report also noted that Mississippi is pursuing legal action against Google over student data collected from public schools. The lawsuit accuses Google of collecting students' personal information and search history for its own business interests in violation of the Mississippi Consumer Protection Act. (Feb. 10, 2017)

  • In a letter to DHS Secretary Kelly, Senator Markey (D-MA) and five other Senators pressed DHS about the impact of an Executive Order limiting federal Privacy Act protections. "These Privacy Act exclusions could have a devastating impact on immigrant communities and would be inconsistent with the commitments made when the government collected much of this information," the Senators contended. The Senators also called on Secretary Kelly to explain the Order's impact on international commitments that permit U.S. firms to obtain access to the data of European consumers. EPIC is participating in Data Protection Commissioner v. Facebook, a case which follows a landmark decision that found insufficient legal protections for the transfer of European consumer data to the United States. (Feb. 9, 2017)

  • EPIC has submitted an urgent FOIA request to the Department of Homeland Security about aerial surveillance, social media monitoring and ID theft following statements made by DHS Secretary John Kelly in a Congressional hearing on Homeland Security. The Secretary described plans to expand the use of "aerostats" (surveillance blimps) and monitoring of social media. The Secretary also stated that he has been a victim of data breach. The EPIC FOIA request follows earlier cases brought by EPIC which revealed efforts by the DHS to expand aerial surveillance within the United States, develop techniques for "pre-crime" detection, interrupt Internet service, as well as the impermissible monitoring of social media services and news organizations. (Feb. 8, 2017)

  • The Pew Research Center has released a report, "Code-Dependent: Pros and Cons of the Algorithm Age." The Pew report discusses the impact that experts expect algorithms to have on individuals and society. Among the themes in the report are the biases and lack of human judgment in algorithmic decisionmaking and the need for "algorithmic literacy, transparency, and oversight." EPIC has promoted "Algorithmic Transparency" for many years and has proposed two amendments to Asimov's Laws of Robotics that would require autonomous devices to reveal the basis of their decisions and their actual identity. (Feb. 8, 2017)

  • In a recent speech, Acting Federal Trade Commission Chairwoman Maureen Ohlhausen outlined her priorities for consumer protection. Ohlhausen recognized that "a notice-and-choice approach to privacy may not adequately protect consumers" but advocated a market-focused "harms-based approach" to privacy. She pointed to recent settlements with Ashley Madison and Eli Lilly as cases involving significant non-financial harm to consumers. Ohlhausen also proposed making the results of all FTC data security investigations public, not only those that result in enforcement actions. EPIC supports increased transparency in FTC actions but has explained in comments to the FTC and FCC and in testimony before Congress that "notice and choice" and "harms based" approaches are insufficient to protect consumer privacy. (Feb. 6, 2017)

  • The Federal Trade Commission has reached a $2.2 million settlement with smart TV manufacturer VIZIO over the company's tracking of consumers' viewing habits without their knowledge or consent. The FTC's complaint alleged that VIZIO's collection and sale of viewing data was unfair and deceptive, and the settlement agreement requires the company to delete all viewing data. EPIC previously filed a complaint with the FTC over Samsung's smart TV data collection practices, including surveillance of consumers' private conversations. EPIC has also defended the privacy of consumers' TV viewing habits in a federal court case involving the Video Privacy Protection Act. (Feb. 6, 2017)

  • This week the case Data Protection Commissioner v. Facebook, concerning privacy protection for transAtlantic data transfers, begins in Ireland. The case follows a landmark decision which found insufficient legal protections for the transfer of European consumer data to the United States. Mr. Schrems, an Austrian privacy advocate, now challenges Facebook's "standard contractual clauses" as failing to protect privacy. The Irish High Court designated EPIC as the US NGO amicus curiae in the case. EPIC is represented by FLAC (Free Legal Advice Centres), an independent human rights organization, based in Dublin, dedicated to the realization of equal justice for all. (Feb. 6, 2017)

