Previous Top News: 2018


  • In a decision that could jeopardize relations with Europe, Congress has renewed "Section 702" of the Foreign Intelligence Surveillance Act, which permits broad surveillance of individuals outside of the United States. The FISA Amendment Reauthorization Act also permits government surveillance of Americans and restarts the controversial "about" collection program. Congress rejected updates, including limits on data collection, that would preserve a privacy agreement between Europe and the United States. The European Court of Justice will also soon decide whether to allow data transfers from Ireland to the United States. EPIC served as the US NGO amicus curiae in that case. (Jan. 18, 2018)

  • In advance of a hearing on Internet of Things, EPIC urged Congress to consider the privacy and safety risks of internet-connected devices. EPIC told Congress that the Internet of Things "poses risks to physical security and personal property" because data "flows over networks that are not always secure, leaving consumers vulnerable to malicious hackers." EPIC said that Congress should protect consumers. EPIC is a leader in the field of the Internet of Things and consumer protection. EPIC has advocated for strong standards to safeguard American consumers and testified before Congress on the "Internet of Cars." (Jan. 18, 2018)

  • EPIC has filed an amicus brief in United States v. Microsoft, a case before the US Supreme Court concerning law enforcement access to personal data stored in Ireland. EPIC urged the Supreme Court to respect international privacy standards and not to extend U.S. domestic law to foreign jurisdictions. EPIC wrote, the "Supreme Court should not authorize searches in foreign jurisdictions that violate international human rights norms." EPIC cited important cases from the European Court of Human Rights and the European Court of Justice. EPIC has long supported international standards for privacy protection, and EPIC has urged U.S. ratification of the Council of Europe Privacy Convention. EPIC routinely participates as amicus curiae in privacy cases before the Supreme Court, most recently in Carpenter v. United States (privacy of cellphone data), Byrd v. United States (searches of rental cars), and Dahda v. United States (wiretapping). (Jan. 18, 2018)

  • In response to request for comments from the Maryland legislature, EPIC submitted a statement in support of a bill to prohibit law enforcement from obtaining data recorded by a smart meter without a warrant. Smart meters collect personal data about the use of utility services that can reveal when a person is at home and what they are doing. EPIC stated that "the routine collection of this data, without adequate privacy safeguards, would enable ongoing surveillance of Maryland residents without regard to any criminal suspicion." EPIC said that HR 56 is a "model privacy law that enables innovation while safeguarding personal privacy." EPIC has testified in Congress and submitted comments to NIST and the state of California on smart grid privacy. EPIC has also submitted amicus briefs on Fourth Amendment cases before the Supreme Court, including Carpenter v. United States and Byrd v. United States. (Jan. 16, 2018)

  • At a Senate hearing today, DHS Secretary Kristjen Nielsen stated that DHS would not undertake a new investigation of voter fraud. EPIC submitted a statement in advance of the hearing, asking Senators to seek assurances that DHS would not pursue the work of the recently disbanded Presidential Advisory Commission on Election Integrity, as former Vice Chair Kris Kobach had suggested. In response to a question from Senator Kamala Harris, Nielsen answered that Kobach does not have any role at DHS. Although Nielsen stated that DHS would not pursue any new work, she indicated that the agency would continue to work with states pursuing voter fraud investigations. EPIC recently filed a FOIA lawsuit against DHS seeking communications with the Commission regarding the transfer of personal voter data. The Commission, facing a lawsuit by EPIC, was terminated earlier this month. EPIC's lawsuit led the Commission last year to suspend the collection of voter data. (Jan. 16, 2018)

  • EPIC sent a statement to the Senate Judiciary Committee in advance of a DHS Oversight Hearing, to seek assurances that "the DHS will not continue the activities of the Presidential Advisory Commission on Election Integrity." After the Commission was disbanded in the wake of EPIC’s lawsuit, the former Vice Chair told reporters that he intended to continue the work of the Commission at the DHS. But EPIC told the Senate committee that the Commission has no authority to transfer the voter data and warned that the DHS would be subject to federal lawsuits if it assembled a database of voter information. EPIC also urged the Senate to confirm that the personal data provided by DACA applicants will not be misused by DHS, and that DHS biometric programs will not be expanded until transparency obligations are fulfilled and privacy safeguards are established. The EPIC letter follows a statement last week from civil rights and government oversight organizations to the DHS Secretary, seeking assurance that there will be no transfer or collection of state voter data. (Jan. 15, 2018)

