Previous Top News: 2020


  • In detailed comments, EPIC criticized the DHS's proposed "Insider Threat" database that would give the agency vast amounts of personal data. EPIC urged DHS to limit the scope of data collection and to drop proposed Privacy Act exemptions that would diminish the agency's responsibilities for the data gathered. Citing the surge in data breaches, EPIC warned that DHS data practices pose a risk to federal employees. EPIC previously recommended privacy protections in background checks and warned against inaccurate, insecure, and overbroad government databases. (Apr. 9, 2020)

  • EPIC joined a coalition of civil liberties and privacy groups to urge the Port of Seattle Commission to reverse an earlier decision to deploy facial recognition technology at SeaTac International Airport. The organizations stated that the Port Commission should not back the Customs and Border Protection's unauthorized use of facial recognition technology. Previously, EPIC and a coalition urged the Privacy and Civil Liberties Oversight Board to suspend the use of face surveillance systems across the federal government. And last year, the Public Voice coalition called for a global moratorium on face surveillance. Over 100 organizations and several hundred experts from over 40 countries endorsed the Public Voice declaration. (Apr. 9, 2020)

  • The Ninth Circuit Court of Appeals ruled today that Facebook users whose privacy was violated by Facebook's tracking of web browsing can bring suit against the social media platform. The court held that consumers had the legal right, or "standing," to sue Facebook and that most legal claims could go forward. Chief Judge Sidney Thomas wrote "that Facebook set an expectation that logged-out user data would not be collected, but then collected it anyway." EPIC filed an amicus brief in the case explaining that "Facebook's tracking techniques are designed to escape detection, and the company routinely ignores users' privacy protections." EPIC argued that Facebook's "cookie tracking practices" cause "harm to the privacy of the large and diffuse group of Facebook users." EPIC first identified the privacy risks of cookie tracking in a 1997 report "Surfer Beware: Personal Privacy and the Internet." EPIC frequently participates as amicus curiae in consumer privacy cases, including United States v. Facebook, Attias v. Carefirst, Frank v. Gaos, and Rosenbach v. Six Flags. (Apr. 9, 2020)

  • EPIC has filed an urgent FOIA request for a memo outlining a nationwide COVID-19 surveillance system sought by White House senior adviser Jared Kushner. According to POLITICO, the memo describes "a national coronavirus surveillance system to give the government a near real-time view of where patients are seeking treatment and for what, . . . .” In a statement, Senator Ed Markey (D-MA) said that the administration is not "capable of creating or maintaining a massive health data network in a manner that doesn’t undermine our fundamental right to privacy.” EPIC is pursuing FOIA requests with the Department of Justice and other federal agencies about efforts to track and monitor Americans during the pandemic. (Apr. 8, 2020)

  • EPIC has filed an urgent FOIA request to obtain information about a system, proposed by Oracle CEO Larry Ellison, to track COVID patients who are given experimental drug therapies. Oracle's "COVID-19 Therapeutic Learning System" urges healthcare companies to provide sensitive health information to Oracle. President Trump recently stated that federal agencies will be able to access data from the system. Ellison proposed a national identity card after the attacks on the United States on 9-11. Congress rejected that plan and made clear that L[national identification systems are not authorized] in the United States. EPIC has also filed FOIA requests to the Department of Justice and other federal agencies concerning the tracking and monitoring of Americans during the pandemic. (Apr. 8, 2020)

  • The Secretary General of the Council of Europe, Marija Pejčinović Burić, has issued recommendations for governments across Europe on human rights, democracy and the rule of law during the COVID-19 crisis. The report covers (1) Derogation from the European Convention on Human Rights, (2) Respect for the rule of law and democratic principles, including limits on emergency measures, (3) Fundamental human rights standards including freedom of expression, privacy and data protection, protection of vulnerable groups from discrimination and the right to education, and (4) Protection from crime and the protection of victims of crime, in particular regarding gender-based violence. The EU Fundamental Rights Agency has also published a new report "Protect human rights and public health in fighting COVID-19." As the FRA explains, "Respecting human rights and protecting public health is in everyone's best interest - they have to go hand-in-hand." Video blog Michael O'Flaherty: COVID-19. (Apr. 8, 2020)

  • In a FOIA lawsuit, EPIC has obtained more documents from the Commission on Artificial Intelligence. The records include internal correspondence and an unattributed report about China's social scoring, facial recognition tools, and AI-based surveillance. The internal report highlights the "draconian" consequences of China's AI use but states that "Mass surveillance is a killer application" for AI and that "having streets carpeted with cameras is good infrastructure for smart cities[.]" The Commission's disclosure to EPIC follows a ruling in EPIC v. AI Commission that the Commission is subject to the FOIA. The AI Commission held over 200 secret meetings with tech firms, defense contractors, and others. EPIC is also litigating to enforce the Commission's obligation to hold open meetings. The case is EPIC v. National Security Commission on AI, No. 19-2906 (D.D.C.). (Apr. 7, 2020)

  • President Trump has removed Inspector General of the Intelligence Community Michael Atkinson from his post. The President cited Atkinson's referral to Congress of a whistleblower complaint concerning Trump's efforts to have Ukraine investigate former Vice President Joe Biden. Atkinson was required by law to transmit the report to Congress. EPIC has long fought for stronger oversight of U.S. intelligence agencies, and has pursued FOIA lawsuits against the CIA, the FBI, the ODNI, and the NSA. In EPIC v. Department of Justice, EPIC is currently seeking release of the complete Mueller Report, which details foreign interference in the 2016 presidential election. The DOJ recently submitted the full Mueller Report to a federal judge, who will determine what additional material must be released to the public. (Apr. 7, 2020)

  • EPIC has filed a detailed FOIA request with the Department of Justice for information about Predictive Policing and Risk Assessment programs, funded by the federal government. The programs are described in a 2014 Justice Department report that EPIC obtained in the lawsuit, EPIC v. DOJ. The 2014 DOJ report warned that "individual liberty is at stake" with predictive policing, but many of these systems have gone forward nonetheless. EPIC maintains a comprehensive resource on risk assessments systems in the Criminal Justice System. (Apr. 7, 2020)

  • The U.S. Supreme Court held today, 8-1, that police can stop a vehicle if a database says that the registered owner has a suspended license. Justice Sotomayor dissented. EPIC filed an amicus brief in the case, Kansas v. Glover, arguing that the Court should not allow the police to stop a vehicle simply because the registered owner's license is expired. EPIC described the growing use of Automated License Plate Readers, and warned the Court that permitting police stops based on the registered owner's status would "dramatically alter police practices" and "unfairly burden disadvantaged communities." EPIC provided empirical data for the Supreme Court which indicate that ALPRs are more widely used in disadvantaged communities and also that car sharing is more prevalent in these communities. Justice Kagan's concurrence noted that car sharing and database inaccuracies, issues that EPIC raised in its brief, could lead to unreasonable searches. EPIC routinely files amicus briefs in cases before federal and state courts concerning emerging privacy issues. In Herring v. United States (2012), EPIC explained to the Supreme Court that government databases are "filled with errors, according to the federal government's own reports." (Apr. 6, 2020)

  • Former world chess champion Garry Kasparov has joined a statement to OECD Secretary General Ángel Gurría that urges the international organization to "continue to uphold the democratic values on which the OECD is based." Kasparov helped launch the OECD work on Artificial Intelligence policy that led to the OECD AI Principles, adopted by the OECD member countries, the G-20, and others. The statement to the Secretary General Gurria, signed by more than 70 experts and NGOs, applauds the important work of the OECD in response to the pandemic. The expert statement also asks the OECD SG to "make clear the ongoing importance of the OECD policy frameworks that safeguard fundamental rights, from the OECD Privacy Guidelines of 1980 to the OECD AI Principles of 2019." The statement further asked the SG to "continue to use the powerful analytical tools of the OECD to demonstrate that there are many uses of data that do not require 'trade-offs' or 'balancing' and to "urge colleagues at the G-7, the G-20, UNESCO, the ITU to uphold fundamental rights." The OECD statement was coordinated by both the Civil Society Information Society Advisory Council to the OECD and the Public Voice coalition. @CSISAC @thepublicvoice @EPICprivacy (Apr. 6, 2020)

  • In a letter to FTC Chairman Joe Simons, EPIC urged the FTC to "open an investigation of Zoom's business practices and to issue, as soon as practicable, Best Practices for Online Conferencing Services." The EPIC letter followed a 2019 complaint from EPIC warning that Zoom had "placed at risk the privacy and security of the users of its services." EPIC also explained to the FTC that Zoom had "exposed users to the risk of remote surveillance, unwanted videocalls, and denial-of-service attack." In the April 2020 letter to the Commission, EPIC reminded the Commission that it acted on similar complaints from EPIC concerning Facebook and Google but failed to act on the Zoom complaint. EPIC cited widespread reports of privacy and security flaws with the online conferencing service. EPIC wrote, "Now more than ever, the Federal Trade Commission has a responsibility to safeguard American consumers. We urge you to act." (Apr. 5, 2020)

  • In response to EPIC's Freedom of Information Act request to the Justice Department for information about the use of location data, including cell phone records, to counter the pandemic the DOJ wrote there are no "responsive records." EPIC had asked for "all legal memos, analysis, communications, and guidance documents, in the possession of the Department of Justice, concerning the collection or use of GPS data and cell phone location data for public health surveillance." The DOJ forwarded EPIC's request to its Office of Legal Counsel to see if responsive records exist in that office. EPIC will continue to seek information about the DOJ's views on the use of location data, and particularly phone records. After 9-11, the Justice Department supported the warrantless surveillance of Americans, a program that was later terminated after the New York Times broke the story, and EPIC pursued a FOIA lawsuit and then a Supreme Court petition. (Apr. 3, 2020)

  • The Attorneys General from several states including New York, Connecticut, and Florida are investigating Zoom's privacy and security practices. The New York AG stated that she was "concerned that Zoom's existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network." Last year, EPIC filed a complaint about Zoom security practices with the Federal Trade Commission. EPIC explained that Zoom had "placed at risk the privacy and security of the users of its services." EPIC's 22-page analysis detailed how Zoom had "exposed users to the risk of remote surveillance, unwanted videocalls, and denial-of-service attack." The Federal Trade Commission failed to act on EPIC's 2019 Zoom complaint. (Apr. 3, 2020)

  • Health and Human Services announced today it will reduce privacy safeguards for personal health data. Under the federal patient privacy law (HIPAA), a third party "business associate" that receives personal data from a health care provider or insurer must have express permission to redisclose the data. HHS has now suspended that protection, as long as "business associates" disclose personal health data in "good faith" for "public health activities" and provide notice within 10 days.There was no opportunity for public comment on the rule change. Previously, HHS announced that it would not take enforcement action against health care providers that violate the HIPAA when consulting with patients remotely. (Apr. 3, 2020)

  • The Senate Commerce Committee has announced an hearing on Thursday, April 9, to explore "Enlisting Big Data in the Fight Against Coronavirus." The Committee said it would "examine recent uses of aggregate and anonymized consumer data to identify potential hotspots of coronavirus transmission and to help accelerate the development of treatments." The Senate Committee "will also examine how consumers' privacy rights are being protected and what the U.S. government plans to do with COVID-related data collected at the end of this national emergency." Since the start of the Coronavirus outbreak, EPIC has worked closely with technology experts, legal scholars, NGOs, public health officials, data protection authorities, human rights experts, and international organizations to promote an effective response to the pandemic and to safeguard privacy and fundamental rights. EPIC's key recommendations include (1) a fundamental emphasis on effective public health measures and evidence-based policy, (2) strong enforcement of privacy obligation and robust techniques for deidentifcation, (3) new accountability measures for data uses and due process safeguard, and (4) avoidance of a centralized system of mass surveillance that will be difficult to dismantle after the pandemic. EPIC President Marc Rotenberg recently told Buzzfeed, "People say, 'well, we need to strike a balance between protecting public health and safeguarding privacy' — but that is genuinely the wrong way to think about it. You really want both. And if you're not getting both, there's a problem with the policy proposal." (Apr. 3, 2020)

  • The Global Privacy Assembly, the international network of data protection officials, has published Data protection and Coronavirus (COVID-19) resources. The GPA stated that it "recognises the unprecedented challenges being faced to address the spread of Coronavirus (COVID-19). Data protection authorities across the world stand ready to help facilitate swift and safe data sharing to fight COVID-19, while still providing the protections the public expects." EPIC is also tracking privacy statements from UN Human Rights experts, the Council of Europe, German data protection experts, NGOs, the European Data Protection Board, and the World Health Organization. (Apr. 3, 2020)