  • EPIC has filed an urgent FOIA request with the Department for Homeland Security for further information about a DHS press release on "Compliance With Court Orders And The President's Executive Order." The DHS Press Release follows an Executive Order on entry to the United States and a series of court decisions suspending the Order. EPIC is now seeking details about the DHS's activities, including communications with other agencies, communications with airlines, and legal memos supporting the agency's actions. The Inspector General of DHS also announced an investigation to review "allegations of individual misconduct on the part of DHS personnel." EPIC cited both an "urgency to inform the public" and "exceptional media interest" in questions about the "government's integrity" in support of the request for expedited processing. EPIC will continue to press the DHS for prompt release of the documents sought. More information about EPIC's FOIA work is available on the FOIA Case page. (Feb. 3, 2017)

  • Congress is scheduled to consider the "Email Privacy Act" (H.R. 387) next week. The bill passed the House 419-0 last session. The Act amends the Electronic Communications Privacy Act of 1986 to extend the warrant requirement to communications stored for more than 180 days. An earlier version of the the Act would have required notice of email searches to the user, with some exceptions. EPIC has recommended several other ECPA updates, including protections for location data, data minimization requirements, and end-to-end encryption for commercial e-mail services. (Feb. 3, 2017)

  • EPIC sent a letter to a House Subcommittee on Communications and Technology in advance of a hearing on the NTIA, a key technology policy agency. EPIC warned that "American consumers face unprecedented privacy and security threats," citing recent examples of hacks of devices, including home locks and cars, connected to the internet. EPIC said that Congress and the NTIA should establish protections that minimize the collection of personal data and promote security for Internet-connected devices. EPIC warned of growing risks to consumer safety and public safety. EPIC has testified before Congress, litigated cases, and filed complaints with the FTC regarding connected cars, "smart homes," consumer products, and "always on" devices. (Feb. 2, 2017)

  • As a result of a Freedom of Information Act request, EPIC obtained documents detailing a DOJ and White House meeting with top industry representatives to help combat ISIL's online influence. The February 2016 meeting, called the "Madison Valleywood Project," convened a range of industry members to "collaborate in generating and amplifying compelling content that would undermine ISIL's online messaging and recruitment efforts." A series of slides set the stage for the project, proposing counter strategies like "disrupting their digital landscape" and encouraging use of data metrics to track success. EPIC routinely pursues FOIA requests and lawsuits to improve government oversight and accountability. In 2012, EPIC prevailed in a lawsuit against DHS revealing the agency's social media monitoring policies, including instructions to analysts to monitor criticism of the agency. More information about EPIC's FOIA work is available on the FOIA Case page. (Jan. 31, 2017)

  • The President has issued an executive order requiring every new regulation to be offset by the repeal of at least two existing regulations. The Order could directly impact rules that safeguard consumers against data breach, financial fraud, and identity theft. EPIC has also recommended new public safety regulations concerning aerial drones, connected vehicles, and the Internet of Things. In EPIC v. FAA, EPIC is challenging the failure of the agency to protect the public from aerial surveillance. (Jan. 31, 2017)

  • Through a Freedom of Information Act lawsuit, EPIC has obtained several memorandum of understanding regarding the transfer of biometric identifiers between the Federal Bureau of Investigation and the Department of Defense. One of the agreements, which includes the State Department, calls for "a direct conduit for the parties to access databases storing biometric information." Last year, EPIC filed extensive comments scrutinizing the FBI's proposal to remove Privacy Act safeguards from the Bureau's massive biometric database known as "Next Generation Identification." EPIC also lead a coalition effort urging Congress to hold an oversight hearing on the FBI database. The case is EPIC v. FBI, No. 16-2237 (D.D.C. filed Nov. 10, 2016) (Biometric Data Transfer Agreements). (Jan. 30, 2017)