  • EPIC has asked the D.C. Circuit Court of Appeals to void last month's ruling in which the Court refused to order the Presidential Election Commission to conduct a Privacy Impact Assessment. The Commission, which unlawfully sought to collect state voter data on hundreds of millions of Americans, was disbanded last week by President Trump. The Commission's sudden demise unfairly prevents EPIC from appealing the Court's legal reasoning because there is no "live" dispute left for a higher court to consider. EPIC's lawsuit led the Commission to suspend the collection of voter data last year, discontinue the use of an unsafe computer server, and delete voter information that was unlawfully obtained. EPIC's case against the Commission is EPIC v. Commission, No. 17-1320 (D.D.C.) & 17-5171 (D.C. Cir.). EPIC filed a separate lawsuit on Monday for communications between the Department of Homeland Security and the Commission regarding the transfer of personal voter data. (Jan. 11, 2018)

  • Senators Elizabeth Warren (D-MA) and Mark Warner (D-VA) have introduced legislation to hold credit reporting agencies accountable for data breaches. The Data Breach Prevention and Compensation Act establishes an office of cybersecurity within the FTC to give it direct supervisory authority over the credit reporting industry and imposes mandatory penalties for breaches involving consumer data at credit reporting agencies. The bill is a direct response to the Equifax data breach last year that exposed the sensitive personal information of over 145 million Americans. "Senator Warner and Senator Warren have proposed a concrete response to a serious problem facing American consumers," said EPIC President, Marc Rotenberg. EPIC testified before Congress last year following the Equifax breach, urging legislation to give consumers more control over their credit reports. Senators Warren and Brian Schatz (D-HI) also introduced a bill last year that would allow consumers to freeze and unfreeze their credit reports for free. (Jan. 10, 2018)

  • As the result of a Freedom of Information Act lawsuit EPIC v. NSD, EPIC has obtained a report from the Department of Justice National Security Division detailing the FBI's use of foreign intelligence data for a domestic criminal investigation. Section 702 of the Foreign Intelligence Surveillance Act authorizes the surveillance of foreigners located abroad. However, the FBI can also use this data to investigate Americans. The report obtained by EPIC also shows that the FBI analyst failed to follow internal guidance to notify superiors of the search, raising questions about whether the FBI is accurately reporting these searches. The USA Rights Act, now pending in Congress, would require a federal agency to obtain a warrant to search foreign surveillance data for information on Americans. (Jan. 9, 2018)

  • The Federal Trade Commission released a brief report summarizing a June 2017 workshop, co-hosted with the National Highway Traffic Safety Administration, on connected vehicles. While the report acknowledges consumer privacy interests, the report offers no concrete proposals for how the FTC will address the privacy and safety risks of connected cars. EPIC submitted comments to the FTC and NHTSA and gave a presentation at the FTC workshop, calling for national safety standards for connected cars. In a recent amicus brief to the Supreme Court, EPIC also underscored the privacy risks of rental cars, which collect vast troves of personal data. The Senate is currently considering a bill on connected cars and the NHTSA recently released revised guidance for connected cars, but both lack mandatory safety standards and encourage industry self-regulation. (Jan. 9, 2018)

  • In response to a request for comments, EPIC has urged the FBI to expand its use of name-based — rather than fingerprint-based — background checks for noncriminal purposes, such as employment. The FBI currently uses fingerprints, stored in the Next Generation Identification (NGI) database, to conduct non-criminal background checks. "Names checks" were only conducted for individuals whose fingerprints failed the NGI matching requirements. EPIC told the FBI that the "name-based background check accomplishes the same purpose as the fingerprint-based background check without requiring the collection of sensitive biometric information." EPIC has opposed the expansion of the NGI system for non-law enforcement purposes. EPIC has also pursued a series of Freedom of Information Act requests to assess the reliability of the NGI system. (Jan. 9, 2018)

  • EPIC has filed a lawsuit against the Department of Homeland Security for communications between the agency and the Presidential Commission on Elections regarding the transfer of personal voter data. EPIC filed a Freedom of Information Act request with the DHS after the Commission tried to collect records from federal agencies to match against state voter records, but the agency failed to respond to EPIC's request. Last year, EPIC filed a lawsuit against the Commission that led to the suspension of the collection of voter data. EPIC v. Commission is still pending in federal court. EPIC filed the recent suit after President Trump said he asked DHS "to determine the next course of action" after he dissolved the Commission. (Jan. 9, 2018)

  • The Supreme Court will hear arguments in Byrd v. United States, concerning the warrantless search of a rental vehicle. EPIC filed an amicus brief in the case urging the Supreme Court to recognize that a modern car collects vast troves of personal data. EPIC explained cars today "make little distinction between driver and occupant, those on a rental agreement and those who are not." EPIC pointed to the routine collection of cell phone contents with a Bluetooth connection, data which is stored in the car even after "deletion." EPIC also emphasized that the status of the driver has no bearing on Fourth Amendment privacy interests. EPIC's Natasha Babazadeh prepared an explainer video of the case. (Jan. 8, 2018)