  • According to the Statement of Work, Immigration and Customs Enforcement is seeking to connect the agency's facial recognition system to the DHS Gang Intelligence Application database. ICE recently solicited contracts to overhaul the agency's interface with the Gang Intelligence Application database to establish a face template for all photos added to the database. EPIC has filed a Freedom of Information Act request seeking details of ICE's use of Clearview AI's facial recognition technology. The secretive tech company scraped billions of facial images from Internet websites. EPIC and more than a hundred organizations have called for a moratorium on facial recognition technology. (Apr. 2, 2020)

  • EPIC joined civil society groups from around the world to urge governments to respect human rights as they consider digital technologies to combat the coronavirus pandemic. The coalition warned that "efforts to contain the virus must not be used as a cover to usher in a new era of greatly expanded systems of invasive digital surveillance." The civil society groups insisted that governments not implement surveillance measures unless lawful, time-limited, only for the specific purpose of combating the pandemic, and the data collected is absolutely necessary. EPIC recently joined 131 other organizations in a public statement supporting public access to information as the U.S. responds to the coronavirus pandemic. EPIC is pursuing a Freedom of Information Act request with the Department of Justice seeking DOJ legal analysis about the collection of GPS and cell phone location data. (Apr. 2, 2020)

  • EPIC has released an updated report on the privacy bills in Congress. EPIC's report - Grading on a Curve: Privacy Legislation in the 116th Congress - reviews recent developments, sets out a model bill, and assesses pending legislation. According to EPIC, Representative Eshoo and Lofgren's Online Privacy Act ranks #1. The bill would establish a data protection agency, create meaningful privacy safeguards, and hold companies accountable for the collection and use of personal data. Senator Gillibrand's Data Protection Act, S. 3300, solves one critical privacy problem very well by creating an independent Data Protection Agency in the United States. The US is one of the few democratic countries in the world without a federal data protection agency. The updated EPIC report also scores Senator Moran and Senator Wicker's privacy proposals. (Apr. 1, 2020)

  • The Department of Homeland Security has published a Systems of Record Notice for the "Enterprise Biometric Administrative Records." The DHS seeks to link personal data in the IDENT biometric database to unique machine-generated identifiers. IDENT contains personal data on both U.S. citizens and non-U.S. persons.The IDENT database is tied to biometric databases maintained by the FBI, the Department of Defense, and the State Department. DHS also announced a Notice of Proposed Rulemaking that proposes to exempt the Enterprise Biometric Administrative Records database from many of the protections of the Privacy Act. EPIC is currently pursuing a Freedom of Information lawsuit against the State Department for information about the disclosure of personal biometric data to other federal agencies. Public comments on the Enterprise Biometric Administrative Records System of Record Notice or Notice of Proposed Rulemaking are due April 10 and April 15 respectively. EPIC will urge the DHS to suspend the project. And if the agency goes forward, EPIC will urge the agency to comply with all of the requirements of the federal Privacy Act. (Apr. 1, 2020)

  • Five U.S. Senators have sent a follow-up letter to Google requesting more information about the company's plans to protect user data on the coronavirus screening website. Senators Bob Menendez, Sherrod Brown, Richard Blumenthal, Kamala Harris, and Cory Booker had sent a letter to the White House expressing concern about the website two weeks ago. The Senators wrote now to say that personal data should "not be used for any commercial purposes in the future, and Verily should clearly state if the collected information is in compliance with the Health Insurance Portability and Accountability Act (HIPAA)." The Senators asked for responses to several questions by April 6, 2020. Google is under a consent order that gives the FTC authority to oversee the company's privacy practices as a consequence of EPIC's complaints about Google Buzz. EPIC later sued the FTC, EPIC v. FTC, for the agency's failure to enforce the consent against Google. (Apr. 1, 2020)

  • Senator Richard Blumenthal has called on video conference platform Zoom to provide clear answers about its consumer data privacy rules and safety practices. "Zoom has a troubling history of software design practices and security lapses that have posed significant risks to the privacy and safety of its users," Senator Blumenthal said. Senator Blumenthal asked for responses to six questions by April 14, 2020. Last year, EPIC filed a complaint about Zoom security practices with the Federal Trade Commission. EPIC explained that Zoom had "placed at risk the privacy and security of the users of its services." EPIC's 22-page analysis detailed how Zoom had "exposed users to the risk of remote surveillance, unwanted videocalls, and denial-of-service attack." The Federal Trade Commission failed to act on EPIC's 2019 Zoom complaint. (Apr. 1, 2020)

  • A report from the Department of Justice's Inspector General has uncovered widespread abuse of FISA surveillance authority by the DOJ. The Inspector General "identified apparent errors or inadequately supported facts" in each of the 25 surveillance applications it reviewed. The report follows an earlier investigation by the Inspector General which found the FBI personnel investigating Russian interference in the 2016 presidential election "fell far short of the requirement in FBI policy that they ensure that all factual statements in a FISA application are 'scrupulously accurate.'" EPIC closely tracks the use of FISA authority. EPIC has advocated for significant FISA reforms for more than a decade, and recently advised Congress to reform Section 702 of FISA and to sunset Section 215 of the Patriot Act. Members of both parties have recently expressed support for reforming U.S. surveillance authorities. (Apr. 1, 2020)

  • POLITICO reports that eight European countries are taking part in a "privacy-preserving proximity tracing" app that uses Bluetooth signals between mobile phones to track users who are close enough to infect each other. The software uses privacy-enhancing techniques such as encryption, data anonymization, and data minimization in order to provide effective tracing while maintaining Europe's high data protection standards under the General Data Protection Regulation (GDPR). EPIC Advisory Board member Ron Rivest and colleagues at MIT have published a paper that explores "A simple proximity-based approach to contact tracing." (Apr. 1, 2020)

  • A Georgia federal court has granted EPIC's request to file an amicus brief urging the court to protect the secret ballot. Plaintiffs presented the court with evidence that Georgia’s ballot-marking devices, which rely on large display screens, make voter choices easily viewable by others in the polling place. EPIC wrote in the amicus that "the right to cast a secret ballot in a public election is a core value in the United States." This is the second amicus brief EPIC has submitted in the case, Curling v. Raffensperger. In the earlier amicus brief, EPIC urged the court to stop Georgia's use of Direct Recording Electronic voting machines, which EPIC explained were unreliable and easily hacked. The court ruled that Georgia must replace the machines before the 2020 election. (Mar. 31, 2020)

  • The Department of Justice today submitted the complete Mueller Report to federal Judge Reggie B. Walton for review. The judge will now determine whether the federal agency properly withheld information EPIC sought in the open government case EPIC v. Department of Justice. The judge's review of the Mueller Report marks one of the most significant "in camera" reviews in the history of the Freedom of Information Act. Judge Walton will also examine a related memo obtained by EPIC to determine what additional material must be released to EPIC and the public. Judge Walton previously ordered the DOJ to turn over the full Mueller Report in EPIC's case, citing "the need for the American public to have faith in the judicial process." The court also rebuked Attorney General Barr and raised "grave concerns about the objectivity of the process that preceded the public release of the redacted version of the Mueller Report[.]" The book EPIC v. DOJ: The Mueller Report, which includes EPIC's original FOIA request and related materials, is available for purchase at the EPIC Bookstore. EPIC's case—the first in the nation for the disclosure of the Mueller Report—is EPIC v. DOJ, No. 19-810. (Mar. 30, 2020)

  • Apple has launched a COVID-19 Screening Tool that provides information about the coronavirus, information about social distancing and current guidance on COVID-19 testing. Apple states "Apple is not collecting your answers from the screening tool. To help improve the site, Apple collects some information about how you use it. The information collected will not personally identify you." In a press statement, the CDC said the "tool provides CDC recommendations on next steps including guidance on social distancing and self-isolating, how to closely monitor symptoms, recommendations on testing, and when to contact a medical provider." In a comment on Twitter, Apple CEO Tim Cook said "the data is yours and your privacy is protected. Stay safe and healthy." In 2015, Tim Cook received the EPIC Champion of Freedom Award. (Mar. 30, 2020)

  • Today the Council of Europe published a Joint Statement on The Right to Data Protection in the Context of the COVID-19 Pandemic. The statement was published by Alessandra Pierucci, Chair of the Committee of Convention 108 and Jean-Philippe Walter, Data Protection Commissioner of the Council of Europe. The COE Statement advises that "States have to address the threat resulting from the COVID-19 pandemic in respect of democracy, rule of law and human rights, including the rights to privacy and data protection." The Council further states that even during a public health crisis, "human rights(such as the International Covenant on Civil and Political Rights and the European Convention on Human Rights) cannot be suspended but only derogated or restricted by law, to the extent strictly required by the exigencies of the situation, while respecting the essence of the fundamental rights and freedoms." The COE notes that "anonymised data is not covered by data protection requirements. The use of aggregate location information . . . would thus not be prevented by data protection requirements." EPIC has worked closely with the Council of Europe on updates to the Council of Europe Privacy Convention, recommended US ratification of the Convention, and recently advised the COE on AI policy. The text of the COE Privacy Convention is contained in the EPIC Policy Law Sourcebook. (Mar. 30, 2020)

  • Dr. Michael Ryan, a key advisor for the World Health Organization, again this week emphasized the need to safeguard privacy and data protection in the responses to the coronavirus. “We take the issues of personal data protection and intrusion very, very seriously,’ said Dr. Ryan (video). He said that the WHO is working to ensure that "all of the initiatives we’re involved with, while aiming to develop good public health information, in no way interfere with the individual rights to privacy and protections under the law. It is important when we talk about surveillance and the surveillance society that in the case of public health the gathering of information about individuals, their movements must be done with the consent of the community and in many cases of the individual themselves." (Mar. 27, 2020)

  • EPIC President Marc Rotenberg has endorsed a statement of German privacy experts that emphasizes, "even in the corona crisis, personal rights remain - in the words of the German Federal Constitutional Court - 'an elementary functional condition of a free and democratic society based on the ability of its citizens to act and participate.'" The experts state, "data protection demands data minimisation, ensuring that data is used for specific purposes only and that measures and any new legal powers are clearly limited in time." The statement also calls attention to "principles and guidelines on data protection in the Corona crisis." The statement was organized by Peter Schaar, Chairman of the European Academy for Freedom of Information and Data Protection (EAID) and the former Federal Data Protection Commissioner for Germany. (Mar. 27, 2020)

  • The European Commission has reportedly asked telecom companies to turn over anonymized cell phone location data, citing a need to track the spread of the novel coronavirus. The planned transfer would give the Commission access to location information and other data from hundreds of millions of cell phone users. European Data Protection Supervisor Wojciech Wiewiórowski, responding to the proposal, warned that “effective anonymisation requires more than simply removing obvious identifiers” and called on the Commission to “clearly define the dataset it wants to obtain and ensure transparency towards the public.” The European Data Protection Board explained that any use of location data in connection with the coronavirus must be “strictly limited to the duration of the emergency at hand” and “in accordance with the Charter of Fundamental Rights and the European Convention for the Protection of Human Rights and Fundamental Freedoms.” EPIC recently submitted a Freedom of Information Act request to the U.S. Department of Justice seeking legal analysis concerning the collection and use of GPS and cell phone location data for public health surveillance. (Mar. 27, 2020)

  • EPIC Policy Director Caitriona Fitzgerald will testify this week before the Election Assistance Commission in support of the Voluntary Voting System Guidelines 2.0. Fitzgerald’s prepared statement said that the Voting Guidelines are "vital to protecting our democratic institutions.” The Voting Guidelines are open for public comment through June 22. EPIC, along with the Association for Computing Machinery, previously recommended principles for voter privacy, ballot secrecy, and data protection. EPIC and the ACM also urged the Commission to ban internet-connected voting machinery, citing the risks to voting integrity and democratic institutions. The EAC adopted these suggestions, banning internet-connected voting systems and retaining strong provisions on voter privacy, ballot secrecy, and data protection. Though states are not mandated to comply with the Voting System Guidelines, the Guidelines shape the election security market. EPIC has a long history of working to protect voter privacy and election integrity.
    (Mar. 26, 2020)

  • The Department of Homeland Security announced that the agency is extending the REAL ID enforcement deadline to October 1, 2021. DHS plans to publish a notice of the new deadline in the Federal Register in the coming days. The REAL ID Act requires states to gather certain personal data and issue documents that comply with federal standards. The failure to have a REAL ID-compliant document can restrict the freedom to travel. EPIC, along with a broad coalition, opposed REAL ID because it created a de facto national identity system and has exposed Americans to data breaches. Criminal hackers compromised the authenticating documents in state DMVs including Oregon, North Carolina, and California. EPIC has urged the DHS to limit the data collection and ensure transparency and accountability in implementing REAL ID. (Mar. 26, 2020)

  • Dr. Michael Ryan, a key advisor for the World Health Organization, said this week at a briefing on the novel coronavirus that there is a "tremendous amount" of innovation and enthusiasm for new products. But he also cautioned (video) that "when collecting information on citizens or tracking their movements there are always serious data protection and human rights principles involved." Dr. Ryan said, "we want to ensure that all products are done in the most sensitive way possible and that we never step beyond the principles of individual freedoms and rights." UN human rights experts and European privacy officials are urging governments to safeguard privacy in the effort to contain the novel coronavirus. Yuval Noah Harari wrote recently "We can and should enjoy both privacy and health. We can choose to protect our health and stop the coronavirus epidemic not by instituting totalitarian surveillance regimes, but rather by empowering citizens." (Mar. 26, 2020)

  • EPIC has submitted a Freedom of Information Act request to the Department of Justice seeking legal analysis concerning the collection and use of GPS and cell phone location data for public health surveillance. EPIC explained "The Department of Justice plays a key role advising the President regarding the lawfulness of proposed activities, and particularly the proposed expansion of government authorities during a time of national crisis." EPIC wrote, "If the Department of Justice is considering the use of cell phone data to address the public health crisis, it should first consider whether the use is lawful and that analysis should be made available to the public." EPIC pursued a FOIA lawsuit during the Bush Administration, EPIC v. DOJ, for the legal memos concerning the warrantless wiretapping program that was later repealed by Congress. (Mar. 24, 2020)

  • EPIC has submitted a Freedom of Information Act request to the Office of Science and Technology Policy seeking information about the White House plan to use cell phone location data for public health surveillance. According to news reports, the White House has sought the assistance of large tech companies including Facebook, Apple, and Google, to use cell phone location data. It is not clear at this time whether the U.S. program is lawful or how the data will be used. EPIC has asked the OSTP to provide "all policies, proposals, and guidance documents for the collection of cell phone location data in connection with the coronavirus" and also "any privacy assessments, including but not limited to privacy threshold assessments and privacy impact assessments, related to the collection of cell phone location data in connection with the coronavirus." (Mar. 24, 2020)

  • European NGOs called on EU countries to ensure that fundamental rights are upheld while taking public health measures to tackle COVID-19.The members of the European Digital Rights Initiative (EDRi) urged Member States to limit the collection and use of personal data and to implement exceptional measures only for the duration of the crisis. The NGOs also highlighted the danger of internet shutdowns during a pandemic, stating that: "During this crisis and beyond, an accessible and open internet will play a significant role in keeping us safe." The groups warned that "companies should not abuse the extraordinary circumstances to monetise information at their disposal." Privacy International has created a resource to track the privacy implications of the various responses to the Coronavirus by tech companies, governments, and international agencies. The EPIC Public Voice Fund supports the work of EDRi. (Mar. 23, 2020)

  • The European Data Protection Board, the committee of national European privacy officials, has published a statement advising data processors on their legal obligations in light of the pandemic. The EDPB statement addresses the lawfulness of processing during a public health emergency, the use of mobile location data, and the protections of health data of employees. The Board cautioned that: "Personal data that is necessary to attain the objectives pursued should be processed for specified and explicit purposes." The EDPB advises processors that: "The least intrusive solutions should always be preferred, taking into account the specific purpose to be achieved." EPIC and 131 other organizations issued a public statement supporting government transparency and public access to information when the U.S. is taking measures to respond to the coronavirus pandemic. (Mar. 23, 2020)

  • Senators Amy Klobuchar and Senator Ron Wyden have introduced the "Natural Disaster and Emergency Ballot Act of 2020," which would expand early in-person voting and no-excuse absentee vote-by-mail to all states. Twenty-six Senators have co-sponsored S. 3529. Senator Klobuchar said, "we should act swiftly to pass my legislation to ensure that every American has a safe way to participate in our democracy during a national emergency." According to the National Conference on State Legislatures, five states currently conduct all elections entirely by mail, and at least 21 other states have laws that permit some elections to be conducted by mail. EPIC has a long history of working to protect voter privacy and election integrity. In 2016 EPIC published The Secret Ballot at Risk: Recommendations for Protecting Democracy, a report highlighting the right to a secret ballot and how Internet voting threatens voter privacy. (Mar. 23, 2020)

  • EPIC and 131 other organizations issued a public statement supporting government transparency and public access to information when the U.S. is taking measures to respond to the coronavirus pandemic. The groups caution that agencies should not take advantage of the public's inability to attend large gatherings to conceal critical policy decisions. The group "encourage[s] the custodians of information at all levels of government to take this opportunity to leverage technology to make governance more inclusive and more credible, not to suspend compliance with core accountability imperatives." The statement emphasized that "the legitimacy of government decision-making requires a renewed commitment to transparency." Last week, the White House ordered federal health officials to treat top-level coronavirus meetings as classified, "an unusual step that has restricted information and hampered the U.S. government's response to the contagion," according to a report by Reuters. (Mar. 20, 2020)

  • EPIC, through a FOIA request, lawsuit, and negotiated settlement, has obtained a 2014 report from the Department of Justice to former President Obama warning about the dangers of predictive analytics and algorithms in law enforcement. The Justice Department report highlights the risks of "making decisions about sentencing—where individual liberty is at stake in the most fundamental way—based on historical data about other people,” stating that “equal justice demands that sentencing determinations be based primarily on the defendant’s own conduct and criminal history." Even when algorithms "seem neutral, any model is susceptible to importing any biases reflected in the underlying data,” the report Predictive Analytics in Law Enforcement explains. Former U.S. Attorney General Eric Holder has said that "basing sentencing decisions on static factors and immutable characteristics . . . may exacerbate unwarranted and unjust disparities that are already far too common in our criminal justice system and in our society." The case, which was before the D.C. Circuit Court of Appeals, has now settled and EPIC will receive attorneys fees for its work on the matter. The case is EPIC v. DOJ, No. 18-5307 (D.C. Cir.).

    (Mar. 20, 2020)

  • In an amicus brief, EPIC has asked a Georgia federal court to protect the secret ballot. Plaintiffs presented the court with evidence that Georgia's ballot-marking devices, which rely on large display screens, make voter choices easily viewable by others in the polling place. EPIC wrote in the amicus that "the right to cast a secret ballot in a public election is a core value in the United States." This is the second amicus brief EPIC has submitted in the case, Curling v. Raffensperger. In the earlier amicus brief, EPIC urged the court to stop Georgia's use of Direct Recording Electronic voting machine, which EPIC explained were unreliable and easily hacked. The court ruled that Georgia must replace those voting machines before the 2020 election. (Mar. 19, 2020)

  • According to the Washington Post, the U.S. Government is in active discussions with tech companies about tracking telephone customers to monitor the spread of the coronavirus. Cellphone data is currently protected under federal privacy law. In the Carpenter case, the Supreme Court made clear that government access to location information implicates the Fourth Amendment. EPIC has long advocated for protection of location privacy. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. The FCC recently announced fines against T-Mobile, AT&T, Verizon, and Sprint for selling customers' location information. (Mar. 19, 2020)

  • In a letter to the California Attorney General, several advertising associations called for a six-month delay in implementation of the California Consumer Privacy Act. The business groups cited the coronavirus as the reason they should not comply with the law as planned. The California privacy law establishes new privacy rights for California residents, and busineses are required to bring their practices into compliance. The California Attorney General will begin enforcement actions on July 1, 2020. EPIC expressed support for the new privacy law in comments to the Attorney General on proposed regulations. EPIC's recommendations for baseline federal privacy legislation and the creation of a Data Protection Agency are detailed in Grading on a Curve: Privacy Legislation in the 116th Congress. (Mar. 19, 2020)

  • Privacy International has created a resource to track the privacy implications of the various responses to the Coronavirus by tech companies, governments, and international agencies. Some responses to the pandemic involve mass surveillance and locational tracking that impact on privacy and human rights. For example, Israel plans to use cellphone data for contact tracing and a U.S. company Athena Security has proposed mass surveillance for temperature monitoring. U.S. Senators have written to the Federal Trade Commission and the White House expressing concern over the privacy implications of the Administration's plan to allow Google to establish a virus screening website for COVID-19. (Mar. 19, 2020)

  • The Department of Justice has released the 2019 FOIA Litigation and Compliance Report which details the DOJ's efforts to encourage agency compliance with the FOIA across federal agencies. DOJ updated the Guide to the Freedom of Information Act, with recent court decisions. The DOJ report also summarizes agency guidance, including the application of Exemption 4 after the Supreme Court expanded the definition of "confidential" information. On that issue, EPIC filed an amicus brief in Food Marketing Institute v. Argus Leader Media telling the Supreme Court that access to commercial records is critical for government oversight. EPIC celebrated Sunshine Week with the 2020 EPIC FOIA Gallery, highlighting important EPIC FOIA work from the past year, including EPIC's case for the release of the Mueller Report, EPIC v. Department of Justice. (Mar. 19, 2020)

  • Five U.S. Senators have sent a letter to the White House expressing concern over the privacy implications of the Administration's plan to allow Google to establish a virus screening website for COVID-19. Senators Bob Menendez, Sherrod Brown, Richard Blumenthal, Kamala Harris, and Cory Booker said "If the Administration and the private company responsible for launching and maintaining the website does not establish sufficient privacy safeguards, Americans who use the site will be more susceptible to identity theft, negative credit decisions, and employment discrimination." The Senators asked for responses to thirteen questions by March 30, 2020. Google is under a consent order that gives the FTC authority to oversee the company's privacy practices. The FTC consent order followed complaints by EPIC about Google Buzz. EPIC later sued the FTC, EPIC v. FTC, for the agency's failure to enforce the consent against Google. (Mar. 19, 2020)

  • Today, U.S. Sens. Mark R. Warner (D-VA) and Richard Blumenthal (D-CT) wrote to FTC Chairman Joe Simons about Google's ad targeting practices for products such as face masks and hand sanitizer. The Senators presented evidence that Google continues to run ads that capitalize on COVID-19 fears despite claiming to ban such ads. The Senators said that the ads "create widespread social harms to our nation's response to the crisis." The also said, "consumers should b able to rely on representations regarding a company's business practices...if consumer cannot rely on a company's representations, then the FTC must intervene." EPIC has long advocated privacy protections for medical information. EPIC helped establish the FTC's authority to oversee Google, but EPIC has since criticized the agency's effectiveness and called for the establishment of a U.S. Data Protection Agency. (Mar. 17, 2020)

  • The Department of Health & Human Services announced today that it is rolling back privacy protections for electronic medical appointments during the coronavirus outbreak. HHS stated it will not take enforcement action against health care providers that violate the federal patient privacy law (HIPAA) when consulting with patients remotely, as long as providers act in "good faith." Normally, remote communications tools used for medical purposes must comply with strict privacy rules. Health care providers are still prohibited from using "public facing" applications such as Facebook Live and TikTok to consult with patients, HHS said. EPIC has long advocated privacy protections for medical information and filed a brief in IMS v. Sorrell urging the Supreme Court to safeguard prescription data. (Mar. 17, 2020)

  • The Senate voted late Monday to extend certain national security authorities for 75 days that were set to expire. Last week the House passed a bill that included several reforms. EPIC and other civil liberties groups backed a bill that would establish a warrant requirement for location data and internet browsing history, increase transparency, and strengthen the Privacy and Civil Liberties Oversight Board. Members of both parties have expressed support for reform of the controversial NSA surveillance program. EPIC closely tracks the use of FISA authority. EPIC has advocated for significant FISA reforms, and recently advised Congress to limit Section 702 surveillance and to allow Section 215 to expire. (Mar. 17, 2020)

  • A federal court, ruling in EPIC v. Department of Justice, has decided to review the unredacted version of key memo by Special Counsel Mueller to determine whether additional material must be released. The memo, which summarizes Mueller's investigation of a suspected "unregistered agent of a foreign government," was partially disclosed to EPIC in response to EPIC's Freedom of Information Act request. Earlier, the court ruled in EPIC's case that it would review the sections of the Mueller Report that the government has withheld from the public. The court also rebuked Attorney General Barr, citing "grave concerns about the objectivity of the process that preceded the public release of the redacted version of the Mueller Report[.]" The book EPIC v. DOJ: The Mueller Report, which includes EPIC's original FOIA request and related materials, is available for purchase at the EPIC Bookstore. The case is EPIC v. Department of Justice, No. 19-810. (Mar. 16, 2020)

  • In celebration of Sunshine Week, EPIC has unveiled the 2020 FOIA Gallery. Since 2001, EPIC has annually published highlights of EPIC's most significant open government cases. For example, last year EPIC filed the first lawsuit in the country for the public release of the Mueller Report. The federal court rebuked Attorney General Barr and agreed to review the complete Mueller Report to determine what additional material must be released. EPIC also prevailed in EPIC v. the Commission on AI. A federal court ruled that the Commission on Artificial Intelligence is subject to the FOIA. Following the court's decision, the AI Commission released documents about its activities to EPIC. In this year's FOIA gallery, EPIC also highlighted pre-trial risk assessment reports, documents about Justice Kavanaugh's role in the warrantless surveillance program, a DHS drone status report, the Census data transfer plan, and more than 29,000 complaints against Facebook pending at the FTC. (Mar. 16, 2020)

  • United Nations human rights experts are urging government leaders not to abuse emergency powers in response to the coronavirus outbreak. UN High Commissioner for Human Rights Michelle Bachelet stated: "Being open and transparent is key to empowering and encouraging people to participate in measures designed to protect their own health and that of the wider population, especially when trust in the authorities has been eroded." Andrea Jelinek, Chair of the European Data Protection Board, also released a statement, saying: "even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects." Some countries, such as Israel, intend to use cellphone data to track coronavirus, threatening civil liberties. A recent book by EPIC Advisory Board Member Professor Francisca Bignami on EU Law in Populist Times at the EPIC Bookstore explores derogations for national security. (Mar. 16, 2020)

  • EPIC submitted comments on the OMB draft Guidance for Regulation of Artificial Intelligence Applications. The OMB Guidance instructs federal agencies to regulate private sector use of AI. EPIC recommended that the OMB guidance also apply to government uses of AI, that OMB establish prohibitions on secret profiling and unitary scoring, and require transparency to ensure fairness and accountability in automated decisions concerning people. EPIC has recently petitioned the FTC to undertake a rulemaking for AI in commerce. EPIC has published the AI Policy Sourcebook, the first reference book on AI policy. (Mar. 13, 2020)

  • Last minute lobbying by big tech companies blocked passage of the Washington Privacy Act. The state privacy law have given consumers the right to access, correct and delete their personal data held by tech firms. EPIC and a broad coalition of privacy groups backed a comprehensive bill that would include, as privacy laws typically do, the right of consumers to bring legal action but that was opposed by industry groups. The Washington legislature did pass a modest bill limiting the government use of facial recognition technology. EPIC has long supported federal baseline legislation and the creation of a data protection agency. EPIC has also called for a moratorium on face surveillance. The EPIC State Policy Project monitors privacy bills nationwide. (Mar. 13, 2020)

  • EPIC has announced the newest members of the EPIC Advisory Board. They are Joy Buolamwini, Professor Margot Kaminski, Professor Kate Klonick, Professor William McGeveran, Professor Priscilla Regan, Rashida Richardson, and Vivian Schiller. The EPIC Advisory Board is a distinguished group of experts in law, technology, and public policy who contribute to EPIC's work on privacy and civil liberties. The publication of the EPIC Advisory Board members are available at the EPIC Bookstore. Press Release. (Mar. 13, 2020)

  • In a statement to the Senate Judiciary Committee on the EARN IT Act, EPIC supported both end-to-end encryption and reform to Section 230 of the Communications Decency Act. EPIC backed the plan to establish Best Practices to limit the distribution of child sexual exploitation material, but cautioned "against recommendations that would reduce privacy and security for Internet users." EPIC pointed out that actual end-to-end encryption "protects users, promotes commerce, and ensures cybersecurity." In an amicus brief in Herrick v. Grindr, EPIC objected to a court decision that found "online platforms bear no responsibility for the harassment and abuse their systems enable." (Mar. 12, 2020)

  • EPIC joined the National Consumer Law Center and other consumer groups in an amicus brief supporting review of recent decision that limits consumer robocall protections. In Gadelhak v. AT&T Services, the Seventh Circuit concluded that consumers who receive an automated text message can sue under the federal anti-robocall law, but only if the autodialer has a random number generator. The decision deepened a split among federal appeals courts over the scope of federal robocall protections. EPIC and NCLC also filed an amicus brief during the court's original consideration of the case. The EPIC brief explained that allowing telemarketers to auto-dial consumers "would undermine the law's effectiveness by inviting easy circumvention and rendering the restriction obsolete." EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA. (Mar. 12, 2020)

  • In response to EPIC's FOIA Request, the DC Pretrial Services Agency produced several documents about its risk assessment instrument developed and validated by Maxarth. The government reduced the number of factors in risk factors from 70 to 43 in 2019 after review, and place more emphasis on recent criminal charges. EPIC also obtained a 2019 Validation Study and a Predictive Bias report. The Validation Study rated the predictive ability "sufficient." EPIC has obtained documents about pre-trial risk assessments nationwide as well as a scoring system developed by the DHS to assign risk assessments to travelers, including US citizens. EPIC has urged government agencies to make transparent algorithmic-based decision making to ensure fairness and accountability. (Mar. 11, 2020)

  • The D.C. Circuit Court of Appeals has granted Congress access to the grand jury materials referenced in the Mueller Report. The appeals court upheld a lower court decision to disclose the grand jury records to the House Judiciary Committee, citing the "compelling need for the material and the public interest." Last week, the court in EPIC v. Department of Justice ruled that it would review the unredacted Mueller Report to determine what additional material must be released to EPIC. The court in EPIC's case also rebuked Attorney General Barr, citing "grave concerns about the objectivity of the process that preceded the public release of the redacted version of the Mueller Report[.]" The book EPIC v. DOJ: The Mueller Report, which includes EPIC's original FOIA request and related materials, is available for purchase at the EPIC Bookstore. EPIC's case is EPIC v. Department of Justice, No. 19-810. (Mar. 10, 2020)

  • Congress is reviewing proposals to reform the Foreign Intelligence Surveillance Act. Several bills have been introduced, including a bill backed by EPIC and other civil liberties groups that would establish a warrant requirement for location data and internet browsing history, increase transparency, and strengthen the Privacy and Civil Liberties Oversight Board. Members of both parties have expressed interest in reform of the controversial NSA surveillance program. Even the FISA court has criticized the program, following abuses uncovered by the Inspector General. EPIC closely tracks the use of FISA authority. EPIC has advocated for significant FISA reforms, and recently advised Congress to limit Section 702 surveillance and to allow Section 215 to expire. The Section 215 program is scheduled to sunset on March 15. (Mar. 10, 2020)

  • EPIC has filed a reply brief in EPIC v. AI Commission urging a federal court in Washington, DC to enforce the Commission's obligation to hold open meetings and publish its records on a regular basis. The court previously ruled that the AI Commission must comply with the Freedom of Information Act. In briefs with the court, EPIC explained that the Commission must also comply with the Federal Advisory Committee Act, citing the law enacted by Congress. "It is not for the Government or the courts to second-guess that legislative choice simply because the AI Commission's transparency obligations flow from two statutes rather than one," EPIC wrote. In a recent report for Congress and the President, the Commission recommended weakening privacy safeguards for Americans but never consulted with the public as the Federal Advisory Committee Act would require. The case is EPIC v. AI Commission, No. 19-2906 (D.D.C.). (Mar. 10, 2020)

  • The OMB is seeking comments on the proposed Guidance for Regulation of Artificial Intelligence Applications. The Guidance recommends that federal agencies "promote advancements in technology and innovation, while protecting American technology, economic and national security, privacy, civil liberties, and other American values, including the principles of freedom, human rights, the rule of law, and respect for intellectual property." The US AI Guidance follows from the OECD AI Principles, which the United States has endorsed, as well as some of the Universal Guidelines for AI, a human rights framework for AI endorsed by more than 250 experts and 60 associations in 40 countries. EPIC will recommend that the OMB regulation apply to all government uses of AI, include prohibitions on secret profiling and unitary scoring, and require transparency to ensure fairness and accountability in automated decisions concerning people. EPIC has recently petitioned the FTC to undertake a rulemaking for AI in commerce. Comments to the OMB are due Friday, March 13 and can be submitted through the Federal Register. EPIC has published the AI Policy Sourcebook, the first reference book on AI policy. (Mar. 9, 2020)

  • The Department of Health and Human Services finalized rules that require insurance and healthcare companies to provide patient access to their medical data in a format suitable for cellphones and other electronic devices. However, federal privacy protections under HIPAA no longer apply once patients transfer their data to consumer apps, creating serious risks to medical privacy. The CEO of the American Medical Association warned regulators that "These practices jeopardize patient privacy, commoditize an individual's most sensitive information, and threaten patient willingness to utilize technology to manage their health." Tech firms pushed for these changes. Last year, the Wall Street Journal reported that Google's 'Project Nightingale' intends to amass health data on millions of Americans. There will be a six-month period before the rule goes into effect. EPIC has recommended strong safeguards for medical records in agency comments and briefs for the Supreme Court. (Mar. 9, 2020)

  • In EPIC's open government case concerning US AI policy, a federal court has ordered the National Security Commission on Artificial Intelligence to process 800 pages of records a month for disclosure to EPIC. The order follows the court's previous ruling in EPIC v. AI Commission that the Commission is subject to the Freedom of Information Act. The Commission recently released a report to Congress that criticizes the EU General Data Protection Regulation and calls for greater "government access to data on Americans." Before issuing its report, the Commission held more than two hundred secret meetings with tech firms, defense contractors, and others but did not gather opinions from the American public. EPIC is also litigating to enforce Commission's obligation to hold open meetings. (Mar. 9, 2020)

  • EPIC has filed a Freedom of Information Act request to several government agencies seeking records about the government's use of Clearview AI technology. Clearview AI permits law enforcement agencies to conduct suspicionless searches of people in public spaces. The company scraped billions of facial images, without permission, from websites, including Facebook, Youtube, Venmo, and Twitter. Clearview's recently stolen client list revealed that the company has sold its surveillance technology to more than 2,200 law enforcement and government agencies, and companies across 27 countries. EPIC, and more than a hundred organizations, have called for a moratorium on facial recognition technology. (Mar. 6, 2020)

  • A federal Court, ruling in EPIC v. Department of Justice, today rebuked Attorney General Barr and agreed to review the complete Mueller Report to determine what additional material must be released. Judge Reggie B. Walton wrote, "The Court has grave concerns about the objectivity of the process that preceded the public release of the redacted version of the Mueller Report[.]” The Court cited the summary of the principal findings prepared by the Attorney General. Judge Walton explained that "the need for the American public to have faith in the judicial process” requires that the court review the Mueller Report without redactions. "Adherence to the FOIA’s objective of keeping the American public informed of what its government is up to demands nothing less,” wrote Judge Walton. The Court also denied the Department of Justice’s motion for summary judgment. EPIC filed the first case in the nation for the disclosure of the complete Mueller Report. The book EPIC v. DOJ: The Mueller Report is available for purchase at the EPIC Bookstore. The case is EPIC v. Department of Justice, No. 19-810. (Mar. 5, 2020)

  • EPIC along with a coalition of groups proposed changes to the Washington Privacy Act, a bill now pending in the Washington legislature. The Washington Privacy Act would give consumers the right to access, correct and delete personal data held by companies, and it wold require companies to uphold privacy obligations, including transparency, purpose specification, data minimization, security, and nondiscrimination. But the bill lacks an effective mechanism for enforcement, permits the deployment of facial recognition, and contains many loopholes. EPIC and the coalition urged the Washington legislature to establish a private right of action, narrow the exemptions, make risk assessments publicly accessible, and remove the provisions permitting facial recognition. At the federal level, EPIC supports H.R. 4978, the Online Privacy Act, and S. 3300, to establish a US Data Protection Agency. EPIC has also called for a moratorium on face surveillance. The EPIC State Policy Project monitors privacy bills nationwide. (Mar. 5, 2020)

  • In an amicus brief filed today, EPIC urged the Supreme Court to allow the release of President Trump's tax returns to a grand jury. EPIC explained that President Trump broke with 40 years of precedent by concealing his tax records, even as he sought to collect sensitive voter and citizenship data from the public. "This is inverted liberty: privacy for the President and compelled disclosure of personal data for the public," EPIC argued. "That is antithetical to the structure and practice of modern democracies which safeguard the privacy of citizens and impose transparency obligations on political leaders, most notably the President." EPIC previously sought public release of President Trump's tax returns in EPIC v. IRS, arguing that disclosure was necessary to correct numerous factual misstatements made by the President. In EPIC v. IRS II, EPIC is currently seeking "offers-in-compromise" and related tax records of President Trump and his businesses. The case before the Supreme Court, Trump v. Vance, will be argued March 31. (Mar. 4, 2020)

  • EPIC has obtained a more documents from the National Security Commission on Artificial Intelligence. The records obtained by EPIC show that the AI Commission was aware of work on algorithmic transparency and AI bias. But the Commission's recent report to Congress did not endorse these recommendations, instead criticizing EU privacy law and calling for greater "government access to data on Americans." The Commission's disclosure follows a court ruling in EPIC v. AI Commission that the Commission is subject to the FOIA. Before issuing its report, the AI Commission held regular secret meetings with tech firms and defense contractors but did not gather opinions from the American public. EPIC is also litigating to enforce Commission's obligation to hold open meetings. (Mar. 4, 2020)

  • EPIC has filed a reply brief in EPIC v. Drone Advisory Committee urging the D.C. Circuit to reverse a decision that allowed FAA to conduct much of its policy work on drones in secret. EPIC filed suit in 2018 against the industry-dominated Advisory Committee, which ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. As a result of EPIC's lawsuit, the Committee was forced to disclose hundreds of pages of records to EPIC, but the agency withheld records from subcommittees that participated in the policy process. EPIC told the Court of Appeals that the FAA's interpretation of the Federal Advisory Committee Act would circumvent the open meetings law. The case is EPIC v. Drone Advisory Committee, No. 19-5238 (D.C. Cir.). (Mar. 3, 2020)

  • The Ninth Circuit decided today that consumers could bring a case against Facebook for scanning private messages, but upheld a settlement that produced only a minor change in Facebook's business practices. In Campbell v. Facebook, the appeals court found that consumers "sued to protect concrete interests" because wiretap laws "codify a context-specific extension of the substantive right to privacy." EPIC filed an amicus brief in the case, arguing that the settlement "does not prevent Facebook from resuming the practices" consumers sued to stop. EPIC explained that the settlement only requires Facebook to post a "vague notice" that is "not the basis for consent" under applicable wiretap laws. EPIC routinely files amicus briefs in cases concerning consumer privacy and standing. (Mar. 3, 2020)

  • EPIC, joined by other organizations, submitted comments to the FAA regarding the agency's proposed rule for drone IDs. EPIC urged the FAA to require real-time public access to drone ID information. EPIC also recommended that the FAA provide privacy protections for recreational users and conduct a privacy impact assessment of the risks associated with drone surveillance. In 2015, EPIC wrote "Drones should be required to broadcast their registration information to allow members of the public" to easily identify the operator and to determine the location, purpose, and surveillance capabilities of the drone. The European Union has established a drone regulation similar to the one EPIC has recommend the FAA to adopt. The Interior Department recently grounded Chinese-made drones, warning of surveillance risks. (Mar. 3, 2020)

  • In an amicus brief for the U.S. Supreme Court, EPIC today defended the Telephone Consumer Protection Act, a law that prohibits unwanted robocalls. EPIC said that the robocall ban is "constitutionally permissible and serves important governmental interests." EPIC explained in Barr v. American Association of Political Consultants that "the harm caused by unwanted automated calls" is more acute than when the robocall ban was enacted in 1991. EPIC said "without the autodialer ban, the assault of unwanted calls could make cell phones unusable." EPIC also argued that "a minor amendment to an otherwise constitutional law, passed decades after the original enactment, should not take down an act of Congress." Senator Markey, Representative Eshoo, and more than a dozen members of Congress also filed an amicus brief in support of the consumer privacy law. EPIC frequently files amicus briefs on the TCPA, including in the related case, Gallion v. Charter Communications. (Mar. 2, 2020)

  • A new poll from Gallup and the Knight Foundation found that the majority of Americans do not want political campaigns to micro-target digital ads. Democrats (69%), independents (72%), and Republicans (75%) said that internet companies should not provide information about users to political campaigns for online advertisements. 59% said Internet companies should disclose who paid for political ads, how much they cost, and to whom the ads are targeted. EPIC Consumer Protection Counsel Christine Bannan testified at an FEC hearing in 2018 and urged the Commission to promulgate rules to mandate the source of online political ads, comparable to the rule for print and broadcast publications. (Mar. 2, 2020)

  • The U.S. Supreme Court announced today it will consider a Freedom of Information Act case about the government's attempts to withhold documents from the public under the "deliberative process" exemption. In U.S. Fish and Wildlife Services v. Sierra Club, a federal appeals court ordered a federal agency to produce agency documents about a proposed regulation concerning endangered species. The Ninth Circuit held that the documents were not "predecisional." EPIC frequently litigates Freedom of Information Act cases to challenge the government withhold public records. EPIC is currently litigating for the release of the complete Mueller Report. (Mar. 2, 2020)

  • Through EPIC's lawsuit against the DHS, EPIC obtained a previously undisclosed Report about security breaches prior to the 2016 Presidential Election. The DHS/FBI report "Threats of Federal, State, and Local Government Systems" describes attacks on US elections and includes recommendations for cybersecurity risks. In the FOIA lawsuit, EPIC seeks to determine whether the DHS responded effectively to election security threats in 2016, The case is EPIC v. DHS, 17-2047 (D.D.C.). (Feb. 28, 2020)

  • Today the FCC announced proposed fines against T-Mobile, AT&T, Verizon, and Sprint for selling customers' location information. FCC Chairman Ajit Pai said: "This FCC will not tolerate phone companies putting Americans' privacy at risk." The companies are given an an opportunity to respond to the FCC before the Commission makes a final decision. EPIC has long advocated for protection of location privacy. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. And EPIC filed an amicus brief in Carpenter v. US. The Supreme Court held in that case that the Fourth Amendment protects cell site location information. (Feb. 28, 2020)

  • Speaking at the launch of the OECD AI Policy Observatory in Paris, EPIC President Marc Rotenberg urged OECD member countries to defend "the rule of law, fundamental rights, and democratic institutions." Rotenberg praised the OECD for its work on the AI Principles, noted the influence of the OECD Privacy Guidelines, but also warned that AI decisionmaking will have a profound impact on employment, education, and criminal justice. "The OECD is uniquely situated,:" Rotenberg said "to promote economic growth and protect democratic values." EPIC helped establish the OECD Civil Society Advisory Council and has gathered support for the Universal Guidelines for AI, a policy framework to protect human rights. EPIC's Rotenberg first urged "algorithmic transparency" at the OECD global forum in Japan in 2014. (Feb. 27, 2020)

  • The FTC has published "Privacy & Data Security Update for 2019." The FTC report summarizes the enforcement actions the agency pursued last year, including the proposed settlement with Facebook. EPIC challenged the settlement, arguing that the "Court should not adopt the proposed Consent Decree because the parties have not established that it would be fair, adequate, reasonable, appropriate, or consistent with the public interest." EPIC also uncovered 29,000 complaints against Facebook, currently pending at the FTC. The Court required the FTC and Facebook to respond to EPIC's objections. EPIC and other consumer organizations have many privacy complaints currently pending at the FTC that the Commission has failed to pursue. EPIC recently filed complaints with the FTC on HireVue and Airbnb for unfair and deceptive uses of AI. (Feb. 27, 2020)

  • The Privacy and Civil Liberties Oversight Board has issued a report emphasizing the minimal value of the NSA's call details records program. The Board recommended the end of the program, which the NSA suspended last year after concerns about compliance with legal standards established in the US Freedom Act. According to the PLCOB report, the government spent $100 million on the program, yet opened only one non-duplicative investigation. EPIC recently joined 44 civil liberties organizations in backing the end of the NSA surveillance program. In 2013, EPIC filed a petition with the U.S. Supreme Court, In re EPIC, challenging the lawfulness of the NSA's bulk collection of American's telephone records. (Feb. 27, 2020)

  • EPIC has filed a complaint with the FTC, alleging that Airbnb has committed unfair and deceptive practices in violation of the FTC Act and the Fair Credit Reporting Act. Airbnb secretly rates customers “trustworthiness" based on a patent that considers such factors as “authoring online content with negative language.” The company’s opaque, proprietary algorithm also considers "posts on the person’s social network account" as well the individual's relationships with others, and adjusts the "trustworthiness" score based on the scores of those associations. EPIC said the company failed to comply with "established public policies" for AI decision-making, such as the OECD AI Principles and the Universal Guidelines for AI. EPIC has recently brought complaints to the FTC about the employment screening firm HireVue and the Universal Tennis Rating secret scoring technique. EPIC has also petitioned the FTC to conduct a rulemaking for "the use of artificial intelligence in commerce." The EPIC AI Policy Sourcebook includes the OECD AI Principles, the Universal Guidelines for AI, and other AI policy frameworks. (Feb. 27, 2020)

  • Hackers have stolen the entire client database of facial recognition company Clearview AI. Clearview AI scraped over three million images from the internet to build its facial recognition database. The company sells facial recognition services to law enforcement agencies. In a statement to Clearview AI CEO Hoan Ton-That, Senator Markey wrote: "Clearview's product appears to pose particularly chilling privacy risks, and I am deeply concerned that it is capable of fundamentally dismantling Americans' expectation that they can move, assemble, or simply appear in public without being identified..." Last month Senator Markey sent a letter to Clearview AI asking about the company's collaboration with law enforcement agencies and for information about privacy protections. EPIC, and more than a hundred organizations, have called for a moratorium on facial recognition technology. (Feb. 26, 2020)

  • In a statement to Congressional leaders, California Attorney General Xaviar Becerra called for strong baseline, federal privacy legislation. Becerra wrote, "I am optimistic Congress will be able to craft a proposal that guarantees new privacy rights for consumers, includes a meaningful enforcement regime, and respects the good work undertaken by states across the country." The California Attorney General also made clear the importance of meaningful enforcement. "Congress should make clear in any legislative proposal that state attorneys general have parallel enforcement authority and that consumers also have the opportunity to protect their rights directly through a private right of action," Becerra said. EPIC has endorsed H.R. 4978, the Online Privacy Act, sponsored by Representatives Eshoo and Lofgren and S. 3300, the Data Protection Act, sponsored by Senator Gillibrand. Neither bill preempts stronger state law. (Feb. 26, 2020)

  • In comments on proposed revisions to the California Consumer Privacy Act, EPIC backed changes to strengthen consumer protections. EPIC expressed support for the work of the California Attorney General on the CCPA and provided the recommendations to "further safeguard the privacy of California consumers." EPIC's comments follow EPIC's campaign to educate Californians about the CCPA and EPIC's recent report on federal privacy legislation, Grading on a Curve. EPIC has endorsed H.R. 4978, the Online Privacy Act (Eshoo/Lofgren), and S. 3300, The Data Protection Act (Gillibrand). (Feb. 25, 2020)

  • The House Judiciary Committee will consider this week the USA FREEDOM Reauthorization Act of 2020, a bill that will repeal authority to access call detail records, declassify opinions of the FISA court, and improve the Privacy and Civil Liberties Oversight Board. EPIC has joined 44 civil liberties organizations in support of similar legislation. But the bill does not address surveillance conducted under Section 702, concerning non-US persons. EPIC recently advised Congress to reform Section 702 and to end Section 215 surveillance of Americans. (Feb. 25, 2020)

  • According to the New York Times, U.S. intelligence agencies have briefed Congress about ongoing efforts by Russia to interfere in the 2020 Presidential election. Following the briefing, the President replaced the acting Director of National Intelligence with Richard Grenell, a person with no background in intelligence or the management of federal agencies. The Senate Intelligence Committee, the U.S. Intelligence Community, and Special Counsel Robert Mueller previously confirmed Russian interference in the 2016 election. However, the full extent of Russian interference in 2016 has not yet been revealed. EPIC is seeking the disclosure of the complete and unredacted Mueller Report in the FOIA lawsuit EPIC v. DOJ. EPIC's case could provide further information about the scope and techniques of Russian election interference. A ruling is expected soon. (Feb. 21, 2020)

  • In response to a public records request, EPIC received documents from the Mississippi Department of Corrections detailing their use of risk assessment tools. The results show that the Department uses risk assessments from pre-trial through parole. The document released to EPIC also show efforts to comply with the validation requirements of state law passed in 2019. The documents disclosed include also sample scoring sheets, scripts, four different trainings, and a manual on the risk assessment software. EPIC has obtained documents about pre-trial risk assessments from several states as well as a scoring system developed by the DHS to assign risk assessments to travelers, including US citizens. (Feb. 21, 2020)

  • Through a FOIA request, EPIC has obtained documents (pt. 1, 2, 3) about the TSA's "Visible Intermodal Prevention and Response" program. Created in 2004, the VIPR teams worked with law enforcement agencies to conduct warrantless searches at public events, including festivals, sporting events, and bus stations. The TSA released to EPIC planning guidance, an operations directive, operating procedures, and activity summary reports. However, the EPIC request revealed that the TSA failed to complete civil rights and civil liberties impact assessments required by law. The VIPR program ended in 2019. The VIPR program used "risk-based" profiling and "behavior detection" to search and detain individuals. Two GAO reports (2013, 2017)questioned the reliability of TSA's behavioral indicators, which included, for example, "assessing the way an individual swallows or the degree to which an individual's eyes are open." (Feb. 21, 2020)

  • The European Parliament heard testimony today on AI in Criminal Law amidst a widespread push towards robust AI regulation in the EU. The panelists before the committee responsible for civil liberties, justice, and home affair focused on facial recognition, risk assessments, and predictive policing. The hearing explored regulation and law enforcement use, and also transparency, explainability, and accountability. The hearing in Parliament followed the release of a European Commission White Paper on AI. EPIC has called for a moratorium on face surveillance and maintains a resource about the use of risk assessments in the US Criminal Justice system. (Feb. 20, 2020)

  • This week the American Bar Association adopted new policies for the security of elections and the regulation of drone operations. Under the election cybersecurity policy, the ABA will urge Congress to provides funding to NIST to set election security standards, provide funding to secure state systems, and encourage state and local governments to secure election systems. Last year a federal court ruled that Georgia must replace its insecure voting machines, citing EPIC's amicus brief that highlighted the unreliable nature of paperless voting systems. EPIC continues to seek release of DHS records concerning ongoing election security risks. The ABA also adopted a drone privacy policy that will encourage federal, state, and local governments to regulate the deployment of drones. EPIC first petitioned the FAA to promulgate drone privacy regulations in 2012, has sued to obtain records of the agency's secretive drone advisory committees, and EPIC recently launched a Mandate Drone ID Campaign. (Feb. 20, 2020)

  • A report released by the Administrative Conference of the US with Stanford and NYU explores the use of Artificial Intelligence techniques by 142 Federal Agencies. According to the report, law enforcement agencies are most likely to use AI. The report "Government by Algorithm: Artificial Intelligence in Federal Administrative Agencies" cites documents obtained by EPIC in the FOIA lawsuit EPIC v. CBP. In that case, EPIC obtained document from the federal agent that revealed problems with biometric identification. EPIC has recommended the Universal Guidelines for AI to guide the government's use of AI and EPIC recently petitioned the Federal Trade Commission to establish regulations for the use of AI in commerce. (Feb. 20, 2020)

  • In response to EPIC's Freedom on Information Act lawsuit, EPIC v. State, the State Department has provided EPIC with several agency agreements concerning State Department facial recognition program. The Consular Consolidated Database contains millions of images from visa and passport applicants, which other federal agencies are now accessing for purposes unrelated to the processing of visa and passport application. The State Department agreements include the Labor, Interior, and Defense Departments. Several of the documents EPIC obtained concealed the name of the federal agency accessing the State Department database. In a related EPIC FOIA lawsuit, EPIC obtained documents concerning Customs and Border Protection use of images from the State Department. (Feb. 19, 2020)

  • EPIC has filed a brief urging a federal court to enforce the transparency obligations of the National Security Commission on Artificial Intelligence. EPIC explained that the AI Commission must hold open meetings and publish its records on a regular basis. The court previously ruled that the AI Commission must comply with EPIC's Freedom of Information Act request, but the Commission now claims that it is exempt from a related statute that requires advisory committees to operate transparently. EPIC told the court that "as is often the case for federal entities, the AI Commission must comply with two (or three, or more) statutory obligations at the same time." The Commission, which is tasked with developing U.S. AI policy, recently released a report to Congress criticizing the EU General Data Protection Regulation and calling for greater "government access to data on Americans." The AI Commission met frequently in secret with lobbyists and private contractors, but never gathered opinions from the American public. (Feb. 19, 2020)

  • The European Commission has published the White Paper on Artificial Intelligence(AI) and the European Data Strategy. the Commission stated that the aim is to promote "Technology that works for people; a fair and competitive economy; and an open, democratic and sustainable society." On AI and fundamental rights, the Commission warned that "biases in algorithms or training data used for recruitment AI systems could lead to unjust and discriminatory outcomes..." The Commission also warned that the "gathering and use of biometric data for remote identification purposes carries specific risks for fundamental rights" but stopped short of endorsing a moratorium on face surveillance. The EU White Paper on Artificial Intelligence is open for public consultation until May 19, 2020. The Commission is also gathering feedback on the data strategy. (Feb. 19, 2020)

  • The Seventh Circuit has concluded that consumers who receive an automated text message can sue under the federal anti-robocall law, but only if the autodialer has a random number generator. The decision in Gadelhak v. AT&T Services deepens a split among federal appeals courts over the scope of federal robocall protections. EPIC and the National Consumer Law Center filed an amicus brief in the case, arguing that an autodialer need only dial numbers from a list, such as a customer contact database. EPIC and the NCLC explained that allowing telemarketers to robocall consumers from a list "would undermine the law's effectiveness by inviting easy circumvention and rendering the restriction obsolete." The EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA. (Feb. 19, 2020)

  • In a letter to school administrators, EPIC joined Fight for the Future and over 40 organizations opposing the use of facial recognition technology in schools. The coalition stated that facial recognition is an "invasive and biased technology that violates the rights of students and faculty and has no place in educational institutions." EPIC launched a campaign and resource page to ban face surveillance globally. The Public Voice declaration has the support of over 100 organizations and many leading experts across 30 plus countries. EPIC has also called on the Privacy and Civil Liberties Oversight Board to suspend face surveillance systems across the federal government. (Feb. 13, 2020)

  • Senator Kirsten Gillibrand (D-NY) has introduced S. 3300, The Data Protection Act of 2020 which would create an independent Data Protection Agency in the United States to safeguard the personal data of Americans. EPIC, many leading consumer and civil rights organizations, privacy experts, and scholars support Senator Gillibrand's non-partisan bill. "The US confronts a privacy crisis. Our personal data is under assault. Congress must establish a data protection agency. Senator Gillibrand has put forward a bold, ambitious proposal to safeguard the privacy of Americans," said Caitriona Fitzgerald, EPIC Policy Director. EPIC has long advocated for the creation of a U.S. Data Protection Agency, arguing that the Federal Trade Commission is an ineffective agency, lacking basic competence for privacy protection. EPIC's recent report, Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a modern privacy law, including the creation of a Data Protection Agency. [Bill text] [EPIC PRESS RELEASE] (Feb. 13, 2020)

  • Senators Cory Booker and Jeff Merkley introduced the Ethical Use of Facial Recognition Act, which would ban the federal government's use of facial recognition until Congress passes legislation regulating the technology. The bill also prevents state and local government from using federal funds for facial recognition systems and creates a commission to develop guidelines for the use of facial recognition. EPIC has launched a campaign to Ban Face Surveillance and through the Public Voice coalition gathered the support of over 100 organizations and many leading experts across 30 plus countries. An EPIC-led coalition has also called on the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. (Feb. 12, 2020)

  • Today EPIC has launched "Mandate Drone ID" to encourage the public to submit comments to the FAA regarding the agency's proposed rule for a drone ID requirement. EPIC recommends that the FAA modify the draft rule to require public access to drone ID information, including the operator identity, the purpose, and the surveillance capabilities. In 2015, EPIC wrote "Drones should be required to broadcast their registration information to allow members of the public" to easily identify the operator and responsible party. EPIC has recommended that the FAA follow the model for vessels and planes, which requires operators to broadcast location, course, and operator identity, The European Union has established real-time broadcasting requirement similar to the one EPIC has previously encouraged the FAA to implement. Comments on the FAA proposed rule are due March 2, 2020. (Feb. 12, 2020)

  • EPIC has joined 44 civil liberties organizations in endorsing the Safeguarding Americans' Private Records Act of 2020 (S. 3242 / H.R. 5675), sponsored By Senator Wyden [D-OR] and, in the House, Rep. Lofgren [D-CA]. The bills would repeal the NSA's bulk telephone surveillance program, establish a warrant requirement for location data and internet browsing history, increase transparency, and strengthen the Privacy and Civil Liberties Oversight Board. EPIC recently advised Congress to reform Section 702 of FISA and to sunset Section 215 of the Patriot Act. (Feb. 12, 2020)

  • The FTC announced plans to review acquisitions by Google, Amazon, Apple, Facebook, and Microsoft between 2010-2019. The FTC will review those acquisitions that the companies were not required by law to report at the time of acquisition. FTC Chairman Joe Simons said the initiative would "evaluate whether the federal agencies are getting adequate notice of transactions that might harm competition." In a joint statement, Commissioner Wilson and Commissioner Chopra said, "While we commend the FTC for exploring this timely and important topic, we reiterate our call for the Commission to prioritize 6(b) studies that explore consumer protection issues arising from the privacy and data security practices of technology companies, including social media platforms." EPIC filed a complaint with the FTC in 2014 opposing Facebook's acquisition of WhatsApp. EPIC is presently in federal court seeking to improve the FTC's proposed settlement with Facebook and to unwind the merger. (Feb. 12, 2020)

  • The European Parliament has passed a resolution urging the European Commission to adopt strong rules for industrial policy on artificial intelligence and robotics. The Resolution emphasizes safety, transparency, explainability, and data quality. The Resolution also seeks to "ensure that automatic decision-making is not being used to discriminate against consumers based on their nationality, place of residence or temporary location." The Resolution also supports the free flow of non-personal data to promote innovation. The European Commission is expected to announce how it will proceed with AI regulation next week. Last week, a Dutch Court ruled that an AI system to detect welfare fraud violated human rights. EPIC has promoted Algorithmic Transparency and the Universal Guidelines for AI, and also published the AI Policy Sourcebook, the first reference book on AI policy. (Feb. 12, 2020)

  • The California Attorney General has released the final draft of the regulations implementing the California Consumer Privacy Act. The draft updates key definitions, recommends an opt-out button image, and clarifies how businesses should respond to consumer access and deletion requests. The public has until February 25 to provide comments on the proposed regulation. Enforcement of the law will begin on July 1, 2020. In previous comments, EPIC urged strong enforcement of the state privacy law. The complete text of the California privacy law is available in the EPIC 2020 Privacy Law Sourcebook. EPIC has published a resource to help California residents exercise their rights under the CCPA. (Feb. 11, 2020)

  • The Technical Guidelines Development Committee has approved the Voluntary Voting System Guidelines 2.0. The Committee provides technical recommendations to the Election Assistance Commission regarding voting systems in the United States. EPIC, along with the Association for Computing Machinery, previously recommended strong principles for voter privacy, ballot secrecy, and data protection. The groups also urged the Commission to ban internet-connected voting machinery, citing the risks to voting integrity and democratic institutions. The Technical Committee recommended banning internet-connected voting systems, as well as strong provisions on voter privacy, ballot secrecy, and data protection. Though states are not mandated to comply with the Voting System Guidelines, the Guidelines shape the election security market. EPIC has a long history of working to protect voter privacy and election integrity. (Feb. 11, 2020)

  • The House passed H.R. 4357, which bans the use or purchase of foreign-made drones by the Department of Homeland Security. Last month, the Interior Department banned the use of foreign-made drones for non-emergency operations. The US government actions respond to growing concern that Chinese-made drones collect sensitive information in the United States. In 2012, EPIC and more than 100 experts petitioned the FAA to establish a rule to limit drones surveillance, but the agency failed to act. In recent comments to the FAA, EPIC warned the agency that regulating drone surveillance was essential to privacy and security. Last year, EPIC's Marc Rotenberg and Len Kennedy cited the FAA's failure to develop appropriate regulations in a commentary for the New York Times, and also warned that China's surveillance model requires "comprehensive privacy legislation to safeguard the personal data of Americans." (Feb. 11, 2020)

  • The Justice Department has confirmed to EPIC that Special Counsel Mueller did not draft any reports for Congress during the investigation into Russian interference in the 2016 election. In a filing from EPIC v. DOJ the Justice Department stated that it found no "reports, recommendations, and other compilations of information prepared for the eventual consideration of one or more members of Congress." Last year, EPIC's open government lawsuit revealed records of a previously-undisclosed Special Counsel investigation into a suspected "unregistered agent of a foreign government." EPIC is also seeking disclosure of the complete, unredacted Mueller Report. The book EPIC v. DOJ: The Mueller Report is available for purchase at the EPIC Bookstore. (Feb. 10, 2020)

  • The U.S. government has indicted four members of China's military on charges of hacking Equifax to exploit the personal data of 150 million Americans. They allegedly conspired to hack into Equifax's computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information of nearly half of all American citizens. EPIC President Marc Rotenberg testified before the House in 2018 and the Senate in 2017 about the Equifax breach. Rotenberg warned lawmakers and regulators that the failure of the U.S. government to safeguard the personal data of Americans has placed American consumers at risk from foreign adversaries. And in the Harvard Business Review, Rotenberg explained that "consumer privacy is not a goal achieved by markets. It must be mandated by Congress." EPIC has called for passage of the Online Privacy Act, H.R. 4978, and the creation of a U.S. data protection agency. (Feb. 10, 2020)

  • In advance of a hearing on the Department of Homeland Security's use of facial recognition technology. EPIC urged Congress to suspend the use of facial recognition for mass surveillance. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." EPIC provided to the House Committee the Public Voice Declaration, supported by more than 100 organizations and leading experts from around the world, calling for a moratorium on face surveillance. The Declaration calls on countries to (1) suspend deployment of facial recognition; (2) review systems to determine whether personal data was obtained lawfully; (3) undertake research to assess bias and risk; and (4) establish legal rules, technical standards, and ethical guidelines before further deployment occurs. EPIC recently launched a campaign and resource page to ban face surveillance globally. (Feb. 6, 2020)

  • A Dutch Court ruled that an algorithmic risk assessment technique that ostensibly detects fraud violates human rights and privacy laws. The SyRi system processed massive amounts of personal data held in a government agencies with an opaque algorithm. The Dutch court ruled "there is a risk that the use of SyRI will inadvertently make connections based on bias." EPIC tracks and publicizes the use of risk assessments in the US Criminal Justice System as well as advocates for the Universal Guidelines for AI to ensure Algorithmic Transparency in automated decision making, EPIC published the AI Policy Sourcebook, the first reference book on AI policy. (Feb. 5, 2020)

  • Today EPIC filed a petition with the Federal Trade Commission for a rulemaking "concerning the use of artificial intelligence in commerce." The EPIC petition follows two recent EPIC complaints to the FTC about the use of AI for employment screening and the secret scoring of young athletes. EPIC noted that several FTC Commissioners have called for updated regulations to address the challenges of Artificial Intelligence. EPIC pointed to the recent OMB Guidance for Regulation of Artificial Intelligence in support of the FTC rulemaking. EPIC also publishes the AI Policy Sourcebook, the first reference book on AI policy. (Feb. 3, 2020)

  • FCC Chairman Pai has announced upcoming enforcement actions against wireless carriers that disclosed subscribers' location data. Last year Members of Congress called an emergency briefing with the FCC and urged the agency to investigate companies that were selling subscribers' location data. EPIC has long advocated for protection of location data. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. And EPIC filed a amicus brief in Carpenter v. US. The Supreme Court held in that case that the Fourth Amendment protects cell site location information. EPIC maintains detailed webpages on location privacy. (Jan. 31, 2020)

  • Sen. Michael Bennet (D-CO) has criticized the White House Guidance on Artificial Intelligence as "insufficient" and "little more than gauzy generalities." In a letter to US Chief Technology Officer Michael Kratsios, Bennet said the "principles male only passing referrence to privacy protections" and "just a cursory discussion of Americans' civil rights." Bennet said also that the White House "has failed to set spending targets, establish metrics, or allocate additional funding." EPIC published the AI Policy Sourcebook, the first reference book on AI policy. The AI Sourcebook includes the Universal Guidelines for AI, an influential human rights framework for AI policy. (Jan. 31, 2020)

  • EPIC has settled a Freedom of Information Act lawsuit against Immigration and Customs Enforcement. EPIC sought records about the agency's use of Palantir's technology for mass surveillance. The documents obtained by EPIC revealed the vast capabilities of agency program to link phone numbers, GPS data, and social network data. The FALCON database, developed by Palantir, also includes sensitive data such as social security numbers, financial records, call records, ISP records. In previous comments, EPIC urged the agency to limit the data gathered, narrow the exemptions to the Privacy Act, and remove the routine use disclosures. As a consequence of the successful litigation, EPIC will receive attorneys fees. (Jan. 31, 2020)

  • This week Facebook agreed to pay $550 million to settle a lawsuit about the use of facial recognition technology. The New York Times called the settlement "A Big Victory for Privacy Groups." In 2010, EPIC objected to Facebook's collection of biometric data and urged the FTC to modify a proposed settlement to limit Facebook's use of facial recognition. EPIC filed similar complaints about facial recognition with the FTC in 2016 and 2018. EPIC also filed several amicus briefs stating that the violation of a federal privacy law is sufficient to confer "standing," the right of consumers to bring lawsuits. In response to Facebook's challenge to the Illinois Biometric Privacy Act, EPIC wrote, "Judicial second-guessing of statutory protections for biometric data established by the state legislature, following a careful weighing of the public safety concerns, will come at an enormous cost to the privacy of Illinois residents." EPIC's views were adopted by a federal court in this case, which led to the recent settlement with Facebook. The text of the Illinois privacy law is available in the 2020 EPIC Privacy Law Sourcebook at the EPIC Bookstore. And EPIC's objections to the current FTC settlement with Facebook are now pending in federal court. (Jan. 30, 2020)

  • The Interior Department announced today it will ban Chinese-made drones for non-emergency use. The Secretary's Order responds to growing concerns that information collected by aerial drones could be "valuable to foreign entities, organizations and governments." In 2012, EPIC and more than 100 experts petitioned the FAA to establish a privacy rule for drones, but the agency failed to act. Last year EPIC's Marc Rotenberg and Len Kennedy cited the FAA's failure, and also warned that China's surveillance model requires "comprehensive privacy legislation to safeguard the personal data of Americans." Senator Chris Murphy [D-CT] and Senator Rick Scott [R-FL] have introduced S. 2502, the American Security Drone Act of 2019 that would prevent federal agencies from purchasing drones manufactured in China. (Jan. 29, 2020)

  • The Banisar index has found that as of 2019, 130 countries have adopted comprehensive data protection laws to protect personal data held by private companies and government entities. In almost all of the countries, an independent data protection agency or information commission oversees and enforces the laws. EPIC's recent report on U.S. federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline legislation and the creation of a data protection agency. EPIC also makes available The 2020 Privacy Law Sourcebook at the EPIC Bookstore. (Jan. 29, 2020)

  • In comments on an FCC proposed rule, EPIC said that the agency should not track the Internet use of Lifeline subscribers. Lifeline is a federal program that provides broadband service to economically disadvantaged Americans. The FCC is proposing that Lifeline subscribers install apps to track their data usage and that companies retain detailed records about Internet use by Lifeline subscribers. EPIC said: "Americans should not be required to sacrifice their privacy to access the Internet." EPIC led a campaign and petition opposing the FCC's requirement that telephone carriers retain detailed records of American telephone customers. (Jan. 28, 2020)

  • On January 28, EPIC celebrates International Privacy Day, which commemorates Council of Europe Convention 108, the first international privacy convention. Today EPIC urged Congress to take three steps to safeguard the personal data of Americans: (1) enact comprehensive baseline legislation, (2) establish a data protection agency, and (3) ratify the International Privacy Convention. EPIC and consumer organizations have long urged the United States to endorse the Privacy Convention, which establishes a global framework for the free flow of personal data. The complete text of the Privacy Convention is in the EPIC Privacy Law Sourcebook, available at the EPIC Bookstore. Follow #DataProtectionDay. (Jan. 28, 2020)

  • EPIC has written in support of Maryland Senate Bill 34, which would prohibit the scanning or swiping of identification cards and driver’s licenses. "The best defense against data breaches is not collecting and retaining personal data in the first place,” EPIC said in testimony to the Maryland State Senate Finance Committee. The bill is sponsored by Senator Cheryl Kagan and it passed the State Senate unanimously last session. EPIC previously warned of the risks of swiping identity documents in a report on the controversial REAL ID proposal - “REAL ID Implementation Review: Few Benefits, Staggering Costs." EPIC's State Policy Project tracks privacy developments at the state level. (Jan. 28, 2020)

  • A new Pew Research survey found that 74% of U.S. adults say it is more important to keep things about themselves from being searchable online than it is to discover potentially useful information about others. And 85% say that all Americans should have the right to have potentially embarrassing photos and videos removed from online search results. EPIC advocates for the "right to be forgotten" and maintains a webpage on U.S. state laws that allow individuals to remove records containing disparaging information. EPIC publication "The Right to be Forgotten on the Internet: Google v. Spain," an account of the original case written by former Spanish Privacy Commissioner Artemi Rallo, is available in the EPIC bookstore. (Jan. 27, 2020)

  • EPIC and over 40 organizations have urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. The Board advises the government on new threats to privacy. The groups said “the rapid and unregulated deployment of facial recognition poses a direct threat to ‘the precious liberties that are vital to our way of life.’” Last year, the Public Voice coalition called for a global moratorium on face surveillance. The Declaration was endorsed by over 100 organizations and several hundred experts in over 40 countries. EPIC previously called for DHS to suspend the use of facial recognition technology. EU leaders are now considering a ban on the use of facial recognition in public spaces, “for up to five years until safeguards to mitigate the technology’s risk are in place.” (Jan. 27, 2020)

  • A new European Parliament Resolution advises the European Commission to establish strong oversight of artificial intelligence. The Resolution emphasizes safe and compliant products, human responsibility, safety, transparency, explainability, and data quality. The Resolution also supports the free flow of non-personal data to promote innovation. Several of these principles are put forward in the Universal Guidelines for AI, which EPIC recommends as the baseline for AI Policy. On February 19, the European Commission is expected to announce how it will proceed with AI regulation. EPIC has promoted Algorithmic Transparency and published the AI Policy Sourcebook, the first reference book on AI policy. (Jan. 23, 2020)

  • EPIC presented the 2020 International Privacy Champion Awards to Isabelle Falque-Pierrotin, former President of the French Data Protection Agency (the "CNIL") and British journalist Carole Cadwalladr. EPIC President Marc Rotenberg drew attention to Falque-Pierrotin's "dedication and determination" which have "given force to the right to privacy." Rotenberg cited Cadwalladr's reporting on the Cambridge Analytica data breach, which has made clear "the deep connection between data protection and the protection of democratic institutions." The ceremony took place at the annual conference on Computers, Privacy, and Data Protection in Brussels, Belgium. The 2020 EPIC Champion of Freedom Awards will be held at the National Press Club in Washington, DC on June 3, 2020. PRESS RELEASE (Jan. 22, 2020)

  • None of Your Business, the privacy NGO established by Max Schrems, has launched a new resource for those following European privacy law. GDPRhub provides summaries of decisions by national Data Protection Agencies and courts concerning the GDPR. This database offers insight into key debates on the interpretation of contentious GDPR issues. A second database, "GDPR Knowledge," offers commentaries on GDPR and DPA profiles across the EU. NOYB is also publishing GDPRtoday, which provides a "quick overview of all national decisions of the past days from all across Europe." EPIC provides the text of the GDPR in the 2020 Privacy Law Sourcebook available at the EPIC Bookstore. (Jan. 22, 2020)

  • A new Pew Research poll finds that 41% of Americans say it is acceptable for makers of fitness trackers to disclose users' data to medical researchers, while 35% believe this is an unacceptable practice and 22% are unsure. The study also found that white adults (39%) are more likely than those who are black (31%) or Hispanic (26%) to see disclosure of this data as unacceptable. EPIC told Congress that the Federal Trade Commission must block Google's plan to acquire Fitbit and that merger review must consider data protection. EPIC maintains an extensive page on Privacy and Public Opinion which shows consistent support among Americans for stronger privacy laws. EPIC advocates for comprehensive privacy legislation and the establishment of a U.S. data protection agency. (Jan. 22, 2020)

  • EPIC will present argument today in State v. Andrews, a New Jersey Supreme Court case about the compelled disclosure of a cell phone passcode. In its amicus brief, EPIC argued that the Fifth Amendment limits the ability of the government to obtain cellphone passcodes. Citing Riley v. California and Carpenter v. United States, EPIC said the U.S. Supreme Court has held that the vast troves of personal data stored in cell phones "justifies strong constitutional protections." EPIC also explained that limited exceptions to Fifth Amendment safeguards were adopted before personal information was "consolidated in one place." EPIC routinely files amicus briefs arguing that constitutional protections should keep pace with advances in technology. EPIC filed amicus briefs in Carpenter and Riley, which both involved the searches of cellphones. The Supreme Court cited EPIC's amicus brief in the Riley opinion. (Jan. 21, 2020)

  • The U.S. Supreme Court will leave in place a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition. EPIC recently launched a campaign and resource page to ban face surveillance. (Jan. 21, 2020)

  • Facebook reversed the controversial decision to sell ads in WhatsApp. Before WhatsApp was acquired by Facebook, the company promised users it would not sell ads. But Facebook did not honor that promise to users, causing the WhatsApp founders to resign. When Facebook proposed to acquire WhatsApp in 2014, EPIC filed a complaint with the FTC advising the agency to block the sale unless adequate privacy safeguards were established for WhatsApp user data.The FTC wrote in response "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the Federal Trade Commission (FTC) Act and, potentially, the FTC's order against Facebook." EPIC has challenged the proposed FTC settlement with Facebook, arguing that it is procedurally unfair and that the FTC failed to address growing concerns about the use of WhatsApp user data. The FTC is now considering blocking the integration of Facebook and WhatsApp user data. (Jan. 21, 2020)

  • POLITICO reports that EU President von der Leyen and Commissioner Vestager are considering a ban on the use of facial recognition in public spaces, "for up to five years until safeguards to mitigate the technology's risks are in place." Last fall, more than 100 organizations, and several hundred experts, from over 40 countries urged data protection officials to adopt a moratorium on facial recognition. The Public Voice petition asked countries to "establish the legal rules, technical standards, and ethical guidelines necessary to safeguard fundamental rights and comply with legal obligations before further deployment of this technology occurs." EPIC is now tracking efforts around the world to Ban Face Surveillance. (Jan. 16, 2020)

  • The EU Advocate General advised the European Court of Justice that "the means and methods of combating terrorism must be compatible with the requirements of the rule of law" in a case concerning the retention of personal data for law enforcement purposes. The AG recommended limiting retention of data to data that are essential for national security and limiting access to that data subject to prior review by courts. The opinion is not binding on the Court of Justice and the Court will issue a judgment at a later date. The AG cited EPIC's expert submissions in "Schrems 2.0," another case concerning Facebook's transfer of personal data to the United States and the adequacy of U.S. privacy law. (Jan. 16, 2020)

  • EPIC has urged Congress to implement the OECD Principles on AI and adopt the Universal Guidelines of AI. In a statement in advance of a hearing on "Industries of the Future," EPIC also highlighted the White Houses's Guidance for AI Regulation, and urged the Senate to prioritize public participation and democratic values. Senator Roger Wicker's (R-MS) bill, the "Industries of the Future Act," would promote government investment in research and development and create a government Council to advise the Office of Science and Technology Policy on future industries, including artificial intelligence. EPIC has long advocated for transparency and public participation in AI policymaking. EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. EPIC recently filed a complaint with the FTC alleging that recruiting company HireVue fails to comply with baseline standards for AI decision-making. EPIC also sued the DOJ to uncover documents about the use of algorithms in the criminal justice system. (Jan. 15, 2020)

  • EPIC has filed its opening brief urging the D.C. Circuit to reverse a lower court decision that allowed FAA's Drone Advisory Committee to conduct much of its work in secret. "If the decision is allowed to stand, other federal agencies could circumvent the law by creating subcommittees and task forces and developing policy in secretive meetings held by entities that agencies attempt to place beyond the reach of the [Federal Advisory Committee Act]," EPIC told the Court of Appeals. EPIC filed suit in 2018 against the industry-dominated Committee, which consistently ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. As a result of EPIC's lawsuit, the Committee was forced to disclose hundreds of pages of records that it previously withheld. The case is EPIC v. Drone Advisory Committee, No. 19-5238 (D.C. Cir.). (Jan. 14, 2020)

  • A new report from Norweigian consumer group Forbrukerradet finds that dating apps transmit personal data to at least 135 different third parties involved in behavioral advertising. The data includes IP address, GPS location, age, gender, sexual orientation, and religious beliefs. EPIC joined coalition letters to Congress, the FTC, and state Attorneys General urging investigation of the business practices detailed in the report. EPIC Consumer Protection Counsel Christine Bannan said: "This report highlights the pervasiveness of corporate surveillance and the failures of the FTC notice-and-choice model for privacy protection. Congress should pass comprehensive data protection legislation and establish a U.S. Data Protection Agency to protect consumers from the privacy violations of the adtech industry." (Jan. 14, 2020)

  • The U.S. Interior Department is permanently grounding its fleet of drones over concerns that the devices will enable aerial surveillance by the Chinese government, according to the Financial Times. The Chinese-manufactured drones, which were used to monitor and map federal land, have been temporarily grounded since October. EPIC, NGOs, and leading experts had long urged the Federal Aviation Administration to regulate the privacy risks of drones. Although the FAA is set to require remote identification of drones—as EPIC first recommended five years ago—the FAA has refused to address drone surveillance. EPIC is currently challenging the FAA's failure to disclose records from the Drone Advisory Committee, which acknowledged the privacy risks posed by drones but failed to propose any privacy safeguards. (Jan. 13, 2020)

  • The Supreme Court has aqreed to hear a challenge to the constitutionality of the Telephone Consumer Protection Act, a federal law that prohibits unwanted robocalls. The law generally restricts the use of autodialers, but in 2015 Congress created an exception for robocalls to collect debts guaranteed by the federal government. Several groups have since challenged the law on First Amendment grounds, arguing that the TCPA discriminates against particular speakers. The Court will now consider the issue in Barr v. American Association of Political Consultants. EPIC filed an amicus brief in Gallion v. Charter Communications, a related case, arguing that “these challenges represent a systematic effort by companies to undermine the purpose of the TCPA and to inundates consumers with unwanted calls.” EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA. (Jan. 11, 2020)

  • The Department of Transportation announced AV 4.0, voluntary guidelines for driverless vehicles. The guidelines "use a holistic, risk-based approach to protect the security of data and the public's privacy as AV technologies are designed and integrated." EPIC commented on an earlier version of the guidelines, saying the agency "should promulgate mandatory rather than voluntary cybersecurity guidelines." EPIC warned that "the very real possibility of remote car hacking poses substantial risks to driver safety and security." EPIC also testified before Congress in 2015, explaining that "current approaches, based on industry self-regulation, are inadequate and fail to protect driver privacy and safety." (Jan. 10, 2020)

  • The White House has published Guidance for Regulation of Artificial Intelligence Applications. In a statement, US Chief Technology Officer Michael Kratsios said "The White House calls on agencies to protect privacy and promote civil rights, civil liberties, and American values in the regulatory approach to AI. Among other important steps, agencies should examine whether the outcomes and decisions of an AI application could result in unlawful discrimination, consider appropriate measures to disclose when AI is in use, and consider what controls are needed to ensure the confidentiality and integrity of the information processed, stored and transmitted in an AI system." The US AI Guidance follows from the OECD AI Principles, which the United States has endorsed, as well as some of the Universal Guidelines for AI, a human rights framework for AI endorsed by more than 250 experts and 60 associations in 40 countries. The Guidance makes clear the importance of public participation in the formulation of AI policy. EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. (Jan. 9, 2020)

  • Prior to a hearing with voting system vendors, EPIC urged the House Administration Committee to ensure that voting systems must accurately record votes and protect the secret ballot. "The bar for voting technology and election administration should be set high," EPIC said. Earlier this year EPIC asked a federal court to stop Georgia's use of Direct Recording Electronic voting machines in an amicus brief. Experts in election security have shown that DREs are insecure, vulnerable to attack, fail to provide a paper trail, and subject to manipulation by foreign adversaries. DREs also undermine the secret ballot as particular voters could be linked to particular votes. In 2016, EPIC published "The Secret Ballot at Risk: Recommendations for Protecting Democracy," highlighting the importance of the secret ballot for American democracy. (Jan. 9, 2020)

  • In comments submitted to the USPTO's request for information, EPIC recommended limiting trade secret defenses for AI techniques that have a a significant effect on an individual. EPIC also highlighted the US endorsement of the OECD AI principles, the White House's Guidance for Regulation of Artificial Intelligence Applications, and the Universal Guidelines for Artificial Intelligence. EPIC explained that these policy frameworks make clear the importance of transparency in AI policy. In 2019, EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. (Jan. 9, 2020)

  • In a statement to Congress, EPIC warned that the proposed transfer of DHS data to the Census Bureau would violate the federal Privacy Act. The data include personal information about citizens, immigrants, and foreign nationals. EPIC urged the Committee to "block DHS from carrying out this proposed data transfer pending further review." EPIC previously warned the House Oversight Committee that President Trump's Executive Order on collecting citizenship data could undermine Privacy Act safeguards. EPIC opposed the citizenship question in the 2020 Census, arguing that the Bureau failed to complete required privacy impact assessments. EPIC also filed an amicus brief in the Supreme Court case warning that collecting citizenship information presents "enormous privacy and security concerns." The Supreme Court found the rational for adding the citizen question "contrived" and the question was withdrawn. (Jan. 8, 2020)

  • In a Privacy Impact Assessment, Customs and Border Protection and Immigration and Customs Enforcement announced a plan for the DNA collection of individuals detained at the border, including U.S. citizens. The change comes after a Department of Justice proposed rule that removed the authority of DHS components, including CBP and ICE, to exempt detained individuals from DNA collection. EPIC joined a coalition of civil liberties and immigrant rights organizations in comments to the Justice Department and urged the DOJ to rescind the proposed rule. The coalition stated the proposed rule was an "unacceptable and unnecessary privacy intrusion" that will impact not only the individual's DNA being collected but also family members, including American citizens. In an amicus brief to the Supreme Court, EPIC argued that law enforcement's warrantless collection of DNA is unconstitutional. (Jan. 7, 2020)

  • Facebook has announced its plan to ban "deep fakes" in advance of a House hearing on "Americans at Risk: Manipulation and Deception in the Digital Age" this week. The new policy would ban users from posting deepfakes—computer-generated, highly manipulated videos using technologies like AI—to prevent the spread of disinformation but would allow simpler forms of manipulation. Deepfakes have been used to spread disinformation about politicians, but 96% of "deep fakes" online are videos in which women's faces are superimposed into pornography without their consent. EPIC Board Member Danielle Citron testified before Congress, saying "we need a combination of law, markets, and societal resistance" to combat deepfakes and "the phenomenon is going to be increasingly felt by women and minorities." (Jan. 7, 2020)

  • The Department of Homeland Security has announced a plan to transfer detailed personal data collected from immigrants to the Census Bureau—an apparent violation of the Privacy Act. In a privacy impact assessment, published over the holiday break, the DHS revealed that it would provide names, addresses, social security numbers, and other highly sensitive data to the Census Bureau. Yet the DHS admitted that individuals weren't aware their personal data would be obtained by the Census Bureau, that the data may be inaccurate, or used for purposes unrelated to the census survey. The proposed data transfer follows a July executive order by President Trump, who vowed that the government "will leave no stone unturned" when seeking citizenship information from every person in the United States. EPIC previously warned Congress that the executive order could undermine Privacy Act safeguards. In EPIC v. Commerce, EPIC challenged the failure of the Census Bureau to conduct privacy impact assessments before adding the (later withdrawn) citizenship question to the 2020 Census. (Jan. 7, 2020)

  • The European Data Protection Board will determine whether data brokers and mobile apps comply with the General Data Protection Regulation. The EDPB has commissioned a privacy expert to provide a legal analysis of 25 mobile applications and 10 data brokers. The study is one of several launched by the EDPB to examine the impact of the GDPR. A recent report from the Transatlantic Consumer Dialogue found that Amazon, Netflix, and Spotify do not comply with GDPR and recommended for the United Sates "baseline federal data protection and privacy law that does not pre-empt stronger state privacy protections and that creates an independent data protection agency." EPIC's recent report on federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline, federal legislation and the creation of a data protection agency. (Jan. 6, 2020)

  • The New Year begins with the California Consumer Privacy Act. All Californians now have the right to find out the personal data that companies collect about them, their devices, and their children, the right to opt-out of the sale of personal data, and the right to sue companies for data breaches. Californians can also request that a business delete their personal information. In comments to the California Attorney General, EPIC urged strong enforcement of the privacy law. EPIC's Mary Stone Ross, a coauthor of the law, spoke recently on NPR's All Things Considered about the new law. The complete text of the California Consumer Privacy Act is available in the EPIC 2020 Privacy Law Sourcebook. (Jan. 2, 2020)

  • Congress has passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act of 2019. The TRACED Act establishes penalties for certain robocalls and requires voice service provide to develop call authentication technologies. The FCC will develop rules to limit unwanted calls or texts from a caller using an unauthenticated number. EPIC has long advocated for stronger regulations surrounding robocalls. EPIC provided expert analysis to Congress, submitted numerous comments to the FCC, and filed multiple amicus briefs in appellate courts emphasizing the need to limit robocalls. (Jan. 2, 2020)

Share this page:

Defend Privacy. Support EPIC.
epic.org/ccpa
EPIC Mueller Report book
US Needs a Data Protection Agency