  • The Aspen institute released a report on the Artificial Intelligence workshop on connected cars, healthcare, and journalism. "Artificial Intelligence Comes of Age" explored issues at "the intersection of AI technologies, society, economy, ethics and regulation." The Aspen report notes that "malicious hacks are likely to be an ongoing risk of self-driving cars" and that "because self-driving cars will generate and store vast quantities of data about driving behavior, control over this data will become a major issue." The Aspen report discusses the tension between privacy and diagnostic benefits in healthcare AI and describes "some of the alarming possible uses of AI in news media." EPIC has promoted Algorithmic Transparency and has been at the forefront of vehicle privacy through testimony before Congress, amicus briefs, and comments to the NHTSA. (Jan. 30, 2017)

  • On January 28, EPIC celebrates International Privacy Day, which commemorates Convention 108, the first international treaty for privacy and data protection. EPIC and consumer organizations have urged the United States to ratify the International Privacy Convention. NGOs and Privacy experts have also expressed support for the Madrid Declaration, a substantial document that reaffirms international instruments for privacy protection, identifies new challenges, and calls for concrete actions. The complete text of the Privacy Convention is contained in the Privacy Law Sourcebook, available at the EPIC Bookstore. (Jan. 28, 2017)

  • EPIC has filed an urgent FOIA request with the DHS, the Department of Justice, and the NSA, seeking the expedited release of NSPD-1. The National Security Presidential Directive sets out procedures for cybersecurity "policy coordination, guidance, dispute resolution, and periodic in-progress review." EPIC has previously litigated, and successfully obtained, NSPD-54, a Presidential Directive concerning the NSA's authority to conduct surveillance within the United States. (Jan. 28, 2017)

  • The Department of Health and Human Services, along with fifteen other federal agencies, released a final revision for the Common Rule which establishes privacy rights for personal information collected from human subjects in federally funded research. EPIC submitted extensive comments, urging the agencies to adopt strong privacy protections for personal data for the revised Common Rule. However, the federal agency deferred new safegaurds, as well as privacy guidance for internal review boards, claiming that current privacy laws were adequate. (Jan. 27, 2017)

  • EPIC has filed a "friend-of-the-court" brief in a donor privacy case before the Ninth Circuit Court of Appeals. Under California law, nonprofit organizations are required to send the state each year a list of donors and their donations. EPIC said this reporting requirement "infringes on several First Amendment interests, including the free exercise of religion, the freedom to express views without attribution, and the freedom to join in association with others without government monitoring." EPIC traced the history of anonymous giving in Christianity, Islam, and Judaism. EPIC also explained that California has "failed to implement basic data protection standards" for donor information. In amicus briefs for the U.S. Supreme Court, EPIC has argued for similar Constitutional privacy rights in Packingham v. North Carolina, Doe v. Reed, Watchtower Bible v. Stratton, and Patel v. Los Angeles. (Jan. 27, 2017)

  • According to a new public opinion study from the Pew Research Center, 64% of Americans have personally experienced a major data breach, and 49% feel that their personal information is less secure than it was 5 years ago. Pew also found that 41% of Americans have dealt with fraudulent charges on their credit card, and 15% have received notice that their Social Security number had been compromised. Pew found that a substantial majority (70%) of Americans anticipate major cyberattacks in the next five years on our nation's public infrastructure. The EPIC Data Protection campaign highlights the need to improve privacy safeguards in the United States. (Jan. 26, 2017)

  • The Federal Trade Commission has issued Cross-Device Tracking: An FTC Staff Report, which describes online tracking technology used to link a consumer's activity across smartphones, laptops, tablets, and other internet-connected devices. The report follows from an FTC workshop on this emerging practice. EPIC filed comments with the Commission urging limits on cross-device tracking, which presents significant privacy challenges due to the "lack of transparency and control in this undetectable online tracking scheme." EPIC explained how "notice and choice" fails to protect consumers from this surreptitious activity. The FTC's report recommends continued industry-self regulation and application of the unworkable "notice and choice" approach to this new practice. (Jan. 26, 2017)