  • Through a Freedom of Information Act request, EPIC has obtained former Secretary of Homeland Security John Kelly's notes for an interview with NPR about border security. The notes include talking points about southwest border security and the construction of the southwest border wall. During the interview, Mr. Kelly also described DHS's plans to increase vetting of immigrants and coordination with the White House, despite the fact these issues were not included in the talking points. EPIC previously warned the House Oversight Committee that enhanced surveillance at the border will impact the rights of U.S. citizens. As a result of an earlier FOIA lawsuit, EPIC found that the Customs and Borders Protection is already deploying drones with facial recognition technology near the border. (Jan. 8, 2018)

  • EPIC and ten civil rights and government oversight organizations have sent a letter to DHS Secretary Nielsen, urging her not to accept any personal data from the now defunct Presidential Advisory Commission on Election Integrity. The groups explained that the Commission lacks legal authority to transfer personal data to the Commission. The groups also warned that the DHS would be subject to numerous federal laws if it were to acquire state voter data. EPIC and the organizations brought several lawsuits against the Commission. EPIC's lawsuit led the Commission to suspend the collection of voter data in July 2017. President trump disbanded the Commission on January 3, 2018. However, former Vice Chair Kris Kobach told reporters that he intends to resume the work of the Commission at the Department of Homeland Security. (Jan. 8, 2018)

  • The Center for Class Action Fairness has asked the U.S. Supreme Court to decide whether a settlement that awards funds to certain organizations and fails to compensate injured class members is fair. The settlement involved Google's tracking of Internet users in violation of users' privacy settings but resulted in no change in business practices or payment to class members. Some of the organizations that received class settlement funds are separately funded by Google. EPIC recently filed an amicus brief opposing a similar settlement in a related class action against Google. EPIC has also opposed settlements against Facebook and Google that failed to compensate class members or change business practices. EPIC President Marc Rotenberg has proposed an objective basis to evaluate settlement proposals. The Supreme Court has yet to address cy pres fairness, but Chief Justice John Roberts, in Marek v. Lane concerning Facebook's Beacon program, echoed the concerns of EPIC when he wrote that the "vast majority of Beacon's victims" got nothing. (Jan. 8, 2018)

  • The Federal Trade Commission announced a settlement with VTech Electronics over charges that the company collected personal information from children without parental consent and failed to provide data security. In 2015, Senators Edward Markey (D-MA) and Joe Barton (R-TX) inquired about VTech's privacy practices after the toy company was hacked, exposing the personal information of millions of children. EPIC and a coalition of consumer organizations recently renewed their call to the FTC to take action on toys that spy, one year after the groups filed a complaint with the FTC regarding dangerous internet-connected toys. The Children's Online Privacy Act (COPPA) sets forth strict requirements for the collection of information from children. In a recent interview with NBC Nightly News, EPIC's Sam Lester highlighted the dangers these toys pose from hackers. EPIC has supported numerous efforts to oppose toys that spy, including a successful effort in 2017 to recall Mattel's Aristotle. (Jan. 8, 2018)

  • The Presidential Election Commission, which unlawfully sought to collect state voter data on hundreds of millions of Americans, was disbanded Wednesday by President Trump. The Commission had faced an ongoing lawsuit by EPIC over its failure to conduct and publish a Privacy Impact Assessment before collecting personal data, as required by law. EPIC’s lawsuit led the Commission to suspend the collection of voter data last year, discontinue the use of an unsafe computer server, and delete voter information that was unlawfully obtained. Many states and over 150 members of Congress opposed the Commission’s efforts to collect state voter data. In a statement, the President said that he had asked the Department of Homeland Security “to determine next courses of action.” EPIC has a pending Freedom of Information Act request to the DHS for records concerning the federal government’s collection of personal data on voters. EPIC’s case against the Commission, which remains open, is EPIC v. Commission, No. 17-1320 (D.D.C.) & 17-5171 (D.C. Cir.). (Jan. 3, 2018)

  • The Federal Trade Commission has given final approval to a settlement with Lenovo over its practice of pre-installing adware onto consumers' laptops. The complaint alleged that the adware transmitted consumers' personal information to third parties and made consumer' laptops vulnerable to cyberattacks. The settlement prohibits Lenovo from misrepresenting any pre-installed software, but imposes no fines and allows Lenovo to continue pre-installing adware onto consumers' laptops. EPIC has routinely urged the FTC to strengthen its privacy settlements, and recently emphasized the need for the FTC to step up its data protection in comments on the FTC's five-year strategic plan. (Jan. 3, 2018)

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy