Previous Top News: 2019


  • EPIC joined 16 organizations in support of a “A Framework for Privacy Protection in the United States." The consumer groups outlined a new approach to privacy protection: (1) enact baseline federal legislation; (2) enforce fair information practices; (3) establish a data protection agency; (4) ensure robust enforcement; (5) establish algorithmic governance; (6) prohibit “take it or leave it” terms; (7) promote privacy innovation; and (8) limit government access to personal data. The consumer framework states that the Federal Trade Commission has failed to enforce the orders it has established. "The US needs a federal agency focused on privacy protection, compliance with data protection obligations, and emerging privacy challenges.” [Press Release] (Jan. 17, 2019)

  • During the nomination hearing for the next Attorney General, Senator Leahy asked Mr. Barr whether the Supreme Court's recent decision in the Carpenter case affected his views on privacy. "You had said that a person has no Fourth Amendment right to these records left in the hands of third parties—the third-party doctrine—which seems to be undercut by Carpenter," observed Senator Leahy. Barr responded, somewhat surprisingly, that he had "not read that decision" but "it may modify [his] views." Senator Leahy said he would expect an answer from the nominee to a written question. EPIC filed an amicus brief in Carpenter. The Supreme Court ruled that the Fourth Amendment protects location records stored by telephone companies. (Jan. 15, 2019)

  • A federal judge has ruled that the Secretary of Commerce's decision to add the citizenship question to 2020 Census was unlawful. EPIC filed an amicus brief in the case, arguing that "history has shown that personal data, collected by the government through the census, can threaten individual rights." EPIC has also sued the Department of Commerce (EPIC v. Commerce) because the agency failed to complete a Privacy Impact Assessment prior to collecting citizenship data. A 2004 EPIC FOIA lawsuit revealed that the Census Bureau provided DHS with data on Arab Americans after 9-11, leading the Census Bureau to revise its "sensitive data" policy for transfers to law enforcement and intelligence agencies. (Jan. 15, 2019)

  • This week the Senate Judiciary Committee will begin hearings on the nomination of William Barr for Attorney General. In a statement to the Committee, EPIC warned that "Mr. Barr has consistently supported warrantless surveillance of the American people." EPIC pointed to Barr's previous Congressional testimony where he stated that FISA is "too restrictive" and that Americans have no Fourth Amendment right in records held by third parties. EPIC recommended that the Department of Justice work with Congress to update federal wiretap laws after the Supreme Court's decision in Carpenter, improve reporting on surveillance orders, and protect consumers in cases before the Supreme Court. (Jan. 14, 2019)

  • A key House panel requested an emergency briefing from the Federal Communications Commission to determine why the agency has not prevented wireless carriers from selling consumers' location data. The request followed reports that wireless providers sell location data to third parties, despite pledging to not do so after investigations last year. In 2007, EPIC urged the FCC to establish privacy safeguards for location data. And in 2010 EPIC wrote to the House Commerce Committee that "Locational privacy concerns are substantial and growing more severe." EPIC also filed a friend of the court brief in 2017 in the landmark location privacy case, Carpenter v. United States. A recent article by EPIC President Marc Rotenberg, for the American Constitution Society, sets out recommendations for Congress after the Carpenter decision. (Jan. 14, 2019)

  • EPIC is requesting to intervene in a case before the European Court of Human Rights testing the human rights standards for government hacking of computers and other devices. Brought by international NGO Privacy International, Privacy International v. United Kingdom asks whether remote hacking of devices and the use of malware by UK intelligence services violate the European Convention on Human Rights. EPIC seeks to present information to the Court on the unique privacy risks of government hacking. EPIC previously filed a brief with the Court of Human Rights in Big Brother Watch v. UK, which found UK mass surveillance violated fundamental rights to privacy and freedom of expression. EPIC also participated as amici in Apple v. FBI, concerning a court order that would have required Apple to assist the FBI hack a seized iPhone. (Jan. 11, 2019)

  • The Supreme Court agreed today to hear two cases of interest to privacy and open government advocates. One case concerns the withholding of "confidential" information requested under the Freedom of Information Act. EPIC recently sued the Federal Trade Commission for information about Facebook's privacy practices, but the FTC has claimed the records are confidential and therefore should not be released. The second case, Mitchell v. Wisconsin, concerns a state law that permits law enforcement officers to draw blood from unconscious motorists without a warrant. EPIC routinely participates as amicus in Supreme Court cases concerning open government and privacy issues. Both cases are expected to be decided by the end of the Court's term in June. (Jan. 11, 2019)

  • The opinion of a key adviser to the Europe's top court finds that that the "right to be forgotten" need not be applied worldwide. Google v. Commission nationale de l'informatique et des liberté follows a ruling in Google v. Spain that Europeans have a right, in some circumstances, to remove links to their personal data posted online by Google. The advocate general said that while Europeans are entitled to have private information delisted in the EU, search engines do not have to remove links from view in foreign domains even though they make the personal data available in those domains for commercial benefit. EPIC has supported the CNIL's approach instead, contending "the right to privacy is global." The European Court of Justice will now decide whether to adopt the opinion from the Advocate General. EPIC published "The Right to be Forgotten on the Internet: Google v. Spain" an account of the case by former Spanish Privacy Commissioner and EPIC Champion of Freedom Professor Artemi Rallo. (Jan. 11, 2019)

  • As part of a routine review, EPIC asked the United Nations Human Rights Committee to question the US about the failure to protect individuals against privacy violations by private industry. This year the Committee will review US compliance with human rights obligations under the International Covenant on Civil and Political Rights. EPIC explained that countries "have a duty to protect individuals against human rights violations by non-state actors," and pointed to Article 17 in the international agreement. "Despite record-breaking data breaches, identity theft, and extensive corporate surveillance, the U.S still lacks both comprehensive privacy legislation and a data protection authority," EPIC concluded. The EPIC 2018 Privacy Law Sourcebook provides a comprehensive overview of privacy laws in the US and around the world. (Jan. 10, 2019)

  • Newly released emails from the Bush Whitehouse reveal that Brett Kavanaugh and John Yoo, architect of the warrantless surveillance program, exchanges several messages about warrantless surveillance programs in the fall of 2001. The release follows EPIC's FOIA lawsuit for Justice Kavanaugh's records from when his nomination was before the United States Senate. The new records show that there were multiple emails about the warrantless surveillance program that was eventually overturned by the US Congress. The emails also reference a signing statement—likely for the 2001 authorization of military force — and a discussion thread "FISA [Foreign Intelligence Surveillance Act] letter." The agency previously identified several hundred e-mails about surveillance programs that Kavanaugh authored. But the text of many emails was withheld in full, leaving open questions about Kavanaugh's role in the post-9/11 surveillance programs. (Jan. 10, 2019)

  • A federal appeals court heard oral arguments in a case about whether a dating app is liable for failing to remove a false profile that enabled abusive conduct. EPIC filed an amicus brief in Herrick v. Grindr, arguing that the relevant law was intended to "encourage internet service providers to police their platforms," not to "give platforms carte blanche to ignore harassment and abuse." EPIC explained that victims may be subjected to ongoing "psychological, social, and financial harm" if internet services are not accountable for harassment and abuse. EPIC routinely files friend of the court briefs in cases concerning emerging privacy and civil liberties issues. (Jan. 9, 2019)

  • The European Commission's Expert Group on Artificial Intelligence has requested comments on draft Guidelines for Trustworthy AI. The EU Guidelines state, "Trustworthy AI has two components: (1) it should respect fundamental rights, applicable regulation and core principles and values, ensuring an 'ethical purpose' and (2) it should be technically robust and reliable since, even with good intentions, a lack of technological mastery can cause unintentional harm." The EU Guidelines reflect several principles from the Universal Guidelines for Artificial Intelligence, which have been endorsed by more than 250 experts and 60 organizations in 40 countries. The Universal Guidelines promote transparency, accuracy, and fairness for AI systems. Comments to the European Commission are due January 18, 2019. The final report will be released in March 2019. (Jan. 9, 2019)

  • In comments to the FTC, EPIC recommended free credit monitoring for all consumers. The agency will require free credit monitoring for all active service members, following legislation enacted last year. EPIC said the FTC should urge Congress to extend free credit monitoring services. The statute includes several pro-consumer measures that EPIC favored: it (1) requires consumer reporting agencies to provide a consumer with free "credit freezes" that limit third party access to personal data, (2) establishes clear provisions for these freezes, and (3) creates new protections for the credit records of minors. In testimony before the Senate and House following the Equifax data breach, EPIC recommended credit freezes and free credit monitoring services. (Jan. 9, 2019)

  • In comments to the Federal Aviation Administration, EPIC praised the agency for inviting public input on technology that exposes aircraft control networks to remote hacking. EPIC previously warned the FAA that, "hackers can exploit weaknesses in drone software to gain control of a drone's movement and other features." EPIC has also called attention to the potential for connected cars and Internet of Things devices to be hacked. EPIC recommended that the FAA routinely report on the growing risks of cyber attack. (Jan. 8, 2019)

  • The National Archives has released thousands of emails Justice Kavanaugh sent between January 2001 and July 2003 while working in the White House Counsel's office. The release includes hundreds of emails concerning controversial White House surveillance programs the Archives previously identified in response to EPIC's lawsuit. In October, the National Archives revealed that Kavanaugh sent 11 e-mails to John Yoo, the architect of warrantless wiretapping; 227 e-mails about "surveillance" programs and the "Patriot Act;" and 119 e-mails concerning "CAPPS II" (passenger profiling), "Fusion Centers" (government surveillance centers), and the Privacy Act. Subsequent searches revealed thousands more emails sent to Kavanaugh about mass surveillance programs. (Jan. 7, 2019)

  • The Supreme Court has let stand an adverse lower court ruling in EPIC's case about state voter data. EPIC filed suit against the Presidential Election Commission in 2017 to halt the collection of state voter data. As a result of EPIC's case, the Commission suspended data collection, discontinued the use of an unsafe computer server, and deleted the state voter data it wrongly acquired. And the Commission was terminated last year. However, a lower court ruled that EPIC, at the time it brought the case, was limited in its ability to pursue certain claims. EPIC asked the Supreme Court to review that decision and the fact the demise of the Commission made it impossible for EPIC to challenge the ruling. But the Court left the ruling unchanged. EPIC's case in the Supreme Court is EPIC v. Commission, No. 18-267. (Jan. 7, 2019)

  • Despite comments from EPIC and others, Customs and Border Protection will collect social media information from Americans and place that data outside legal protections provided by the Privacy Act. EPIC proposed opposed the collection of personal data and said that CBP should narrow the Privacy Act exemptions. The agency responded briefly to public comments, failing to defend the agency's decision. In a related FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. (Jan. 3, 2019)

  • A federal court has blocked a New York City law requiring home-sharing platforms to disclose detailed personal information about users, ruling that the ordinance violates the Fourth Amendment. The law would have required companies such as Airbnb to disclose the names, contact information, financial data, and rental histories of hosts, even when no unlawful conduct was suspected. "An attempt by a municipality in an era before electronic data storage to compel an entire industry monthly to copy and produce its records as to all local customers would have been unthinkable under the Fourth Amendment," the court wrote. The court followed a Supreme Court case Los Angeles v. Patel, which prohibited the warrantless searches of hotel records. EPIC filed an amicus brief in Patel. The federal court also cited Carpenter v. United States, Byrd v. United States, Riley v. California, and United States v. Jones, Supreme Court cases in which EPIC also filed amicus briefs. The decision in Airbnb v. New York also has implications for the data collection practices of so-called Smart Cities. (Jan. 3, 2019)

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.