  • EPIC has filed a Freedom of Information Act lawsuit against the Office of the Director of National Intelligence in federal district court in Washington, DC. The case is designated EPIC v. ODNI, No. 17-163 (D.D.C. filed Jan. 25, 2017). As EPIC makes clear in the complaint, "there is an urgent need to make available to the public the Complete ODNI Assessment to fully assess the Russian interference with the 2016 Presidential election and to prevent future attacks in democratic institutions." More details in the press release. Last week EPIC sued the FBI to uncover details of the Bureau's response to Russian interference. (Jan. 26, 2017)

  • Less than one week in office, the Trump Administration has published an Executive Order that limits the application of the federal Privacy Act. The Order states that "Agencies shall . . . ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act . . .” Few U.S. privacy laws distinguish between U.S. and non-U.S. citizens. The Privacy Act is an exception. Some efforts were made in the last few years to update the Privacy Act, a law adopted in 1974, as the federal government now collects detailed personal information on non-U.S. citizens. The reforms were also considered legally necessary to permit U.S. firms to obtain access to the data of European consumers. (Jan. 26, 2017)

  • This week the U.S. Senate confirmed Rep. Mike Pompeo to be Director of the CIA by a vote of 66-32. EPIC sent a statement to the Senate Select Committee on Intelligence highlighting Pompeo's troubling statements on privacy and surveillance. In a January 2016 op-ed, Mr. Pompeo wrote that "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed." EPIC warned the Senate Committee that the CIA Director must not "turn the enormous surveillance powers of the agency against the American people." A recent Freedom of Information Act case pursued by an EPIC revealed that the CIA spied on staff members of the US Senate. (Jan. 25, 2017)

  • EPIC has awarded the 2017 International Privacy Champion Award to German Privacy expert and open government advocate Alexander Dix. Dr. Dix served as Commissioner for Data Protection and Access to Information in Berlin, as well as Chair of the International Working Group on Data Protection. The EPIC award was presented at the annual conference on Computer, Privacy, and Data Protection in Brussels. The EPIC Champion of Freedom Awards will be presented on June 5, 2017 at the National Press Club in Washington, DC. Press Release. (Jan. 25, 2017)

  • The U.S. Supreme Court has declined to review a ruling by the Fifth Circuit Court of Appeals that a Texas voter ID law violates the Voting Right Act. The decision means that Texas won't be able to enforce the law, which poses a significant threat to voter privacy and could discourage legal voters. Last summer, the appeals court held that the Texas Law had a "discriminatory effect" on minorities' voting rights and remanded the case to the lower court. Texas petitioned the Supreme Court to review the decision, but the court refused to do so Monday. EPIC filed an amicus brief arguing that that the Texas law places an unconstitutional burden on voters' rights to informational privacy because of the excessive collection of personal data. Such bills "disenfranchise individuals who seek to protect their personal information from data breach, cybercrime, and commercial exploitation," EPIC told the court. (Jan. 24, 2017)

  • The Director of National Intelligence released a final progress report from the Obama administration on signals intelligence reform. The DNI report detailed the agency's efforts under Presidential Policy Directive 28 to increase transparency and accountability. Clapper also highlighted the Privacy and Civil Liberties Oversight Board's oversight role and stated that transparency is "difficult, but also, in my view, essential." The DNI stated, "The IC routinely provides the Board with the information and access it requests to carry out its oversight duties." The report also notes implementation of the Freedom Act, which prohibits the bulk collection of domestic telephone records. EPIC has supported enhanced transparency for the Intelligence Community and filed a Supreme Court petition to end the bulk data collection program. (Jan. 24, 2017)

  • EPIC sent a letter to the Senate Commerce Committee on Monday about privacy and security concerns in two pending bills. The DIGIT Act would "encourage the growth" of the Internet of Things and "help identify barriers to its advancement." The Spoofing Prevention Act would extend the laws prohibiting Caller ID spoofing to text messages, international calls, and Voice-over-IP calls. EPIC pointed out the "significant privacy and security risks" to American consumers of the Internet of Things. EPIC also argued for "a requirement that any automated calls reveal (1) the actual identity of the caller and (2) the purpose of the call." EPIC has been at the forefront of policy work on the Internet of Things, recommending safeguards for connected cars, "smart homes," consumer products, and "always on" devices. EPIC also supports robust telephone privacy protections and recently advised Congress on modernizing telemarketing rules. (Jan. 24, 2017)

  • During the final week in office, the Obama Department of Justice released the list of European countries covered under the Judicial Redress Act. The Act gives citizens of these countries limited rights under the US Privacy Act. The Act implements the US-EU "Umbrella Agreement," which is a framework for transferring law enforcement data across the Atlantic. The Act came about in response to the Schrems decision, which held that the United States lacks adequate data protection. EPIC had recommended substantial changes to the Judicial Redress Act, explaining in a letter to Congress that the bill still did not provide adequate protection to permit transborder data flows and fails to provide necessary updates for U.S. citizens. EPIC successfully sued the Justice Department to obtain the full text of the Umbrella Agreement. (Jan. 23, 2017)

  • As one of the final acts of the outgoing President, the White House has released "Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation." In 2008, President Obama announced "Change We Can Believe In" and said he would "strengthen the privacy protections for the digital age and to harness the power of technology to hold government and business accountable for violations of personal privacy." Beginning after his election, privacy groups across the county urged the President to strengthen privacy in America. In 2012, Obama proposed a Consumer Privacy Bill of Rights but no legislation followed. After the Snowden revelations, Congress enacted the Freedom Act and Obama reformed intelligence practices, but the US failed to limit data collection outside the US. The "Privacy Shield," a framework to gather data for commercial use without legal protections, was put in place even after NGOs urged comprehensive reforms in the US and the EU. Between 2009 and 2016, the levels of data breach, identity theft, and financial fraud in the United States skyrocketed, even as Americans called for stronger protections. The 2016 Presidential election was marked by data breaches, email disclosures and cyber attack The U.S. is still one of the few democratic nations in the world without a data protection agency. (Jan. 19, 2017)

  • EPIC today filed a Freedom of Information Act lawsuit against the Federal Bureau of Investigation in federal district court in Washington, DC. The case is designated EPIC v. FBI, No. 17-127 (D.D.C. filed Jan. 18, 2017). The complaint states “EPIC challenges the FBI’s failure to make a timely decision concerning EPIC’s request for expedited processing of the FOIA request for records about the Russian interference with the 2016 Presidential Election.” A press conference will be held at the Fund for Constitutional Government on Capitol Hill on Thursday, January 19, 2017 at 1 pm. Media Advisory (Jan. 18, 2017)

  • EPIC has sent a statement to the Senate Foreign Relations Committee urging that the next UN Ambassador to advocate for human rights, particularly the right to privacy and the right to freedom of expression as set out in the Universal Declaration of Human Rights. EPIC also wrote that the UN Ambassador should support US ratification of the Council of Europe Privacy Convention, which is critical to the continued flow of personal data around the world. EPIC and consumer organizations have called on the United States to ratify the Privacy Convention. Next week, many countries around the world will recognize January 28, International Privacy Day, which celebrates the International Privacy Convention. (Jan. 18, 2017)

  • EPIC will host a press conference at the Fund for Constitutional Government, across the street from the U.S. Supreme Court, on Thursday, January 19, 2017, at 1 pm, concerning the Russian Interference with the 2016 Presidential Election. Details to follow. (Jan. 18, 2017)

  • EPIC has sent a letter to the Senate Commerce Committee outlining the key privacy issues that the next Secretary of Commerce should address. The Committee convened this week to consider the nomination of Wilbur Ross for Commerce Secretary. EPIC stated that privacy protection may be on "the most important issue that the Secretary of Commerce will confront over the next several years." EPIC urged the Committee to ensure the nominee "make clear his commitment to a comprehensive approach to data protection, based in law." EPIC warned about the inadequacy of the Privacy Shield, a non-legal framework that permits the flow of European consumers' personal data to the United States, outside of European privacy law. (Jan. 18, 2017)

  • EPIC has filed a "friend-of-the-court" brief urging a federal appeals court to protect consumers' ability to sue companies that fail to safeguard personal information. A group of consumers sued health insurer Carefirst after the company's faulty security practices allowed hackers to obtain the personal information of 1,100,000 customers. A lower court wrongly dismissed the case because the judge believed that consumers must suffer identity theft before a court can consider violations of legal obligations. In the amicus brief, EPIC explained that the court misunderstood the relevant law, and confused the legal responsibility of companies to maintain good security with the harms that consumers eventually suffer. EPIC said courts should focus on whether companies have breached a legal obligation to safeguard personal data. EPIC regularly files briefs defending consumer privacy. (Jan. 18, 2017)

  • EPIC has sent a statement to the Senate Select Committee on Intelligence highlighting CIA Director nominee Mike Pompeo's troubling positions on privacy and surveillance. In a January 2016 op-ed, Mr. Pompeo wrote that "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed." EPIC warned the Committee that the CIA Director must not "turn the enormous surveillance powers of the agency against the American people." The CIA has a long history of unlawful surveillance. A recent Freedom of Information Act case pursued by an EPIC revealed the CIA spied on staff members of the US Senate. (Jan. 17, 2017)

  • Senator Richard Burr (R-NC) and Senator Mark Warner (D-VA), the Chairman and Ranking Member of the Senate Intelligence Committee, have announced a bipartisan inquiry into the Russian interference with the 2016 Presidential Election. Democratic members of the House Judiciary Committee have also pressed the FBI to confirm its investigation of President-elect Trump's ties to Russia. In a letter to FBI Director James Comey, Committee Members requested "all documentation relevant to this investigation" be provided to the Committee "as soon as possible." EPIC has filed two urgent Freedom of Information Act requests concerning Russian interference: one for records about the FBI's lax response to the foreign cyber threat, the other for the report "Russian Activities and Intentions in Recent US Elections". This week EPIC also urged the Senate Armed Services Committee to pursue an investigation. (Jan. 16, 2017)

  • The National Academies of Sciences has released a new report that examines how disparate federal data sources can be used for policy research while protecting privacy. The NAS Statistics and Privacy Report states that privacy must be a "core value" of any use of government data and recommends that federal statistical agencies "adopt modern database, cryptography, privacy-preserving, and privacy-enhancing technologies” and "engage in collaborative research with academia and industry to continuously develop new techniques to address potential breaches of the confidentiality of their data." EPIC President Marc Rotenberg and EPIC Advisory Board member Cynthia Dwork served on the committee that developed the report. Mr. Rotenberg testified before the Commission on Evidence-Based Policymaking, which is working on increasing access to government data for policy analysis. EPIC also filed comments with the Commission urging it to promote Privacy Enhancing Techniques. (Jan. 12, 2017)

  • EPIC has sent a statement to the Senate Commerce Committee, highlighting two significant privacy issues: drones and autonomous vehicles. The Senate Committee met this week to consider the nomination of Elaine Chao for Secretary of Transportation. EPIC sued the FAA, an agency subject to the Committee's oversight, for its failure to establish drone privacy rules, as required by Congress. EPIC also testified last year before the Committee on the risks of connected cars, EPIC has recently submitted comments on federal automated vehicles policy and filed an amicus brief in federal appeals court on the risks to consumers of connected vehicles. (Jan. 12, 2017)

  • The Director of National Intelligence has announced new rules that permit intelligence agencies to disseminate "raw" signals intelligence without first removing or "minimizing" personal information. EPIC and other civil liberties groups opposed these changes in a letter last year to the Director, explaining that the changes would "fatally weaken existing restrictions on access to the phone calls, emails, and other data the NSA collects." The Director said that the new rules would "prohibit recipient elements from querying raw [intelligence] for a law enforcement purpose." But EPIC previously highlighted the risks of consolidating personal data in a FOIA lawsuit, EPIC v. ODNI, against the Director of National Intelligence. (Jan. 12, 2017)

  • The Federal Trade Commission has filed a lawsuit against Internet of Things device maker D-Link. The complaint alleges that D-Link failed to use adequate security in its internet cameras and routers despite promises that the devices were "easy to secure" and used "advanced network security." The poor security practices alleged by the FTC include using easily-guessed default passwords, mishandling code-signing keys, and storing usernames and passwords in plaintext. EPIC has worked extensively on the risks of the Internet of Things, recommending safeguards for connected cars, "smart homes," and "always on" devices. In 2013, EPIC submitted comments to the FTC addressing the security and privacy risks of IoT devices. (Jan. 12, 2017)

  • EPIC and a coalition of privacy advocates have submitted comments asking the FCC to prohibit forced arbitration clauses in communications contracts. Arbitration clauses require consumers to settle complaints in private proceedings out of court, often in inconvenient locations and before arbitrators of the company's choosing. The comments note that forced arbitration clauses allow corporations to "escape accountability for systemic harms" such as overbilling. The FCC's broadband privacy rules, adopted in October 2016, did not address forced arbitration clauses, but Chairman Wheeler announced at the FCC's October meeting that the agency had begun an internal process for rulemaking on that issue. EPIC has urged the FCC to establish comprehensive safeguards for consumer privacy, to ban pay-for-privacy schemes, and to prohibit mandatory arbitration. EPIC has frequently defended FCC privacy rules and currently has a petition pending before the FCC to end the mandatory retention of customer telephone records. (Jan. 12, 2017)

  • The Federal Trade Commission has responded to EPIC's complaint about toys that spy, promising to "carefully review" the filing. EPIC's complaint, filed last month and joined by the Campaign for Commercial Free Childhood, the Center for Digital Democracy, and Consumers Union, alleges that the internet-connected children's toys My Friend Cayla and i-Que Intelligent Robot violate federal privacy laws. The complaint is part of coordinated, international efforts to ban these toys from the marketplace. Walmart, Toys "R" Us, and stores across Europe have already pulled the toys from their shelves. EPIC's complaint has also spurred a congressional investigation by Sen. Edward Markey (D-MA) into the data practices of toymaker Genesis Toys and speech technology developer Nuance Communications. (Jan. 11, 2017)

  • In a letter to the Senate Committee on Homeland Security, EPIC and leading experts urged Congress to keep a close eye on the White House Homeland Security Advisor. EPIC explained that the position, equal in power to the National Security Advisor, carries "significant implications for the safety and security of the American people." EPIC said that the Homeland Security Advisor should ensure "the Russian government poses no further threats to the United States electoral system or to other democratic governments." EPIC also said that "data protection and privacy should remain a central focus" of U.S. cyber security policy. The EPIC letter was signed by distinguished experts in cyber security, information technology, encryption, and human rights law. (Jan. 10, 2017)

  • The European Commission has released its proposal to update EU law on privacy and security safeguards for electronic communications. The revamped e-Privacy Regulation would extend important new safeguards to users of all online communications services, including email, instant messaging, and social media. The proposal would also protect both communications content and metadata, and would limit tracking of internet users. In the US, the FCC recently adopted modest privacy rules that apply only to broadband services offered by telecom companies, despite EPIC's repeated advice to the FCC to address "the full range of communications privacy issues facing US consumers." The Commission's update of the e-Privacy Directive follows the recently adopted General Data Protection Regulation, and must next be adopted by the European Parliament and European Council. (Jan. 10, 2017)

  • EPIC has submitted an urgent Freedom of Information Act request to the Office of the Director of National Intelligence (ODNI) seeking the complete report on the Russian interference in the 2016 Presidential Election. On January 6, the ODNI released a public summary on the Russian interference, but withheld important information. EPIC is seeking expedited release of the complete, unreacted report. EPIC is also seeking records from the FBI about the agency's lax response to the foreign cyber threat. EPIC submitted a statement to the Senate Armed Services Committee hearing on Russian interference. Congress will hold a second hearing today, and a bill initiating new sanctions against Russia is expected this week. EPIC will continue to press the ODNI for prompt release of the report. (Jan. 10, 2017)

  • In comments to the TSA, EPIC urged the agency to abandon a proposed information collection plan under the REAL ID Act. REAL ID is a federal to turn the state driver's license into a national identity statement. Many states have opposed REAL ID. The TSA now plans to subject Americans, without a TSA "compliant" ID, to broad information collection requirements. EPIC, supported by a broad coalition, opposed REAL ID because it compromised privacy and enabled government surveillance. EPIC provided detailed comments to DHS later issued a report. Since adoption of REAL ID, many states have suffered data breaches of DMVs because of criminals seeking REAL ID mandated documents. (Jan. 10, 2017)

  • Tomorrow the Senate Judiciary Committee will begin hearings on the nomination of Senator Jeff Sessions for Attorney General. EPIC submitted a statement to the Committee, which stated “Senator Sessions’ record regarding the privacy rights of Americans raises serious questions about his selection as Attorney General.” EPIC pointed to Sessions’ support for warrantless surveillance of the American people and opposition to government oversight. Senator Sessions also opposed Apple in its dispute with the FBI and failed to support efforts to modernize the Electronic Communications Privacy Act. The Lawyers for Good Government also raised concerns about Senator Session’s support for the Privacy Act, the Freedom of Information Act, as well as his independence to “prosecute all criminal acts including those that may implicate the President of the United States.” (Jan. 9, 2017)

  • The U.S. Supreme Court declined today to review In re Nickelodeon, a class action suit concerning privacy protections for Internet users under the Video Privacy Protection Act. Last year, a federal appeals court rejected claims that Google and Viacom had violated the statute, holding that static IP and MAC addresses are not "personally identifiable information." That opinion contradicted a previous ruling from a different federal appeals court, which held that unique IDs are personally identifiable under the video privacy law. EPIC filed an amicus brief in the Nickelodeon case, explaining that Congress defined personal information broadly "to ensure that the underlying intent of the Act-to safeguard personal information against unlawful disclosure-is preserved as technology evolves." (Jan. 9, 2017)

  • The White House Office of Management and Budget has released guidance establishing common standards and practices for how federal agencies manage data breaches. The Data Breach Memorandum sets out a risk-based framework for evaluating data breaches and requires each agency to develop a data breach response plan. Not all breaches will trigger individual notification under the guidance. The new guidance comes four months after a House Government and Oversight Committee report criticized the Office of Personnel Management about the 2015 data breaches that compromised the records of 22 million federal employees and family members. EPIC testified in 2009 and 2011 in support of strong data breach notification laws, filed comments with the Office of Personal Management recommending limits on data collection, and has urged the Supreme Court to recognize a right of "information privacy" that would limit the ability of the federal government to collect personal information. (Jan. 4, 2017)

  • The Senate Armed Services Committee will hold a hearing on "Foreign Cyber Threats to the United States" on January 5, 2016. EPIC submitted a statement to the Committee to alert Senators about a pending Freedom of Information Act request. The EPIC FOIA request concerns the lax response of the FBI to the Russian interference with the 2016 Presidential election. EPIC wrote “we believe that the information that we are seeking from the FBI will also be helpful to the Senate Armed Services Committee as you investigate foreign cyber threats to the United States.”“Director of National Intelligence James Clapper, National Security Agency and Cyber Command Chief Adm. Mike Rogers and Undersecretary of Defense for Intelligence Marcel Lettre are scheduled to testify. (Jan. 4, 2017)

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy

EPIC Bookstore

Robot Law

Robot Law
by Ryan Calo, A. Michael Froomkin,
Ian Kerr